Added predominant direction to flow alerts (#5989)

2026-05-05 02:16:39 +00:00 · 2021-10-19 11:50:44 +02:00 · 2021-10-19 11:50:44 +02:00 · 7b0cc6b125
commit 7b0cc6b125
parent d01358cc36
3 changed files with 36 additions and 5 deletions
--- a/scripts/lua/modules/alert_store/flow_alert_store.lua
+++ b/scripts/lua/modules/alert_store/flow_alert_store.lua
@ -316,17 +316,13 @@ function flow_alert_store:format_record(value, no_html)
   local show_srv_port = (value["srv_port"] ~= '' and value["srv_port"] ~= '0')   
   local msg = alert_utils.formatFlowAlertMessage(interface.getId(), value, alert_info)

-   msg = addScoreToAlertDescr(msg, ntop.getFlowAlertScore((tonumber(value["alert_id"]))))
-   
   local active_url = ""
-
   local attacker = ""
   local victim = ""
-
   -- Add link to active flow
   local alert_json = json.decode(value.json)
   
-   msg = addHTTPInfoToAlertDescr(msg, alert_json)
+   msg = addExtraFlowInfo(msg, alert_json, value)

   if not no_html and alert_json then
      local active_flow = interface.findFlowByKeyAndHashId(alert_json["ntopng.key"], alert_json["hash_entry_id"])
--- a/scripts/lua/modules/lua_utils.lua
+++ b/scripts/lua/modules/lua_utils.lua
@ -4624,6 +4624,8 @@ function addScoreToAlertDescr(msg, score)
            format_utils.formatValue(score)))
 end

+-- ##############################################
+
 function addHTTPInfoToAlertDescr(msg, alert_json)
   if (alert_json) 
      and (table.len(alert_json["http"]) > 0) 
@ -4636,6 +4638,35 @@ function addHTTPInfoToAlertDescr(msg, alert_json)
   return msg
 end

+-- ##############################################
+
+function addBytesInfoToAlertDescr(msg, value)
+   local predominant_bytes = string.format("%s %s", i18n("download"), i18n("download_icon"))
+   if (value["cli2srv_bytes"] or 0) > (value["srv2cli_bytes"] or 0) then
+      predominant_bytes = string.format("%s %s", i18n("upload"), i18n("upload_icon"))
+   end
+
+   msg = msg .. string.format(" [%s: %s]", 
+      i18n("predominant_direction"),
+      predominant_bytes)
+   
+   return msg
+end
+
+-- ##############################################
+
+function addExtraFlowInfo(msg, alert_json, value)
+   msg = addScoreToAlertDescr(msg, ntop.getFlowAlertScore((tonumber(value["alert_id"]))))
+   msg = addHTTPInfoToAlertDescr(msg, alert_json)   
+   msg = addBytesInfoToAlertDescr(msg, value)
+
+   return msg
+end
+
+-- ##############################################
+
+
+
 -- #####################

 local iec104_typeids = {