Implement ntopng plugins

Plugins are a convenient way to group together related lua scripts. Their primary use case is to group user scripts and their alert/status definition. The builtin ntopng user scripts and definitions are now packed into plugins directories. In future, we will support loading of user created plugins. Plugins are loaded at startup into some runtime directories and then used. Other changes provided by this commit include: - Add sample flow logger plugin - Initial support for system user scripts - Rename edge to threshold - Migrate system probes to user scripts/plugins - Migrate scripts to more explicit alerts_api.checkThresholdAlert api
2026-05-02 17:00:10 +00:00 · 2019-12-04 11:34:18 +01:00 · 2019-12-04 11:34:18 +01:00 · a3432e00e8
commit a3432e00e8
parent df245fad3a
218 changed files with 2070 additions and 2097 deletions
--- a/scripts/plugins/external_alert_check/status_definitions/status_external_alert.lua
+++ b/scripts/plugins/external_alert_check/status_definitions/status_external_alert.lua
@ -0,0 +1,53 @@
+--
+-- (C) 2019 - ntop.org
+--
+
+local alert_consts = require("alert_consts")
+
+-- #################################################################
+
+local function formatIDSAlert(alert)
+   local signature = (alert and alert.signature)
+   local category = (alert and alert.category)
+   local signature_info = (signature and signature:split(" "));
+   local maker = (signature_info and table.remove(signature_info, 1))
+   local scope = (signature_info and table.remove(signature_info, 1))
+   local msg = (signature_info and table.concat(signature_info, " "))
+   if maker and alert_consts.ids_rule_maker[maker] then
+      maker = alert_consts.ids_rule_maker[maker]
+   end
+   return i18n("flow_details.ids_alert", { scope=scope, msg=msg, maker=maker })
+end
+
+-- #################################################################
+
+local function formatExternalAlert(status, flowstatus_info)
+   local res = i18n("alerts_dashboard.external_alert")
+
+   if not flowstatus_info then
+      return res
+   end
+
+   -- Available fields:
+   -- flowstatus_info.source (e.g. suricata)
+   -- flowstatus_info.severity_id (custom severity)
+   -- flowstatus_info.alert (alert metadata)
+
+   if flowstatus_info.source == "suricata" then
+      res = formatIDSAlert(flowstatus_info.alert)
+   end
+
+   return res
+end
+
+-- #################################################################
+
+return {
+  status_id = 21,
+  relevance = 0,
+  prio = 680,
+  alert_severity = alert_consts.alert_severities.error,
+  alert_type = alert_consts.alert_types.external_alert,
+  i18n_title = "alerts_dashboard.external_alert",
+  i18n_description = formatExternalAlert
+}