Implement ntopng plugins

Plugins are a convenient way to group together related lua scripts. Their primary use case is to group user scripts and their alert/status definition. The builtin ntopng user scripts and definitions are now packed into plugins directories. In future, we will support loading of user created plugins. Plugins are loaded at startup into some runtime directories and then used. Other changes provided by this commit include: - Add sample flow logger plugin - Initial support for system user scripts - Rename edge to threshold - Migrate system probes to user scripts/plugins - Migrate scripts to more explicit alerts_api.checkThresholdAlert api
2026-05-04 09:50:09 +00:00 · 2019-12-04 11:34:18 +01:00 · 2019-12-04 11:34:18 +01:00 · a3432e00e8
commit a3432e00e8
parent df245fad3a
218 changed files with 2070 additions and 2097 deletions
--- a/scripts/plugins/syn_scan_alert/user_scripts/network/syn_scan_victim.lua
+++ b/scripts/plugins/syn_scan_alert/user_scripts/network/syn_scan_victim.lua
@ -0,0 +1,51 @@
+--
+-- (C) 2019 - ntop.org
+--
+
+local alerts_api = require("alerts_api")
+local alert_consts = require("alert_consts")
+local user_scripts = require("user_scripts")
+
+local script = {
+  -- This module is disabled by default
+  default_enabled = false,
+
+  -- No default threshold configuration is provided
+  default_value = {},
+
+  -- See below
+  hooks = {},
+
+  -- Allow user script configuration from the GUI
+  gui = {
+    -- Localization strings, from the "locales" directory of the plugin
+    i18n_title = "syn_scan_alert.syn_scan_victim_title",
+    i18n_description = "syn_scan_alert.syn_scan_victim_description",
+
+    -- The input builder to use to draw the gui
+    input_builder = user_scripts.threshold_cross_input_builder,
+
+    -- Specific parameters of this input builder
+    i18n_field_unit = user_scripts.field_units.syn_min,
+    -- max allowed threshold value
+    field_max = 65535,
+    -- min allowed threshold value
+    field_min = 1,
+    -- threshold check operator. "gt" for ">", "lt" or "<"
+    field_operator = "gt";
+  }
+}
+
+-- #################################################################
+
+-- Defines an hook which is executed every minute
+function script.hooks.min(params)
+  local value = params.entity_info["hits.syn_scan_victim"] or 0
+
+  -- Check if the configured threshold is crossed by the value and possibly trigger an alert
+  alerts_api.checkThresholdAlert(params, alert_consts.alert_types.alert_tcp_syn_scan, value)
+end
+
+-- #################################################################
+
+return script