diff --git a/include/AutonomousSystem.h b/include/AutonomousSystem.h index c93fbe92cd..65d7759179 100644 --- a/include/AutonomousSystem.h +++ b/include/AutonomousSystem.h @@ -75,7 +75,7 @@ public: } void updateRoundTripTime(u_int32_t rtt_msecs); - void lua(lua_State* vm, DetailsLevel details_level, bool asListElement); + void lua(lua_State* vm, DetailsLevel details_level, bool asListElement, bool diff = false); virtual void updateStats(const struct timeval *tv); diff --git a/include/NetworkInterface.h b/include/NetworkInterface.h index f1e52c53c2..129ed9bedc 100644 --- a/include/NetworkInterface.h +++ b/include/NetworkInterface.h @@ -660,7 +660,7 @@ class NetworkInterface : public NetworkInterfaceAlertableEntity { const AddressTree * const cidr_filter, char *sortColumn, u_int32_t maxHits, u_int32_t toSkip, bool a2zSortOrder); - int getActiveASList(lua_State* vm, const Paginator *p); + int getActiveASList(lua_State* vm, const Paginator *p, bool diff = false); int getActiveOSList(lua_State* vm, const Paginator *p); int getActiveCountriesList(lua_State* vm, const Paginator *p); int getActiveVLANList(lua_State* vm, @@ -690,8 +690,8 @@ class NetworkInterface : public NetworkInterfaceAlertableEntity { u_int8_t location_filter); int getMacsIpAddresses(lua_State *vm, int idx); void getFlowsStats(lua_State* vm); - void getNetworkStats(lua_State* vm, u_int16_t network_id, AddressTree *allowed_hosts) const; - void getNetworksStats(lua_State* vm, AddressTree *allowed_hosts) const; + void getNetworkStats(lua_State* vm, u_int16_t network_id, AddressTree *allowed_hosts, bool diff = false) const; + void getNetworksStats(lua_State* vm, AddressTree *allowed_hosts, bool diff = false) const; int getFlows(lua_State* vm, u_int32_t *begin_slot, bool walk_all, diff --git a/include/NetworkStats.h b/include/NetworkStats.h index 112ed08e21..017cbbaa38 100644 --- a/include/NetworkStats.h +++ b/include/NetworkStats.h @@ -97,7 +97,7 @@ class NetworkStats : public NetworkStatsAlertableEntity, public GenericTrafficEl void setNetworkId(u_int8_t id); bool match(const AddressTree * const tree) const; - void lua(lua_State* vm); + void lua(lua_State* vm, bool diff = false); bool serialize(json_object *my_object); void deserialize(json_object *obj); void housekeepAlerts(ScriptPeriodicity p); diff --git a/scripts/lua/modules/alert_utils.lua b/scripts/lua/modules/alert_utils.lua index e296626430..2dddf15c6b 100644 --- a/scripts/lua/modules/alert_utils.lua +++ b/scripts/lua/modules/alert_utils.lua @@ -787,9 +787,15 @@ function alert_utils.formatBehaviorAlert(params, anomalies, stats, id, subtype, local value = stats[anomaly_type]["value"] if anomaly_table["formatter"] then - value = anomaly_table["formatter"](value) - lower_bound = anomaly_table["formatter"](lower_bound) - upper_bound = anomaly_table["formatter"](upper_bound) + value = anomaly_table["formatter"](value * (anomaly_table["multiplier"] or 1)) + lower_bound = anomaly_table["formatter"](lower_bound * (anomaly_table["multiplier"] or 1)) + upper_bound = anomaly_table["formatter"](upper_bound * (anomaly_table["multiplier"] or 1)) + end + + if anomaly_table["cut_values"] then + value = string.format("%.2f", value) + lower_bound = string.format("%.2f", lower_bound) + upper_bound = string.format("%.2f", upper_bound) end local alert = alert_consts.alert_types.alert_behavior_anomaly.new( diff --git a/src/AutonomousSystem.cpp b/src/AutonomousSystem.cpp index 156b53dc4b..520c874169 100644 --- a/src/AutonomousSystem.cpp +++ b/src/AutonomousSystem.cpp @@ -92,7 +92,7 @@ void AutonomousSystem::updateRoundTripTime(u_int32_t rtt_msecs) { /* *************************************** */ -void AutonomousSystem::lua(lua_State* vm, DetailsLevel details_level, bool asListElement) { +void AutonomousSystem::lua(lua_State* vm, DetailsLevel details_level, bool asListElement, bool diff) { lua_newtable(vm); lua_push_uint64_table_entry(vm, "asn", asn); @@ -119,8 +119,8 @@ void AutonomousSystem::lua(lua_State* vm, DetailsLevel details_level, bool asLis } #ifdef NTOPNG_PRO - traffic_rx_behavior->luaBehavior(vm, "traffic_rx_behavior"); - traffic_tx_behavior->luaBehavior(vm, "traffic_tx_behavior"); + traffic_rx_behavior->luaBehavior(vm, "traffic_rx_behavior", diff ? ASES_BEHAVIOR_REFRESH : 0); + traffic_tx_behavior->luaBehavior(vm, "traffic_tx_behavior", diff ? ASES_BEHAVIOR_REFRESH : 0); score_behavior->luaBehavior(vm, "score_behavior"); #endif diff --git a/src/LuaEngineInterface.cpp b/src/LuaEngineInterface.cpp index abf12d7eb6..40c39180ae 100644 --- a/src/LuaEngineInterface.cpp +++ b/src/LuaEngineInterface.cpp @@ -1664,6 +1664,7 @@ static int ntop_get_mac_device_types(lua_State* vm) { static int ntop_get_interface_ases_info(lua_State* vm) { NetworkInterface *ntop_interface = getCurrentInterface(vm); + bool diff = false; Paginator *p = NULL; @@ -1676,7 +1677,10 @@ static int ntop_get_interface_ases_info(lua_State* vm) { if(lua_type(vm, 1) == LUA_TTABLE) p->readOptions(vm, 1); - if(ntop_interface->getActiveASList(vm, p) < 0) { + if(lua_type(vm, 2) == LUA_TBOOLEAN) + diff = lua_toboolean(vm, 2) ? true : false; + + if(ntop_interface->getActiveASList(vm, p, diff) < 0) { if(p) delete(p); return(CONST_LUA_ERROR); } @@ -2104,10 +2108,14 @@ static int ntop_get_interface_flows_stats(lua_State* vm) { static int ntop_get_interface_networks_stats(lua_State* vm) { NetworkInterface *ntop_interface = getCurrentInterface(vm); + bool diff = false; + + if(lua_type(vm, 1) == LUA_TBOOLEAN) + diff = lua_toboolean(vm, 1) ? true : false; ntop->getTrace()->traceEvent(TRACE_DEBUG, "%s() called", __FUNCTION__); if(ntop_interface) - ntop_interface->getNetworksStats(vm, get_allowed_nets(vm)); + ntop_interface->getNetworksStats(vm, get_allowed_nets(vm), diff); else lua_pushnil(vm); diff --git a/src/NetworkInterface.cpp b/src/NetworkInterface.cpp index 0717af86cc..6f0b986736 100644 --- a/src/NetworkInterface.cpp +++ b/src/NetworkInterface.cpp @@ -5437,7 +5437,7 @@ void NetworkInterface::getFlowsStats(lua_State* vm) { /* **************************************************** */ -void NetworkInterface::getNetworkStats(lua_State* vm, u_int16_t network_id, AddressTree *allowed_hosts) const { +void NetworkInterface::getNetworkStats(lua_State* vm, u_int16_t network_id, AddressTree *allowed_hosts, bool diff) const { NetworkStats *network_stats; if((network_stats = getNetworkStats(network_id)) @@ -5445,7 +5445,7 @@ void NetworkInterface::getNetworkStats(lua_State* vm, u_int16_t network_id, Addr && network_stats->match(allowed_hosts)) { lua_newtable(vm); - network_stats->lua(vm); + network_stats->lua(vm, diff); lua_push_int32_table_entry(vm, "network_id", network_id); lua_pushstring(vm, ntop->getLocalNetworkName(network_id)); @@ -5456,13 +5456,13 @@ void NetworkInterface::getNetworkStats(lua_State* vm, u_int16_t network_id, Addr /* **************************************************** */ -void NetworkInterface::getNetworksStats(lua_State* vm, AddressTree *allowed_hosts) const { +void NetworkInterface::getNetworksStats(lua_State* vm, AddressTree *allowed_hosts, bool diff) const { u_int8_t num_local_networks = ntop->getNumLocalNetworks(); lua_newtable(vm); for(u_int8_t network_id = 0; network_id < num_local_networks; network_id++) - getNetworkStats(vm, network_id, allowed_hosts); + getNetworkStats(vm, network_id, allowed_hosts, diff); } /* **************************************************** */ @@ -6935,7 +6935,7 @@ int NetworkInterface::getActiveMacList(lua_State* vm, /* **************************************** */ -int NetworkInterface::getActiveASList(lua_State* vm, const Paginator *p) { +int NetworkInterface::getActiveASList(lua_State* vm, const Paginator *p, bool diff) { struct flowHostRetriever retriever; DetailsLevel details_level; @@ -6958,14 +6958,14 @@ int NetworkInterface::getActiveASList(lua_State* vm, const Paginator *p) { for(int i = p->toSkip(), num = 0; i < (int)retriever.actNumEntries && num < (int)p->maxHits(); i++, num++) { AutonomousSystem *as = retriever.elems[i].asValue; - as->lua(vm, details_level, false); + as->lua(vm, details_level, false, diff); lua_rawseti(vm, -2, num + 1); /* Must use integer keys to preserve and iterate inorder with ipairs */ } } else { for(int i = (retriever.actNumEntries - 1 - p->toSkip()), num = 0; i >= 0 && num < (int)p->maxHits(); i--, num++) { AutonomousSystem *as = retriever.elems[i].asValue; - as->lua(vm, details_level, false); + as->lua(vm, details_level, false, diff); lua_rawseti(vm, -2, num + 1); } } diff --git a/src/NetworkStats.cpp b/src/NetworkStats.cpp index f95ab8e77a..80772e0f54 100644 --- a/src/NetworkStats.cpp +++ b/src/NetworkStats.cpp @@ -75,7 +75,7 @@ NetworkStats::~NetworkStats() { /* *************************************** */ -void NetworkStats::lua(lua_State* vm) { +void NetworkStats::lua(lua_State* vm, bool diff) { int hits; lua_push_str_table_entry(vm, "network_key", ntop->getLocalNetworkName(network_id)); @@ -96,8 +96,8 @@ void NetworkStats::lua(lua_State* vm) { lua_settable(vm, -3); #ifdef NTOPNG_PRO - traffic_rx_behavior->luaBehavior(vm, "traffic_rx_behavior"); - traffic_tx_behavior->luaBehavior(vm, "traffic_tx_behavior"); + traffic_rx_behavior->luaBehavior(vm, "traffic_rx_behavior", diff ? NETWORK_BEHAVIOR_REFRESH : 0); + traffic_tx_behavior->luaBehavior(vm, "traffic_tx_behavior", diff ? NETWORK_BEHAVIOR_REFRESH : 0); score_behavior->luaBehavior(vm, "score_behavior"); #endif