vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-10 00:42:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
9423 commits 26 branches 19 tags 450 MiB
Commit graph

97 commits

Author SHA1 Message Date
Simone Mainardi
e487427aab Refactors alert_utils and enterprise_alert_utils 
Addresses #3720

Alerts Refactor: alert_utils as module

Alerts Refactor: notify_ntopng_start and notify_ntopng_stop

Alerts Refactor: processAlertNotifications

Alerts Refactor: checkStoreAlertsFromC

Alerts Refactor: formatAlertNotification

Alerts Refactor: notification_timestamp_rev

Alerts Refactor: formatAlertMessage

Alerts Refactor: getConfigsetAlertLink

Alerts Refactor: alertNotificationActionToLabel

Alerts Refactor: flushAlertsData

Alerts Refactor: disableAlertsGeneration

Alerts Refactor: newAlertsWorkingStatus and other

Alerts Refactor: drawAlerts

Alerts Refactor: drawAlertTables

Alerts Refactor: printAlertTables

Alerts Refactor: checkDeleteStoredAlerts

Alerts Refactor: getUnpagedAlertOptions

Alerts Refactor: getTabParameters

Alerts Refactor: getAlerts

Alerts Refactor: getNumAlerts

Alerts Refactor: performAlertsQuery

Alerts Refactor: sec2granularity

Alerts Refactor: granularity2id

Alerts Refactor: granularity2sec

Alerts Refactor: alertEngineLabel

Alerts Refactor: alertEngine

Alerts Refactor: alertEngineRaw

Alerts Refactor: alertTypeDescription

Alerts Refactor: alertType

Alerts Refactor: alertTypeLabel

Alerts Refactor: alertTypeRaw

Alerts Refactor: alertSeverity

Alerts Refactor: alertSeverityLabel

Alerts Refactor: alertSeverityRaw

Alerts Refactor: get_make_room_keys

Alerts Refactor: enterprise_alert_utils
 2020-04-10 14:03:20 +02:00
emanuele-f
e390951a97 Add SNMP topology changed (via LLDP monitoring) alert 2020-04-08 11:44:30 +02:00
emanuele-f
15c013922d Improve plugins reload to avoid transient errors 
A "shadow directory" is now populated when the reload occurs and then swapped as the active directory.
This avoids breaking the directory structure or changing files when other threads are possibly working
on them.

Fixes #3595
 2020-03-26 14:21:11 +01:00
emanuele-f
a214510baa Add RTT user friendly information 
Closes #3567
 2020-03-20 16:41:00 +01:00
Alfredo Cardigliano
0d4927f89a Fix error string 2020-01-30 09:52:39 +01:00
Simone Mainardi
48910b9f87 Implements auto assignment of user script alert and status ids 2020-01-15 13:08:58 +01:00
emanuele-f
8883a5321a Fix plugins errors due to demo expiration 2019-12-12 17:26:56 +01:00
emanuele-f
e9a081903c More robust plugins loading and error reporting 
This prevents malformed scripts in plugins from breaking ntopng
 2019-12-11 13:20:11 +01:00
emanuele-f
a3432e00e8 Implement ntopng plugins 
Plugins are a convenient way to group together related lua scripts.
Their primary use case is to group user scripts and their alert/status
definition.
The builtin ntopng user scripts and definitions are now
packed into plugins directories. In future, we will support loading of
user created plugins.
Plugins are loaded at startup into some runtime directories and then
used. Other changes provided by this commit include:

- Add sample flow logger plugin
- Initial support for system user scripts
- Rename edge to threshold
- Migrate system probes to user scripts/plugins
- Migrate scripts to more explicit alerts_api.checkThresholdAlert api
 2019-12-10 09:25:57 +01:00
Simone Mainardi
2639d49e4a Bootstrap migration progress bars 2019-12-05 09:27:47 +01:00
emanuele-f
df0556cb87 Optimize flow alerts generation 
This provides a ~10x speedup by performing the JSON serialization work in C
(and thus avoiding Lua->C overhead). This also implements two in-memory alerts
queues (one for sqlite and one for the notifications) in order to reduce Redis load.
Alerts queue are now global instead of per-interface as there is only 1 dequeing thread.
 2019-11-14 11:54:13 +01:00
emanuele-f
af1dc8a05e Limit alerts insertions if the queues are full 2019-11-08 11:26:49 +01:00
Alfredo Cardigliano
acdab024da Enqueueing flow alerts to be stored/notified from Lua, removed DB select to notiy alert (using the alert object directly) 2019-11-05 15:53:10 +01:00
emanuele-f
29e5b10e6f Fix network interface alias not used in alerts configuration 2019-10-29 16:47:22 +01:00
emanuele-f
10aa5542f8 Rework alertEntity functions to avoid modules circular dependencies 
Fixes #2975
 2019-10-23 13:01:57 +02:00
emanuele-f
ab0875155e Remove AlertType typedef from C 2019-10-22 14:43:21 +02:00
emanuele-f
6533175336 Add flow/alerts definitions directories 2019-10-16 17:45:55 +02:00
emanuele-f
9386fdd2b1 Add status/alerts definitions overview page and documentation 2019-10-16 17:23:54 +02:00
emanuele-f
873b96c20a Split alert types definitions in multiple files 2019-10-16 12:04:07 +02:00
emanuele-f
7a14a9cf11 Improvements in status definition API 2019-10-16 10:33:19 +02:00
Luca Deri
3b5e56d802 Added script for detecting unidirectional UDP flows 2019-10-15 21:56:48 +02:00
emanuele-f
b217909966 Split flow status definitions in multiple files 2019-10-15 17:28:45 +02:00
emanuele-f
2fdc860ed2 Add support for custom flow alerts in user scripts 2019-10-11 19:48:11 +02:00
emanuele-f
ffd3b4c1ee Users scripts api changes and initial documentation 2019-10-09 15:12:28 +02:00
Alfredo Cardigliano
7e9678de37 IDS alert -> External alert 2019-10-09 11:35:51 +02:00
emanuele-f
d32b979368 Remove Alert Endpoint preference 
Fixes #2859
 2019-09-23 10:48:21 +02:00
emanuele-f
ef7d8614d9 Misconfigured DHCP range message fixes 2019-09-16 19:18:04 +02:00
emanuele-f
6e14f978d6 Flow alerts status cleanup 2019-09-10 13:12:11 +02:00
emanuele-f
8d7331e519 Improve ghost network alert message 2019-09-06 10:45:59 +02:00
Alfredo Cardigliano
38a53ec1fa Transferring flows status bitmap to the client/server host. Added anomalous flows reasons to the host details page. 2019-09-05 17:55:00 +02:00
Alfredo Cardigliano
141622f151 Lua: created flow_consts module, getFlowStatusTypes has been replaced by flow_consts.flow_status_types, added flow.status_map to the Lua flow info 2019-09-04 22:20:51 +02:00
emanuele-f
d630cce58a Fix script failures in SNMP message formatters 2019-09-04 15:36:46 +02:00
Alfredo Cardigliano
13d032d185 Formatting IDS alerts 2019-08-29 11:20:41 +02:00
emanuele-f
b66b71fd7e Implement alert on JA3 malicious signatures 
Closes #2788
 2019-08-28 18:33:13 +02:00
emanuele-f
a8cb972e7d Implement ghost networks alerts 2019-08-28 16:42:18 +02:00
emanuele-f
3bf6ed1ecd Add syn-vs-rst and misbehaving-vs-total-flows alerts 2019-08-27 16:33:53 +02:00
emanuele-f
300ea49b10 Little localization fix 2019-08-27 14:37:01 +02:00
emanuele-f
01c586119e Remove ICMP ratio alert and enable ratio alerts by default in 5mins 2019-08-27 14:32:24 +02:00
emanuele-f
b3bdfcff32 Cleanup of the too-many-drops interface alert 2019-08-27 13:04:53 +02:00
emanuele-f
57e623da04 Implement ICMP and HTTP requests vs replies ratio alert 2019-08-27 10:33:08 +02:00
emanuele-f
5dd88985f4 Improve and fix DNS replies/requests ratio 2019-08-27 09:57:59 +02:00
emanuele-f
a0761db1e8 Implement replies/requests ratio alert 2019-08-26 18:38:34 +02:00
emanuele-f
b0ba13f0bc Syn/flow flood alerts now use their own alert type 2019-08-26 17:36:27 +02:00
emanuele-f
951cb1a4e9 Fix alert issues due to invalid granularities 2019-08-21 10:27:15 +02:00
emanuele-f
7893c1f78a Implement RTT host engage/release alert 2019-08-20 19:02:58 +02:00
emanuele-f
81a9963e46 Implement alerts based on potentially dangerous flows nDPI classification 2019-08-07 14:29:06 +02:00
emanuele-f
b48a4e2127 Fix outside DHCP range alert script failure 2019-07-31 11:23:51 +02:00
emanuele-f
d38cd23615 Move C alerts to unified alerts_queue 2019-07-30 11:43:18 +02:00
emanuele-f
c183a577be Alerts API cleanup and JSON migration 2019-07-29 15:17:22 +02:00
emanuele-f
09fb8667e2 Add ability to disable specific alert types on alertables 2019-07-22 23:37:23 +02:00