vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 07:29:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
8126 commits 26 branches 19 tags 444 MiB
Commit graph

100 commits

Author SHA1 Message Date
Alfredo Cardigliano
5a17736801 Remove double json encode 2019-12-27 11:25:28 +01:00
emanuele-f
26c80529aa Add example plugin with documentation 2019-12-17 16:23:15 +01:00
emanuele-f
c95473d659 Add snmpDevice hook and improve SNMP user scripts API 
Closes #3097
 2019-12-16 15:30:15 +01:00
emanuele-f
f998b7fafd Fix automatic alert release skipping some alerts 2019-12-10 09:27:01 +01:00
emanuele-f
a3432e00e8 Implement ntopng plugins 
Plugins are a convenient way to group together related lua scripts.
Their primary use case is to group user scripts and their alert/status
definition.
The builtin ntopng user scripts and definitions are now
packed into plugins directories. In future, we will support loading of
user created plugins.
Plugins are loaded at startup into some runtime directories and then
used. Other changes provided by this commit include:

- Add sample flow logger plugin
- Initial support for system user scripts
- Rename edge to threshold
- Migrate system probes to user scripts/plugins
- Migrate scripts to more explicit alerts_api.checkThresholdAlert api
 2019-12-10 09:25:57 +01:00
Simone Mainardi
188ec66c25 Implements scriptable SNMP devices alerts 2019-11-22 18:00:31 +01:00
emanuele-f
2df9b34201 Add flow user scripts drops alert 2019-11-19 17:37:58 +01:00
emanuele-f
b2d804c123 Fix bugs in existing alert detection with default values 
Using alerts with default values caused the already_triggered function to miss the existing alert, which
was automatically released. Moreover, the alerts_api.releaseEntityAlerts passed a nil cur_alerts,
breaking releaseEntityAlerts.
 2019-11-19 17:37:31 +01:00
emanuele-f
df0556cb87 Optimize flow alerts generation 
This provides a ~10x speedup by performing the JSON serialization work in C
(and thus avoiding Lua->C overhead). This also implements two in-memory alerts
queues (one for sqlite and one for the notifications) in order to reduce Redis load.
Alerts queue are now global instead of per-interface as there is only 1 dequeing thread.
 2019-11-14 11:54:13 +01:00
emanuele-f
a57049f3dc Fix invalid cli2srv.packets field 2019-11-11 15:51:32 +01:00
emanuele-f
d9fd30b9e6 Reduce redis load due to queue rating algorithmn 2019-11-11 10:49:08 +01:00
emanuele-f
23e427e361 Reduce llen number of calls for alerts queue rating 2019-11-08 11:51:49 +01:00
emanuele-f
af1dc8a05e Limit alerts insertions if the queues are full 2019-11-08 11:26:49 +01:00
Alfredo Cardigliano
cb2f37529e Reworked storeFlowAlert (using Lua table instead of many params now) 2019-11-06 10:02:15 +01:00
Alfredo Cardigliano
acdab024da Enqueueing flow alerts to be stored/notified from Lua, removed DB select to notiy alert (using the alert object directly) 2019-11-05 15:53:10 +01:00
emanuele-f
54140b6f1a Migrate alertable disabled alerts preference to lua 
This avoids performing multiple hget on redis, thus increasing performance
 2019-11-05 14:59:38 +01:00
emanuele-f
a96a90b65f Optimize disabled alerts bitmap redis access 2019-11-05 12:29:08 +01:00
Alfredo Cardigliano
280213e148 Enqueueing alerts as soon as they are detected, instead of using 2-steps (#3038) 2019-11-05 11:04:44 +01:00
emanuele-f
675adcf90e Migrate hosts disabled flow status preference to lua 
By loading all the preferences at once in flow.lua setup() the
redis load is reduced and design is simpler.
 2019-11-04 16:50:26 +01:00
Alfredo Cardigliano
d10dfc7762 Deferred flow alerts insertion through a redis queue. Removed alerts DB select when printing flow details. 2019-10-31 12:53:23 +01:00
Alfredo Cardigliano
96ef3c05e7 New alert when the number of idle entries in the hash tabel exceeds a configured threshold (implements #3005) 2019-10-25 14:29:37 +02:00
Alfredo Cardigliano
afbb34e262 TCP SYN Scan detection (implements #2963) 2019-10-24 15:35:26 +02:00
emanuele-f
10aa5542f8 Rework alertEntity functions to avoid modules circular dependencies 
Fixes #2975
 2019-10-23 13:01:57 +02:00
Simone Mainardi
1ec35c3042 Fixes and cleanup of disabled alerts 2019-10-22 10:33:42 +02:00
Simone Mainardi
5b3f34b72a Fixes flapping of engaged alerts 2019-10-21 17:41:50 +02:00
Simone Mainardi
43d0b89bd9 Prevens tons of unnecessary calls to alerts_api.trigger() 2019-10-17 18:54:13 +02:00
emanuele-f
873b96c20a Split alert types definitions in multiple files 2019-10-16 12:04:07 +02:00
emanuele-f
7bd6feb622 Rename check_module -> user_script 2019-10-10 18:14:53 +02:00
emanuele-f
ffd3b4c1ee Users scripts api changes and initial documentation 2019-10-09 15:12:28 +02:00
emanuele-f
ede9a7940a Generalize periodic and flows callbacks 
Now periodic callbacks are properly called even when alerts are disabled
The granularity filter and check_function has been replaced with a more generic hooks list
 2019-10-07 19:05:43 +02:00
emanuele-f
bee1efdded Move callbacks scripts into separate tab 2019-10-04 10:48:13 +02:00
Simone Mainardi
6db2c6392f Stores flow lua scripts benchmarks and shows them in the ui 2019-10-01 17:06:29 +02:00
emanuele-f
35e3a2f20c Do not compute DNS ratio in nEdge 
nEdge does not see the DNS replies so DNS ratio is incorrect
 2019-09-30 11:28:15 +02:00
Simone Mainardi
25a9b864e9 Removes a debug print 2019-09-20 10:32:07 +02:00
Simone Mainardi
b32541bcdf Unifies the alerts/flow scripts UI 
Implements #2855
 2019-09-20 10:30:42 +02:00
Simone Mainardi
c43466412c Initial work to add preferences-like on/off toggles to custom scripts 2019-09-19 18:03:19 +02:00
Simone Mainardi
79b69c2e6f Flattens out the structure of lua flow callbacks 2019-09-17 18:22:55 +02:00
Simone Mainardi
909408168b Improves flow check lua scripts loading efficiency 2019-09-17 14:24:29 +02:00
Simone Mainardi
e2c9e729a4 Implements flow check modules enable/disable prefs 2019-09-17 11:57:29 +02:00
Simone Mainardi
b3d595653e Initial implementation of lua flow callback scripts and blacklisted alerts 
Partially implements #2842
 2019-09-16 18:27:46 +02:00
emanuele-f
e4f1d1f5d3 Avoid flow.lua overhead if all the modules are disabled 2019-09-11 14:52:26 +02:00
emanuele-f
06f3077da8 Avoid excessive redis lookups for hosts when hosts cache is disabled 2019-09-09 12:42:35 +02:00
emanuele-f
d9a44d615a Implement generic flow callbacks 2019-09-05 19:11:11 +02:00
emanuele-f
b62e4183f0 Add ability to manually release an alert 2019-09-04 12:29:13 +02:00
emanuele-f
74f761d18b Allow calls to alerts_api.trigger/alerts_api.release outside periodic scripts 2019-09-03 19:20:50 +02:00
emanuele-f
a8cb972e7d Implement ghost networks alerts 2019-08-28 16:42:18 +02:00
emanuele-f
3bf6ed1ecd Add syn-vs-rst and misbehaving-vs-total-flows alerts 2019-08-27 16:33:53 +02:00
emanuele-f
01c586119e Remove ICMP ratio alert and enable ratio alerts by default in 5mins 2019-08-27 14:32:24 +02:00
emanuele-f
b3bdfcff32 Cleanup of the too-many-drops interface alert 2019-08-27 13:04:53 +02:00
emanuele-f
eb3542d7e7 Address too much ratio alerts generated after host deserialization 2019-08-27 11:02:28 +02:00