vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-07 05:16:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
23941 commits 26 branches 19 tags 450 MiB
Commit graph

50 commits

Author SHA1 Message Date
Alfredo Cardigliano
9352d0cdcd Update copyright 2025-01-02 09:09:56 +01:00
Luca Deri
3aadd4e8be Added tracings 
Added details parameter to NetworkInterface::lua() and subclasses
 2024-02-15 07:10:24 +01:00
Luca Deri
55870e97b9 (C) Update 2024-01-12 11:44:18 +01:00
Luca Deri
3768972b03 Formatting changes 2023-04-10 09:43:43 +02:00
lucaderi
d395deac4e Automated commit of clang-format CI changes. 2023-04-07 14:20:44 +00:00
Luca Deri
78a757b84e Updated (C) 2023-02-19 19:16:07 +01:00
Alfredo Cardigliano
582bfce331 Fix parsing of syslog events 2023-02-16 16:04:33 +01:00
Alfredo Cardigliano
b76e639077 Handle clean JSON over TCP using the Syslog interface 2023-02-07 10:44:03 +01:00
MatteoBiscosi
f7db2e1974 Removed double plugin directory swap 2022-02-11 12:07:24 +01:00
Matteo Biscosi
5a8fd8efd7
Fixes #2115 and added shell script user guide (#4702) 
* Added shell endpoint user guide

* Fixes #2115 std::new exceptions not always handled

* Removed a nothrow due to the insert of a try-catch statement

* Trying to implement #4421

Co-authored-by: matteo <biscosi@ntop.org>
 2020-11-11 12:28:18 +01:00
Alfredo Cardigliano
bafccf2c06 Add malformed/dispatched syslog counters. Inc counters in the Suricata plugin. 2020-10-09 15:00:21 +02:00
Alfredo Cardigliano
0a6b6a41a8 Auto-detecting fortinet producer 2020-07-01 17:22:25 +02:00
Alfredo Cardigliano
3d4a072875 Syslog device name normalization (case insensitive match) (fix #4026) 2020-06-09 11:51:25 +02:00
Alfredo Cardigliano
c6e061e62b Improve syslog API, add host log plugin skeleton 2020-05-16 11:35:32 +02:00
Alfredo Cardigliano
20b0fbc71c Improve syslog parser to give priority to matching device name over application name 2020-04-20 17:26:51 +00:00
Alfredo Cardigliano
dff1a44a38 Use socket client IP when it is not available from the log line 2020-04-14 14:18:10 +00:00
Alfredo Cardigliano
d791c20ec8 Add support for a default in the syslog producer selection 2020-04-10 17:26:07 +00:00
Alfredo Cardigliano
1cab19f065 Add syslog match on device name when IP is not available 2020-04-10 15:06:41 +00:00
Alfredo Cardigliano
49dfac1443 Improve log parsing to support sophos logs 2020-04-08 08:50:26 +00:00
Alfredo Cardigliano
e85f870c72 Reload syslog producers on changes 2020-04-03 17:16:29 +00:00
Alfredo Cardigliano
a254a3ad6b Support for Enterprise L license 2020-04-02 11:02:56 +00:00
Alfredo Cardigliano
935de7e392 Support for host:producer mapping in syslog module 2020-04-01 16:45:37 +00:00
Alfredo Cardigliano
dfb8a587bb Reworked syslog parsing to support all log formats, removed producer hint as parameter 2020-04-01 15:43:11 +00:00
Alfredo Cardigliano
a206d995d2 Fix SyslogCollector initialization 2020-03-26 17:15:44 +00:00
emanuele-f
61ab06fcd7 Fix SyslogParserInterface plugins loading 2020-03-26 14:47:51 +01:00
Alfredo Cardigliano
fd95883958 The syslog interface not accepts a hint for the log producer name (syslog://<name>@<ip>:<port>) 2020-03-25 14:58:29 +00:00
Alfredo Cardigliano
d69367f7be Syslog lineformat 2019-12-19 15:04:45 +01:00
Alfredo Cardigliano
d05777df1e External alerts API update and cleanup 2019-10-22 15:08:06 +02:00
Alfredo Cardigliano
76759a7d03 Suricata events are now processed by the Lua script 2019-10-10 15:56:53 +02:00
Alfredo Cardigliano
a2e74e16a3 New Lua interface.processFlow API, moved processFlow from NetworkInterface to ParserInterface, code cleanup 2019-10-10 12:49:32 +02:00
Alfredo Cardigliano
e05f9aa4f4 Syslog events are not handled by scripts in scripts/callbacks/syslog/ with the application name as file name 2019-10-09 13:00:04 +02:00
Alfredo Cardigliano
7e9678de37 IDS alert -> External alert 2019-10-09 11:35:51 +02:00
Alfredo Cardigliano
1f3c824814 Stub lua script for syslog events (alerts from Suricata) 2019-10-09 11:06:48 +02:00
Alfredo Cardigliano
919f0a2ea9 Importing TLS metadata from Suricata 2019-10-05 12:57:29 +02:00
Alfredo Cardigliano
c34ffc65ed Importing DNS metadata from Suricata 2019-10-05 12:47:11 +02:00
Alfredo Cardigliano
256fec9283 Importing http metadata from Suricata 2019-10-05 12:15:16 +02:00
Alfredo Cardigliano
d672d93750 Sub interfaces support (wip) (#2825) 2019-09-17 10:34:52 +02:00
Alfredo Cardigliano
2c81afd678 Setting severity for IDS alerts 2019-08-28 03:38:01 +02:00
Alfredo Cardigliano
ae8674c41f Suricata trafing improvements, last switched fix 2019-08-28 01:39:07 +02:00
Alfredo Cardigliano
f8af84df2d SyslogParserInterface now supports the companion interface for delivering Suricata alerts to a packet interface (#1928) 2019-08-27 17:53:34 +02:00
Alfredo Cardigliano
955e14d5e4 Suricata logs ingestion improvements, fixes alerts for flow records not yet received 2019-08-27 15:44:29 +02:00
Simone Mainardi
12d8d1147b Uses class destructor to free json object mem 2019-05-10 19:40:41 +02:00
Simone Mainardi
ab92ee7926 Converts ZMQ PODs to classes 2019-05-10 19:32:34 +02:00
Luca Deri
c520daac33 Cleaned up syslog collector code 
Fixed syslog-collected flow time
 2019-04-15 21:48:23 +02:00
Simone Mainardi
4ed935547e Fixes memsets on Parsed_Flow members of type class 
Fixes #2521
 2019-04-09 16:17:07 +02:00
Alfredo Cardigliano
d9efcc49cb Suricata 'netflow' support (disabled 'flow' support) 2019-04-04 17:25:42 +02:00
Alfredo Cardigliano
7ce1150a69 IDS flow alerts notification 2019-04-04 16:03:48 +02:00
Alfredo Cardigliano
3c3d581b93 Parsing Suricata alerts, minor improvements 2019-04-03 17:04:32 +02:00
Alfredo Cardigliano
319b7a4234 Suricata timestamp conversion 2019-04-03 13:08:19 +02:00
Alfredo Cardigliano
61a8ce9a76 Implemented SyslogCollectorInterface/SyslogParserInterface 
Implemented TCP-based syslog collector (multi producer)
Initial Suricata EVE events parsing (basic flows)
Reworked ZMQ CollectorInterface/Parser interface hierarchy
 2019-04-02 18:32:52 +02:00