")
return
end
if(_GET["flow_rate_alert_threshold"] ~= nil and _GET["csrf"] ~= nil) then
if (tonumber(_GET["flow_rate_alert_threshold"]) ~= nil) then
page = "config"
val = ternary(_GET["flow_rate_alert_threshold"] ~= "0", _GET["flow_rate_alert_threshold"], "25")
ntop.setCache('ntopng.prefs.'..host_name..':'..tostring(host_vlan)..'.flow_rate_alert_threshold', val)
interface.loadHostAlertPrefs(host_ip, host_vlan)
end
end
if(_GET["syn_alert_threshold"] ~= nil and _GET["csrf"] ~= nil) then
if (tonumber(_GET["syn_alert_threshold"]) ~= nil) then
page = "config"
val = ternary(_GET["syn_alert_threshold"] ~= "0", _GET["syn_alert_threshold"], "10")
ntop.setCache('ntopng.prefs.'..host_name..':'..tostring(host_vlan)..'.syn_alert_threshold', val)
interface.loadHostAlertPrefs(host_ip, host_vlan)
end
end
if(_GET["flows_alert_threshold"] ~= nil and _GET["csrf"] ~= nil) then
if (tonumber(_GET["flows_alert_threshold"]) ~= nil) then
page = "config"
val = ternary(_GET["flows_alert_threshold"] ~= "0", _GET["flows_alert_threshold"], "32768")
ntop.setCache('ntopng.prefs.'..host_name..':'..tostring(host_vlan)..'.flows_alert_threshold', val)
interface.loadHostAlertPrefs(host_ip, host_vlan)
end
end
if(protocol_id == nil) then protocol_id = "" end
interface.select(ifname)
ifstats = aggregateInterfaceStats(interface.getStats())
ifId = ifstats.id
host = nil
family = nil
--print(">>>") print(host_info["host"]) print("<<<")
if(debug_hosts) then traceError(TRACE_DEBUG,TRACE_CONSOLE, "Host:" .. host_info["host"] .. ", Vlan: "..host_vlan.."\n") end
host = interface.getHostInfo(host_info["host"], host_vlan)
restoreFailed = false
if((host == nil) and ((_GET["mode"] == "restore") or (page == "historical"))) then
if(debug_hosts) then traceError(TRACE_DEBUG,TRACE_CONSOLE, "Restored Host Info\n") end
interface.restoreHost(host_info["host"], host_vlan)
host = interface.getHostInfo(host_info["host"], host_vlan)
restoreFailed = true
end
only_historical = false
if(host == nil) then
if (rrd_exists(host_ip, "bytes.rrd") and always_show_hist == "true") then
page = "historical"
only_historical = true
sendHTTPHeader('text/html; charset=iso-8859-1')
ntop.dumpFile(dirs.installdir .. "/httpdocs/inc/header.inc")
dofile(dirs.installdir .. "/scripts/lua/inc/menu.lua")
print [[
]]
else
-- We need to check if this is an aggregated host
if(not(restoreFailed) and (host_info ~= nil) and (host_info["host"] ~= nil)) then json = ntop.getCache(host_info["host"].. "." .. ifId .. ".json") end
sendHTTPHeader('text/html; charset=iso-8859-1')
ntop.dumpFile(dirs.installdir .. "/httpdocs/inc/header.inc")
dofile(dirs.installdir .. "/scripts/lua/inc/menu.lua")
print("
Host ".. hostinfo2hostkey(host_info) .. " cannot be found.")
if((json ~= nil) and (json ~= "")) then
print('
Such host as been purged from memory due to inactivity. Click here to restore it from cache.\n')
else
print('
Perhaps this host has been previously purged from memory or it has never been observed by this instance.
\n')
end
print("
")
dofile(dirs.installdir .. "/scripts/lua/inc/footer.lua")
return
end
else
sendHTTPHeader('text/html; charset=iso-8859-1')
ntop.dumpFile(dirs.installdir .. "/httpdocs/inc/header.inc")
dofile(dirs.installdir .. "/scripts/lua/inc/menu.lua")
-- Added global javascript variable, in order to disable the refresh of pie chart in case
-- of historical interface
print('\n\n')
if(host["ip"] ~= nil) then
host_name = hostinfo2hostkey(host)
host_info["host"] = host["ip"]
end
if(_GET["custom_name"] ~=nil) then
setHostAltName(hostinfo2hostkey(host_info), _GET["custom_name"])
end
host["label"] = getHostAltName(hostinfo2hostkey(host_info))
rrdname = dirs.workingdir .. "/" .. ifId .. "/rrd/" .. getPathFromKey(hostinfo2hostkey(host_info)) .. "/bytes.rrd"
-- print(rrdname)
print [[
]]
if((page == "overview") or (page == nil)) then
print("
\n")
if(host["ip"] ~= nil) then
if((host["antenna_mac"] ~= nil) and (host["antenna_mac"] ~= "00:00:00:00:00:00")) then
print("
Antenna MAC Address
" ..get_symbolic_mac(host["antenna_mac"]).. "
")
end
if(host["mac"] ~= "00:00:00:00:00:00") then
print("
(Router) MAC Address
" ..get_symbolic_mac(host["mac"]).. "
")
end
if(host["localhost"] == true) then
dump_status = host["dump_host_traffic"]
if(_GET["dump_traffic"] ~= nil) then
if(_GET["dump_traffic"] == "true") then
dump_status = true
else
dump_status = false
end
interface.select(ifname) -- if we submitted a form, nothing is select()ed
interface.setHostDumpPolicy(dump_status, host_info["host"], host_vlan)
end
if(dump_status) then
dump_traffic_checked = 'checked="checked"'
dump_traffic_value = "false" -- Opposite
else
dump_traffic_checked = ""
dump_traffic_value = "true" -- Opposite
end
if(isAdministrator()) then
print [[
')
end
print('
')
end
print("
IP Address
" .. host["ip"])
if(host["local_network_name"] ~= nil) then
print(" [ ".. host["local_network_name"].." ]")
end
else
if(host["mac"] ~= nil) then
print("
MAC Address
" .. host["mac"].. "
\n")
end
end
if((host["city"] ~= nil) and (host["city"] ~= "")) then
print(" [ " .. host["city"] .." "..getFlag(host["country"]).." ]")
end
drop_host_traffic = _GET["drop_host_traffic"]
host_key = hostinfo2hostkey(host_info)
if(drop_host_traffic ~= nil) then
if(drop_host_traffic == "false") then
ntop.delHashCache("ntopng.prefs.drop_host_traffic", host_key)
else
ntop.setHashCache("ntopng.prefs.drop_host_traffic", host_key, drop_host_traffic)
end
interface.updateHostTrafficPolicy(host_info["host"], host_vlan)
else
drop_host_traffic = ntop.getHashCache("ntopng.prefs.drop_host_traffic", host_key)
if(drop_host_traffic == nil) then drop_host_traffic = "false" end
end
if(host["ip"] ~= nil) then
print [[
')
print('
')
end
if(ifstats.vlan and (host["vlan"] ~= nil)) then
print("
")
if(ifstats.sprobe) then
print('Source Id')
else
print('VLAN ID')
end
print("
"..host["vlan"].."
\n")
end
if(ifstats.inline and (host.localhost or host.systemhost)) then
print("
Host Traffic Policy
")
print('
')
if(host["l7_traffic_policy"] ~= nil) then
print [[
]]
for k,v in pairs(host["l7_traffic_policy"]) do
print('
\n")
end
if(ifstats.inline and (host.localhost or host.systemhost) and isAdministrator()) then
if(_GET["host_quota"] ~= nil) then
interface.select(ifname) -- if we submitted a form, nothing is select()ed
interface.setHostQuota(tonumber(_GET["host_quota"]), host_info["host"], host_vlan)
end
host_quota_value = host["host_quota_mb"]
if(_GET["host_quota"] ~= nil) then host_quota_value = _GET["host_quota"] end
print [[
')
print('
')
else
print("
")
end
end
if((host["asn"] ~= nil) and (host["asn"] > 0)) then
print("
")
end
if(host["ip"] == host["name"]) then
print(" ")
end
print(host["name"] .. " ")
if(host["localhost"] == true) then print('Local') else print('Remote') end
if(host["privatehost"] == true) then print(' Private IP') end
if(host["systemhost"] == true) then print(' System ') end
print("
\n")
end
if(host["ip"] ~= nil) then
if(isAdministrator()) then
print("
]]
elseif((page == "peers")) then
host_info = url2hostinfo(_GET)
flows = interface.getFlowPeers(host_info["host"],host_info["vlan"])
found = 0
for key, value in pairs(flows) do
found = 1
break
end
if(found) then
print [[
Top ]] print(hostinfo2hostkey(host_info) ) print [[ Peers
Top Peer Protocols
Host
L7 Protocol
Traffic Volume
]]
else
print(" No active flows have been observed for the specified host
")
end
elseif((page == "traffic")) then
total = 0
for id, _ in ipairs(l4_keys) do
k = l4_keys[id][2]
if(host[k..".bytes.sent"] ~= nil) then total = total + host[k..".bytes.sent"] end
if(host[k..".bytes.rcvd"] ~= nil) then total = total + host[k..".bytes.rcvd"] end
end
if(total == 0) then
print("
No traffic has been observed for the specified host
")
else
print [[
L4 Protocol Overview
]]
print("
Protocol
Sent
Received
Breakdown
Total
\n")
for id, _ in ipairs(l4_keys) do
label = l4_keys[id][1]
k = l4_keys[id][2]
sent = host[k..".bytes.sent"]
if(sent == nil) then sent = 0 end
rcvd = host[k..".bytes.rcvd"]
if(rcvd == nil) then rcvd = 0 end
if((sent > 0) or (rcvd > 0)) then
print("
")
fname = getRRDName(ifname, hostinfo2hostkey(host_info), k)
if(ntop.exists(fname)) then
print("".. label .."")
else
print(label)
end
t = sent+rcvd
print("
\n")
end
elseif(page == "flows") then
print [[
]]
end
elseif(page == "snmp") then
if(ntop.isPro()) then
print_snmp_report(host_info["host"])
end
elseif(page == "talkers") then
print("
]]
jaccard = interface.similarHostActivity(host_info["host"],host_info["vlan"])
if(jaccard ~= nil) then
print [[
]]
vals = {}
for k,v in pairs(jaccard) do
vals[v] = k
end
max_hosts = 10
n = 0
if(host["name"] == nil) then host["name"] = ntop.getResolvedAddress(host["ip"]) end
for v,k in pairsByKeys(vals, rev) do
if(v > 0) then
if(n == 0) then
print("
\n")
print("
Local Hosts Similar to ".. hostinfo2hostkey(host) .."
Jaccard Coefficient
Activity Map
\n")
end
correlated_host = interface.getHostInfo(k)
if(correlated_host ~= nil) then
if(correlated_host["name"] == nil) then correlated_host["name"] = ntop.getResolvedAddress(correlated_host["ip"]) end
-- print the host row together with the Jaccard coefficient
print("
")
n = n +1
if(n >= max_hosts) then
break
end
end
end
end
if(n > 0) then
print("
\n")
else
print("There is no host correlated to ".. hostinfo2hostkey(host).."
\n")
end
print [[
Note:
Jaccard Similarity considers only activity map as shown in the host overview.
Two hosts are similar according to the Jaccard coefficient when their activity tends to overlap. In particular when their activity map is very similar. The Jaccard similarity coefficient is a number between +1 and 0.
]]
end
elseif(page == "contacts") then
if(num > 0) then
mode = "embed"
if(host["name"] == nil) then host["name"] = ntop.getResolvedAddress(host["ip"]) end
name = host["name"]
dofile(dirs.installdir .. "/scripts/lua/hosts_interaction.lua")
print("
\n")
print("
Client Contacts (Initiator)
Server Contacts (Receiver)
\n")
print("
")
if(cnum == 0) then
print("
No client contacts so far
")
else
print("
\n")
print("
Server Address
Contacts
\n")
-- TOFIX VLAN (We need to remove the host vlan and add the client vlan)
-- Client
sortTable = {}
for k,v in pairs(host["contacts"]["client"]) do
sortTable[v]=k
end
num = 0
max_num = 64 -- Do not create huge maps
for _v,k in pairsByKeys(sortTable, rev) do
if(num >= max_num) then break end
num = num + 1
name = interface.getHostInfo(k)
-- TOFIX VLAN (We need to remove the host vlan and add the client vlan)
v = host["contacts"]["client"][k]
info = interface.getHostInfo(k)
if(info ~= nil) then
if(info["name"] ~= nil) then n = info["name"] else n = ntop.getResolvedAddress(info["ip"]) end
url = ""..n..""
else
url = k
end
if(info ~= nil) then
url = url .. getFlag(info["country"]).." "
end
-- print(v.." ")
print("
"..url.."
" .. formatValue(v) .. "
\n")
end
print("
\n")
end
if(snum == 0) then
print("
No server contacts so far
")
else
print("
\n")
print("
Client Address
Contacts
\n")
-- Server
sortTable = {}
for k,v in pairs(host["contacts"]["server"]) do sortTable[v]=k end
for _v,k in pairsByKeys(sortTable, rev) do
v = host["contacts"]["server"][k]
info = interface.getHostInfo(k)
if(info ~= nil) then
if(info["name"] ~= nil) then n = info["name"] else n = ntop.getResolvedAddress(info["ip"]) end
url = ""..n..""
else
url = k
end
if(info ~= nil) then
url = url ..getFlag(info["country"]).." "
end
print("
"..url.."
" .. formatValue(v) .. "
\n")
end
print("
\n")
end
print("
\n")
print("
\n")
else
print("No contacts for this host")
end
elseif(page == "alerts") then
local tab = _GET["tab"]
local re_arm_minutes = nil
if(tab == nil) then tab = alerts_granularity[1][1] end
print('
')
for _,e in pairs(alerts_granularity) do
k = e[1]
l = e[2]
if(k == tab) then print("\t
')
-- Before doing anything we need to check if we need to save values
vals = { }
alerts = ""
to_save = false
if((_GET["to_delete"] ~= nil) and (_GET["SaveAlerts"] == nil)) then
delete_alert_configuration(hostinfo2hostkey(host_info))
alerts = nil
else
for k,_ in pairs(alert_functions_description) do
value = _GET["value_"..k]
operator = _GET["operator_"..k]
if((value ~= nil) and (operator ~= nil)) then
--io.write("\t"..k.."\n")
to_save = true
value = tonumber(value)
if(value ~= nil) then
if(alerts ~= "") then alerts = alerts .. "," end
alerts = alerts .. k .. ";" .. operator .. ";" .. value
end
end
end
--print(alerts)
if(to_save) then
if(alerts == "") then
ntop.delHashCache("ntopng.prefs.alerts_"..tab, host_ip)
else
ntop.setHashCache("ntopng.prefs.alerts_"..tab, host_ip, alerts)
end
else
alerts = ntop.getHashCache("ntopng.prefs.alerts_"..tab, host_ip)
end
if _GET["re_arm_minutes"] then
ntop.setHashCache("ntopng.prefs.alerts_"..tab.."_re_arm_minutes", host_ip, _GET["re_arm_minutes"])
end
re_arm_minutes = ntop.getHashCache("ntopng.prefs.alerts_"..tab.."_re_arm_minutes", host_ip)
if not re_arm_minutes then re_arm_minutes="" end
end
if(alerts ~= nil) then
--print(alerts)
--tokens = string.split(alerts, ",")
tokens = split(alerts, ",")
--print(tokens)
if(tokens ~= nil) then
for _,s in pairs(tokens) do
t = string.split(s, ";")
--print("-"..t[1].."-")
if(t ~= nil) then vals[t[1]] = { t[2], t[3] } end
end
end
end
print [[
Alert Function
Threshold
]]
elseif (page == "config") then
if(isAdministrator()) then
trigger_alerts = _GET["trigger_alerts"]
if(trigger_alerts ~= nil) then
if(trigger_alerts == "true") then
ntop.delHashCache("ntopng.prefs.alerts", host_ip)
else
ntop.setHashCache("ntopng.prefs.alerts", host_ip, trigger_alerts)
end
end
end
local flow_rate_alert_thresh = ntop.getCache('ntopng.prefs.'..host_ip..':'..tostring(host_vlan)..'.flow_rate_alert_threshold')
local syn_alert_thresh = ntop.getCache('ntopng.prefs.'..host_ip..':'..tostring(host_vlan)..'.syn_alert_threshold')
local flows_alert_thresh = ntop.getCache('ntopng.prefs.'..host_ip..':'..tostring(host_vlan)..'.flows_alert_threshold')
if (flow_rate_alert_thresh == nil or flow_rate_alert_thresh == "") then flow_rate_alert_thresh = 25 end
if (syn_alert_thresh == nil or syn_alert_thresh == "") then syn_alert_thresh = 10 end
if (flows_alert_thresh == nil or flows_alert_thresh == "") then flows_alert_thresh = 32768 end
print("
\n")
print("
Host Flow Alert Threshold
\n")
print [[
]]
print[[
Max number of new flows/sec over which a host is considered a flooder. Default: 25.
]]
print[[
]]
print("
Host SYN Alert Threshold
\n")
print [[
]]
print[[
Max number of sent TCP SYN packets/sec over which a host is considered a flooder. Default: 10.
]]
print[[
]]
print("
Host Flows Threshold
\n")
print [[
]]
print[[
Max number of flows over which a host is considered a flooder. Default: 32768.
]]
print[[
]]
local suppressAlerts = ntop.getHashCache("ntopng.prefs.alerts", host_ip)
if((suppressAlerts == "") or (suppressAlerts == nil) or (suppressAlerts == "true")) then
alerts_checked = 'checked="checked"'
alerts_value = "false" -- Opposite
else
alerts_checked = ""
alerts_value = "true" -- Opposite
end
print [[
Host Alerts
')
print('
')
print [[
]]
print("
")
elseif(page == "historical") then
if(_GET["rrd_file"] == nil) then
rrdfile = "bytes.rrd"
else
rrdfile=_GET["rrd_file"]
end
host_url = "host="..host_ip
host_key = host_ip
if(host_vlan and (host_vlan > 0)) then
host_url = host_url.."&vlan="..host_vlan
host_key = host_key.."@"..host_vlan
end
drawRRD(ifId, host_key, rrdfile, _GET["graph_zoom"], ntop.getHttpPrefix()..'/lua/host_details.lua?ifname='..ifId..'&'..host_url..'&page=historical', 1, _GET["epoch"], nil, makeTopStatsScriptsArray())
elseif(page == "sprobe") then
print [[