mirror of
https://github.com/ntop/ntopng.git
synced 2026-05-13 14:32:55 +00:00
194 lines
5.3 KiB
Text
194 lines
5.3 KiB
Text
{
|
|
"cells": [
|
|
{
|
|
"cell_type": "markdown",
|
|
"id": "68ab5bc3",
|
|
"metadata": {},
|
|
"source": [
|
|
"First install the ntopng python package in the current Jupyter kernel"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": null,
|
|
"id": "16bc53b5",
|
|
"metadata": {},
|
|
"outputs": [],
|
|
"source": [
|
|
"import sys\n",
|
|
"!{sys.executable} -m pip install ntopng"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "markdown",
|
|
"id": "d5743a46",
|
|
"metadata": {},
|
|
"source": [
|
|
"Then we need to import libraries and set some defaults."
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": null,
|
|
"id": "aeaf6147",
|
|
"metadata": {},
|
|
"outputs": [],
|
|
"source": [
|
|
"import os\n",
|
|
"import sys\n",
|
|
"import getopt\n",
|
|
"import time\n",
|
|
"\n",
|
|
"from ntopng.ntopng import Ntopng\n",
|
|
"from ntopng.interface import Interface\n",
|
|
"from ntopng.host import Host\n",
|
|
"from ntopng.historical import Historical\n",
|
|
"from ntopng.flow import Flow\n",
|
|
"\n",
|
|
"# Defaults\n",
|
|
"username = \"admin\"\n",
|
|
"password = \"admin\"\n",
|
|
"ntopng_url = \"http://localhost:3000\"\n",
|
|
"iface_id = 0\n",
|
|
"auth_token = None\n",
|
|
"enable_debug = False\n",
|
|
"epoch_end = int(time.time())\n",
|
|
"epoch_begin = epoch_end - 3600\n",
|
|
"maxhits = 10"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "markdown",
|
|
"id": "76d99f37",
|
|
"metadata": {},
|
|
"source": [
|
|
"The we define a few functions for playing with data stored in the ntopng ClickHouse database"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": null,
|
|
"id": "3189f5e2",
|
|
"metadata": {},
|
|
"outputs": [],
|
|
"source": [
|
|
"def format_rsp(rsp):\n",
|
|
" for row in rsp:\n",
|
|
" print(row)\n",
|
|
"\n",
|
|
"def top_x_remote_ipv4_hosts(my_historical, epoch_begin, epoch_end, maxhits):\n",
|
|
" select_clause = \"IPV4_DST_ADDR,SUM(TOTAL_BYTES) TOT\"\n",
|
|
" where_clause = \"(SERVER_LOCATION=1)\"\n",
|
|
" group_by = \"IPV4_DST_ADDR_FORMATTED\"\n",
|
|
" order_by = \"TOT DESC\"\n",
|
|
"\n",
|
|
" rsp = my_historical.get_flows(iface_id, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)\n",
|
|
" format_rsp(rsp)\n",
|
|
"\n",
|
|
"def top_x_remote_ipv4_hosts_ports(my_historical, epoch_begin, epoch_end, maxhits):\n",
|
|
" select_clause = \"IPV4_DST_ADDR,SUM(TOTAL_BYTES) TOT,IP_DST_PORT\"\n",
|
|
" where_clause = \"(SERVER_LOCATION=1)\"\n",
|
|
" group_by = \"IPV4_DST_ADDR_FORMATTED,IP_DST_PORT\"\n",
|
|
" order_by = \"TOT DESC\"\n",
|
|
"\n",
|
|
" rsp = my_historical.get_flows(iface_id, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)\n",
|
|
" format_rsp(rsp)\n",
|
|
"\n",
|
|
"def top_x_remote_ports(my_historical, epoch_begin, epoch_end, maxhits):\n",
|
|
" select_clause = \"SUM(TOTAL_BYTES) TOT,IP_DST_PORT\"\n",
|
|
" where_clause = \"(SERVER_LOCATION=1)\"\n",
|
|
" group_by = \"IP_DST_PORT\"\n",
|
|
" order_by = \"TOT DESC\"\n",
|
|
"\n",
|
|
" rsp = my_historical.get_flows(iface_id, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)\n",
|
|
" format_rsp(rsp)"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "markdown",
|
|
"id": "d3598d11",
|
|
"metadata": {},
|
|
"source": [
|
|
"Finally we define out main program that connects to the ntopng instance we have defined\n"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": null,
|
|
"id": "3c5e9dbb",
|
|
"metadata": {},
|
|
"outputs": [],
|
|
"source": [
|
|
"try:\n",
|
|
" my_ntopng = Ntopng(username, password, auth_token, ntopng_url)\n",
|
|
"\n",
|
|
" if(enable_debug):\n",
|
|
" my_ntopng.enable_debug() \n",
|
|
"except ValueError as e:\n",
|
|
" print(e)\n",
|
|
" os._exit(-1)\n"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "markdown",
|
|
"id": "ac313523",
|
|
"metadata": {},
|
|
"source": [
|
|
"Then executes the above functions"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": null,
|
|
"id": "7b60bf7e",
|
|
"metadata": {
|
|
"scrolled": true
|
|
},
|
|
"outputs": [],
|
|
"source": [
|
|
"try:\n",
|
|
" my_historical = Historical(my_ntopng)\n",
|
|
"\n",
|
|
" print(\"\\n\\n==========================\\nTop X Remote Hosts Traffic\")\n",
|
|
" top_x_remote_ipv4_hosts(my_historical, epoch_begin, epoch_end, maxhits)\n",
|
|
" print(\"\\n\\n==========================\\nTop X Remote Host/Ports Traffic\")\n",
|
|
" top_x_remote_ipv4_hosts_ports(my_historical, epoch_begin, epoch_end, maxhits)\n",
|
|
" print(\"\\n\\n==========================\\nTop X Remote Ports Traffic\")\n",
|
|
" top_x_remote_ports(my_historical, epoch_begin, epoch_end, maxhits)\n",
|
|
" \n",
|
|
"except ValueError as e:\n",
|
|
" print(e)\n",
|
|
" os._exit(-1)"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": null,
|
|
"id": "76a9b2bb",
|
|
"metadata": {},
|
|
"outputs": [],
|
|
"source": []
|
|
}
|
|
],
|
|
"metadata": {
|
|
"kernelspec": {
|
|
"display_name": "Python 3 (ipykernel)",
|
|
"language": "python",
|
|
"name": "python3"
|
|
},
|
|
"language_info": {
|
|
"codemirror_mode": {
|
|
"name": "ipython",
|
|
"version": 3
|
|
},
|
|
"file_extension": ".py",
|
|
"mimetype": "text/x-python",
|
|
"name": "python",
|
|
"nbconvert_exporter": "python",
|
|
"pygments_lexer": "ipython3",
|
|
"version": "3.10.6"
|
|
}
|
|
},
|
|
"nbformat": 4,
|
|
"nbformat_minor": 5
|
|
}
|