vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-30 16:09:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
ntopng/scripts/plugins/examples/example/user_scripts/flow/example.lua
Simone Mainardi f7e1ea9709 Reworks plugin loading and structure 
Implements #4358
2020-09-15 11:33:53 +02:00

134 lines
4.5 KiB
Lua
Raw Blame History

--
-- (C) 2019-20 - ntop.org
--
local flow_consts = require("flow_consts")
-- This is a user script executed by scripts/callbacks/interface/flow.lua .
-- Changes to this script must be applied by reloading the plugins from
-- http://127.0.0.1:3000/lua/plugins_overview.lua
local global_state = nil
-- #################################################################
local script = {
-- Script category, see user_scripts.script_categories for all available categories
category = user_scripts.script_categories.other,
-- This module is enabled by default
default_enabled = true,
-- The default configuration for this plugin. The current configuration
-- is passed to the script hooks as the second parameter.
default_value = {
-- This configuration is specific of this script
exclude_ports = {[80] = true},
},
-- A user script must be attached some hooks in order to be executed.
-- This is only a placeholder, see below for the hooks definitions.
-- NOTE: the "all" hook is a virtual hook which causes the script to
-- be attached to all the available hooks.
hooks = {},
-- GUI specific stuff. If this section is missing, the user script
-- will not be shown in the gui.
gui = {
-- A title for this user script
i18n_title = "example.flow_script_title",
-- A description for this user script
i18n_description = "example.flow_script_description",
},
----------------------------------------------------------------------
-- If true, the script will be automatically disabled when alerts are
-- disabled.
is_alert = false,
-- If true, this script will only be executed on packet interfaces
packet_interface_only = false,
-- If true, this script will only be executed in nEdge
nedge_only = false,
-- If true, this script will not be executed in nEdge
nedge_exclude = false,
-- If true, this script will not be available on Windows.
windows_exclude = false,
----------------------------------------------------------------------
-- The frequency for the periodicUpdate hook invocation. Must be
-- multiple of 30 seconds.
periodic_update_seconds = 30,
-- If true, the script will be executed on TCP flows only after the three
-- way handshake is completed
three_way_handshake_ok = false,
-- If set, the script will only be called on flows with the specified
-- L7 protocol name (application or master protocol).
-- Run "ntopng --print-ndpi-protocols" to get a list of protocol names.
l7_proto = nil,
-- If set, the script will only be called on flows with the specified
-- L4 protocol name. Supported values: udp, tcp, icmp
l4_proto = nil,
}
-- #################################################################
-- @brief Called when the script is going to be loaded.
-- @return true if the script should be loaded, false otherwise
-- @note Can be used to init some script global state or to skip the script
-- execution on some particular conditions
function script.setup()
local is_enabled = true -- your custom condition here
global_state = {}
return(is_enabled)
end
-- #################################################################
-- An hook executed after the protocol of a flow has been detected
function script.hooks.protocolDetected(now, config)
local flow_info = flow.getInfo()
print("flow:protocolDetected hook called: " .. shortFlowLabel(flow_info))
-- Check if the server port is not in the configured exclusion list
if not config["exclude_ports"][flow_info["srv.port"]] then
-- Set an invalid status on the flow and trigger the corresponding alert
flow.triggerStatus(flow_consts.status_types.status_example, {
bad_port = flow_info["srv.port"]
}, 60--[[ flow score]], 50--[[ cli score ]], 10--[[ srv score ]])
else
-- A previosly set status can be cleared
-- flow.clearStatus(flow_consts.status_types.status_example)
end
end
-- #################################################################
-- An hook executed when the flow is considered closed
function script.hooks.flowEnd(now, config)
print("flow:protocolDetected hook called: " .. shortFlowLabel(flow.getInfo()))
end
-- #################################################################
-- An hook executed periodically. The update frequency is specified via the
-- periodic_update_seconds parameter.
function script.hooks.periodicUpdate(now, config)
print("flow:periodicUpdate hook called: " .. shortFlowLabel(flow.getInfo()))
end
-- #################################################################
return script
Reference in a new issue View git blame Copy permalink