ntopng/scripts/lua/modules/tracker.lua

--
-- (C) 2017-18 - ntop.org
--

local json = require "dkjson"

local tracker = {}

function tracker.log(f_name, f_args)
  local jobj = { 
    scope = 'function',
    name = f_name,
    params = f_args
  }

  local entity = alertEntity("user")
  local entity_value = ternary(_SESSION["user"] ~= nil, _SESSION["user"], 'system')
  local alert_type = alertType("alert_user_activity")
  local alert_severity = alertSeverity("info")
  local alert_json = json.encode(jobj)

  -- tprint(alert_json)

  local old_iface = interface.getStats().id
  local sys_iface = getFirstInterfaceId()
  interface.select(tostring(sys_iface))

  interface.storeAlert(entity, entity_value, alert_type, alert_severity, alert_json)

  interface.select(tostring(old_iface))
end

function tracker.hook(f, name)
  return function(...)
    local f_name
    if name ~= nil then
      f_name = name
    else
      f_name = debug.getinfo(1, "n").name
    end

    if f_name ~= nil then
      local f_args = {}
      for k, v in pairs({...}) do
        if (f_name == 'addUser'           and k == 3) or
           (f_name == 'resetUserPassword' and k == 4) then
          -- hiding password
          f_args[k] = ''
        else
          f_args[k] = tostring(v)
        end
      end
      
      tracker.log(f_name, f_args)
    end

    local result = {f(...)}

    return table.unpack(result)
  end
end

function tracker.track_ntop()
  local fns = {
    "addUser",
    "deleteUser",
    "resetUserPassword",
    "runLiveExtraction",
    "dumpBinaryFile",
    --"setPref",
  }

  for _, fn in pairs(fns) do
    if ntop[fn] and type(ntop[fn]) == "function" then
      ntop[fn] = tracker.hook(ntop[fn])
    end
  end
end

function tracker.track_interface()
  local fns = {
    "liveCapture",
  }

  for _, fn in pairs(fns) do
    if interface[fn] and type(interface[fn]) == "function" then
      interface[fn] = tracker.hook(interface[fn])
    end
  end
end

function tracker.track(table, fn)
  table[fn] = tracker.hook(table[fn], fn)
end

-- #################################

return tracker