vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-28 23:19:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
ntopng/doc/README.scripts
MatteoBiscosi f1e8091928 Removed plugin word and updated docs
2022-02-11 12:07:23 +01:00

79 lines
2.6 KiB
Text
Raw Blame History

Scripts Architecture
--------------------
ntopng can be extended by means of Lua scripts.
Lua scripts are also used to implement Checks for instance.
Scripts should be placed under the below folders, divided by family:
- scripts/scripts/
- pro/scripts/*_scripts/
Families (subfolders):
- alerts/ - the include checks which are not flow or host checks
- collectors/ - receive data from syslog
- endpoints/ - alert endpoints (e.g. discord, slack)
- monitors/ - system events (active monitoring, influxdb monitor, redis monitor, clickhouse monitor)
Example:
$ tree scripts/scripts/monitors/system/redis_monitor/
scripts/scripts/monitors/system/redis_monitor/
├── checks
│   └── system
│   └── redis_monitor.lua
├── manifest.lua
├── ts_schemas
│   └── min.lua
└── web_gui
├── get_redis_info.lua
├── get_redis_stats.lua
├── menu.lua
└── redis_stats.lua
Alert scripts (checks - excluding hosts and flows which are implemented in C) can be placed under alerts/ in subfolders of arbitrary name.
Example:
scripts/scripts/alerts/security/flow_flood/checks/network/flow_flood_victim.lua
Scripts Lifecycle
------——————————
Scripts are loaded by loadScripts() in script_utils.lua
Interface Checks
----------------
scripts/callbacks/interface/network.lua executes checks on local networks (function runScripts), for each network (called by NetworkInterface.cpp::checkNetworksAlerts)
scripts/lua/modules/checks.lua executes checks for interface and local networks (for the specific interface)
this is called by scripts/callbacks/system/discover.lua (TODO move and rename as this is not clear)
AlertCheckLuaEngine.cpp
C -> discover.lua -> C (NetworkInterface.cpp::checkNetworksAlerts) -> network.lua
SNMP Checks
-----------
scripts/callbacks/system/snmp_device.lua executes checks for SNMP
Other Checks
------------
Example:
scripts/scripts/alerts/internals/no_if_activity/checks/interface/no_if_activity.lua <- this triggers the alert
Alert definition:
scripts/lua/modules/alert_definitions/other/alert_no_if_activity.lua <- this is the alert definition, implemented as subclass of alert.lua
scripts/lua/modules/alert.lua
- the store() method enqueues the notification (alert non engage)
- the trigger() method stores the engaged alert in the alertable entity (interface or network) and enqueues the notification
- the release() method releases the engaged alert in the alertable entity and enqueues the notification
Alert IDs define in:
scripts/lua/modules/alert_keys/
- flow_alert_keys.lua
- host_alert_keys.lua
- other_alert_keys.lua
Reference in a new issue View git blame Copy permalink