ntopng - User Scripts

Contribute

Contribute to the project by sending encrypted, anonymous telemetry data to ntop.org.

User Scripts

Script	Type	Availability	Hooks	Filters
active	Hosts	Community	5mins, day, hour, min	alerts, local_only
bytes	Hosts	Community	5mins, day, hour, min	alerts, local_only
dns	Hosts	Community	5mins, day, hour, min	alerts, local_only
flow_flood_attacker	Hosts	Community	min	alerts
flow_flood_victim	Hosts	Community	min	alerts
flows	Hosts	Community	5mins, day, hour, min	alerts, local_only
idle	Hosts	Community	5mins, day, hour, min	alerts, local_only
p2p	Hosts	Community	5mins, day, hour, min	alerts, local_only
packets	Hosts	Community	5mins, day, hour, min	alerts, local_only
request_reply_ratio	Hosts	Community	5mins	alerts, local_only, nedge=false
syn_flood_attacker	Hosts	Community	min	alerts
syn_flood_victim	Hosts	Community	min	alerts
syn_scan_attacker	Hosts	Community	min	alerts
syn_scan_victim	Hosts	Community	min	alerts
throughput	Hosts	Community	5mins, day, hour, min	alerts, local_only
active_local_hosts	Interfaces	Community	5mins, day, hour, min	alerts
bytes	Interfaces	Community	5mins, day, hour, min	alerts
device_connection_disconnection	Interfaces	Community	min	alerts
dns	Interfaces	Community	5mins, day, hour, min	alerts
flow_calls_drops	Interfaces	Community	min	alerts
ghost_networks	Interfaces	Community	min	alerts
idle	Interfaces	Community	5mins, day, hour, min	alerts
p2p	Interfaces	Community	5mins, day, hour, min	alerts
packets	Interfaces	Community	5mins, day, hour, min	alerts
periodic_activity_not_executed	Interfaces	Community	min	alerts
pool_connection_disconnection	Interfaces	Community	min	alerts
pool_quota_exceeded	Interfaces	Community	min	alerts, nedge=true
slow_periodic_activity	Interfaces	Community	min	alerts
slow_purge	Interfaces	Community	min	alerts
throughput	Interfaces	Community	5mins, day, hour, min	alerts
too_many_drops	Interfaces	Community	min	alerts
too_many_flows	Interfaces	Community	min	alerts
too_many_hosts	Interfaces	Community	min	alerts
egress	Networks	Community	5mins, day, hour, min	alerts
flow_flood_victim	Networks	Community	min
ingress	Networks	Community	5mins, day, hour, min	alerts
inner	Networks	Community	5mins, day, hour, min	alerts
syn_flood_victim	Networks	Community	min	alerts
syn_scan_victim	Networks	Community	min	alerts
lldp_topology_changed	SNMP	Community	snmpDevice
blacklisted	Flows	Community	protocolDetected
country_check	Flows	Community	protocolDetected
device_protocol_not_allowed	Flows	Community	protocolDetected
external_alert_check	Flows	Community	flowEnd, periodicUpdate
flow_logger	Flows	Community	protocolDetected
flow_risks	Flows	Community	protocolDetected
not_purged	Flows	Community	periodicUpdate
remote_to_remote	Flows	Community	protocolDetected
tcp_issues_generic	Flows	Community	flowEnd, periodicUpdate	l4_proto=tcp, 3wh_completed, nedge=false
tcp_issues_packets	Flows	Community	periodicUpdate	l4_proto=tcp, packet_interface, 3wh_completed, nedge=false
udp_unidirectional	Flows	Community	flowEnd, periodicUpdate, protocolDetected, statusChanged	l4_proto=udp
unexpected_dhcp	Flows	Community	protocolDetected
unexpected_dns	Flows	Community	protocolDetected
unexpected_ntp	Flows	Community	protocolDetected
unexpected_smtp	Flows	Community	protocolDetected
web_mining	Flows	Community	protocolDetected
active_monitoring	System	Community	5mins, hour, min
alerts_ts	System	Community	min
disk_monitor	System	Community	hour
dropped_alerts	System	Community	min	alerts
influxdb_monitor	System	Community	5mins, min
ip_reassignment	System	Community	min
memory_ts	System	Community	min
periodic_activity_not_executed	System	Community	min	alerts
redis_monitor	System	Community	min
remote_to_remote	System	Community	min
slow_periodic_activity	System	Community	min	alerts
host_log	Syslog	Community	handleEvent
suricata	Syslog	Community	handleEvent	nedge=false