Types Definition
################

ntopng identifies alerts and flows status by a 64 bit ID. ID definitions are located into the following folders:

- `scripts/callbacks/alert_defs`: contains alert definitions
- `scripts/callbacks/status_defs`: contains flow status definitions

The directories contains Lua scripts in a well defined format, which is described below.
When implementing new alerts, the first thing to do is to define a new alert type, picking
an unused ID. The available and used IDs can be easily visualized by visiting the `/lua/defs_overview.lua` page.

Alert Definition
----------------

An alert definition script must return a table with the following fields:

- `alert_id`: the unique ID of the alert
- `i18n_title`: a title for the alert (e.g. "Syn Flood") or i18n localization string.
- `i18n_description` (optional): a description for the alert, i18n localization string or formatter function.
- `icon`: a css class for icon for the alert (e.g. `fa-exclamation`).

.. warning::

  In order to avoid `alert_id` collisions with new ntopng scripts, users should use the dedicated custom IDs (e.g. `alert_consts.custom_alert_1`) in their custom scripts.

If the `i18n_description` can be a formatter function whith the following signature:

.. code:: lua

  function alert_formatter(ifid, alert, info)
    return "formatted string"
  end

where:

- `ifid`: the interface ID where the alert was generated
- `alert`: container for the alert information
- `info`: a custom JSON passed during alert generation

Status Definition
-----------------

A flow definition script must return a table with the following fields:

- `alert_type`: type of alert generated by this status
- `alert_severity`: severity for the alert generated (e.g. alert_consts.alert_severities.error)
- `i18n_title`: a title for the status (e.g. "Too many retransmissions") or i18n localization string.
- `i18n_description` (optional): a description for the status, i18n localization string or formatter function.

If the `i18n_description` can be a formatter function whith the following signature:

.. code:: lua

  function status_formatter(status, flowstatus_info)
    return "formatted string"
  end

where:

- `status`: the current status of the flow
- `flowstatus_info`: a custom JSON passed during alert generation