ntopng alerts are evaluated with User Scripts. User Scripts are executed for hosts, interfaces, SNMP devices, and other network elements, and are configurable from the settings
Although only a Default configuration is shown in the figure above, each User Script can have multiple configurations. A configuration contains values for thresholds and other User Uscript-specific parameters.
In the example below, the Default configuration for Host User Scripts is configured to trigger a flow flood victim alert when the number of new flows per second generated exceeds 256.
Additional configurations can be created to specify different thresholds (e.g., a value different than 256 for the new flows generated per second), or to toggle on/off each individual User Script.
User Script Configurations are applied to pools. Pools are used to group together network elements. Host Pools group together multiple hosts. Similarly, Interface pools group together multiple interfaces, and so on. The same configuration can be applied to multiple pools, but a pool has one and only one configuration applied. Pools are managed from the system interface.
The configuration applied to each pool, shown in the table above, can be changed using the Edit button under Actions.
User Scripts run against all pool members will use the configuration specified for that pool. For example, an Interface pool LAN pool with interface
eno1 can be created and associated with a User Scripts configuration LAN config as shown below
Configuration LAN config was previously created from the Users Scripts Configuration page
Given the association shown above, Interface User Scripts will be run against
eno1 using the configuration LAN pool. All the other interfaces monitored have not been associated to a pool and so will have the Default configuration applied.