5. RESTful API v0 Specification¶

Warning

This API is deprecated and will be discountinued with ntopng 4.2, please move to the RESTful API v1

5.1. Authentication¶

Please note that cookies should be used for authentication, for example with curl it is possible to specify username and password with --cookie "user=<user>; password=<password>"

For example, to download data for a host you can use the below curl command line:

curl -s --cookie "user=admin; password=admin" "http://192.168.1.1:3000/lua/rest/get/host/data.lua?ifid=1&host=192.168.1.2"

Please check the Examples section for more examples.

5.2. API¶

5.2.1. Interfaces¶

GET /lua/rest/get/interface/data.lua

Get interface data

Description: Interface data is returned
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer

Responses

200 - successful operation

400 - Invalid status value

5.2.2. Hosts¶

GET /lua/rest/get/host/data.lua

Get host data

Description: Host data is returned
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
host	query	Host address	string

Responses

200 - successful operation

400 - Invalid status value

5.2.3. Alerts¶

GET /lua/rest/get/alert/data.lua

Get alerts data

Description: Alerts are returned
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
status	query	Status filter (historical, historical-flows, engaged)	string

Responses

200 - successful operation

400 - Invalid status value

5.2.4. Flows¶

GET /lua/pro/rest/get/db/flows.lua

Get flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO.

Description: Executes a query to the flows database
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
begin_time_clause	query	Start time (epoch)	integer
end_time_clause	query	Start time (epoch)	integer
select_clause	query	Select clause (default: *)	string
where_clause	query	Where clause (default: none)	string
maxhits_clause	query	Max hits (default: 10)	integer

Responses

200 - successful operation

400 - Invalid status value

GET /lua/pro/rest/get/db/topk_flows.lua

Get flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO

Description: Executes a top-k query to the flows database
Produces: [‘application/json’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
begin_time_clause	query	Start time (epoch)	integer
end_time_clause	query	Start time (epoch)	integer
select_keys_clause	query	Select keys (default: IPV4_SRC_ADDR,IPV4_DST_ADDR,L7_PROTO)	string
select_values_clause	query	Select values (default: BYTES)	string
where_clause	query	Where clause (default: none)	string
topk_clause	query	Top-K clause (default: SUM)	string
approx_search	query	Approximate search (default: true)	string
maxhits_clause	query	Max hits (default: 10)	integer

Responses

200 - successful operation

400 - Invalid status value

5.2.5. PCAP¶

GET /lua/rest/get/pcap/live_extraction.lua

Live PCAP traffic extraction

Description: Raw PCAP data is returned
Produces: [‘application/vnd.tcpdump.pcap’]

Parameters

Name	Position	Description	Type
ifid	query	Interface identifier	integer
epoch_begin	query	Start time (epoch)	integer
epoch_end	query	Start time (epoch)	integer
bpf_filter	query	BPF filter	string

Responses

200 - successful operation

400 - Invalid status value