5. RESTful API v0 Specification¶
Warning
This API is deprecated and will be discountinued with ntopng 4.2, please move to the RESTful API v1
5.1. Authentication¶
Please note that cookies should be used for authentication, for example
with curl it is possible to specify username and password with
--cookie "user=<user>; password=<password>"
For example, to download data for a host you can use the below curl command line:
curl -s --cookie "user=admin; password=admin" "http://192.168.1.1:3000/lua/rest/get/host/data.lua?ifid=1&host=192.168.1.2"
Please check the Examples section for more examples.
5.2. API¶
5.2.1. Interfaces¶
GET /lua/rest/get/interface/data.lua
Get interface data
- Description: Interface data is returned
- Produces: [‘application/json’]
Parameters
Name | Position | Description | Type |
---|---|---|---|
ifid | query | Interface identifier | integer |
Responses
200 - successful operation
400 - Invalid status value
5.2.2. Hosts¶
GET /lua/rest/get/host/data.lua
Get host data
- Description: Host data is returned
- Produces: [‘application/json’]
Parameters
Name | Position | Description | Type |
---|---|---|---|
ifid | query | Interface identifier | integer |
host | query | Host address | string |
Responses
200 - successful operation
400 - Invalid status value
5.2.3. Alerts¶
GET /lua/rest/get/alert/data.lua
Get alerts data
- Description: Alerts are returned
- Produces: [‘application/json’]
Parameters
Name | Position | Description | Type |
---|---|---|---|
ifid | query | Interface identifier | integer |
status | query | Status filter (historical, historical-flows, engaged) | string |
Responses
200 - successful operation
400 - Invalid status value
5.2.4. Flows¶
GET /lua/pro/rest/get/db/flows.lua
Get flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO.
- Description: Executes a query to the flows database
- Produces: [‘application/json’]
Parameters
Name | Position | Description | Type |
---|---|---|---|
ifid | query | Interface identifier | integer |
begin_time_clause | query | Start time (epoch) | integer |
end_time_clause | query | Start time (epoch) | integer |
select_clause | query | Select clause (default: *) | string |
where_clause | query | Where clause (default: none) | string |
maxhits_clause | query | Max hits (default: 10) | integer |
Responses
200 - successful operation
400 - Invalid status value
GET /lua/pro/rest/get/db/topk_flows.lua
Get flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO
- Description: Executes a top-k query to the flows database
- Produces: [‘application/json’]
Parameters
Name | Position | Description | Type |
---|---|---|---|
ifid | query | Interface identifier | integer |
begin_time_clause | query | Start time (epoch) | integer |
end_time_clause | query | Start time (epoch) | integer |
select_keys_clause | query | Select keys (default: IPV4_SRC_ADDR,IPV4_DST_ADDR,L7_PROTO) | string |
select_values_clause | query | Select values (default: BYTES) | string |
where_clause | query | Where clause (default: none) | string |
topk_clause | query | Top-K clause (default: SUM) | string |
approx_search | query | Approximate search (default: true) | string |
maxhits_clause | query | Max hits (default: 10) | integer |
Responses
200 - successful operation
400 - Invalid status value
5.2.5. PCAP¶
GET /lua/rest/get/pcap/live_extraction.lua
Live PCAP traffic extraction
- Description: Raw PCAP data is returned
- Produces: [‘application/vnd.tcpdump.pcap’]
Parameters
Name | Position | Description | Type |
---|---|---|---|
ifid | query | Interface identifier | integer |
epoch_begin | query | Start time (epoch) | integer |
epoch_end | query | Start time (epoch) | integer |
bpf_filter | query | BPF filter | string |
Responses
200 - successful operation
400 - Invalid status value