1. RESTful API v2 Specification
1.1. Authentication
The HTTP/HTTPS authentication should be used, for example with curl
it is possible to specify username and password with
-u <user>:<password>
Using HTTPS is recommended for security. See this post to enable HTTPS.
1.2. Request Format
Parameters can be provided both using GET with a query string or POST using JSON (in this case please make sure the correct Content Type is provided). For example, to download data for a host you can use the below curl command line using GET:
curl -s -u admin:admin "http://192.168.1.1:3000/lua/rest/v2/get/host/data.lua?ifid=1&host=192.168.1.2"
or the below curl command line using POST:
curl -s -u admin:admin -H "Content-Type: application/json" -d '{"ifid": "1", "host": "192.168.1.2"}' "http://192.168.1.1:3000/lua/rest/v2/get/host/data.lua"
Please check the Examples section for more examples.
1.3. Response Format
An API response is usually represented by a JSON message matching a standard structure. This JSON message consists of an envelope containing:
a return code rc
a human-readable string rc_str describing the return code
the actual response in rsp
Example:
{
"rc": 0
"rc_str": "OK",
"rsp": {
...
}
}
1.4. API
1.4.1. Interfaces
GET /lua/pro/rest/v2/delete/host/asset.lua
Get ntopng actively monitored interfaces names and ids
Description: Interface name and integer interface id for each actively monitored ntopng interface
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
serial_key |
query |
Host identifier |
integer |
Responses
0 - OK
1.4.2. Hosts
GET /lua/pro/rest/v2/get/geo_map/hosts.lua
Get hosts location
Description: Get hosts location and other info
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/pro/rest/v2/get/interface/top/local/talkers.lua
Get Top local talkers
Description: Get the Top 10 local talkers
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface ID |
number |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/pro/rest/v2/get/interface/top/remote/talkers.lua
Get Top remote talkers
Description: Get the Top 10 remote talkers
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface ID |
number |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/pro/rest/v2/get/interface/top_ts_stats.lua
Get Top Timeseries stats
Description: Get the Top timeseries stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
Start time (epoch) |
integer |
ts_query |
query |
data used to get the timeseries; e.g. format: ‘ifid:1,protocol:DNS’ , where ‘ifid:1’ stands for interface ID 1 and ‘protocol:DNS’ stands for DNS protocol information |
integer |
detail_view |
query |
Top information requested, currently available: top_protocols -> Top Application data, top_categories -> Top Categories data, top_senders -> Top Local Senders data, top_receivers -> Top Local Receivers data |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
POST /lua/rest/v2/add/host/to_scan.lua
Add host to vulnerability scan hosts list
Description: Add Host to Scan
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
host |
formData |
Host address |
string |
scan_type |
formData |
Vulnerability Scan Type |
string |
scan_ports |
formData |
Comma separeted ports list |
string |
scan_frequency |
formData |
Available only from Pro License. Automatic scanning, one option between: disabled, 1day (scan once per day), 1week (scan once a week) |
string |
scan_id |
formData |
Scan ID |
string |
cidr |
formData |
Network CIDR |
string |
Responses
0 - OK
-6 - INTERNAL_ERROR
-8 - BAD_CONTENT
POST /lua/rest/v2/exec/host/schedule_vulnerability_scan.lua
Delete host from vulnerability scan hosts list
Description: Delete Host to Scan
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
host |
formData |
Host address |
string |
scan_type |
formData |
Vulnerability Scan Type |
string |
scan_ports |
formData |
Comma separeted ports list |
string |
scan_single_host |
formData |
Boolean to a single or all hosts |
boolean |
Responses
0 - OK
-6 - INTERNAL_ERROR
-8 - BAD_CONTENT
1.4.3. Alerts
GET /lua/pro/rest/v2/acknowledge/snmp/device/alerts.lua
Acknowledge SNMP device alerts
Description: Acknowledge SNMP device historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
label |
query |
Describe why the alert was ackowledge, it can be an empty string |
string |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
row_id |
query |
Alert identifier of the exact alert |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/add/alert/exclusion.lua
Add an alert exclusion
Description: Add an alert exclusion
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
type |
query |
Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’) |
string |
alert_addr |
query |
Host IP of the address to exclude (with type: ‘host’) |
string |
alert_domain |
query |
Domain to exclude (with type ‘host’) |
string |
alert_certificate |
query |
Certificate to exclude (with type ‘certificate’) |
string |
subdir |
query |
Type of alert to exclude (currently available: ‘flow’ or ‘host’ |
string |
flow_alert_key |
query |
Flow alert identifier |
string |
host_alert_key |
query |
Host alert identifier |
string |
delete_alerts |
query |
Return true to delete the excluded alerts, false otherwise |
boolean |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/add/device/exclusion.lua
Add a device to exclude
Description: Add a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
mac_list |
query |
List of MAC addresses to exclude separated by commas |
string |
trigger_alerts |
query |
Trigger the Unexpected Device Connected/Disconnected alert if set to true, otherwise not |
boolean |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/delete/alert/exclusion.lua
Delete an alert exclusion
Description: Delete an alert exclusion
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
type |
query |
Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’) |
string |
alert_addr |
query |
Host IP of the address to exclude (with type: ‘host’) |
string |
alert_domain |
query |
Domain to exclude (with type ‘host’) |
string |
alert_certificate |
query |
Certificate to exclude (with type ‘certificate’) |
string |
subdir |
query |
Type of alert to exclude (currently available: ‘flow’ or ‘host’ |
string |
flow_alert_key |
query |
Flow alert identifier |
string |
host_alert_key |
query |
Host alert identifier |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/delete/all/alert/exclusions.lua
Delete all alert exclusions
Description: Delete all configured host or flow alert exclusions for a specific host
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
type |
query |
Either ‘host’ or ‘flow’ |
string |
host |
query |
The IP address of the host |
string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/delete/device/exclusion.lua
Remove a device to exclude
Description: Remove a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
device |
query |
MAC addresses to remove from the exclusions, or ‘all’ to delete all the MAC addresses excluded until now |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/delete/flow/alert/exclusions.lua
Delete flow alert exclusions
Description: Delete flow alert exclusions
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
alert_addr |
query |
The host IP address |
string |
alert_key |
query |
The flow alert key to exclude from flow alerts |
integer |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/delete/host/alert/exclusions.lua
Delete host alert exclusions
Description: Delete host alert exclusions
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
alert_addr |
query |
The host IP address |
string |
alert_key |
query |
The host alert key to exclude from host alerts |
integer |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/delete/snmp/device/alerts.lua
Delete SNMP device alerts
Description: Delete SNMP device alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/edit/device/exclusion.lua
Edit a device to exclude
Description: Edit a device to exclude to the MAC tracking (see for more info: Device/MAC Address Tracking)
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
mac |
query |
MAC address to edit |
string |
mac_alias |
query |
Alias used to rename the MAC address |
string |
mac_status |
query |
MAC address status |
string |
trigger_alerts |
query |
Trigger the Unexpected Device Connected/Disconnected alert if set to true, otherwise not |
boolean |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/alert/exclusion.lua
Get the alert exclusions
Description: Get all the available alert exclusions
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
type |
query |
Type of the host to exclude (currently available: ‘host’, ‘domain’, ‘certificate’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/all/alert/top.lua
Get all alert stats
Description: Get all alert stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
Start time (epoch) |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/am_host/alert/top.lua
Get Active Monitoring alert stats
Description: Get Active Monitoring alert stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/device/exclusion.lua
List of excluded devices
Description: Return the list of the excluded devices (see for more info: Device/MAC Address Tracking)
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/domain/alert/exclusions.lua
Get domain alert exclusions
Description: Get domain alert exclusions
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/get/flow/alert/exclusions.lua
Get flow alert exclusions
Description: Get flow alert exclusions
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
host |
query |
The host IP address |
string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/get/flow/alert/top.lua
Get flow alert stats
Description: Get flow alert stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_ip |
query |
Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_ip |
query |
Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_name |
query |
Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
srv_name |
query |
Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
cli_port |
query |
Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_port |
query |
Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
l7proto |
query |
Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_country |
query |
Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_country |
query |
Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
probe_ip |
query |
Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
input_snmp |
query |
Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
output_snmp |
query |
Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_host_pool_id |
query |
Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
srv_host_pool_id |
query |
Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
cli_network |
query |
Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_network |
query |
Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7_error_id |
query |
Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
traffic_direction |
query |
Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
format |
query |
Format of the return data (json or txt) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/flowdevice/stats.lua
Get flow device stats
Description: get flow device stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
ip |
query |
The IP address of the device |
string |
ifIdx |
query |
The interface index |
integer |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/flowdevices/stats.lua
Get flow devices stats
Description: get flow devices stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/host/alert/exclusions.lua
Get host alert exclusions
Description: Get host alert exclusions
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
host |
query |
The host IP address |
string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/get/host/alert/top.lua
Get host alert stats
Description: Get host alert stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
name |
query |
Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
host_pool_id |
query |
Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
network |
query |
Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/interface/alert/top.lua
Get interface alert stats
Description: Get interface alert stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
subtype |
query |
Alert subtype |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/mac/alert/top.lua
Get MAC alert stats
Description: Get MAC alert stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/network/alert/top.lua
Get network alert stats
Description: Get network alert stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
network_name |
query |
Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/observation_points/stats.lua
Get observation points alert stats
Description: Get observation points alert stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/sflowdevice/stats.lua
Get sFlow device stats
Description: get sFlow device stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
ip |
query |
The IP address of the device |
string |
ifIdx |
query |
The interface index |
integer |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/sflowdevices/stats.lua
Get sFlow devices stats
Description: get sFlow devices stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/snmp/device/alert/list.lua
Get SNMP device alerts list
Description: Get SNMP device alerts list
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
start |
query |
Starting record (e.g. start=100, it will start returning records from the 101st) |
integer |
length |
query |
Maximum number of records to get |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
format |
query |
Format of the return data (json or txt) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/snmp/device/alert/top.lua
Get SNMP device alert stats
Description: Get SNMP device alert stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/snmp/device/alert/ts.lua
Get SNMP device alerts timeseries
Description: Get SNMP device alerts timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/system/alert/top.lua
Get system alert stats
Description: Get system alert stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/user/alert/top.lua
Get user alert stats
Description: Get user alert stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/am_host/alerts.lua
Acknowledge Active Monitoring alerts
Description: Acknowledge Active Monitoring historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
label |
query |
Describe why the alert was ackowledge, it can be an empty string |
string |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
row_id |
query |
Alert identifier of the exact alert |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/flow/alerts.lua
Acknowledge flow alerts
Description: Acknowledge flow historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
label |
query |
Describe why the alert was ackowledge, it can be an empty string |
string |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
row_id |
query |
Alert identifier of the exact alert |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_ip |
query |
Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_ip |
query |
Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_name |
query |
Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
srv_name |
query |
Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
cli_port |
query |
Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_port |
query |
Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
l7proto |
query |
Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_country |
query |
Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_country |
query |
Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
probe_ip |
query |
Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
input_snmp |
query |
Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
output_snmp |
query |
Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_host_pool_id |
query |
Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
srv_host_pool_id |
query |
Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
cli_network |
query |
Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_network |
query |
Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7_error_id |
query |
Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
traffic_direction |
query |
Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/host/alerts.lua
Acknowledge host alerts
Description: Acknowledge host historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
label |
query |
Describe why the alert was ackowledge, it can be an empty string |
string |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
row_id |
query |
Alert identifier of the exact alert |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
name |
query |
Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
host_pool_id |
query |
Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
network |
query |
Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/interface/alerts.lua
Acknowledge interface alerts
Description: Acknowledge interface historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
label |
query |
Describe why the alert was ackowledge, it can be an empty string |
string |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
row_id |
query |
Alert identifier of the exact alert |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
subtype |
query |
Alert subtype |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/mac/alerts.lua
Acknowledge MAC alerts
Description: Acknowledge MAC historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
label |
query |
Describe why the alert was ackowledge, it can be an empty string |
string |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
row_id |
query |
Alert identifier of the exact alert |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/network/alerts.lua
Acknowledge network alerts
Description: Acknowledge network historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
label |
query |
Describe why the alert was ackowledge, it can be an empty string |
string |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
row_id |
query |
Alert identifier of the exact alert |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
network_name |
query |
Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/system/alerts.lua
Acknowledge system alerts
Description: Acknowledge system historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
label |
query |
Describe why the alert was ackowledge, it can be an empty string |
string |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
row_id |
query |
Alert identifier of the exact alert |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/acknowledge/user/alerts.lua
Acknowledge user alerts
Description: Acknowledge user historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
label |
query |
Describe why the alert was ackowledge, it can be an empty string |
string |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
row_id |
query |
Alert identifier of the exact alert |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/all/alerts.lua
Delete all alerts
Description: Delete all historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/am_host/alerts.lua
Delete active monitoring hosts alerts
Description: Delete active monitoring hosts historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/flow/alerts.lua
Delete flow alerts
Description: Delete flow historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_ip |
query |
Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_ip |
query |
Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_name |
query |
Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
srv_name |
query |
Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
cli_port |
query |
Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_port |
query |
Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
l7proto |
query |
Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_country |
query |
Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_country |
query |
Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
probe_ip |
query |
Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
input_snmp |
query |
Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
output_snmp |
query |
Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_host_pool_id |
query |
Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
srv_host_pool_id |
query |
Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
cli_network |
query |
Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_network |
query |
Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7_error_id |
query |
Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
traffic_direction |
query |
Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/host/alerts.lua
Delete host alerts
Description: Delete historical host alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
name |
query |
Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
host_pool_id |
query |
Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
network |
query |
Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/host/new_devices.lua
Delete all new devices
Description: Delete all new devices learned by ntopng
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
GET /lua/rest/v2/delete/interface/alerts.lua
Delete interface alerts
Description: Delete historical interface alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
subtype |
query |
Alert subtype |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/mac/alerts.lua
Delete MAC alerts
Description: Delete MAC historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/network/alerts.lua
Delete network alerts
Description: Delete historical network alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
network_name |
query |
Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/system/alerts.lua
Delete system alerts
Description: Delete system historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/delete/user/alerts.lua
Delete user alerts
Description: Delete user historical alerts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
1.4.4. Flows
GET /lua/pro/rest/v2/get/db/columns_info.lua
Get Clickhouse available columns
Description: Executes a query to the flows database and return all the available columns the DB has
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/db/flows.lua
Get flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO.
Description: Executes a query to the flows database
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
begin_time_clause |
query |
Start time (epoch) |
integer |
end_time_clause |
query |
Start time (epoch) |
integer |
select_clause |
query |
Select clause (default: *) |
string |
where_clause |
query |
Where clause (default: none). IP values should be double-quoted and between parenthesis (e.g. IPV4_SRC_ADDR = (“192.168.1.1”)). |
string |
maxhits_clause |
query |
Max hits (default: 10) |
integer |
order_by_clause |
query |
Order by clause (default: no order) |
string |
group_by_clause |
query |
Group by clause (default: no group) |
string |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/db/topk_flows.lua
Get Top-K flows data. Columns include (but are not limited to) IP_PROTOCOL_VERSION, FLOW_TIME, FIRST_SEEN, LAST_SEEN, VLAN_ID, PACKETS, TOTAL_BYTES, SRC2DST_BYTES, DST2SRC_BYTES, IPV4_SRC_ADDR, IPV4_DST_ADDR, IPV6_SRC_ADDR, IPV6_DST_ADDR, PROTOCOL, L7_PROTO
Description: Executes a top-k query to the flows database
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
begin_time_clause |
query |
Start time (epoch) |
integer |
end_time_clause |
query |
End time (epoch) |
integer |
select_keys_clause |
query |
Select comma-separated keys list (default: IPV4_SRC_ADDR,IPV4_DST_ADDR,L7_PROTO) |
string |
select_values_clause |
query |
Select value (default: BYTES) |
string |
where_clause |
query |
Where clause (default: none) |
string |
topk_clause |
query |
Top-K clause (default: SUM) |
string |
approx_search |
query |
Approximate search (default: true) |
string |
maxhits_clause |
query |
Max hits (default: 10) |
integer |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
1.4.5. PCAP
GET /lua/pro/rest/v2/get/db/filter/bpf.lua
BPF filter generation
Description: Convert tags used to extract data from the database into the equivalent BPF filter, suitable for traffic extraction
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
l7proto |
query |
Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7proto_master |
query |
Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7cat |
query |
Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
flow_risk |
query |
Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
l4proto |
query |
Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_ip |
query |
Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_ip |
query |
Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
traffic_direction |
query |
Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
name |
query |
Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
cli_name |
query |
Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
srv_name |
query |
Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
network_name |
query |
Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
src2dst_dscp |
query |
Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_port |
query |
Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_port |
query |
Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
country |
query |
Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_country |
query |
Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_country |
query |
Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_asn |
query |
Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_asn |
query |
Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_nw_latency |
query |
Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
srv_nw_latency |
query |
Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
observation_point_id |
query |
Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
probe_ip |
query |
Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
input_snmp |
query |
Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
output_snmp |
query |
Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
src2dst_tcp_flags |
query |
Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
dst2src_tcp_flags |
query |
Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
mac |
query |
MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_mac |
query |
Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_mac |
query |
Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
network |
query |
Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_network |
query |
Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_network |
query |
Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
info |
query |
Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
bytes |
query |
Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
packets |
query |
Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
host_pool_id |
query |
Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
cli_host_pool_id |
query |
Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
srv_host_pool_id |
query |
Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
l7_error_id |
query |
Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_proc_name |
query |
Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_proc_name |
query |
Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_user_name |
query |
Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_user_name |
query |
Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
FILE - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
1.4.6. Users
POST /lua/rest/v2/add/ntopng/user.lua
Add ntopng user
Description: Add a ntopng user
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
username |
formData |
Username |
string |
full_name |
formData |
Full name |
string |
password |
formData |
Password |
string |
confirm_password |
formData |
Confirmed password |
string |
user_role |
formData |
User role (unprivileged / administrator) |
string |
allowed_networks |
formData |
Allowed networks (e.g. 0.0.0.0/0,::/0) |
string |
allowed_interface |
formData |
Allowed interfaces (empty for all) |
string |
user_language |
formData |
Language (en, it, de, jp, pt, cz) |
string |
allow_pcap_download |
formData |
Allow PCAPs download (1 to allow) |
string |
allow_historical_flows |
formData |
Allow Historical Flows page (1 to allow, 0 to deny) |
string |
allow_alerts |
formData |
Allow Alerts page (1 to allow, 0 to deny) |
string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-19 - PASSWORD_MISMATCH
-20 - ADD_USER_FAILED
-23 - USER_ALREADY_EXISTING
POST /lua/rest/v2/create/ntopng/session.lua
Create a new ntopng user session Cookie
Description: Generate a new user session to be used as session Cookie
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
username |
formData |
Username |
string |
auth_session_duration |
formData |
Session duration (seconds). Default: 0 (no expiration). |
integer |
Responses
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
POST /lua/rest/v2/delete/ntopng/user.lua
Delete ntopng user
Description: Delete a ntopng user
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
username |
formData |
Username |
string |
Responses
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-21 - DELETE_USER_FAILED
POST /lua/rest/v2/edit/ntopng/user.lua
Edit a ntopng user
Description: Edit an existing ntopng user
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
username |
formData |
Username |
string |
full_name |
formData |
Full name |
string |
password |
formData |
Password |
string |
confirm_password |
formData |
Confirmed password |
string |
user_role |
formData |
User role (unprivileged / administrator) |
string |
allowed_networks |
formData |
Allowed networks (e.g. 0.0.0.0/0,::/0) |
string |
allowed_interface |
formData |
Allowed interfaces (empty for all) |
string |
user_language |
formData |
Language (en, it, de, jp, pt, cz) |
string |
allow_pcap_download |
formData |
Allow PCAPs download (1 to allow) |
string |
allow_historical_flows |
formData |
Allow Historical Flows page (1 to allow, 0 to deny) |
string |
allow_alerts |
formData |
Allow Alerts page (1 to allow, 0 to deny) |
string |
Responses
-5 - INVALID_ARGUMENTS
-21 - DELETE_USER_FAILED
-23 - USER_DOES_NOT_EXIST
-24 - EDIT_USER_FAILED
1.4.7. Infrastructures
POST /lua/pro/rest/v2/add/infrastructure/instance.lua
Add a new infrastructure configuration
Description: Add a new infrastructure configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
url |
The URL of the ntopng in the infrastructure |
string |
|
alias |
An alias for the infrastructure |
string |
|
token |
The REST API Token for the authentication |
string |
|
rtt_threshold |
RTT threshold used by the active monitoring |
int32 |
|
bandwidth_threshold |
Bandwidth threshold used by the active monitoring |
int32 |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-34 - INFRASTRUCTURE_INSTANCE_EMPTY_ALIAS
-35 - INFRASTRUCTURE_INSTANCE_EMPTY_URL
-36 - INFRASTRUCTURE_INSTANCE_EMPTY_TOKEN
-37 - INFRASTRUCTURE_INSTANCE_EMPTY_RTT_THRESHOLD
-39 - INFRASTRUCTURE_INSTANCE_SAME_ALIAS
-40 - INFRASTRUCTURE_INSTANCE_SAME_URL
-41 - INFRASTRUCTURE_INSTANCE_SAME_TOKEN
-42 - INFRASTRUCTURE_INSTANCE_ALREADY_EXISTING
-47 - INFRASTRUCTURE_INSTANCE_EMPTY_BANDWIDTH_THRESHOLD
POST /lua/pro/rest/v2/delete/infrastructure/instance.lua
Delete an existing infrastructure configuration
Description: Delete an existing infrastructure configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
instance_id |
The ID of the infrastructure to delete |
string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND
-33 - INFRASTRUCTURE_INSTANCE_EMPTY_ID
POST /lua/pro/rest/v2/edit/infrastructure/instance.lua
Edit an existing infrastructure configuration
Description: Edit an existing infrastructure configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
instance_id |
The ID of the infrastructure configuration to edit |
string |
|
url |
The URL of the ntopng in the infrastructure |
string |
|
alias |
An alias for the infrastructure |
string |
|
token |
The REST API Token for the authentication |
string |
|
rtt_threshold |
RTT threshold used by the active monitoring |
int32 |
|
bandwidth_threshold |
Bandwidth threshold used by the active monitoring |
int32 |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND
-33 - INFRASTRUCTURE_INSTANCE_EMPTY_ID
-34 - INFRASTRUCTURE_INSTANCE_EMPTY_ALIAS
-35 - INFRASTRUCTURE_INSTANCE_EMPTY_URL
-36 - INFRASTRUCTURE_INSTANCE_EMPTY_TOKEN
-37 - INFRASTRUCTURE_INSTANCE_EMPTY_RTT_THRESHOLD
-39 - INFRASTRUCTURE_INSTANCE_SAME_ALIAS
-40 - INFRASTRUCTURE_INSTANCE_SAME_URL
-41 - INFRASTRUCTURE_INSTANCE_SAME_TOKEN
-47 - INFRASTRUCTURE_INSTANCE_EMPTY_BANDWIDTH_THRESHOLD
GET /lua/pro/rest/v2/get/infrastructure/instance.lua
Get one or all infrastructure configs
Description: Get one or all infrastructure configs
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
Add statistics collected by the active monitoring module |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-32 - INFRASTRUCTURE_INSTANCE_NOT_FOUND
GET /lua/rest/v2/export/infrastructure/config.lua
Export the Infrastructure configurations as a JSON file
Description: Export the configuration for the infrastructure configurations
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
download |
query |
Download as file (no REST envelope) |
boolean |
Responses
0 - OK
-3 - NOT_GRANTED
1.4.8. Health
GET /lua/pro/rest/v2/get/system/health/clickhouse.lua
Get Clickhouse Stats
Description: Get all the available Clickhouse Statistics
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-6 - INTERNAL_ERROR
1.4.9. Configurations
1.4.10. Vulnerability Scan
GET /lua/pro/rest/v2/delete/vs/report.lua
Delete a vulnerability scan report
Description: Delete a vulnerability scan report
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
epoch_end |
query |
Epoch of vulnerability scan report to delete |
integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/edit/vs/report.lua
Edit a Vulnerability Scan report
Description: Edit an existing Vulnerability Scan report
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
epoch_end |
query |
Epoch of vulnerability scan report to edit |
integer |
report_title |
query |
The new report name |
string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/get/vs/report_list.lua
Get all vulnerability scan reports
Description: Get VS reports
Produces: [‘application/json’]
Responses
0 - OK
GET /lua/rest/v2/edit/host/update_va_scan_period.lua
Update Vulnerability Scan
Description: Update Vulnerability Scan Frequency
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
scan_frequency |
query |
Auto scan frequency, can be: disabled, 1day, 1week |
string |
Responses
0 - OK
-3 - NOT_GRANTED
1.4.11. Host
GET /lua/pro/rest/v2/add/interface/host_rules/add_host_rule.lua
Add Host Rule
Description: Add an host rule to an interface, used to run periodic check on traffic and similar, on the timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
host |
query |
Host to apply the check, IP address of the host or * to check for all the hosts |
string |
frequency |
query |
Frequency of the check to run, every minute, every 5 minutes, every hour or daily (‘min’, ‘5min’, ‘hour’, ‘day’) |
string |
metric |
query |
Timeseries schema of the metric to analyze |
string |
threshold |
query |
Threshold that if exceeded, it’s going to trigger an alert |
string |
metric_type |
query |
metric used to analyze the data, Throughput or Volume? (currently available: ‘throughput’, ‘volume’) |
string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/pro/rest/v2/delete/interface/host_rules/add_host_rule.lua
Remove an Host Rule
Description: Remove an host rule from an interface, used to run periodic check on traffic and similar, on the timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
rule_id |
query |
Identifier of the rule to delete |
string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/host/flows/data.lua
Get host flows data
Description: Given an host return the information used to create the sankey chart with all the flows information regarding that hosts (protocols, traffic, ecc.)
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
host |
formData |
Host address |
string |
hosts_type |
query |
Currently available: local_only -> return only flows between local hosts, remote_only -> return only flows between remote hosts, local_origin_remote_target -> return only flows between local clients and remote servers, remote_origin_local_target -> return only flows between local servers and remote clients, all_hosts -> return all flows |
string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/get/interface/host_rules/host_rules_data.lua
Get Host Rule
Description: Get an host rule to an interface, used to run periodic check on traffic and similar, on the timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/pro/rest/v2/get/interface/host_rules/host_rules_metric.lua
Get Host Rule available metrics
Description: Get an host rule available metrics, used to run periodic check on traffic and similar, on the timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
1.4.12. SNMP
GET /lua/pro/rest/v2/add/snmp/device.lua
Add SNMP devices
Description: Add devices to the monitored SNMP devices
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
snmp_host |
query |
IP address or symbolic name of and an SNMP device |
string |
snmp_read_community |
query |
The SNMP read community to use (SNMP v1/v2c only) |
string |
snmp_write_community |
query |
The SNMP write community to use (SNMP v1/v2c only) |
string |
snmp_version |
query |
The SNMP version to use: 2 (SNMP v3), 1 (v2c) or 0 (v1) |
string |
snmp_level |
query |
Used only with SNMP v3: noAuthNoPriv, authNoPriv, or authPriv) |
string |
snmp_auth_protocol |
query |
Used only with SNMP v3 and level not set to noAuthNoPriv: MD5 or SHA |
string |
snmp_auth_passphrase |
query |
Used only with SNMP v3 and level not set to noAuthNoPriv: 8 chars+ passphrase |
string |
snmp_privacy_protocol |
query |
Used only with SNMP v3 and level set to autPriv: DES or AES |
string |
snmp_privacy_passphrase |
query |
Used only with SNMP v3 and level set to autPriv: 8 chars+ passphrase |
string |
cidr |
query |
Either 24 or 32. If 32, snmp_host is treated as single host. If 24 snmp_host is treated as as CIDR address |
string |
Responses
-3 - NOT_GRANTED
-4 - INVALID_HOST
-5 - INVALID_ARGUMENTS
-9 - NAME_RESOLUTION_FAILED
-10 - SNMP_DEVICE_ALREADY_ADDED
-11 - SNMP_DEVICE_UNREACHABLE
-12 - NO_SNMP_DEVICE_DISCOVERED
GET /lua/pro/rest/v2/change/snmp/device/interface/status.lua
Change SNMP device interface status
Description: Change the status of an SNMP device in terface to up or down
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
host |
query |
IP address of an SNMP device |
string |
snmp_admin_status |
query |
The new admin status, either ‘up’ or ‘down’ |
string |
snmp_port_idx |
query |
The index of the SNMP device interface |
string |
Responses
0 - OK
-3 - NOT_GRANTED
-4 - INVALID_HOST
-5 - INVALID_ARGUMENTS
-26 - SNMP_DEVICE_INTERFACE_STATUS_CHANGE_FAILED
GET /lua/pro/rest/v2/delete/snmp/device.lua
Delete an SNMP device
Description: Delete an SNMP device from the monitored SNMP devices
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
host |
query |
IP address of an SNMP device |
string |
Responses
0 - SNMP_DEVICE_DELETED_SUCCESSFULLY
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/edit/snmp/device/device.lua
Edit a SNMP device
Description: Edit an existing monitored SNMP device
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
snmp_host |
query |
IP address or symbolic name of and an SNMP device |
string |
snmp_read_community |
query |
The SNMP read community to use (SNMP v1/v2c only) |
string |
snmp_write_community |
query |
The SNMP write community to use (SNMP v1/v2c only) |
string |
snmp_version |
query |
The SNMP version to use: 2 (SNMP v3), 1 (v2c) or 0 (v1) |
string |
snmp_level |
query |
Used only with SNMP v3: noAuthNoPriv, authNoPriv, or authPriv) |
string |
snmp_auth_protocol |
query |
Used only with SNMP v3 and level not set to noAuthNoPriv: MD5 or SHA |
string |
snmp_auth_passphrase |
query |
Used only with SNMP v3 and level not set to noAuthNoPriv: 8 chars+ passphrase |
string |
snmp_privacy_protocol |
query |
Used only with SNMP v3 and level set to autPriv: DES or AES |
string |
snmp_privacy_passphrase |
query |
Used only with SNMP v3 and level set to autPriv: 8 chars+ passphrase |
string |
Responses
-3 - NOT_GRANTED
-4 - INVALID_HOST
-5 - INVALID_ARGUMENTS
-9 - NAME_RESOLUTION_FAILED
-10 - SNMP_DEVICE_ALREADY_ADDED
-11 - SNMP_DEVICE_UNREACHABLE
-12 - NO_SNMP_DEVICE_DISCOVERED
-22 - SNMP_UNKNOWN_DEVICE
GET /lua/pro/rest/v2/get/snmp/device/bridge.lua
Get bridge MIB information
Description: Get bridge MIB information for a single or all SNMP devices
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
host |
query |
The IP address of the SNMP device (optional, all devices are returned if empty) |
string |
Responses
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/snmp/device/interfaces.lua
Get interfaces information
Description: Get interfaces information for a single or all SNMP devices
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
host |
query |
The IP address of the SNMP device (optional, all devices are returned if empty) |
string |
Responses
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/snmp/device/lldp.lua
Get LLDP adjacency information
Description: Get LLDP adjacencies for a single or all SNMP devices
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
host |
query |
The IP address of the SNMP device (optional, all devices are returned if empty) |
string |
Responses
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/snmp/device/list.lua
Get all SNMP devices
Description: Retrieve all configured SNMP devices.
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/snmp/device/system.lua
Get system information
Description: Get system information for a single or all SNMP devices
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
host |
query |
The IP address of the SNMP device (optional, all devices are returned if empty) |
string |
Responses
-3 - NOT_GRANTED
1.4.13. All
POST /lua/pro/rest/v2/check/infrastructure/config.lua
Test an infrastructure configuration
Description: Uses an url and token to connect to the REST API of an ntopng in the infrastructure
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
url |
query |
The URL of the ntopng in the infrastructure |
string |
token |
query |
The REST API Token for the authentication |
string |
Responses
0 - OK
-42 - INFRASTRUCTURE_INSTANCE_ALREADY_EXISTING
-43 - INFRASTRUCTURE_INSTANCE_CHECK_FAILED
-44 - INFRASTRUCTURE_INSTANCE_CHECK_NOT_FOUND
-45 - INFRASTRUCTURE_INSTANCE_CHECK_INVALID_RESPONSE
-46 - INFRASTRUCTURE_INSTANCE_CHECK_AUTH_FAILED
GET /lua/rest/v2/export/all/config.lua
Export all configurations as a JSON file
Description: Export all configurations including Pools, Active Monitoring, Notifications (Endpoints and Recipients), Checks, SNMP devices
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
download |
query |
Download as file (no REST envelope) |
boolean |
Responses
0 - OK
-3 - NOT_GRANTED
1.4.14. Observation Point
GET /lua/pro/rest/v2/delete/observation_point/stats.lua
Remove an Observation Point stats
Description: Remove Observation Point stats stored until now. If the Observation Point is no more seen on the network, even the entry is going to be deleted
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
observation_point |
query |
Identifier of the rule to delete |
integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/delete/observation_points/stats.lua
Delete an Observation Point
Description: Given an Observation Point ID, it is going to delete it and all the information related to it
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
observation_point_id |
query |
Observation Point ID |
integer |
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/pro/rest/v2/get/observation_points/alias.lua
Get the alias of an Observation Point
Description: The alias of an Observation Point is returned
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
observation_point_id |
query |
Observation Point ID |
integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
POST /lua/pro/rest/v2/set/observation_points/alias.lua
Set the alias of an Observation Point
Description: Set the alias of an Observation Point is returned
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
alias |
formData |
New Observation Point Alias |
string |
observation_point_id |
formData |
Observation Point ID |
integer |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
1.4.15. Pools
GET /lua/pro/rest/v2/export/pool/policy.lua
Export pool policies
Description: Export pool policies
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/set/pool/policy.lua
Set pool policy
Description: Set pool policy
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/pro/rest/v2/set/pool/policy_autoconf.lua
Set a pool policy from autoconfiguration
Description: Set a pool policy from autoconfiguration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
POST /lua/rest/v2/add/host/pool.lua
Add an host pool
Description: Add an host pool with members and configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
pool_name |
formData |
Host Pool Name |
string |
pool_members |
formData |
List of IPs separated by commas |
string |
confset_id |
formData |
Configuration ID |
integer |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-13 - ADD_POOL_FAILED
GET /lua/rest/v2/bind/host/pool/member.lua
Bind a member to an host pool
Description: Bind a member to an host pool
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
pool |
query |
Host Pool ID |
integer |
member |
query |
IP/MAC/Network CIDR to add to the Host Pool ID |
string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-17 - BIND_POOL_MEMBER_FAILED
POST /lua/rest/v2/delete/host/pool.lua
Delete an host pool
Description: Delete an host pool
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
pool |
query |
Host Pool ID, required to delete the given pool |
number |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-16 - POOL_NOT_FOUND
POST /lua/rest/v2/delete/pools.lua
Delete all pools for any available pool type
Description: Delete all pools for any available pool type
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
POST /lua/rest/v2/edit/host/pool.lua
Edit an host pool
Description: Edit an host pool with members and configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
pool |
formData |
Pool ID |
integer |
pool_name |
formData |
Pool Name |
string |
pool_members |
formData |
Comma separated list of IPs/MACs/Networks cidr |
string |
confset_id |
formData |
Configuration ID |
integer |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-14 - EDIT_POOL_FAILED
POST /lua/rest/v2/edit/host_pool/pool.lua
Edit an host pool pool
Description: Edit an host pool pool (only recipients edit is allowed)
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-14 - EDIT_POOL_FAILED
GET /lua/rest/v2/export/pool/config.lua
Export the pools configuration as a JSON file
Description: Export the configuration of all pools and dependencies (notifications, SNMP, active monitoring, checks
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
download |
query |
Download as file (no REST envelope) |
boolean |
Responses
0 - OK
-3 - NOT_GRANTED
1.4.16. Traffic
GET /lua/pro/rest/v2/get/db/historical_db_search.lua
Get historical flows info
Description: Get historical flows info
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
start |
query |
Starting record (e.g. start=100, it will start returning records from the 101st) |
integer |
length |
query |
Maximum number of records to get |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7proto |
query |
Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7proto_master |
query |
Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7cat |
query |
Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
flow_risk |
query |
Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
l4proto |
query |
Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_ip |
query |
Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_ip |
query |
Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
traffic_direction |
query |
Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
name |
query |
Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
cli_name |
query |
Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
srv_name |
query |
Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
network_name |
query |
Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
src2dst_dscp |
query |
Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_port |
query |
Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_port |
query |
Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
country |
query |
Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_country |
query |
Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_country |
query |
Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_asn |
query |
Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_asn |
query |
Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_nw_latency |
query |
Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
srv_nw_latency |
query |
Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
observation_point_id |
query |
Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
probe_ip |
query |
Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
input_snmp |
query |
Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
output_snmp |
query |
Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
src2dst_tcp_flags |
query |
Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
dst2src_tcp_flags |
query |
Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
mac |
query |
MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_mac |
query |
Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_mac |
query |
Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
network |
query |
Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_network |
query |
Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_network |
query |
Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
info |
query |
Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
bytes |
query |
Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
packets |
query |
Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
host_pool_id |
query |
Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
cli_host_pool_id |
query |
Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
srv_host_pool_id |
query |
Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
l7_error_id |
query |
Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_proc_name |
query |
Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_proc_name |
query |
Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_user_name |
query |
Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_user_name |
query |
Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/connect/test.lua
Test ntopng
Description: Test ntopng reachability and authentication
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
1.4.17. Timeseries
GET /lua/pro/rest/v2/get/db/ts.lua
Return the number of flows in a period of time
Description: Return the timeseries of number of flows in a period of time
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7proto |
query |
Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7proto_master |
query |
Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7cat |
query |
Application category identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
flow_risk |
query |
Flow risk identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
l4proto |
query |
Transport protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_ip |
query |
Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_ip |
query |
Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
traffic_direction |
query |
Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
name |
query |
Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
cli_name |
query |
Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
srv_name |
query |
Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
network_name |
query |
Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
src2dst_dscp |
query |
Client to Server DSCP identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_port |
query |
Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_port |
query |
Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
country |
query |
Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_country |
query |
Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_country |
query |
Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_asn |
query |
Client ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_asn |
query |
Server ASN identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_nw_latency |
query |
Client network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
srv_nw_latency |
query |
Server network latency (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
observation_point_id |
query |
Observation point identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
probe_ip |
query |
Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
input_snmp |
query |
Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
output_snmp |
query |
Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
src2dst_tcp_flags |
query |
Client to Server TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
dst2src_tcp_flags |
query |
Server to Client TCP Flags (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
mac |
query |
MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_mac |
query |
Client MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_mac |
query |
Server MAC Address (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
network |
query |
Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_network |
query |
Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_network |
query |
Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
info |
query |
Info field (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
bytes |
query |
Total Bytes (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
packets |
query |
Total Packets (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
host_pool_id |
query |
Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
cli_host_pool_id |
query |
Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
srv_host_pool_id |
query |
Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
l7_error_id |
query |
Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_proc_name |
query |
Client process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_proc_name |
query |
Server process name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_user_name |
query |
Client user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_user_name |
query |
Server user name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
FILE - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
POST /lua/pro/rest/v2/get/timeseries/ts_multi.lua
Return timeseries
Description: Return the requested timeseries in the requested timeframe
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
limit |
query |
Maximum number of timeseries points |
number |
ts_compare |
query |
Choices available: ‘30m’, ‘1h’, ‘1d’. A string reporting the timeframe of the timeseries to be compared to (e.g. ‘30m’, means to return other then the timeserie requested, the 30 minutes before) |
string |
ts_requests |
query |
An array of timeseries to be returned, containing ts_query, ts_schema and tskey (e.g. [{ts_query: ‘ifid:1,asn:199524’, ts_schema: ‘asn:traffic’, tskey: ‘199524’}]; the explaination of these three parameters can be found into ‘/lua/rest/v2/get/timeseries/ts.lua’ REST) |
array |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
1.4.18. Peers
GET /lua/pro/rest/v2/get/host/no_tx_peers.lua
Get RX-only host peers
Description: Get list of host with RX-only traffic (i.e. no TX traffic sent)
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
1.4.19. Top
GET /lua/pro/rest/v2/get/host/top/local/sites.lua
Get host top local sites
Description: Get host top local sites
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
host |
query |
The IP address of the host |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/interface/top/l7_stats.lua
Get interface top Layer-7 stats
Description: Get interface top Layer-7 stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/pro/rest/v2/get/interface/top/realtime_traffic.lua
Get interface top traffic stats
Description: Get interface top traffic stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/pro/rest/v2/get/interface/top/score.lua
Get interface top score stats
Description: Get interface top score stats
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
1.4.20. System
GET /lua/pro/rest/v2/get/infrastructure/data.lua
Get infrastructure data
Description: Get infrastructure data
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/pro/rest/v2/get/system/data.lua
Get system data
Description: Get system data
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
1.4.21. Sites
GET /lua/pro/rest/v2/get/interface/top/sites.lua
Get interface top sites
Description: Get the top sites for an interface
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
1.4.22. Maps
GET /lua/pro/rest/v2/get/maps/periodicity_map.lua
Get the periodicity map of an interface
Description: Get the periodicity map of an interface
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/maps/service_map.lua
Get the service map of an interface
Description: Get the service map of an interface
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
1.4.23. User
POST /lua/rest/v2/create/ntopng/api_token.lua
Create an API token
Description: Create an API token
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
username |
formData |
An existing ntopng username |
string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
1.4.24. Checks
GET /lua/rest/v2/delete/application/application.lua
Remove a custom protocol
Description: If run ntopng using -p option, delete a custom protocol if it exists
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
protocol_alias |
form |
Application Name |
string |
Responses
0 - OK
-3 - NOT_GRANTED
POST /lua/rest/v2/disable/check.lua
Disables a check
Description: Disables a check
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
check_subdir |
form |
The check subdir |
string |
script_key |
form |
The key of the script |
string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/edit/application/application.lua
Edit a custom protocol
Description: If run ntopng using -p option, edit a custom protocol if it exists
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
protocol_alias |
form |
Application Name |
string |
category |
form |
Category ID |
integer |
l7_proto_id |
form |
Application ID |
integer |
custom_rules |
form |
List of custom rules separated by commas |
string |
Responses
0 - OK
-3 - NOT_GRANTED
POST /lua/rest/v2/enable/check.lua
Enables a check
Description: Enables a check
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
check_subdir |
form |
The check subdir |
string |
script_key |
form |
The key of the script |
string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/export/checks/config.lua
Export Checks configuration
Description: Export Checks configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
1.4.25. Notification Endpoints
POST /lua/rest/v2/delete/endpoints.lua
Delete all defined notification endpoints and reset them to factory-defaults
Description: Delete all defined notification endpoints and reset them to factory-defaults
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
1.4.26. Notification Recipients
POST /lua/rest/v2/delete/recipients.lua
Delete all defined recipients and reset them to factory-defaults
Description: Delete all defined recipients and reset them to factory-defaults
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
1.4.27. L7 Application Categories
GET /lua/rest/v2/edit/category/category.lua
Change the custom hosts for a specific category
Description: Given a category, an alias for the category and a list of hosts, networks or domain names, separated by comma, it is going to change the alias of the category and aggregate the traffic done by those hosts into the category
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
category |
query |
Category, formatted as cat_{id}, where ID is the ID of the category |
string |
custom_hosts |
query |
List of Hosts, Networks, Domain Names, separated by comma |
string |
alias |
query |
Alias of the Category |
string |
Responses
0 - OK
1.4.28. Configuration
POST /lua/rest/v2/edit/ntopng/incr_flows.lua
Double the maximum number of flows managed by ntopng
Description: Double the maximum number of flows managed by ntopng
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
-7 - BAD_FORMAT
POST /lua/rest/v2/edit/ntopng/incr_hosts.lua
Double the maximum number of hosts managed by ntopng
Description: Double the maximum number of hosts managed by ntopng
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
-7 - BAD_FORMAT
1.4.29. Active Monitoring
GET /lua/rest/v2/export/active_monitoring/config.lua
Export the active monitoring configuration as a JSON file
Description: Export the active monitoring configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
download |
query |
Download as file (no REST envelope) |
boolean |
Responses
0 - OK
-3 - NOT_GRANTED
1.4.30. Notifications
GET /lua/rest/v2/export/notifications/config.lua
Export the notifications configuration as a JSON file
Description: Export the configuration for endpoints and recipients
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
download |
query |
Download as file (no REST envelope) |
boolean |
Responses
0 - OK
-3 - NOT_GRANTED
1.4.31.
GET /lua/rest/v2/export/scripts/config.lua
Export the Checks configuration as a JSON file
Description: Export the configuration for all checks
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
download |
query |
Download as file (no REST envelope) |
boolean |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/export/snmp/config.lua
Export the SNMP configuration as a JSON file
Description: Export the configuration for the SNMP devices
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
download |
query |
Download as file (no REST envelope) |
boolean |
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/get/alert/filter/consts.lua
Get available alert filters
Description: Given a specific alert type (flow, host, …) return the available filters
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
page |
query |
Alert Page (interface, flow, host, network, snmp_device, mac, user, am_host, system) |
string |
Responses
0 - OK
GET /lua/rest/v2/get/alert/list/alerts.lua
List stored interface alerts
Description: List alerts stored in the ntopng alert database
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
alert_family |
query |
Alert family. Possible values: active_monitoring, flow, host, interface, mac , network , snmp , system , user |
string |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
select_clause |
query |
Select clause (default: *) |
string |
where_clause |
query |
Where clause (default: none). IP values should be double-quoted and between parenthesis (e.g. IPV4_SRC_ADDR = (“192.168.1.1”)). |
string |
maxhits_clause |
query |
Max hits (default: 10) |
integer |
order_by |
query |
Order by clause (default: no order) |
string |
group_by |
query |
Group by clause (default: no group) |
string |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/alert/severity/consts.lua
Get alert severity constants
Description: Alert severity string and integer severity id for each defined severity
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
GET /lua/rest/v2/get/alert/severity/counters.lua
Get alert counters by severity
Description: Alert severity counters in descending order
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
status |
query |
Status filter (historical, historical-flows) |
string |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
Start time (epoch) |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/alert/type/consts.lua
Get alert type constants
Description: Alert type string and integer alert key for each defined alert
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
GET /lua/rest/v2/get/alert/type/counters.lua
Get alert counters by type
Description: Alert type counters indescending order
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
status |
query |
Status filter (historical, historical-flows) |
string |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/all/alert/list.lua
Get all alerts list
Description: Get all alerts list
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
start |
query |
Starting record (e.g. start=100, it will start returning records from the 101st) |
integer |
length |
query |
Maximum number of records to get |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
format |
query |
Format of the return data (json or txt) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/all/alert/ts.lua
Get all alerts timeseries
Description: Get all alerts timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
Start time (epoch) |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/am_host/alert/list.lua
Get Active Monitoring alerts list
Description: Get Active Monitoring alerts list
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
start |
query |
Starting record (e.g. start=100, it will start returning records from the 101st) |
integer |
length |
query |
Maximum number of records to get |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
format |
query |
Format of the return data (json or txt) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/am_host/alert/ts.lua
Get Active Monitoring alerts timeseries
Description: Get Active Monitoring alerts timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
POST /lua/rest/v2/get/asn/asn_info.lua
Get Autonomous systems data
Description: Return the ASN data ntopng collected from analyzing the network. If an ASN is given, then return the data regarding the requested ASN
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
asn |
formData |
Autonomous System ID |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
POST /lua/rest/v2/get/asn/asn_name.lua
Get Autonomous systems name
Description: Return the ASN name given an IP
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ip |
query |
IP Address |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/get/category/list.lua
Get category information
Description: Get all the category information available
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/checks/config.lua
Get Checks configuration
Description: Get checks configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
download |
query |
Download the data or not |
boolean |
Responses
0 - OK
-3 - NOT_GRANTED
POST /lua/rest/v2/get/country/country_name.lua
Get Country Name
Description: Return the Country name given a country code
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
country_id |
query |
Country Code |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/get/dns/resolve.lua
Resolve an host name into an IP address
Description: Resolve an host name into an IP address
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
hostname |
query |
The host name to be resolved |
string |
Responses
0 - OK
-9 - NAME_RESOLUTION_FAILED
GET /lua/rest/v2/get/flow/active.lua
Get active flows
Description: List of active flows
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
currentPage |
query |
Pagination: page (optional) |
integer |
perPage |
query |
Pagination: items per page (optional) |
integer |
sortColumn |
query |
Pagination: column for sorting (e.g. ‘score’) (optional) |
string |
sortOrder |
query |
Pagination: sorting order: ‘asc’ or ‘desc’ (optional) |
string |
host |
query |
Host address filter (optional) |
string |
vlan |
query |
VLAN ID filter (optional) |
integer |
l4proto |
query |
L4 protocol filter (optional) |
string |
application |
query |
Application protocol filter (optional) |
string |
verbose |
query |
Add more details including TCP stats (optional) |
boolean |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/flow/alert/list.lua
Get flow alerts list
Description: Get flow alerts list
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
start |
query |
Starting record (e.g. start=100, it will start returning records from the 101st) |
integer |
length |
query |
Maximum number of records to get |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_ip |
query |
Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_ip |
query |
Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_name |
query |
Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
srv_name |
query |
Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
cli_port |
query |
Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_port |
query |
Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
l7proto |
query |
Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_country |
query |
Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_country |
query |
Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
probe_ip |
query |
Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
input_snmp |
query |
Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
output_snmp |
query |
Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_host_pool_id |
query |
Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
srv_host_pool_id |
query |
Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
cli_network |
query |
Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_network |
query |
Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7_error_id |
query |
Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
traffic_direction |
query |
Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
format |
query |
Format of the return data (json or txt) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/flow/alert/ts.lua
Get flow alerts timeseries
Description: Get flow alerts timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_ip |
query |
Client IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_ip |
query |
Server IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_name |
query |
Client Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
srv_name |
query |
Server Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
cli_port |
query |
Client port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_port |
query |
Server port (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
l7proto |
query |
Application protocol identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_country |
query |
Client Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_country |
query |
Server Country ID, e.g. IT (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
probe_ip |
query |
Probe IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
input_snmp |
query |
Input SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
output_snmp |
query |
Output SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
snmp_interface |
query |
SNMP interface identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
cli_host_pool_id |
query |
Client Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
srv_host_pool_id |
query |
Server Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
cli_network |
query |
Client Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
srv_network |
query |
Server Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
l7_error_id |
query |
Application layer error identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
traffic_direction |
query |
Traffic direction identifier, currently available: 0 -> remote only, 1 -> local only, 2 -> remote to local, 3 -> local to remote (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/flow/l4/counters.lua
Get flow counters for L4 protocols
Description: Number of active flows per L4 protocol
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/flow/l7/counters.lua
Get flow counters for L7 protocols
Description: Number of active flows per L7 application protocol
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/flow/traffic_stats.lua
Get traffic stats for active flows
Description: Get traffic stats for active flows
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/active.lua
Get active hosts
Description: List of active hosts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
currentPage |
query |
Pagination: page (optional) |
integer |
perPage |
query |
Pagination: items per page (optional) |
integer |
sortColumn |
query |
Pagination: column for sorting (e.g. ip, name, since, last, alerts, country, vlan, num_flows, traffic, thpt) (optional) |
string |
sortOrder |
query |
Pagination: sorting order: ‘asc’ or ‘desc’ (optional) |
string |
all |
query |
Get all hosts (optional) |
boolean |
mode |
query |
Mode filter: all, local, remote, broadcast_domain, filtered, blacklisted, dhcp (optional) |
string |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/host/alert/list.lua
Get host alerts list
Description: Get host alerts list
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
start |
query |
Starting record (e.g. start=100, it will start returning records from the 101st) |
integer |
length |
query |
Maximum number of records to get |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
name |
query |
Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
host_pool_id |
query |
Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
network |
query |
Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
format |
query |
Format of the return data (json or txt) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/host/alert/ts.lua
Get host alerts timeseries
Description: Get host alerts timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
vlan_id |
query |
VLAN ID (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
ip_version |
query |
IP version (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
ip |
query |
IP (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
name |
query |
Hostname (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘in’ -> contains, ‘nin’ -> not contains) |
string |
host_pool_id |
query |
Host Pool identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
string |
network |
query |
Network identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/host/custom_data.lua
Get host custom data
Description: Custom data is returned for one or all hosts
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
host |
query |
Host address |
string |
field_alias |
query |
Field alias |
string |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-4 - INVALID_HOST
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
-8 - BAD_CONTENT
GET /lua/rest/v2/get/host/data.lua
Get host data
Description: Host data is returned
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
host |
query |
Host address (IP or IP@VLAN if traffic is tagged) |
string |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-4 - INVALID_HOST
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
-8 - BAD_CONTENT
GET /lua/rest/v2/get/host/dscp/stats.lua
Get IP DSCP statistics for a host
Description: DSCP statistics
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
host |
query |
Host address |
string |
vlan |
query |
VLAN ID |
integer |
direction |
query |
Select direction: ‘sent’ or ‘recvd’ (default) |
boolean |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/host/fingerprint/data.lua
Get counters per type
Description: Number of alerts per alert type
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
host |
query |
Host address |
string |
fingerprint_type |
query |
The fingerprint type, either ja3 or hassh |
string |
Responses
0 - OK
GET /lua/rest/v2/get/host/interfaces.lua
Get host interfaces
Description: All interface ids of a given host are returned
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
formData |
Interface identifier |
integer |
host |
formData |
Host address |
string |
vlan |
formData |
VLAN ID |
integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/get/host/l4/data.lua
Get the host information about transport protocols
Description: Given an host, return the transport protocols information (bytes sent, received, …) of an host
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
host |
query |
Host address |
string |
vlan |
query |
VLAN ID |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/l7/stats.lua
Get L7 statistics for a host
Description: nDPI statistics
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
host |
query |
Host address |
string |
vlan |
query |
VLAN ID |
integer |
breed |
query |
Show breed |
boolean |
ndpi_category |
query |
Show nDPI category |
boolean |
collapse_stats |
query |
Collapse the returned stats into ‘Other’ stats if bytes/flows are too low (< 3%) |
boolean |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/pro/rest/v2/get/host/inactive_asset.lua
Return the data collected by ntopng relative to an inactive asset (local host)
Description: Given a serial key (concatenation of ifid, host ip and host vlan), returns all the data relative to the host requested if present
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
serial_key |
query |
Host identifier |
integer |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/get/host/pool/members.lua
Get all host pool members
Description: Get all the members of a given host pool
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
pool |
query |
Host Pool ID |
integer |
member |
query |
IP/MAC/Network CIDR to add to the Host Pool ID |
string |
Responses
0 - OK
-16 - POOL_NOT_FOUND
GET /lua/rest/v2/get/host/pool/pools.lua
Get one or all host pools
Description: Get one or all host pools
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
pool |
query |
Host Pool ID |
integer |
Responses
0 - OK
-16 - POOL_NOT_FOUND
GET /lua/rest/v2/get/host/pool_by_member.lua
Get an host pool given a member
Description: Get an host pool given a member
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
member |
query |
IP/MAC/Network CIDR |
string |
pool_name_only |
query |
Return only the pool name (do not return pool details including members) |
boolean |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/get/host/processes/listening_ports.lua
Get the host information about listening ports
Description: Given an host, return the information about listening ports (transport level protocol, package and process that’s currently running on that port)
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
host |
query |
Host address |
string |
vlan |
query |
VLAN ID |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/host/to_scan_list.lua
Retrieves vulnerability scan hosts list
Description: Get Hosts to Scan
Produces: [‘application/json’]
Responses
0 - OK
-6 - INTERNAL_ERROR
-8 - BAD_CONTENT
GET /lua/rest/v2/get/host/vulnerability_scan_type_list.lua
Retrieves vulnerability scan types list
Description: Get Scan Types List
Produces: [‘application/json’]
Responses
0 - OK
GET /lua/rest/v2/get/interface/address.lua
Get interface IP addresses
Description: List of interface IP addresses is returned
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/interface/alert/list.lua
Get interface alerts list
Description: Get interface alerts list
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
start |
query |
Starting record (e.g. start=100, it will start returning records from the 101st) |
integer |
length |
query |
Maximum number of records to get |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
subtype |
query |
Alert subtype |
string |
format |
query |
Format of the return data (json or txt) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/interface/alert/ts.lua
Get interface alerts timeseries
Description: Get interface alerts timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
subtype |
query |
Alert subtype |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/interface/arp.lua
Get interface ARP info
Description: Get interface ARP info
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
host |
query |
Host address |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/interface/bcast_domains.lua
Get interface broadcast domains
Description: Interface broadcast domains as detected from ARP traffic and broadcast traffic are returned
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/interface/data.lua
Get interface data
Description: Interface data is returned
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/interface/dscp/stats.lua
Get IP DSCP statistics for an interface
Description: DSCP statistics
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/interface/l7/stats.lua
Get L7 statistics for an interface
Description: nDPI statistics
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
ndpistats_mode |
query |
Stats mode: ‘sinceStartup’ or ‘count’ |
string |
breed |
query |
Show breed |
boolean |
ndpi_category |
query |
Show nDPI category |
boolean |
all_values |
query |
Return all the values available |
boolean |
max_values |
query |
Get at most max_values, by default 5 |
int16 |
collapse_stats |
query |
Collapse the returned stats into ‘Other’ stats if bytes/flows are too low (< 3%) |
boolean |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/interface/nprobes/data.lua
Get interface nProbe data
Description: Get data for nProbe instances connected to an ntopng interface
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/l4/protocol/consts.lua
Get L4 protocol constants
Description: L4 protocol names and integer identifiers
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
GET /lua/rest/v2/get/l7/application/consts.lua
Get L7 application protocol constants
Description: L7 application protocol names and integer identifiers
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
GET /lua/rest/v2/get/l7/category/consts.lua
Get L7 application category constants
Description: L7 application category names and integer identifiers
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
GET /lua/rest/v2/get/mac/data.lua
Get Macs traffic information
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
mac |
query |
Mac Address to get information |
string |
Responses
0 - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/mac/alert/list.lua
Get MAC alerts list
Description: Get MAC alerts list
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
start |
query |
Starting record (e.g. start=100, it will start returning records from the 101st) |
integer |
length |
query |
Maximum number of records to get |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
format |
query |
Format of the return data (json or txt) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/mac/alert/ts.lua
Get MAC alerts timeseries
Description: Get MAC alerts timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/network/alert/list.lua
Get network alerts list
Description: Get network alerts list
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
start |
query |
Starting record (e.g. start=100, it will start returning records from the 101st) |
integer |
length |
query |
Maximum number of records to get |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
network_name |
query |
Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
format |
query |
Format of the return data (json or txt) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/network/alert/ts.lua
Get network alerts timeseries
Description: Get network alerts timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
network_name |
query |
Network Name (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/network/discovery/discover.lua
Get interface network discovery data
Description: Get data regarding the network discovery done by an ntopng interface
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
operating_system |
query |
Operating System identifier |
integer |
device_type |
query |
Device type identifier |
integer |
manufacturer |
query |
Manufacturer of the device |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
GET /lua/rest/v2/get/network/networks.lua
Return list of networks
Description: Return the list of all networks
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
GET /lua/rest/v2/get/ntopng/interfaces.lua
Get ntopng actively monitored interfaces names and ids
Description: Interface name and integer interface id for each actively monitored ntopng interface
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
GET /lua/rest/v2/get/ntopng/users.lua
Read all configured ntopng users
Description: Read all configured ntopng users
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/get/pcap/live_extraction.lua
Extract (live download) PCAP data from the traffic recorded with the continuous recording (n2disk)
Description: Raw PCAP data is returned
Produces: [‘application/vnd.tcpdump.pcap’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
bpf_filter |
query |
BPF filter |
string |
Responses
FILE - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/rest/v2/create/pcap/extraction/task.lua
Schedule PCAP data extraction from traffic recorded with the continuous recording (n2disk). A job ID is returned to check the extraction status (see /lua/rest/v2/get/pcap/extraction/tasks.lua)
Description: Job info is returned
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
bpf_filter |
query |
BPF filter |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/pcap/extraction/tasks.lua
Read PCAP extraction jobs (scheduled with /lua/rest/v2/create/pcap/extraction/task.lua) information
Description: All jobs status is returned
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/pcap/extraction/data.lua
Download PCAP data extracted by a scheduled extraction task (scheduled with /lua/rest/v2/create/pcap/extraction/task.lua)
Description: Raw PCAP data is returned
Produces: [‘application/vnd.tcpdump.pcap’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
job_id |
query |
Job ID |
integer |
file_id |
query |
File ID (default 1) |
integer |
Responses
FILE - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/rest/v2/get/pcap/live_traffic.lua
Live traffic capture
Description: Raw PCAP data is returned
Produces: [‘application/vnd.tcpdump.pcap’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
bpf_filter |
query |
BPF filter |
string |
Responses
FILE - OK
-1 - NOT_FOUND
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
-7 - BAD_FORMAT
GET /lua/rest/v2/get/pools.lua
Get all pools of any type
Description: Get all pools defined for any available pool type
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
GET /lua/rest/v2/get/recipient/pools.lua
Get recipient pools
Description: Get all pools bound to a recipient
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
recipient_id |
query |
Recipient identifier |
integer |
Responses
0 - OK
GET /lua/rest/v2/get/system/alert/list.lua
Get system alerts list
Description: Get system alerts list
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
start |
query |
Starting record (e.g. start=100, it will start returning records from the 101st) |
integer |
length |
query |
Maximum number of records to get |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
format |
query |
Format of the return data (json or txt) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/system/alert/ts.lua
Get system alerts timeseries
Description: Get system alerts timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/system/configurations/download_backup.lua
Get system configuration automatic backup
Description: Get on of the automatic system configurations backups
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
epoch |
query |
The epoch of the backup |
integer |
download |
query |
Download the backup or just retrive info |
boolean |
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/system/configurations/list_availabled_backups.lua
Get system configurations automatic backups
Description: Get list of automatic system configurations backups
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/system/health/influxdb.lua
Get InfluxDB Stats
Description: Get all the available InfluxDB Statistics
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/system/health/interfaces.lua
Get interfaces stats
Description: Get statistics of every active interfaces
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/system/health/redis.lua
Get Redis Stats
Description: Get all the available Redis Statistics
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/system/health/stats.lua
Get system stats
Description: Get statistics of the system on top of which ntopng is running
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/system/status.lua
Get system status info
Description: Get license information and resources used data
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
GET /lua/rest/v2/get/timeseries/ts.lua
Get timeseries data
Description: Get timeseries data
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
limit |
query |
Maximum number of timeseries points |
number |
initial_point |
query |
A boolean used to return the first point of the timeseries or not |
boolean |
ts_compare |
query |
Choices available: ‘30m’, ‘1h’, ‘1d’. A string reporting the timeframe of the timeseries to be compared to (e.g. ‘30m’, means to return other then the timeserie requested, the 30 minutes before) |
string |
ts_query |
query |
Containing the parameters used to find the timeserie in the following format, parameter:value;parameter:value;… (e.g. ‘ifid:1;host:192.168.1.1’) |
string |
tskey |
query |
Containing the timeseries key, whom the timeseries is referred to (e.g. if the timeserie is regarding the interface ‘7’ or the host ‘192.168.1.1’, then tskey is going to be ‘7’ or ‘192.168.1.1’) |
string |
ts_schema |
query |
Contains the timeserie schema (e.g. ‘iface:traffic’) |
string |
Responses
0 - OK
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/timeseries/type/consts.lua
Get available timeseries
Description: Get all the available timeseries given a tag
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
query |
query |
Tag used to retrieve the timeseries; currently available: iface, host, mac, subnet, asn, country, os, vlan, host_pool, pod, container, ht, system, profile, redis, influxdb, am, snmp_interface, snmp_device, obs_point, sflowdev_port, flowdev, flowdev_port |
string |
host |
query |
Host IP@VLAN, REQUIRED in case of timeseries regarding Host, SNMP or Flow devices |
string |
asn |
query |
ASN identifier, REQUIRED in case of timeseries regarding Autonomous Systems |
integer |
pool |
query |
Host Pool identifier, REQUIRED in case of timeseries regarding Host Pools |
integer |
vlan |
query |
VLAN identifier, REQUIRED in case of timeseries regarding VLANs |
integer |
mac |
query |
MAC address, REQUIRED in case of timeseries regarding MACs |
string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/v2/get/user/alert/list.lua
Get user alerts list
Description: Get user alerts list
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
start |
query |
Starting record (e.g. start=100, it will start returning records from the 101st) |
integer |
length |
query |
Maximum number of records to get |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
format |
query |
Format of the return data (json or txt) |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
GET /lua/rest/v2/get/user/alert/ts.lua
Get user alerts timeseries
Description: Get user alerts timeseries
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
query |
Interface identifier |
integer |
epoch_begin |
query |
Start time (epoch) |
integer |
epoch_end |
query |
End time (epoch) |
integer |
alert_id |
query |
Alert identifier (format: ‘id;eq’, where ‘id’ is the id and ‘eq’ stands for ‘equal’, currently available: ‘eq’, ‘neq’) |
integer |
severity |
query |
Severity identifier (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
score |
query |
Score (format: ‘id;eq’, where ‘id’ is the amount of traffic and ‘eq’ stands for ‘equal’, currently available: ‘eq’ -> equal, ‘neq’ -> not equal, ‘lt’ -> lesser then, ‘lte’ -> lesser or equal then, ‘gt’ -> greater then, ‘gte’ -> greater or equal then |
integer |
Responses
0 - OK
-2 - INVALID_INTERFACE
-3 - NOT_GRANTED
POST /lua/rest/v2/import/active_monitoring/config.lua
Import the active monitoring configuration providing a JSON file
Description: Import the active monitoring configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
POST /lua/rest/v2/import/all/config.lua
Import all configurations providing a JSON file
Description: Import all configurations including Pools, Active Monitoring, Notifications (Endpoints and Recipients), Checks, SNMP devices
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
POST /lua/rest/v2/import/checks/config.lua
Import Checks configuration
Description: Import Checks configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
JSON |
form |
The Checks configuration in JSON |
string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
POST /lua/rest/v2/import/infrastructure/config.lua
Import the Infrastructure configuration providing a JSON file
Description: Import the configuration for all infrastructure configurations
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
POST /lua/rest/v2/import/notifications/config.lua
Import the notifications configuration providing a JSON file
Description: Import the configuration for endpoints and recipients
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
POST /lua/rest/v2/import/pool/config.lua
Import the pools configuration providing a JSON file
Description: Import the configuration of all pools and dependencies (notifications, SNMP, active monitoring, checks
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
GET /lua/rest/v2/import/pool/host_pool/members.lua
Import host pool members
Description: Import host pool members
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
pool |
form |
Pool identifier |
integer |
host_pool_members |
form |
A newline-separated list of host pool members |
string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
POST /lua/rest/v2/import/scripts/config.lua
Import the Checks configuration providing a JSON file
Description: Import the configuration for all checks
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
POST /lua/rest/v2/import/snmp/config.lua
Import the SNMP configuration providing a JSON file
Description: Import the configuration for the SNMP devices
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
-27 - CONFIGURATION_FILE_MISMATCH
-28 - PARTIAL_IMPORT
GET /lua/rest/v2/reset/active_monitoring/config.lua
Reset Active Monitoring configuration
Description: Reset active monitoring configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
POST /lua/rest/v2/reset/all/config.lua
Reset all configurations
Description: Reset all configurations
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/reset/checks/config.lua
Reset Checks configuration
Description: Reset checks configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
POST /lua/rest/v2/reset/infrastructure/config.lua
Reset all infrastructure configurations
Description: Reset all infrastructure configurations
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/reset/notifications/config.lua
Reset Notifications configuration
Description: Reset notifications configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
GET /lua/rest/v2/reset/snmp/config.lua
Reset SNMP configuration
Description: Reset SNMP configuration including all configured devices
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK
-3 - NOT_GRANTED
POST /lua/rest/v2/set/checks/config.lua
Set Checks configuration
Description: Set Checks configuration
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
JSON |
form |
Check configuration in JSON |
string |
Responses
0 - OK
-3 - NOT_GRANTED
-5 - INVALID_ARGUMENTS
POST /lua/rest/v2/set/host/alias.lua
Set host alias
Description: Set host custom name
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
host |
formData |
Host address |
string |
custom_name |
formData |
Custom name |
string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
POST /lua/rest/v2/set/device/alias.lua
Set device alias
Description: Set device custom name
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
device |
formData |
Device MAC Address |
string |
custom_name |
formData |
Custom name |
string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
POST /lua/rest/v2/set/network/alias.lua
Set network alias
Description: Set network custom name
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
network_cidr |
formData |
Network CIDR |
string |
custom_name |
formData |
Custom name |
string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
POST /lua/rest/v2/set/interface/alias.lua
Set interface alias
Description: Set interface custom name
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
formData |
Interface ID |
string |
custom_name |
formData |
Custom name |
string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
POST /lua/rest/v2/set/host/notes.lua
Set host custom notes
Description: Given an host and a note, it is going to set that Note to the host
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
custom_notes |
form |
Custom Host Note |
string |
Responses
0 - OK
-5 - INVALID_ARGUMENTS
GET /lua/rest/v2/trigger/host/alert.lua
Trigger an external alert on a host
Description: Trigger alert
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|---|---|---|
ifid |
formData |
Interface identifier |
integer |
host |
formData |
Host address |
string |
vlan |
formData |
VLAN ID |
integer |
score |
formData |
Set the alert score |
boolean |
info |
formData |
Set the alert description |
string |
Responses
0 - OK
-2 - INVALID_INTERFACE
-5 - INVALID_ARGUMENTS
-6 - INTERNAL_ERROR
GET /lua/rest/version.lua
Get supported and current REST API versions
Description: Return all the supported REST API versions and the current REST API version used
Produces: [‘application/json’]
Parameters
Name |
Position |
Description |
Type |
---|
Responses
0 - OK