2. Examples v1

This section contains examples of API requests and responses. Please note that the JSON response in some case does not contain the full response (e.g. in case of long lists).

2.1. Interfaces

2.1.1. Get Interface Data

curl

curl -s -u admin:admin "http://localhost:3000/lua/rest/v1/get/interface/data.lua?ifid=0"

Response:

{
 "rc": 0
 "rc_str": "OK",
 "rsp": {
  "profiles": {
   "SampleProfile": 0
  },
  "ifname": "enp0s8",
  "uptime": "00:42",
  "num_local_hosts": 3,
  "remote_bps": 0,
  "localtime": "17:14:42 +0200",
  "flow_export_rate": 0.0,
  "throughput": {
   "download": {
    "pps": 0.79980963468552002,
    "bps": 86.379440307617003
   },
   "upload": {
    "pps": 0.39990481734276001,
    "bps": 63.184963226317997
   }
  },
  "bytes": 141035,
  "has_alerts": true,
  "num_flows": 4,
  "throughput_bps": 149.56440734863,
  "flow_export_drops": 0,
  "drops": 0,
  "bytes_upload": 103734,
  "alerted_flows": 0,
  "remote2local": 0,
  "is_view": false,
  "packets_download": 361,
  "packets_upload": 251,
  "bytes_download": 37301,
  "system_host_stats": {
   "mem_total": 4046248,
   "dropped_alerts": 0,
   "mem_ntopng_resident": 187756,
   "mem_ntopng_virtual": 1732120,
   "cpu_load": 3.6400001049042001,
   "mem_sreclaimable": 81460,
   "mem_shmem": 30200,
   "mem_used": 590148,
   "alerts_queries": 3,
   "mem_cached": 1052396,
   "written_alerts": 9,
   "mem_free": 2186336,
   "mem_buffers": 166108,
   "cpu_states": {
    "nice": 0.0,
    "softirq": 0.11173184357542,
    "steal": 0.0,
    "idle": 96.201117318436005,
    "system": 2.0111731843574998,
    "guest_nice": 0.0,
    "iowait": 0.11173184357542,
    "guest": 0.0,
    "user": 1.5642458100559,
    "irq": 0.0
   }
  },
  "tcpPacketStats": {
   "retransmissions": 0,
   "lost": 0,
   "out_of_order": 0
  },
  "num_live_captures": 0,
  "local2remote": 0,
  "periodic_stats_update_frequency_secs": 5,
  "throughput_pps": 1.1997145414352,
  "dropped_alerts": 0,
  "ts_alerts": [],
  "epoch": 1590160482,
  "ifid": "0",
  "hosts_pctg": 1,
  "speed": 1000,
  "num_hosts": 3,
  "macs_pctg": 1,
  "flows_pctg": 1,
  "flow_export_count": 0,
  "packets": 612,
  "engaged_alerts": 0,
  "remote_pps": 0,
  "num_devices": 2
 },
}

2.1.2. Get interface IP addresses

curl

curl -u admin:admin "http://localhost:3000/lua/rest/v1/get/interface/address.lua?ifid=0"

Response:

{
  "rc_str": "OK",
  "rsp": {
    "addresses": [
      "192.168.1.1/32",
      "fe80::a00:27ff:fe80:f433/128"
    ]
  },
  "rc": 0
}

2.1.3. Get L7 statistics for an interface

curl

curl -u admin:admin "http://localhost:3000/lua/rest/v1/get/interface/l7/stats.lua?ifid=0&ndpistats_mode=count"

Response:

{
  "rc_str": "OK",
  "rsp": [
    {
      "value": 62,
      "label": "TLS"
    },
    {
      "value": 36,
      "label": "DNS"
    },
    {
      "value": 34,
      "label": "HTTP"
    },
    {
      "value": 20,
      "label": "Google"
    },
    {
      "value": 11,
      "label": "Facebook"
    },
    {
      "value": 15,
      "label": "Other"
    }
  ],
  "rc": 0
}

2.1.4. Get actively monitored interfaces

curl

curl -u admin:admin "http://localhost:3000/lua/rest/v1/get/ntopng/interfaces.lua"

Response:

{
  "rc_str": "OK",
  "rsp": [
    {
      "ifid": 0,
      "ifname": "test_01.pcap"
    },
    {
      "ifid": 1,
      "ifname": "test_02.pcap"
    }
  ],
  "rc": 0
}

2.2. Hosts

2.2.1. Get active hosts

curl

curl -u admin:admin "http://localhost:3000/lua/rest/v1/get/host/active.lua?ifid=0"

Response:

{
  "rc_str": "OK",
  "rc": 0,
  "rsp": {
    "data": [
      {
        "is_localhost": false,
        "last_seen": 1589741869,
        "thpt": {
          "bps": 0,
          "pps": 0
        },
        "is_broadcast": false,
        "country": "US",
        "num_alerts": 0,
        "is_multicast": false,
        "num_flows": {
          "total": 1,
          "as_client": 0,
          "as_server": 1
        },
        "key": "8__241__92__250",
        "bytes": {
          "total": 2356772,
          "recvd": 34148,
          "sent": 2322624
        },
        "vlan": 0,
        "is_broadcast_domain": false,
        "name": 0,
        "ip": "8.241.92.250",
        "is_blacklisted": false,
        "os": 0,
        "first_seen": 1589741868
      },
      {
        "is_localhost": false,
        "last_seen": 1589741869,
        "thpt": {
          "bps": 0,
          "pps": 0
        },
        "is_broadcast": false,
        "country": "",
        "num_alerts": 0,
        "is_multicast": false,
        "num_flows": {
          "total": 34,
          "as_client": 0,
          "as_server": 34
        },
        "key": "2__23__155__233",
        "bytes": {
          "total": 41945,
          "recvd": 23013,
          "sent": 18932
        },
        "vlan": 0,
        "is_broadcast_domain": false,
        "name": 0,
        "ip": "2.23.155.233",
        "is_blacklisted": false,
        "os": 0,
        "first_seen": 1589741865
      }
    ],
    "currentPage": 1,
    "perPage": 10,
    "sort": [
      []
    ]
  }
}

2.2.2. Get host data

curl

curl -u admin:admin "http://localhost:3000/lua/rest/v1/get/host/data.lua?ifid=0&host=8.241.92.250"

Response:

{
  "rc_str": "OK",
  "rc": 0,
  "rsp": {
    "icmp.bytes.rcvd.anomaly_index": 0,
    "tcp.bytes.sent.anomaly_index": 0,
    "packets.rcvd": 494,
    "childSafe": false,
    "os": 0,
    "tcpPacketStats.rcvd": {
      "retransmissions": 0,
      "keep_alive": 0,
      "lost": 0,
      "out_of_order": 0
    },
    "throughput_bps": 0,
    "icmp.packets.rcvd": 0,
    "other_ip.bytes.sent.anomaly_index": 0,
    "tcp.packets.seq_problems": false,
    "systemhost": false,
    "active_alerted_flows": 0,
    "udp.bytes.rcvd": 0,
    "flows.as_client": 0,
    "icmp.bytes.rcvd": 0,
    "num_triggered_alerts": {
      "hour": 0,
      "5mins": 0,
      "day": 0,
      "min": 0
    },
    "privatehost": false,
    "packets.rcvd.anomaly_index": 0,
    "udp.bytes.sent.anomaly_index": 0,
    "ip": "8.241.92.250",
    "has_blocking_shaper": false,
    "num_alerts": 0,
    "tcp.packets.sent": 1556,
    "active_http_hosts": 0,
    "asn": 3356,
    "hassh_fingerprint": [],
    "ja3_fingerprint": {
      "5d79edf64e03689ff559a54e9d9487bc": {
        "num_uses": 1,
        "app_name": ""
      }
    },
    "is_blacklisted": false,
    "flows.as_server": 1,
    "asname": "LEVEL3",
    "udp.bytes.sent": 0,
    "seen.last": 1589741869,
    "seen.first": 1589741868,
    "tcp.bytes.rcvd.anomaly_index": 0,
    "throughput_pps": 0,
    "bins": {
      "server": {
        "frequency": {
          "> 300": 0,
          "<= 300": 0,
          "<= 60": 0,
          "<= 3": 0,
          "<= 30": 0,
          "<= 5": 0,
          "<= 1": 0,
          "<= 10": 0
        },
        "duration": {
          "> 300": 0,
          "<= 300": 0,
          "<= 60": 0,
          "<= 3": 0,
          "<= 30": 0,
          "<= 5": 0,
          "<= 1": 0,
          "<= 10": 0
        }
      },
      "client": {
        "frequency": {
          "> 300": 0,
          "<= 300": 0,
          "<= 60": 0,
          "<= 3": 0,
          "<= 30": 0,
          "<= 5": 0,
          "<= 1": 0,
          "<= 10": 0
        },
        "duration": {
          "> 300": 0,
          "<= 300": 0,
          "<= 60": 0,
          "<= 3": 0,
          "<= 30": 0,
          "<= 5": 0,
          "<= 1": 0,
          "<= 10": 0
        }
      }
    },
    "host_unreachable_flows.as_client": 0,
    "total_flows.as_server": 1,
    "bytes.ndpi.unknown": 0,
    "vlan": 0,
    "other_ip.bytes.sent": 0,
    "tskey": "8.241.92.250",
    "broadcast_domain_host": false,
    "mac": "10:13:31:F1:39:76",
    "city": "",
    "icmp.bytes.sent.anomaly_index": 0,
    "packets.sent.anomaly_index": 0,
    "latitude": 37.750999450684,
    "udp.packets.sent": 0,
    "pktStats.recv": {
      "size": {
        "upTo128": 487,
        "upTo256": 5,
        "above9000": 0,
        "upTo2500": 0,
        "upTo64": 0,
        "upTo9000": 0,
        "upTo512": 2,
        "upTo1024": 0,
        "upTo6500": 0,
        "upTo1518": 0
      },
      "tcp_flags": {
        "finack": 0,
        "syn": 1,
        "rst": 0,
        "synack": 0
      }
    },
    "drop_all_host_traffic": false,
    "localhost": false,
    "bytes.sent.anomaly_index": 0,
    "misbehaving_flows.as_server": 0,
    "continent": "NA",
    "names": [],
    "num_flow_alerts": 0,
    "os_detail": "",
    "host_pool_id": 0,
    "ifid": 0,
    "icmp.bytes.sent": 0,
    "other_ip.packets.rcvd": 0,
    "throughput_trend_pps": 0,
    "name": "",
    "contacts.as_server": 0,
    "tcpPacketStats.sent": {
      "retransmissions": 0,
      "keep_alive": 0,
      "lost": 0,
      "out_of_order": 0
    },
    "contacts.as_client": 0,
    "is_broadcast": false,
    "total_activity_time": 5,
    "misbehaving_flows_status_map.as_server": 0,
    "active_flows.as_server": 1,
    "active_flows.as_client": 0,
    "udpBytesSent.non_unicast": 0,
    "udpBytesSent.unicast": 0,
    "score": 0,
    "longitude": -97.821998596191,
    "bytes.sent": 2322624,
    "hiddenFromTop": false,
    "other_ip.packets.sent": 0,
    "icmp.packets.sent": 0,
    "udp.packets.rcvd": 0,
    "misbehaving_flows_status_map.as_client": 0,
    "tcp.bytes.sent": 2322624,
    "total_alerts": 0,
    "other_ip.bytes.rcvd.anomaly_index": 0,
    "ndpi_categories": {
      "Web": {
        "bytes.sent": 2322624,
        "bytes": 2356772,
        "bytes.rcvd": 34148,
        "category": 5,
        "duration": 5
      }
    },
    "tcp.packets.rcvd": 494,
    "packets.sent": 1556,
    "host_unreachable_flows.as_server": 0,
    "unreachable_flows.as_server": 0,
    "dhcpHost": false,
    "ndpi": {
      "TLS": {
        "bytes.sent": 2322624,
        "num_flows": 0,
        "packets.sent": 1556,
        "bytes.rcvd": 34148,
        "packets.rcvd": 494,
        "duration": 5,
        "breed": "Safe"
      }
    },
    "unreachable_flows.as_client": 0,
    "misbehaving_flows.as_client": 0,
    "ipkey": 150035706,
    "throughput_trend_bps": 0,
    "bytes.rcvd": 34148,
    "other_ip.bytes.rcvd": 0,
    "total_flows.as_client": 0,
    "udp.bytes.rcvd.anomaly_index": 0,
    "tcp.bytes.rcvd": 34148,
    "has_blocking_quota": false,
    "bytes.rcvd.anomaly_index": 0,
    "pktStats.sent": {
      "size": {
        "upTo128": 8,
        "upTo256": 2,
        "above9000": 0,
        "upTo2500": 0,
        "upTo64": 0,
        "upTo9000": 0,
        "upTo512": 0,
        "upTo1024": 7,
        "upTo6500": 0,
        "upTo1518": 1539
      },
      "tcp_flags": {
        "finack": 0,
        "syn": 0,
        "rst": 0,
        "synack": 1
      }
    },
    "country": "US",
    "is_multicast": false,
    "devtype": 0,
    "duration": 2
  }
}

2.2.3. Get host custom data

Get custom host data: “ip,bytes.sent=tdb,packets.sent” for host: “10.222.222.119” on monitoring interface (ifid): 0. Available fields can be found from the output of “Get host data” above. Each field can have an optional alias name. Use the “field=alias” syntax to define a field alias. Separate each field / field alias with a comma.

curl

curl --silent --insecure -u "admin:admin" \
  -H "Content-Type: application/json" -d '{"ifid": 0, "host": "10.222.222.119", "field_alias": "ip,bytes.sent=tdb,packets.sent"}' \
  "https://localhost:3001/lua/rest/v1/get/host/custom_data.lua"

Response:

{
  "rc_str": "OK",
  "rc": 0,
  "rsp": {
    "tdb": 71787960,
    "ip": "10.222.222.119",
    "packets.sent": 243977
  }
}

Get custom host data: “ip,bytes.sent=tdb,packets.sent=tdp” for all hosts on monitoring interface (ifid): 0.

curl

curl --silent --insecure -u "admin:admin" \
  -H "Content-Type: application/json" -d '{"ifid": 0, "field_alias": "ip,bytes.sent=tdb,packets.sent=tdp"}' \
  "https://localhost:3001/lua/rest/v1/get/host/custom_data.lua"

Response:

{
  "rc_str": "OK",
  "rc": 0,
  "rsp": [
    {
      "ip": "ff02::1:ff00:1",
      "tdb": 0,
      "tdp": 0
    },
    {
      "ip": "10.222.222.96",
      "tdb": 106980522,
      "tdp": 452276
    },
    {
      "ip": "ff02::1:ffb7:97bf",
      "tdb": 0,
      "tdp": 0
    },
    {
      "ip": "10.222.222.119",
      "tdb": 76788610,
      "tdp": 264447
    }
  ]
}

Get all host data for all hosts on monitoring interface (ifid): 0.

curl

curl --silent --insecure -u "admin:admin" \
  -H "Content-Type: application/json" -d '{"ifid": 0"}' \
  "https://localhost:3001/lua/rest/v1/get/host/custom_data.lua"

Response:

{
  "rc_str": "OK",
  "rc": 0,
  "rsp": [
    {
      All host data for "ip": "ff02::1:ff00:1"
    },
    {
      All host data for "ip": "10.222.222.96"
    },
    {
      All host data for "ip": "ff02::1:ffb7:97bf"
    },
    {
      "All host data for "ip": "10.222.222.119",
    }
  ]
}

2.2.4. Get L7 statistics for a host

curl

curl -u admin:admin "http://localhost:3000/lua/rest/v1/get/host/l7/stats.lua?ifid=0&host=8.241.92.250"

Response:

{
  "rsp": [
    {
      "duration": 5,
      "value": 2356772,
      "label": "TLS"
    }
  ],
  "rc_str": "OK",
  "rc": 0
}

2.2.5. Get host interfaces

curl

curl -u admin:admin "http://localhost:3000/lua/rest/v1/get/host/interfaces.lua?host=8.241.92.250"

Response:

{
  "rc_str": "OK",
  "rsp": {
    "8.241.92.250": [
      {
        "ifid": 1
      },
      {
        "ifid": 0
      }
    ]
  },
  "rc": 0
}

2.3. Flows

2.3.1. Get flow counters for L4 protocols

curl

curl -u admin:admin "http://localhost:3000/lua/rest/v1/get/flow/l4/counters.lua?ifid=0"

Response:

{
  "rc": 0,
  "rc_str": "OK",
  "rsp": [
    {
      "id": 6,
      "count": 132
    },
    {
      "id": 17,
      "count": 46
    }
  ]
}

2.3.2. Get flow counters for L7 protocols

curl

curl -u admin:admin "http://localhost:3000/lua/rest/v1/get/flow/l7/counters.lua?ifid=0"

Response:

{
  "rc_str": "OK",
  "rsp": [
    {
      "count": 1,
      "name": "Cloudflare"
    },
    {
      "count": 45,
      "name": "DNS"
    },
    {
      "count": 11,
      "name": "Facebook"
    },
    {
      "count": 20,
      "name": "Google"
    },
    {
      "count": 96,
      "name": "TLS"
    },
    {
      "count": 82,
      "name": "Unknown"
    }
  ],
  "rc": 0
}

2.3.3. Get active flows

curl

curl -u admin:admin "http://localhost:3000/lua/rest/v1/get/flow/active.lua?ifid=0"

Response:

{
  "rc": 0,
  "rsp": {
    "data": [
      {
        "thpt": {
          "pps": 0,
          "bps": 0
        },
        "hash_id": "163",
        "client": {
          "name": "192.168.1.93",
          "port": 61683,
          "is_blacklisted": false,
          "is_dhcp": false,
          "ip": "192.168.1.93",
          "is_broadcast_domain": false
        },
        "first_seen": 1589741868,
        "score": "0",
        "vlan": 0,
        "server": {
          "name": "8.241.92.250",
          "port": 443,
          "is_blacklisted": false,
          "is_dhcp": false,
          "ip": "8.241.92.250",
          "is_broadcast": false
        },
        "last_seen": 1589741869,
        "bytes": 2356772,
        "key": "3382381902",
        "protocol": {
          "l4": "TCP",
          "l7": "TLS"
        },
        "duration": 1,
        "breakdown": {
          "srv2cli": 99,
          "cli2srv": 1
        }
      },
      {
        "thpt": {
          "pps": 0,
          "bps": 0
        },
        "hash_id": "23",
        "client": {
          "name": "192.168.1.93",
          "port": 61567,
          "is_blacklisted": false,
          "is_dhcp": false,
          "ip": "192.168.1.93",
          "is_broadcast_domain": false
        },
        "first_seen": 1589741865,
        "score": "0",
        "vlan": 0,
        "server": {
          "name": "31.13.86.4",
          "port": 443,
          "is_blacklisted": false,
          "is_dhcp": false,
          "ip": "31.13.86.4",
          "is_broadcast": false
        },
        "last_seen": 1589741865,
        "bytes": 188958,
        "key": "3753284184",
        "protocol": {
          "l4": "TCP",
          "l7": "TLS.Facebook"
        },
        "duration": 0,
        "breakdown": {
          "srv2cli": 96,
          "cli2srv": 4
        }
      }
    ],
    "currentPage": 1,
    "perPage": 10,
    "totalRows": 178,
    "sort": [
      [
        "column_",
        "desc"
      ]
    ]
  },
  "rc_str": "OK"
}

2.3.4. Get historical flows

curl

curl -u admin:admin -H "Content-Type: application/json" -d '{"ifid": 0, "select_clause": "*", "where_clause": "IPV4_SRC_ADDR = 192.168.56.1", "begin_time_clause": 1590480290, "end_time_clause": 1590480590, "maxhits_clause": 10}' http://localhost:3000/lua/pro/rest/v1/get/db/flows.lua

Response:

{
   "rc":0,
   "rc_str":"OK",
   "rsp":[
      {
         "FLOW_TIME":"1590480421",
         "FIRST_SEEN":"1590480420",
         "LAST_SEEN":"1590480421",
         "VLAN_ID":"0",
         "IP_PROTOCOL_VERSION":"4",
         "IPV4_SRC_ADDR":"192.168.56.1",
         "IPV4_DST_ADDR":"192.168.56.103",
         "IPV6_SRC_ADDR":"::",
         "IPV6_DST_ADDR":"::",
         "PROTOCOL":"6",
         "IP_SRC_PORT":"61900",
         "IP_DST_PORT":"22",
         "L7_PROTO":"92",
         "SRC2DST_BYTES":"908",
         "DST2SRC_BYTES":"2968",
         "PACKETS":"22",
         "TOTAL_BYTES":"3876",
         "SRC_COUNTRY_CODE":"0",
         "DST_COUNTRY_CODE":"0",
         "SRC_LABEL":"",
         "DST_LABEL":"",
         "NTOPNG_INSTANCE_NAME":"ubuntuvm",
         "INTERFACE_ID":"6",
         "PROFILE":"",
         "STATUS":"0",
         "INFO":""
      }
   ]
}

2.4. Alerts

2.4.1. Get alerts timeseries

curl

curl -u admin:admin -H "Content-Type: application/json" -d '{"ifid": "0", "status": "historical-flows", "epoch_begin": 1590710400, "epoch_end": 1590796800}' http://localhost:3000/lua/rest/v1/get/alert/ts.lua

Response:

{
  "rsp": {
      "1590710400": [
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        37,
        3,
        4,
        6,
        13,
        9,
        0,
        15,
        0,
        3,
        0,
        0,
        0,
        0,
        0,
        0,
        0
      ],
      "1590796800": [
        0,
        0,
        1,
        0,
        0,
        2,
        0,
        0,
        0,
        1,
        0,
        0,
        0,
        16,
        0,
        0,
        3,
        34,
        48,
        13,
        0,
        0,
        2,
        0
      ]
  },
  "rc": 0,
  "rc_str": "OK"
}

2.4.2. Get alerts data

curl

curl -u admin:admin -H "Content-Type: application/json" -d '{"ifid": "0", "status": "historical-flows"}' http://localhost:3000/lua/rest/v1/get/alert/data.lua

Response:

{
  "rsp": [
    {
      "entity": "flow",
      "type": "alert_potentially_dangerous_protocol",
      "score": 100,
      "date": "1590742735",
      "severity": "error",
      "count": 1,
      "entity_val": "",
      "msg": "TLS Certificate Expired [24/08/2019 18:04:13 - 22/11/2019 18:04:13] [Flow: <A HREF='/lua/flow_details.lua?flow_key=2169606404&flow_hash_id=131'><span class='badge badge-info'>Info</span></A> <a href='/lua/host_details.lua?host=192.168.1.93' data-toggle='tooltip' title=''>192.168.1.93</a>:<A HREF=\"/lua/port_details.lua?port=61650\">61650</A> [ <A HREF=\"/lua/hosts_stats.lua?mac=28:37:37:00:6D:C8\">28:37:37:00:6D:C8</A> ] <i class=\"fas fa-exchange-alt fa-lg\"  aria-hidden=\"true\"></i> <a href='/lua/host_details.lua?host=192.168.1.176' data-toggle='tooltip' title=''>192.168.1.176</a>:<A HREF=\"/lua/port_details.lua?port=443\">443</A> [ <A HREF=\"/lua/hosts_stats.lua?mac=00:80:8F:9A:AE:BD\">00:80:8F:9A:AE:BD</A> ]] <a href=\"/lua/admin/edit_configset.lua?confset_id=0&subdir=flow&user_script=tls_certificate_expired#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>"
    },
    {
      "entity": "flow",
      "type": "alert_potentially_dangerous_protocol",
      "score": 50,
      "date": "1590742735",
      "severity": "error",
      "count": 1,
      "entity_val": "",
      "msg": "TLS Certificate Mismatch [Client Requested: cdn.gigya.com] [Server Names: a248.e.akamai.net,*.akamaized-staging.net,*.akamaized.net,*.akamaihd-staging.net,*.akamaihd.net] [Flow: <A HREF='/lua/flow_details.lua?flow_key=2027748492&flow_hash_id=118'><span class='badge badge-info'>Info</span></A> <a href='/lua/host_details.lua?host=192.168.1.93' data-toggle='tooltip' title=''>192.168.1.93</a>:<A HREF=\"/lua/port_details.lua?port=61632\">61632</A> [ <A HREF=\"/lua/hosts_stats.lua?mac=28:37:37:00:6D:C8\">28:37:37:00:6D:C8</A> ] <i class=\"fas fa-exchange-alt fa-lg\"  aria-hidden=\"true\"></i> <a href='/lua/host_details.lua?host=184.51.127.56' data-toggle='tooltip' title=''>184.51.127.56</a>:<A HREF=\"/lua/port_details.lua?port=443\">443</A> [ <A HREF=\"/lua/hosts_stats.lua?mac=10:13:31:F1:39:76\">10:13:31:F1:39:76</A> ]] <a href=\"/lua/admin/edit_configset.lua?confset_id=0&subdir=flow&user_script=tls_certificate_mismatch#all\"><i class=\"fas fa-cog\" title=\"Edit Configuration\"></i></a>"
    }
  ],
  "rc": 0,
  "rc_str": "OK"
}

2.4.3. Get alert severity constants

curl

curl -u admin:admin http://localhost:3000/lua/rest/v1/get/alert/severity/consts.lua

Response:

{
  "rsp": [
    {
      "severity": "info",
      "id": 0
    },
    {
      "severity": "error",
      "id": 2
    },
    {
      "severity": "warning",
      "id": 1
    }
  ],
  "rc": 0,
  "rc_str": "OK"
}

2.4.4. Get alert type constants

curl

curl -u admin:admin http://localhost:3000/lua/rest/v1/get/alert/type/consts.lua

Response:

{
  "rc_str": "OK",
  "rc": 0,
  "rsp": [
    {
      "key": 9,
      "type": "alert_flow_blocked"
    },
    {
      "key": 40,
      "type": "alert_request_reply_ratio"
    },
    {
      "key": 18,
      "type": "alert_internals"
    },
    {
      "key": 38,
      "type": "alert_quota_exceeded"
    },
    {
      "key": 21,
      "type": "alert_login_failed"
    },
    {
      "key": 53,
      "type": "alert_user_activity"
    },
    {
      "key": 47,
      "type": "alert_tcp_syn_scan"
    }
  ]
}

2.4.5. Get counters per severity

curl

curl -u admin:admin "http://localhost:3000/lua/rest/v1/get/alert/severity/counters.lua?ifid=0"

Response:

{
  "rc": 0,
  "rc_str": "OK",
  "rsp": {
    "historical-flows": [
      {
        "count": "37",
        "severity": "error"
      }
    ],
    "historical": []
  }
}

2.4.6. Get counters per type

curl

curl -u admin:admin "http://localhost:3000/lua/rest/v1/get/alert/type/counters.lua?ifid=0"

Response:

{
  "rsp": {
    "historical-flows": [
      {
        "count": "37",
        "type": "alert_potentially_dangerous_protocol"
      }
    ],
    "historical": []
  },
  "rc": 0,
  "rc_str": "OK"
}

2.5. L7 Application Protocols

2.5.1. Get L7 application protocol constants

curl

curl -u admin:admin http://localhost:3000/lua/rest/v1/get/l7/application/consts.lua

Response:

{
   "rc_str": "OK",
   "rsp": [
     {
       "name": "PS_VUE",
       "cat_id": 26,
       "appl_id": 64
     },
     {
       "name": "Lando",
       "cat_id": 0,
       "appl_id": 254
     },
     {
       "name": "MapleStory",
       "cat_id": 8,
       "appl_id": 113
     },
     {
       "name": "Spotify",
       "cat_id": 25,
       "appl_id": 156
     },
     {
       "name": "DNS",
       "cat_id": 14,
       "appl_id": 5
     },
     {
       "name": "SMTP",
       "cat_id": 3,
       "appl_id": 3
     }
   ],
   "rc": 0
 }

2.6. L7 Application Categories

2.6.1. Get L7 application category constants

curl

curl -u admin:admin http://localhost:3000/lua/rest/v1/get/l7/category/consts.lua

Response:

{
  "rc_str": "OK",
  "rsp": [
    {
      "name": "Web",
      "cat_id": 5
    },
    {
      "name": "Database",
      "cat_id": 11
    },
    {
      "name": "Malware",
      "cat_id": 100
    },
    {
      "name": "User custom category 3",
      "cat_id": 22
    },
    {
      "name": "DataTransfer",
      "cat_id": 4
    },
    {
      "name": "SocialNetwork",
      "cat_id": 6
    },
    {
      "name": "Cloud",
      "cat_id": 13
    }
  ],
  "rc": 0
}

2.7. L4 Protocols

2.7.1. Get L4 protocol constants

curl

curl -u admin:admin http://localhost:3000/lua/rest/v1/get/l4/protocol/consts.lua

Response:

{
  "rc": 0,
  "rsp": [
    {
      "name": "IP",
      "id": 0
    },
    {
      "name": "ICMP",
      "id": 1
    },
    {
      "name": "IGMP",
      "id": 2
    },
    {
      "name": "TCP",
      "id": 6
    },
    {
      "name": "UDP",
      "id": 17
    },
    {
      "name": "IPv6",
      "id": 41
    },
    {
      "name": "RSVP",
      "id": 46
    },
    {
      "name": "GRE",
      "id": 47
    },
    {
      "name": "ESP",
      "id": 50
    },
    {
      "name": "IPv6-ICMP",
      "id": 58
    },
    {
      "name": "OSPF",
      "id": 89
    },
    {
      "name": "PIM",
      "id": 103
    },
    {
      "name": "VRRP",
      "id": 112
    },
    {
      "name": "HIP",
      "id": 139
    },
    {
      "name": "ICMPv6",
      "id": 58
    },
    {
      "name": "IGMP",
      "id": 2
    },
    {
      "name": "Other IP",
      "id": -1
    }
  ],
  "rc_str": "OK"
}

2.8. Pools

2.8.1. Add an Host Pool

curl

curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool_name": "themaina", "pool_members": "192.168.2.0/24@0", "confset_id" : 0}' http://localhost:3000/lua/rest/v1/add/host/pool.lua
curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool_name": "themainamac", "pool_members": "AA:BB:CC:DD:EE:FF", "confset_id" : 0}' http://localhost:3000/lua/rest/v1/add/host/pool.lua
curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool_name": "themainaip", "pool_members": "8.8.8.8/32@2", "confset_id" : 0}' http://localhost:3000/lua/rest/v1/add/host/pool.lua
curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool_name": "themainaempty", "pool_members": "", "confset_id" : 0}' http://localhost:3000/lua/rest/v1/add/host/pool.lua

2.8.2. Edit an Host Pool

curl

curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool": 1, "pool_name": "themaina", "pool_members": "192.168.3.0/24@0", "confset_id" : 0}' http://localhost:3000/lua/rest/v1/edit/host/pool.lua
curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool": 2, "pool_name": "themainamac", "pool_members": "AA:BB:CC:DD:EE:AA", "confset_id" : 0}' http://localhost:3000/lua/rest/v1/edit/host/pool.lua
curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool": 3, "pool_name": "themainaip", "pool_members": "1.1.1.1/32@2", "confset_id" : 0}' http://localhost:3000/lua/rest/v1/edit/host/pool.lua
curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool": 4, "pool_name": "themainaempty", "pool_members": "", "confset_id" : 0}' http://localhost:3000/lua/rest/v1/edit/host/pool.lua

2.8.3. Delete an Host Pool

curl

curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool": 1}' http://localhost:3000/lua/rest/v1/delete/host/pool.lua
curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool": 2}' http://localhost:3000/lua/rest/v1/delete/host/pool.lua
curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool": 3}' http://localhost:3000/lua/rest/v1/delete/host/pool.lua
curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool": 4}' http://localhost:3000/lua/rest/v1/delete/host/pool.lua

2.8.4. Get an Host Pool

curl

curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool": 1}' http://localhost:3000/lua/rest/v1/get/host/pools.lua
curl -s -u admin:admin  -H "Content-Type: application/json" -d '{}' http://localhost:3000/lua/rest/v1/get/host/pools.lua

2.8.5. Get Members of an Host Pool

curl

curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"pool": 2}' http://localhost:3000/lua/rest/v1/get/host/pool/members.lua

2.8.6. Get All Pools of Any type

curl -s -u admin:admin  -H "Content-Type: application/json" curl http://devel:3000/lua/rest/v1/get/pools.lua

2.9. SNMP

2.9.1. Add an SNMP Device

curl

curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"snmp_host":"ubnt", "snmp_read_community":"public", "snmp_version": "1"}' http://localhost:3000/lua/pro/rest/v1/add/snmp/device.lua

Response:

{
       "rc": 0,
       "rc_str": "OK",
       "rsp": {
               "added_devices": [
                       {"ip": "192.168.2.1", "name": "ubnt"}
               ]
       }
}

curl

curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"snmp_host":"192.168.2.169", "snmp_read_community":"public", "snmp_version": "1", "cidr":"32"}' http://localhost:3000/lua/pro/rest/v1/add/snmp/device.lua

Response:

{
       "rc": 0,
       "rc_str": "OK",
       "rsp": {
               "added_devices": [
                       {"ip": "192.168.2.169"}
               ]
       }
}

curl

curl -s -u admin:admin  -H "Content-Type: application/json" -d '{"snmp_host":"192.168.2.0", "snmp_read_community":"public", "snmp_version": "1", "cidr":"24"}' http://localhost:3000/lua/pro/rest/v1/add/snmp/device.lua

Response:

{
       "rc": 0,
       "rc_str": "OK",
       "rsp": {
               "added_devices": [
                       {"ip": "192.168.2.169"},
                       {"ip": "192.168.2.1"}
               ]
       }
}

2.9.2. Change the Status of an SNMP Device Interface

curl

curl -s -u admin:admin  -H "Content-Type: application/json" -u admin:admin -d '{"host": "192.168.2.169", "snmp_admin_status": "up", "snmp_port_idx": 26}' http://127.0.0.1:3000/lua/pro/rest/v1/change/snmp/device/interface/status.lua

Response:

{"rc":0,
"rc_str_hr":"Success",
"rsp":[],
"rc_str":"OK"
}

curl

curl -s -u admin:admin  -H "Content-Type: application/json" -u admin:admin -d '{"host": "192.168.2.169", "snmp_admin_status": "down", "snmp_port_idx": 26}' http://127.0.0.1:3000/lua/pro/rest/v1/change/snmp/device/interface/status.lua

Response:

{
  "rc":0,
  "rc_str_hr":"Success",
  "rsp":[],
  "rc_str":"OK"
}

2.10. Misc