2. Plugin Capabilities¶
By means of plugins, ntopng can execute actions at regular intervals of time, or when it detects a certain condition. Plugins can also be used to create custom pages and add them to the ntopng menu, and even to create timeseries of certain metrics of interest.
All plugin capabilities are briefly summarized below.
2.1. Alerts¶
Plugins allow the generation of custom alerts. For example, one can create an alert when it detects a certain host has too many TCP retransmissions, or then the traffic towards a certain network drops below a critical level. Similarly, one can create an alert when a certain flow is using a suspicious port, or an invalid TLS certificate.
2.2. Flow Statuses¶
By means of plugins, one can assign statuses to flows. Think
to a status as a sort of label, a tag which can be attached to flows
having certain features. So for example one can assign status
high_latency
to Remote Desktop flows with a latency above
250ms. Similarly, a status suspicious_port
can be assigned to
HTTP flows using a server port different from port 80. These are just
a couple of examples and actually the set of flow features one can use and
combine to assign a status is almost unlimited. Flow statuses can be
combined with alerts to instruct ntopng to trigger an alert as soon as
a certain flow status is detected.
2.3. Creating Custom Pages¶
Creating custom pages may be useful to users who want to extend ntopng functionalities. For example, by means of custom pages, one can create a TLS or MySQL ping to test and monitor the status of certain critical services, and also chart the results. Custom pages can also be added to the ntopng menu to allow quick access.
2.4. Writing Timeseries¶
Using plugins, one can create and write timeseries for any custom metric of interest. One can chart a particular metric for local hosts (e.g., the number SYNs received), networks, and so on. ntopng charting library can then be used to visualize created timeseries.