Check Hooks

ntopng uses hooks to know when to execute a check. Hooks are string keys of the script hooks table and have a check function assigned. Hooks are associated to intervals of time for any network element (e.g. a network).

Flow and host checks are currently implemented in C++. Checks for other network elements are implemented in Lua and the below hooks are available:

  • min: Called every minute.
  • 5mins: Called every 5 minutes.
  • hour: Called every hour.
  • day: Called every day (at midnight localtime).
  • all: A special hook name which will cause the associated check to be called for all the available hooks.

Hooks Parameters

ntopng calls every check hook function with a params Lua table as argument. The script hook function is expected to have this structure:

function my_check(params)
  -- ...
end

The params contains the following keys:

  • granularity: one of aperiodic, min, 5mins, hour, day.
  • alert_entity: A table carrying information on the current entity which can be used to generate alerts.
  • entity_info: A string identifying the current entity.
  • cur_alerts: Currently engaged alert for the entity.
  • check_config: The check configuration submitted by the user from the Checks GUI. Table can be empty if the script doesn not require user-submitted configuration.
  • check: The name of the check which is being called.
  • when: An integer indicating the current epoch.
  • ifid: The interface id of the current interface.
  • ts_enabled: True when the timeseries generation is enabled for the current timeseries.

It is ntopng which takes care of calling the hook check function with table params opportunely populated.

Hooks Example

A check which needs to be called every minute will implement a check function and assign it to hook min

hooks = {min  = function (params) --[[ Check function body --]] end }