From c63cbec26d9ab3aa3004c9969ec67315fecd28b1 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Wed, 26 Oct 2022 13:45:15 +0200 Subject: Improved nDPIsrvd-collectd statistics. * Improved RRD-Graph generation script and static WWW html files. Signed-off-by: Toni Uhlig --- examples/c-collectd/c-collectd.c | 90 ++++++++- examples/c-collectd/rrdgraph.sh | 276 +++++++++++++++++++++++++++- examples/c-collectd/www/dpi/categories.html | 101 ++++++---- examples/c-collectd/www/dpi/detections.html | 38 +++- examples/c-collectd/www/dpi/events.html | 205 +++++++++++++++++++++ examples/c-collectd/www/dpi/flows.html | 38 +++- examples/c-collectd/www/dpi/index.html | 216 ++++++++++++++++++---- examples/c-collectd/www/dpi/jsons.html | 186 +++++++++++++++++++ examples/c-collectd/www/dpi/other.html | 48 ++++- 9 files changed, 1110 insertions(+), 88 deletions(-) create mode 100644 examples/c-collectd/www/dpi/events.html create mode 100644 examples/c-collectd/www/dpi/jsons.html (limited to 'examples') diff --git a/examples/c-collectd/c-collectd.c b/examples/c-collectd/c-collectd.c index 60d1830a9..59145ec0a 100644 --- a/examples/c-collectd/c-collectd.c +++ b/examples/c-collectd/c-collectd.c @@ -14,6 +14,7 @@ #include "nDPIsrvd.h" #define DEFAULT_COLLECTD_EXEC_INST "nDPIsrvd" +#define ERROR_EVENT_ID_MAX 17 //#define GENERATE_TIMESTAMP 1 #define LOG(flags, format, ...) \ @@ -47,6 +48,9 @@ static int quiet = 0; static struct { + uint64_t json_lines; + uint64_t json_bytes; + uint64_t flow_new_count; uint64_t flow_end_count; uint64_t flow_idle_count; @@ -57,6 +61,18 @@ static struct uint64_t flow_detection_update_count; uint64_t flow_not_detected_count; + uint64_t packet_count; + uint64_t packet_flow_count; + + uint64_t init_count; + uint64_t reconnect_count; + uint64_t shutdown_count; + uint64_t status_count; + + uint64_t error_count_sum; + uint64_t error_count[ERROR_EVENT_ID_MAX]; + uint64_t error_unknown_count; + uint64_t flow_src_total_bytes; uint64_t flow_dst_total_bytes; uint64_t flow_risky_count; @@ -130,6 +146,14 @@ static struct json_stat_map const flow_event_map[] = {{"new", &collectd_statisti &collectd_statistics.flow_detection_update_count}, {"not-detected", &collectd_statistics.flow_not_detected_count}}; +static struct json_stat_map const packet_event_map[] = {{"packet", &collectd_statistics.packet_count}, + {"packet-flow", &collectd_statistics.packet_flow_count}}; + +static struct json_stat_map const daemon_event_map[] = {{"init", &collectd_statistics.init_count}, + {"reconnect", &collectd_statistics.reconnect_count}, + {"shutdown", &collectd_statistics.shutdown_count}, + {"status", &collectd_statistics.status_count}}; + static struct json_stat_map const breeds_map[] = {{"Safe", &collectd_statistics.flow_breed_safe_count}, {"Acceptable", &collectd_statistics.flow_breed_acceptable_count}, {"Fun", &collectd_statistics.flow_breed_fun_count}, @@ -357,18 +381,32 @@ static void print_collectd_exec_output(void) printf(COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() - COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT(), + COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() + COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() + COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() + COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() + COLLECTD_PUTVAL_N_FORMAT(), + COLLECTD_PUTVAL_N(json_lines), + COLLECTD_PUTVAL_N(json_bytes), COLLECTD_PUTVAL_N(flow_new_count), COLLECTD_PUTVAL_N(flow_end_count), COLLECTD_PUTVAL_N(flow_idle_count), + COLLECTD_PUTVAL_N(flow_update_count), + COLLECTD_PUTVAL_N(flow_analyse_count), COLLECTD_PUTVAL_N(flow_guessed_count), COLLECTD_PUTVAL_N(flow_detected_count), COLLECTD_PUTVAL_N(flow_detection_update_count), COLLECTD_PUTVAL_N(flow_not_detected_count), COLLECTD_PUTVAL_N(flow_src_total_bytes), COLLECTD_PUTVAL_N(flow_dst_total_bytes), - COLLECTD_PUTVAL_N(flow_risky_count)); + COLLECTD_PUTVAL_N(flow_risky_count), + COLLECTD_PUTVAL_N(packet_count), + COLLECTD_PUTVAL_N(packet_flow_count), + COLLECTD_PUTVAL_N(init_count), + COLLECTD_PUTVAL_N(reconnect_count), + COLLECTD_PUTVAL_N(shutdown_count), + COLLECTD_PUTVAL_N(status_count)); printf(COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() @@ -426,7 +464,7 @@ static void print_collectd_exec_output(void) printf(COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() - COLLECTD_PUTVAL_N_FORMAT(), + COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT() COLLECTD_PUTVAL_N_FORMAT(), COLLECTD_PUTVAL_N(flow_l3_ip4_count), COLLECTD_PUTVAL_N(flow_l3_ip6_count), @@ -435,7 +473,16 @@ static void print_collectd_exec_output(void) COLLECTD_PUTVAL_N(flow_l4_udp_count), COLLECTD_PUTVAL_N(flow_l4_icmp_count), COLLECTD_PUTVAL_N(flow_l4_other_count), - COLLECTD_PUTVAL_N(flow_risk_unknown_count)); + COLLECTD_PUTVAL_N(flow_risk_unknown_count), + COLLECTD_PUTVAL_N(error_unknown_count), + COLLECTD_PUTVAL_N(error_count_sum)); + + for (i = 0; i < ERROR_EVENT_ID_MAX; ++i) + { + char gauge_name[BUFSIZ]; + snprintf(gauge_name, sizeof(gauge_name), "error_%zu_count", i); + printf(COLLECTD_PUTVAL_N_FORMAT(), COLLECTD_PUTVAL_N2(gauge_name, error_count[i])); + } for (i = 0; i < NDPI_MAX_RISK; ++i) { @@ -559,6 +606,41 @@ static enum nDPIsrvd_callback_return collectd_json_callback(struct nDPIsrvd_sock struct nDPIsrvd_json_token const * const flow_event_name = TOKEN_GET_SZ(sock, "flow_event_name"); struct flow_user_data * flow_user_data = NULL; + collectd_statistics.json_lines++; + collectd_statistics.json_bytes += sock->buffer.json_string_length + NETWORK_BUFFER_LENGTH_DIGITS; + + struct nDPIsrvd_json_token const * const packet_event_name = TOKEN_GET_SZ(sock, "packet_event_name"); + if (packet_event_name != NULL) + { + collectd_map_token_to_stat(sock, packet_event_name, packet_event_map, nDPIsrvd_ARRAY_LENGTH(packet_event_map)); + } + + struct nDPIsrvd_json_token const * const daemon_event_name = TOKEN_GET_SZ(sock, "daemon_event_name"); + if (daemon_event_name != NULL) + { + collectd_map_token_to_stat(sock, daemon_event_name, daemon_event_map, nDPIsrvd_ARRAY_LENGTH(daemon_event_map)); + } + + struct nDPIsrvd_json_token const * const error_event_id = TOKEN_GET_SZ(sock, "error_event_id"); + if (error_event_id != NULL) + { + nDPIsrvd_ull error_event_id_ull; + if (TOKEN_VALUE_TO_ULL(sock, error_event_id, &error_event_id_ull) != CONVERSION_OK) + { + return CALLBACK_ERROR; + } + + collectd_statistics.error_count_sum++; + if (error_event_id_ull < ERROR_EVENT_ID_MAX) + { + collectd_statistics.error_count[error_event_id_ull]++; + } + else + { + collectd_statistics.error_unknown_count++; + } + } + if (flow != NULL) { flow_user_data = (struct flow_user_data *)flow->flow_user_data; diff --git a/examples/c-collectd/rrdgraph.sh b/examples/c-collectd/rrdgraph.sh index 6690bf9d5..25378a481 100755 --- a/examples/c-collectd/rrdgraph.sh +++ b/examples/c-collectd/rrdgraph.sh @@ -14,7 +14,7 @@ if [ -z "${OUTDIR}" ]; then exit 1 fi -if [ $(ls -al ${RRDDIR}/gauge-flow_*.rrd | wc -l) -ne 54 ]; then +if [ $(ls -al ${RRDDIR}/gauge-flow_*.rrd | wc -l) -ne 105 ]; then printf '%s: Missing some *.rrd files.\n' "${0}" exit 1 fi @@ -29,6 +29,7 @@ TIME_PAST_12HOURS="--start=-43200 --end=-0" TIME_PAST_DAY="--start=-86400 --end=-0" TIME_PAST_WEEK="--start=-604800 --end=-0" TIME_PAST_MONTH="--start=-2419200 --end=-0" +TIME_PAST_3MONTHS="--start=-8035200 --end=-0" TIME_PAST_YEAR="--start=-31536000 --end=-0" rrdtool_graph_colorize_missing_data() { @@ -55,6 +56,7 @@ rrdtool_graph() { rrdtool graph ${RRDARGS} -t "${TITLE} (past day)" -v ${YAXIS_NAME} -Y ${TIME_PAST_DAY} "${OUTPNG}_past_day.png" ${*} rrdtool graph ${RRDARGS} -t "${TITLE} (past week)" -v ${YAXIS_NAME} -Y ${TIME_PAST_WEEK} "${OUTPNG}_past_week.png" ${*} rrdtool graph ${RRDARGS} -t "${TITLE} (past month)" -v ${YAXIS_NAME} -Y ${TIME_PAST_MONTH} "${OUTPNG}_past_month.png" ${*} + rrdtool graph ${RRDARGS} -t "${TITLE} (past 3 months)" -v ${YAXIS_NAME} -Y ${TIME_PAST_3MONTHS} "${OUTPNG}_past_month.png" ${*} rrdtool graph ${RRDARGS} -t "${TITLE} (past year)" -v ${YAXIS_NAME} -Y ${TIME_PAST_YEAR} "${OUTPNG}_past_year.png" ${*} } @@ -172,6 +174,7 @@ rrdtool_graph Flow-Categories 'Amount(SUM)' "${OUTDIR}/categories" \ DEF:cat_ads=${RRDDIR}/gauge-flow_category_advertisment_count.rrd:value:AVERAGE \ DEF:cat_chat=${RRDDIR}/gauge-flow_category_chat_count.rrd:value:AVERAGE \ DEF:cat_cloud=${RRDDIR}/gauge-flow_category_cloud_count.rrd:value:AVERAGE \ + DEF:cat_collab=${RRDDIR}/gauge-flow_category_collaborative_count.rrd:value:AVERAGE \ DEF:cat_xfer=${RRDDIR}/gauge-flow_category_data_transfer_count.rrd:value:AVERAGE \ DEF:cat_db=${RRDDIR}/gauge-flow_category_database_count.rrd:value:AVERAGE \ DEF:cat_dl=${RRDDIR}/gauge-flow_category_download_count.rrd:value:AVERAGE \ @@ -183,7 +186,6 @@ rrdtool_graph Flow-Categories 'Amount(SUM)' "${OUTDIR}/categories" \ DEF:cat_min=${RRDDIR}/gauge-flow_category_mining_count.rrd:value:AVERAGE \ DEF:cat_mus=${RRDDIR}/gauge-flow_category_music_count.rrd:value:AVERAGE \ DEF:cat_net=${RRDDIR}/gauge-flow_category_network_count.rrd:value:AVERAGE \ - DEF:cat_oth=${RRDDIR}/gauge-flow_category_other_count.rrd:value:AVERAGE \ DEF:cat_prod=${RRDDIR}/gauge-flow_category_productivity_count.rrd:value:AVERAGE \ DEF:cat_rem=${RRDDIR}/gauge-flow_category_remote_access_count.rrd:value:AVERAGE \ DEF:cat_rpc=${RRDDIR}/gauge-flow_category_rpc_count.rrd:value:AVERAGE \ @@ -204,6 +206,8 @@ rrdtool_graph Flow-Categories 'Amount(SUM)' "${OUTDIR}/categories" \ $(rrdtool_graph_print_cur_min_max_avg cat_chat) \ STACK:cat_cloud#2986cc:"Cloud.................." \ $(rrdtool_graph_print_cur_min_max_avg cat_cloud) \ + STACK:cat_collab#3212aa:"Collaborative.........." \ + $(rrdtool_graph_print_cur_min_max_avg cat_collab) \ STACK:cat_xfer#16537e:"Data-Transfer.........." \ $(rrdtool_graph_print_cur_min_max_avg cat_xfer) \ STACK:cat_db#cc0000:"Database..............." \ @@ -226,8 +230,6 @@ rrdtool_graph Flow-Categories 'Amount(SUM)' "${OUTDIR}/categories" \ $(rrdtool_graph_print_cur_min_max_avg cat_mus) \ STACK:cat_net#ddff00:"Network................" \ $(rrdtool_graph_print_cur_min_max_avg cat_net) \ - STACK:cat_oth#744700:"Other.................." \ - $(rrdtool_graph_print_cur_min_max_avg cat_oth) \ STACK:cat_prod#29ff00:"Productivity..........." \ $(rrdtool_graph_print_cur_min_max_avg cat_prod) \ STACK:cat_rem#b52c2c:"Remote-Access.........." \ @@ -254,3 +256,269 @@ rrdtool_graph Flow-Categories 'Amount(SUM)' "${OUTDIR}/categories" \ $(rrdtool_graph_print_cur_min_max_avg cat_vpn) \ STACK:cat_web#00fffb:"Web...................." \ $(rrdtool_graph_print_cur_min_max_avg cat_web) +rrdtool_graph JSON 'Lines' "${OUTDIR}/json_lines" \ + DEF:json_lines=${RRDDIR}/gauge-json_lines.rrd:value:AVERAGE \ + $(rrdtool_graph_colorize_missing_data json_lines) \ + AREA:json_lines#4dff4d::STACK \ + LINE2:json_lines#00e600:"JSON-lines" \ + $(rrdtool_graph_print_cur_min_max_avg json_lines) +rrdtool_graph JSON 'Bytes' "${OUTDIR}/json_bytes" \ + DEF:json_bytes=${RRDDIR}/gauge-json_bytes.rrd:value:AVERAGE \ + $(rrdtool_graph_colorize_missing_data json_bytes) \ + AREA:json_bytes#4dff4d::STACK \ + LINE2:json_bytes#00e600:"JSON-bytes" \ + $(rrdtool_graph_print_cur_min_max_avg json_bytes) +rrdtool_graph Events 'Amouunt' "${OUTDIR}/events" \ + DEF:init=${RRDDIR}/gauge-init_count.rrd:value:AVERAGE \ + DEF:reconnect=${RRDDIR}/gauge-reconnect_count.rrd:value:AVERAGE \ + DEF:shutdown=${RRDDIR}/gauge-shutdown_count.rrd:value:AVERAGE \ + DEF:status=${RRDDIR}/gauge-status_count.rrd:value:AVERAGE \ + DEF:packet=${RRDDIR}/gauge-packet_count.rrd:value:AVERAGE \ + DEF:packet_flow=${RRDDIR}/gauge-init_count.rrd:value:AVERAGE \ + DEF:new=${RRDDIR}/gauge-flow_new_count.rrd:value:AVERAGE \ + DEF:end=${RRDDIR}/gauge-flow_end_count.rrd:value:AVERAGE \ + DEF:idle=${RRDDIR}/gauge-flow_idle_count.rrd:value:AVERAGE \ + DEF:update=${RRDDIR}/gauge-flow_update_count.rrd:value:AVERAGE \ + DEF:detection_update=${RRDDIR}/gauge-flow_detection_update_count.rrd:value:AVERAGE \ + DEF:guessed=${RRDDIR}/gauge-flow_guessed_count.rrd:value:AVERAGE \ + DEF:detected=${RRDDIR}/gauge-flow_detected_count.rrd:value:AVERAGE \ + DEF:not_detected=${RRDDIR}/gauge-flow_not_detected_count.rrd:value:AVERAGE \ + DEF:analyse=${RRDDIR}/gauge-flow_analyse_count.rrd:value:AVERAGE \ + DEF:error=${RRDDIR}/gauge-error_count_sum.rrd:value:AVERAGE \ + $(rrdtool_graph_colorize_missing_data init) \ + AREA:init#f1c232:"Init..................." \ + $(rrdtool_graph_print_cur_min_max_avg init) \ + STACK:reconnect#63bad9:"Reconnect.............." \ + $(rrdtool_graph_print_cur_min_max_avg reconnect) \ + STACK:shutdown#3a6f82:"Shutdown..............." \ + $(rrdtool_graph_print_cur_min_max_avg shutdown) \ + STACK:status#b7cbd1:"Status................." \ + $(rrdtool_graph_print_cur_min_max_avg status) \ + STACK:packet#0aff3f:"Packet................." \ + $(rrdtool_graph_print_cur_min_max_avg packet) \ + STACK:packet_flow#00c72b:"Packet-Flow............" \ + $(rrdtool_graph_print_cur_min_max_avg packet_flow) \ + STACK:new#c76700:"New...................." \ + $(rrdtool_graph_print_cur_min_max_avg new) \ + STACK:end#c78500:"End...................." \ + $(rrdtool_graph_print_cur_min_max_avg end) \ + STACK:idle#c7a900:"Idle..................." \ + $(rrdtool_graph_print_cur_min_max_avg idle) \ + STACK:update#c7c400:"Updates................" \ + $(rrdtool_graph_print_cur_min_max_avg update) \ + STACK:detection_update#a2c700:"Detection-Updates......" \ + $(rrdtool_graph_print_cur_min_max_avg detection_update) \ + STACK:guessed#7bc700:"Guessed................" \ + $(rrdtool_graph_print_cur_min_max_avg guessed) \ + STACK:detected#00c781:"Detected..............." \ + $(rrdtool_graph_print_cur_min_max_avg detected) \ + STACK:not_detected#00bdc7:"Not-Detected..........." \ + $(rrdtool_graph_print_cur_min_max_avg not_detected) \ + STACK:analyse#1400c7:"Analyse................" \ + $(rrdtool_graph_print_cur_min_max_avg analyse) \ + STACK:error#c70000:"Error.................." \ + $(rrdtool_graph_print_cur_min_max_avg error) +rrdtool_graph Error-Events 'Amouunt' "${OUTDIR}/error_events" \ + DEF:error_0=${RRDDIR}/gauge-error_0_count.rrd:value:AVERAGE \ + DEF:error_1=${RRDDIR}/gauge-error_1_count.rrd:value:AVERAGE \ + DEF:error_2=${RRDDIR}/gauge-error_2_count.rrd:value:AVERAGE \ + DEF:error_3=${RRDDIR}/gauge-error_3_count.rrd:value:AVERAGE \ + DEF:error_4=${RRDDIR}/gauge-error_4_count.rrd:value:AVERAGE \ + DEF:error_5=${RRDDIR}/gauge-error_5_count.rrd:value:AVERAGE \ + DEF:error_6=${RRDDIR}/gauge-error_6_count.rrd:value:AVERAGE \ + DEF:error_7=${RRDDIR}/gauge-error_7_count.rrd:value:AVERAGE \ + DEF:error_8=${RRDDIR}/gauge-error_8_count.rrd:value:AVERAGE \ + DEF:error_9=${RRDDIR}/gauge-error_9_count.rrd:value:AVERAGE \ + DEF:error_10=${RRDDIR}/gauge-error_10_count.rrd:value:AVERAGE \ + DEF:error_11=${RRDDIR}/gauge-error_11_count.rrd:value:AVERAGE \ + DEF:error_12=${RRDDIR}/gauge-error_12_count.rrd:value:AVERAGE \ + DEF:error_13=${RRDDIR}/gauge-error_13_count.rrd:value:AVERAGE \ + DEF:error_14=${RRDDIR}/gauge-error_14_count.rrd:value:AVERAGE \ + DEF:error_15=${RRDDIR}/gauge-error_15_count.rrd:value:AVERAGE \ + DEF:error_16=${RRDDIR}/gauge-error_16_count.rrd:value:AVERAGE \ + DEF:error_unknown=${RRDDIR}/gauge-error_unknown_count.rrd:value:AVERAGE \ + $(rrdtool_graph_colorize_missing_data error_0) \ + AREA:error_0#ff6a00:"Unknown-datalink-layer-packet............................" \ + $(rrdtool_graph_print_cur_min_max_avg error_0) \ + STACK:error_1#bf7540:"Unknown-L3-protocol......................................" \ + $(rrdtool_graph_print_cur_min_max_avg error_1) \ + STACK:error_2#ffd500:"Unsupported-datalink-layer..............................." \ + $(rrdtool_graph_print_cur_min_max_avg error_2) \ + STACK:error_3#bfaa40:"Packet-too-short........................................." \ + $(rrdtool_graph_print_cur_min_max_avg error_3) \ + STACK:error_4#bfff00:"Unknown-packet-type......................................" \ + $(rrdtool_graph_print_cur_min_max_avg error_4) \ + STACK:error_5#9fbf40:"Packet-header-invalid...................................." \ + $(rrdtool_graph_print_cur_min_max_avg error_5) \ + STACK:error_6#55ff00:"IP4-packet-too-short....................................." \ + $(rrdtool_graph_print_cur_min_max_avg error_6) \ + STACK:error_7#6abf40:"Packet-smaller-than-IP4-header..........................." \ + $(rrdtool_graph_print_cur_min_max_avg error_7) \ + STACK:error_8#00ff15:"nDPI-IPv4/L4-payload-detection-failed...................." \ + $(rrdtool_graph_print_cur_min_max_avg error_8) \ + STACK:error_9#40bf4a:"IP6-packet-too-short....................................." \ + $(rrdtool_graph_print_cur_min_max_avg error_9) \ + STACK:error_10#00ff80:"Packet-smaller-than-IP6-header..........................." \ + $(rrdtool_graph_print_cur_min_max_avg error_10) \ + STACK:error_11#40bf80:"nDPI-IPv6/L4-payload-detection-failed...................." \ + $(rrdtool_graph_print_cur_min_max_avg error_11) \ + STACK:error_12#00ffea:"TCP-packet-smaller-than-expected........................." \ + $(rrdtool_graph_print_cur_min_max_avg error_12) \ + STACK:error_13#40bfb5:"UDP-packet-smaller-than-expected........................." \ + $(rrdtool_graph_print_cur_min_max_avg error_13) \ + STACK:error_14#00aaff:"Captured-packet-size-is-smaller-than-expected-packet-size" \ + $(rrdtool_graph_print_cur_min_max_avg error_14) \ + STACK:error_15#4095bf:"Max-flows-to-track-reached..............................." \ + $(rrdtool_graph_print_cur_min_max_avg error_15) \ + STACK:error_16#0040ff:"Flow-memory-allocation-failed............................" \ + $(rrdtool_graph_print_cur_min_max_avg error_16) \ + STACK:error_unknown#4060bf:"Unknown-error............................................" \ + $(rrdtool_graph_print_cur_min_max_avg error_unknown) +rrdtool_graph Risky-Events 'Amouunt' "${OUTDIR}/risky_events" \ + DEF:risk_0=${RRDDIR}/gauge-flow_risk_0_count.rrd:value:AVERAGE \ + DEF:risk_1=${RRDDIR}/gauge-flow_risk_1_count.rrd:value:AVERAGE \ + DEF:risk_2=${RRDDIR}/gauge-flow_risk_2_count.rrd:value:AVERAGE \ + DEF:risk_3=${RRDDIR}/gauge-flow_risk_3_count.rrd:value:AVERAGE \ + DEF:risk_4=${RRDDIR}/gauge-flow_risk_4_count.rrd:value:AVERAGE \ + DEF:risk_5=${RRDDIR}/gauge-flow_risk_5_count.rrd:value:AVERAGE \ + DEF:risk_6=${RRDDIR}/gauge-flow_risk_6_count.rrd:value:AVERAGE \ + DEF:risk_7=${RRDDIR}/gauge-flow_risk_7_count.rrd:value:AVERAGE \ + DEF:risk_8=${RRDDIR}/gauge-flow_risk_8_count.rrd:value:AVERAGE \ + DEF:risk_9=${RRDDIR}/gauge-flow_risk_9_count.rrd:value:AVERAGE \ + DEF:risk_10=${RRDDIR}/gauge-flow_risk_10_count.rrd:value:AVERAGE \ + DEF:risk_11=${RRDDIR}/gauge-flow_risk_11_count.rrd:value:AVERAGE \ + DEF:risk_12=${RRDDIR}/gauge-flow_risk_12_count.rrd:value:AVERAGE \ + DEF:risk_13=${RRDDIR}/gauge-flow_risk_13_count.rrd:value:AVERAGE \ + DEF:risk_14=${RRDDIR}/gauge-flow_risk_14_count.rrd:value:AVERAGE \ + DEF:risk_15=${RRDDIR}/gauge-flow_risk_15_count.rrd:value:AVERAGE \ + DEF:risk_16=${RRDDIR}/gauge-flow_risk_16_count.rrd:value:AVERAGE \ + DEF:risk_17=${RRDDIR}/gauge-flow_risk_17_count.rrd:value:AVERAGE \ + DEF:risk_18=${RRDDIR}/gauge-flow_risk_18_count.rrd:value:AVERAGE \ + DEF:risk_19=${RRDDIR}/gauge-flow_risk_19_count.rrd:value:AVERAGE \ + DEF:risk_20=${RRDDIR}/gauge-flow_risk_20_count.rrd:value:AVERAGE \ + DEF:risk_21=${RRDDIR}/gauge-flow_risk_21_count.rrd:value:AVERAGE \ + DEF:risk_22=${RRDDIR}/gauge-flow_risk_22_count.rrd:value:AVERAGE \ + DEF:risk_23=${RRDDIR}/gauge-flow_risk_23_count.rrd:value:AVERAGE \ + DEF:risk_24=${RRDDIR}/gauge-flow_risk_24_count.rrd:value:AVERAGE \ + DEF:risk_25=${RRDDIR}/gauge-flow_risk_25_count.rrd:value:AVERAGE \ + DEF:risk_26=${RRDDIR}/gauge-flow_risk_26_count.rrd:value:AVERAGE \ + DEF:risk_27=${RRDDIR}/gauge-flow_risk_27_count.rrd:value:AVERAGE \ + DEF:risk_28=${RRDDIR}/gauge-flow_risk_28_count.rrd:value:AVERAGE \ + DEF:risk_29=${RRDDIR}/gauge-flow_risk_29_count.rrd:value:AVERAGE \ + DEF:risk_30=${RRDDIR}/gauge-flow_risk_30_count.rrd:value:AVERAGE \ + DEF:risk_31=${RRDDIR}/gauge-flow_risk_31_count.rrd:value:AVERAGE \ + DEF:risk_32=${RRDDIR}/gauge-flow_risk_32_count.rrd:value:AVERAGE \ + DEF:risk_33=${RRDDIR}/gauge-flow_risk_33_count.rrd:value:AVERAGE \ + DEF:risk_34=${RRDDIR}/gauge-flow_risk_34_count.rrd:value:AVERAGE \ + DEF:risk_35=${RRDDIR}/gauge-flow_risk_35_count.rrd:value:AVERAGE \ + DEF:risk_36=${RRDDIR}/gauge-flow_risk_36_count.rrd:value:AVERAGE \ + DEF:risk_37=${RRDDIR}/gauge-flow_risk_37_count.rrd:value:AVERAGE \ + DEF:risk_38=${RRDDIR}/gauge-flow_risk_38_count.rrd:value:AVERAGE \ + DEF:risk_39=${RRDDIR}/gauge-flow_risk_39_count.rrd:value:AVERAGE \ + DEF:risk_40=${RRDDIR}/gauge-flow_risk_40_count.rrd:value:AVERAGE \ + DEF:risk_41=${RRDDIR}/gauge-flow_risk_41_count.rrd:value:AVERAGE \ + DEF:risk_42=${RRDDIR}/gauge-flow_risk_42_count.rrd:value:AVERAGE \ + DEF:risk_43=${RRDDIR}/gauge-flow_risk_43_count.rrd:value:AVERAGE \ + DEF:risk_44=${RRDDIR}/gauge-flow_risk_44_count.rrd:value:AVERAGE \ + DEF:risk_45=${RRDDIR}/gauge-flow_risk_45_count.rrd:value:AVERAGE \ + DEF:risk_46=${RRDDIR}/gauge-flow_risk_46_count.rrd:value:AVERAGE \ + DEF:risk_47=${RRDDIR}/gauge-flow_risk_47_count.rrd:value:AVERAGE \ + DEF:risk_unknown=${RRDDIR}/gauge-flow_risk_unknown_count.rrd:value:AVERAGE \ + $(rrdtool_graph_colorize_missing_data risk_0) \ + AREA:risk_0#ff0000:"XSS-Attack..............................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_1) \ + STACK:risk_1#ff5500:"SQL-Injection............................................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_2) \ + STACK:risk_2#ffaa00:"RCE-Injection............................................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_3) \ + STACK:risk_3#ffff00:"Binary-App-Transfer......................................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_4) \ + STACK:risk_4#aaff00:"Known-Proto-on-Non-Std-Port.............................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_5) \ + STACK:risk_5#55ff00:"Self-signed-Cert........................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_6) \ + STACK:risk_6#00ff55:"Obsolete-TLS-v1.1-or-older..............................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_7) \ + STACK:risk_7#00ffaa:"Weak-TLS-Cipher.........................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_8) \ + STACK:risk_8#00ffff:"TLS-Cert-Expired........................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_9) \ + STACK:risk_9#00aaff:"TLS-Cert-Mismatch........................................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_10) \ + STACK:risk_10#0055ff:"HTTP-Suspicious-User-Agent..............................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_11) \ + STACK:risk_11#0000ff:"HTTP-Numeric-IP-Address.................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_12) \ + STACK:risk_12#5500ff:"HTTP-Suspicious-URL......................................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_13) \ + STACK:risk_13#aa00ff:"HTTP-Suspicious-Header..................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_14) \ + STACK:risk_14#ff00ff:"TLS-probably-Not-Carrying-HTTPS.........................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_15) \ + STACK:risk_15#ff00aa:"Suspicious-DGA-Domain-name..............................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_16) \ + STACK:risk_16#ff0055:"Malformed-Packet........................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_17) \ + STACK:risk_17#602020:"SSH-Obsolete-Client-Version/Cipher......................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_18) \ + STACK:risk_18#603a20:"SSH-Obsolete-Server-Version/Cipher......................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_19) \ + STACK:risk_19#605520:"SMB-Insecure-Version....................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_20) \ + STACK:risk_20#506020:"TLS-Suspicious-ESNI-Usage................................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_21) \ + STACK:risk_21#356020:"Unsafe-Protocol.........................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_22) \ + STACK:risk_22#206025:"Suspicious-DNS-Traffic..................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_23) \ + STACK:risk_23#206040:"Missing-SNI-TLS-Extension................................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_24) \ + STACK:risk_24#20605a:"HTTP-Suspicious-Content.................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_25) \ + STACK:risk_25#204a60:"Risky-ASN................................................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_26) \ + STACK:risk_26#203060:"Risky-Domain-Name........................................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_27) \ + STACK:risk_27#2a2060:"Malicious-JA3-Fingerprint................................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_28) \ + STACK:risk_28#452060:"Malicious-SSL-Cert/SHA1-Fingerprint......................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_29) \ + STACK:risk_29#602060:"Desktop/File-Sharing....................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_30) \ + STACK:risk_30#602045:"Uncommon-TLS-ALPN........................................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_31) \ + STACK:risk_31#df2020:"TLS-Cert-Validity-Too-Long..............................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_32) \ + STACK:risk_32#df6020:"TLS-Suspicious-Extension................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_33) \ + STACK:risk_33#df9f20:"TLS-Fatal-Alert.........................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_34) \ + STACK:risk_34#dfdf20:"Suspicious-Entropy......................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_35) \ + STACK:risk_35#9fdf20:"Clear-Text-Credentials..................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_36) \ + STACK:risk_36#60df20:"Large-DNS-Packet........................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_37) \ + STACK:risk_37#20df20:"Fragmented-DNS-Message..................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_38) \ + STACK:risk_38#20df60:"Text-With-Non-Printable-Chars............................" \ + $(rrdtool_graph_print_cur_min_max_avg risk_39) \ + STACK:risk_39#20df9f:"Possible-Exploit........................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_40) \ + STACK:risk_40#20dfdf:"TLS-Cert-About-To-Expire................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_41) \ + STACK:risk_41#209fdf:"IDN-Domain-Name.........................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_42) \ + STACK:risk_42#2060df:"Error-Code..............................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_43) \ + STACK:risk_43#2020df:"Crawler/Bot.............................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_44) \ + STACK:risk_44#6020df:"Anonymous-Subscriber....................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_45) \ + STACK:risk_45#9f20df:"Unidirectional-Traffic..................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_46) \ + STACK:risk_46#df20df:"HTTP-Obsolete-Server....................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_47) \ + STACK:risk_47#df209f:"Unknown.................................................." \ + $(rrdtool_graph_print_cur_min_max_avg risk_unknown) \ + STACK:risk_unknown#df2060:"Unknown.................................................." diff --git a/examples/c-collectd/www/dpi/categories.html b/examples/c-collectd/www/dpi/categories.html index d0656e48d..fa7151d88 100644 --- a/examples/c-collectd/www/dpi/categories.html +++ b/examples/c-collectd/www/dpi/categories.html @@ -1,10 +1,15 @@ - + + + + + + - - + + nDPId Dashboard @@ -92,43 +97,73 @@ Categories +
  • + + + + + + + + + JSONs + +
    • +
  • + + + + + + + + + Events + +
    • -
    - Responsive image -
    -
    - Responsive image -
    -
    - Responsive image -
    -
    - Responsive image -
    -
    - Responsive image -
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    -
    - Responsive image -
    -
    - Responsive image -
    -
    - Responsive image -
    -
    - Responsive image -
    -
    - Responsive image -
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    diff --git a/examples/c-collectd/www/dpi/detections.html b/examples/c-collectd/www/dpi/detections.html index 1b8074c30..af7fced30 100644 --- a/examples/c-collectd/www/dpi/detections.html +++ b/examples/c-collectd/www/dpi/detections.html @@ -1,10 +1,15 @@ - + + + + + + - - + + nDPId Dashboard @@ -92,6 +97,30 @@ Categories +
  • + + + + + + + + + JSONs + +
    • +
  • + + + + + + + + + Events + +
    • @@ -101,6 +130,9 @@
    Responsive image
    +
    + Responsive image +
    Responsive image
    diff --git a/examples/c-collectd/www/dpi/events.html b/examples/c-collectd/www/dpi/events.html new file mode 100644 index 000000000..3b43da92c --- /dev/null +++ b/examples/c-collectd/www/dpi/events.html @@ -0,0 +1,205 @@ + + + + + + + + + + + + + + + nDPId Dashboard + + + + + + + + + + + + + +
    +
    + + +
    + +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    + +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    + +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    + +
    +
    +
    + + + + + + + + + + + + + diff --git a/examples/c-collectd/www/dpi/flows.html b/examples/c-collectd/www/dpi/flows.html index 42e129839..1f7841328 100644 --- a/examples/c-collectd/www/dpi/flows.html +++ b/examples/c-collectd/www/dpi/flows.html @@ -1,10 +1,15 @@ - + + + + + + - - + + nDPId Dashboard @@ -92,6 +97,30 @@ Categories +
  • + + + + + + + + + JSONs + +
    • +
  • + + + + + + + + + Events + +
    • @@ -101,6 +130,9 @@
    Responsive image
    +
    + Responsive image +
    Responsive image
    diff --git a/examples/c-collectd/www/dpi/index.html b/examples/c-collectd/www/dpi/index.html index 260dd519c..bcec4ea3b 100644 --- a/examples/c-collectd/www/dpi/index.html +++ b/examples/c-collectd/www/dpi/index.html @@ -1,10 +1,15 @@ - + + + + + + - - + + nDPId Dashboard @@ -92,6 +97,30 @@ Categories +
  • + + + + + + + + + JSONs + +
    • +
  • + + + + + + + + + Events + +
    • @@ -101,6 +130,9 @@
    Responsive image
    +
    + Responsive image +
    Responsive image
    @@ -117,6 +149,9 @@
    Responsive image
    +
    + Responsive image +
    Responsive image
    @@ -133,6 +168,9 @@
    Responsive image
    +
    + Responsive image +
    Responsive image
    @@ -146,9 +184,12 @@ Responsive image -
    +
    Responsive image
    +
    + Responsive image +
    Responsive image
    @@ -162,9 +203,12 @@ Responsive image
    -
    +
    Responsive image
    +
    + Responsive image +
    Responsive image
    @@ -178,38 +222,138 @@ Responsive image
    -
    - Responsive image -
    -
    - Responsive image -
    -
    - Responsive image -
    -
    - Responsive image -
    -
    - Responsive image -
    - -
    - Responsive image -
    -
    - Responsive image -
    -
    - Responsive image -
    -
    - Responsive image -
    -
    - Responsive image -
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    + +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    + +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    + +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    + +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    + +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    diff --git a/examples/c-collectd/www/dpi/jsons.html b/examples/c-collectd/www/dpi/jsons.html new file mode 100644 index 000000000..bb8006c42 --- /dev/null +++ b/examples/c-collectd/www/dpi/jsons.html @@ -0,0 +1,186 @@ + + + + + + + + + + + + + + + nDPId Dashboard + + + + + + + + + + + + + +
    +
    + + +
    + +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    + +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    +
    + Responsive image +
    + +
    +
    +
    + + + + + + + + + + + + + diff --git a/examples/c-collectd/www/dpi/other.html b/examples/c-collectd/www/dpi/other.html index faaa9dd8a..e4e4156da 100644 --- a/examples/c-collectd/www/dpi/other.html +++ b/examples/c-collectd/www/dpi/other.html @@ -1,10 +1,15 @@ - + + + + + + - - + + nDPId Dashboard @@ -92,6 +97,30 @@ Categories +
  • + + + + + + + + + JSONs + +
    • +
  • + + + + + + + + + Events + +
    • @@ -101,6 +130,9 @@
    Responsive image
    +
    + Responsive image +
    Responsive image
    @@ -114,9 +146,12 @@ Responsive image -
    +
    Responsive image
    +
    + Responsive image +
    Responsive image
    @@ -130,9 +165,12 @@ Responsive image
    -
    +
    Responsive image
    +
    + Responsive image +
    Responsive image
    -- cgit v1.2.3