We offer complete REST based API in FastNetMon Advanced.
API is disabled by default because it has blank password by default. You need to generate new password to enable it.
Generate secure password and specify it as API password:
sudo fcli set main web_api_login admin sudo fcli set main web_api_password your_password_replace_it sudo fcli set main web_api_port 10007 sudo fcli set main web_api_host 127.0.0.1
To create multiple admin accounts please use this guide about our new access control system.
Optionally you can bind API daemon to IPv6 addresses that way:
sudo fcli set main web_api_host ::1
If you experience any issues, we suggest checking logs:
sudo tail -f /var/log/fastnetmon/api_gateway.log
You may enable detailed logging level this way:
sudo fcli set main web_api_trace_queries true sudo fcli commit sudo systemctl restart fastnetmon_web_api
After making this change you will see very detailed information about all actions in log file api_gateway.log.
Optionally you can enable SSL/TLS enabled endpoint on another port this way. You need to use your own SSL certificates created manually:
sudo fcli set main web_api_ssl true sudo fcli set main web_api_ssl_host 127.0.0.1 sudo fcli set main web_api_ssl_port 10443 sudo fcli set main web_api_ssl_private_key_path /etc/ssl.key sudo fcli set main web_api_ssl_certificate_path /etc/ssl.certificate sudo systemctl restart fastnetmon_web_api
To listen on localhost and all external interfaces in same time you can set web_api_ssl_host to 0.0.0.0. For security reasons we recommend using only HTTPS enabled API port for external connections.
FastNetMon’s API does not provide fine grained permission control and we advice strongly against exposing it to non trusted systems / clients.
Execute example query to get license:
curl -X GET -u admin:YOU_PASSWORD http://127.0.0.1:10007/license
FastNetMon API based on well known fcli tool.
For debugging purposes, you could switch fcli to JSON mode this way:
JSON_MODE=on sudo -E fcli show bgp
It will provide same messages as API provides.
Instead of “set” command, you will need to use PUT HTTP method, for example (be careful, we use URL Encode for network name because it consists slash symbol):
curl -X PUT -u apiuser:securepass9 http://127.0.0.1:10007/main/networks_list/11.22.33.44%2f22
Instead of “delete” command you will need to use DELETE HTTP method, for example:
curl -X DELETE -u apiuser:securepass9 http://127.0.0.1:10007/main/networks_list/11.22.33.44%2f22
To list all networks:
curl -q -X GET -u admin:admin 'http://127.0.0.1:10007/main/networks_list'
Example output:
{"success":true,"error_text":"","values":["1.1.1.0/22","2a01:4b00::1"]}
To show something, you could use GET HTTP method:
curl -X GET -u apiuser:securepass9 http://127.0.0.1:10007/hostgroup/global/threshold_mbps
To show whole category use:
curl -X GET -u apiuser:securepass9 http://127.0.0.1:10007/hostgroup
As you can see, in almost all cases you could replace space symbol by slash and use fcli’s format of command to talk with API.
If method failed for some reasons we return following document:
{"success":false,"error_text":"Category name hostgroupddd is not supported"}
If we command returns single value we return it in “value” field.
Example for boolean value:
curl -X GET -u apiuser:securepass9 http://127.0.0.1:10007/main/sflow
{"success":true,"error_text":"","value":true}
Example for string value:
curl -X GET -u apiuser:securepass9 http://127.0.0.1:10007/main/sflow_host
{"success":true,"error_text":"","value":"94.76.167.202"}
If command returns multiple elements, we return it in “values” field:
curl -X GET -u apiuser:securepass9 http://127.0.0.1:10007/main/sflow_ports
{"success":true,"error_text":"","values":["3432","6343"]}
If command returns hash map / table / dictionary FastNetMon encodes them as JSON dictionary:
curl -X GET -u apiuser:securepass9 http://127.0.0.1:10007/main/influxdb_tags_table
{"success":true,"error_text":"","table":{"ddd":"vvvv","foo":"bar"}}
If command returns document (hash map, dictionary) we return it in “object” field:
curl -X GET -u apiuser:securepass9 http://127.0.0.1:10007/bgp/connection_to_my_router
{"success":true,"error_text":"","values":[{"name":"connection_to_my_router","description":"","local_asn":65001,"local_address":"11.22.33.44","subnet_learning":false,"remote_asn":65001,"remote_address":"22.33.44.55","device_vendor":"","device_model":"","multihop":false,"md5_auth":true,"md5_auth_password":"suxx","snmp_address":"","snmp_version":"","snmp_community":"","ipv4_unicast":true,"ipv6_unicast":false,"ipv4_flowspec":true,"ipv6_flowspec":false,"ipv4_unicast_announces_limit":0,"ipv6_unicast_announces_limit":0,"ipv4_flowspec_announces_limit":0,"ipv6_flowspec_announces_limit":0,"active":true}]}
But we have some pretty complicated examples, for example for blackhole announces:
curl -X GET -u apiuser:securepass9 http://127.0.0.1:10007/blackhole
{"success":true,"values":[{"uuid":"6575af53-301a-4dae-ab9d-7e89c2a1fada","ip":"127.0.0.1/32"},{"uuid":"22965d4e-83b0-42c0-a442-848cd80a9ca7","ip":"127.0.0.2/32"}]}
Or flow spec announces:
curl -X GET -u apiuser:securepass9 http://127.0.0.1:10007/flowspec
{"success":true,"values":[{"uuid":"00fde1c5-bce4-4752-9d08-4e5be115e1c0","announce":{"source_prefix":"4.0.0.0/32","destination_prefix":"127.0.0.0/32","destination_ports":[80],"source_ports":[53,5353],"packet_lengths":[777,1122],"protocols":["tcp"],"fragmentation_flags":["is-fragment","dont-fragment"],"tcp_flags":["syn"],"action_type":"rate-limit","action":{"rate":1024}}},{"uuid":"7bc20126-ae1e-4e5b-8bc6-3493a55a0511","announce":{"source_prefix":"4.0.0.0/32","destination_prefix":"127.0.0.0/32","destination_ports":[80],"source_ports":[53,5353],"packet_lengths":[777,444],"protocols":["tcp"],"fragmentation_flags":["is-fragment","dont-fragment"],"tcp_flags":["syn"],"action_type":"rate-limit","action":{"rate":1024}}}]}
To put blackhole host, use this:
curl -X PUT -u admin:securepass9 http://127.0.0.1:10007/blackhole/127.0.0.1
After making any changes, you have to trigger commit command to apply changes for FastNetMon’s engine:
curl -X PUT -u admin:securepass9 http://127.0.0.1:10007/commit
Complete example to ban and then unban host
Ban it:
curl -X PUT -u admin:securepass9 http://127.0.0.1:10007/blackhole/127.0.0.1
Check list of banned hosts:
curl -X GET -u admin:securepass9 http://127.0.0.1:10007/blackhole
Output:
{"success":true,"values":[{"uuid":"a1080f8f-46bb-4fcf-932c-5cc837105589","ip":"127.0.0.1/32"}]}
And finally unban it by UUID:
curl -X DELETE -u admin:securepass9 http://127.0.0.1:10007/blackhole/a1080f8f-46bb-4fcf-932c-5cc837105589
Some some command which expect large JSON documents you may pass JSON documents as part of JSON query:
curl -vv -X PUT -u admin:securepass9 http://127.0.0.1:10007/flowspec -H "Content-Type: application/json" -d '{"source_prefix":"11.22.33.44/32", "destination_prefix":"11.22.33.44/32", "action_type":"discard"}'
How to get per host counters?
Example:
curl -s -X GET -u admin:securepass9 http://127.0.0.1:10007/host_counters/incoming/bytes
Feel free to replace “incoming” by “outgoing” and “bytes” by “packets” or “flows” to change ordering.
Example output:
{
"success": true,
"values": [
{
"host": "192.168.1.125",
"incoming_packets": 0,
"incoming_bytes": 0,
"incoming_flows": 0,
"fragmented_incoming_packets":0,
"fragmented_incoming_bytes":0,
"dropped_incoming_packets":0,
"dropped_incoming_bytes":0,
"tcp_incoming_packets":1468,
"tcp_incoming_bytes":2226553,
"tcp_syn_incoming_packets":0,
"tcp_syn_incoming_bytes":0,
"udp_incoming_packets":0,
"udp_incoming_bytes":0,
"icmp_incoming_packets":0,
"icmp_incoming_bytes":0
},
{
"host": "192.168.1.109",
"incoming_packets": 0,
"incoming_bytes": 0,
"incoming_flows": 0,
"fragmented_incoming_packets":0,
"fragmented_incoming_bytes":0,
"dropped_incoming_packets":0,
"dropped_incoming_bytes":0,
"tcp_incoming_packets":1468,
"tcp_incoming_bytes":2226553,
"tcp_syn_incoming_packets":0,
"tcp_syn_incoming_bytes":0,
"udp_incoming_packets":0,
"udp_incoming_bytes":0,
"icmp_incoming_packets":0,
"icmp_incoming_bytes":0
}
]
}
To get host counters for IPv6 you need to use following query:
curl -s -X GET -u admin:securepass9 http://127.0.0.1:10007/host_counters_v6/incoming/bytes
How to get traffic counters for single IP?
You can do it this way:
curl -X GET -u 'admin:password' http://127.0.0.1:10007/single_host_counters/1.2.3.4
Example output:
{
"success": true,
"error_text": "",
"object": {
"dropped_in_bytes": 0,
"dropped_in_packets": 0,
"dropped_out_bytes": 0,
"dropped_out_packets": 0,
"fragmented_in_bytes": 0,
"fragmented_in_packets": 0,
"fragmented_out_bytes": 0,
"fragmented_out_packets": 0,
"icmp_in_bytes": 123,
"icmp_in_packets": 0,
"icmp_out_bytes": 244,
"icmp_out_packets": 0,
"in_bytes": 9199870,
"in_flows": 23,
"in_packets": 7034,
"out_bytes": 506644,
"out_flows": 22,
"out_packets": 3135,
"tcp_in_bytes": 5415572,
"tcp_in_packets": 4022,
"tcp_out_bytes": 362532,
"tcp_out_packets": 2278,
"tcp_syn_in_bytes": 848007,
"tcp_syn_in_packets": 636,
"tcp_syn_out_bytes": 37889,
"tcp_syn_out_packets": 374,
"udp_in_bytes": 3783062,
"udp_in_packets": 2987,
"udp_out_bytes": 135935,
"udp_out_packets": 826
}
}
To get single host counters for IPv6 we need to use following query:
curl -X GET -u 'admin:password' http://127.0.0.1:10007/single_host_counters_v6/face::cafe
Create / read / update for for hostgroups
Starting from FastNetMon 2.0.332 you can use single large JSON document to create new hostgroup or completely overwrite configuration for existing hostgroup.
The easiest way to get all field names to manually create hostgroup via fcli and then get JSON output from it this way:
JSON_MODE=on sudo -E fcli show hostgroup servers
You will see document like this:
{
"success":true,
"error_text":"",
"values":[ {
"name":"servers",
"parent_name":"",
"description":"",
"calculation_method":"per_host",
"enable_ban":false,
"ban_for_pps":false,
"ban_for_bandwidth":false,
"ban_for_flows":false,
"threshold_pps":0,
"threshold_mbps":0,
"threshold_flows":0,
"ban_for_tcp_bandwidth":false,
"ban_for_udp_bandwidth":false,
"ban_for_icmp_bandwidth":false,
"ban_for_tcp_pps":false,
"ban_for_udp_pps":false,
"ban_for_icmp_pps":false,
"threshold_tcp_mbps":0,
"threshold_udp_mbps":0,
"threshold_icmp_mbps":0,
"threshold_tcp_pps":0,
"threshold_udp_pps":0,
"threshold_icmp_pps":0,
"ban_for_tcp_syn_pps":false,
"threshold_tcp_syn_pps":0,
"ban_for_tcp_syn_bandwidth":false,
"threshold_tcp_syn_mbps":0,
"ban_for_ip_fragments_pps":false,
"threshold_ip_fragments_pps":0,
"ban_for_ip_fragments_bandwidth":false,
"threshold_ip_fragments_mbps":0,
"enable_ban_incoming":false,
"enable_ban_outgoing":false,
"ban_for_pps_outgoing":false,
"ban_for_bandwidth_outgoing":false,
"ban_for_flows_outgoing":false,
"threshold_pps_outgoing":0,
"threshold_mbps_outgoing":0,
"threshold_flows_outgoing":0,
"ban_for_tcp_bandwidth_outgoing":false,
"ban_for_udp_bandwidth_outgoing":false,
"ban_for_icmp_bandwidth_outgoing":false,
"ban_for_tcp_pps_outgoing":false,
"ban_for_udp_pps_outgoing":false,
"ban_for_icmp_pps_outgoing":false,
"threshold_tcp_mbps_outgoing":0,
"threshold_udp_mbps_outgoing":0,
"threshold_icmp_mbps_outgoing":0,
"threshold_tcp_pps_outgoing":0,
"threshold_udp_pps_outgoing":0,
"threshold_icmp_pps_outgoing":0,
"ban_for_tcp_syn_pps_outgoing":false,
"threshold_tcp_syn_pps_outgoing":0,
"ban_for_tcp_syn_bandwidth_outgoing":false,
"threshold_tcp_syn_mbps_outgoing":0,
"ban_for_ip_fragments_pps_outgoing":false,
"threshold_ip_fragments_pps_outgoing":0,
"ban_for_ip_fragments_bandwidth_outgoing":false,
"threshold_ip_fragments_mbps_outgoing":0
} ] }
You need to use first element from array values to get whole document which describes hostgroup. Then you need to adjust required fields and pass them via API using PUT method to main hostgroup endpoint (/hostgroup) this way:
curl -vv -X PUT -u admin:securepass9 http://127.0.0.1:10007/hostgroup -H "Content-Type: application/json" -d '{"name":"servers","parent_name":"","description":"","calculation_method":"per_host","enable_ban":false,"ban_for_pps":false,"ban_for_bandwidth":false,"ban_for_flows":false,"threshold_pps":0,"threshold_mbps":0,"threshold_flows":0,"ban_for_tcp_bandwidth":false,"ban_for_udp_bandwidth":false,"ban_for_icmp_bandwidth":false,"ban_for_tcp_pps":false,"ban_for_udp_pps":false,"ban_for_icmp_pps":false,"threshold_tcp_mbps":0,"threshold_udp_mbps":0,"threshold_icmp_mbps":0,"threshold_tcp_pps":0,"threshold_udp_pps":0,"threshold_icmp_pps":0,"ban_for_tcp_syn_pps":false,"threshold_tcp_syn_pps":0,"ban_for_tcp_syn_bandwidth":false,"threshold_tcp_syn_mbps":0,"ban_for_ip_fragments_pps":false,"threshold_ip_fragments_pps":0,"ban_for_ip_fragments_bandwidth":false,"threshold_ip_fragments_mbps":0,"enable_ban_incoming":false,"enable_ban_outgoing":false,"ban_for_pps_outgoing":false,"ban_for_bandwidth_outgoing":false,"ban_for_flows_outgoing":false,"threshold_pps_outgoing":0,"threshold_mbps_outgoing":0,"threshold_flows_outgoing":0,"ban_for_tcp_bandwidth_outgoing":false,"ban_for_udp_bandwidth_outgoing":false,"ban_for_icmp_bandwidth_outgoing":false,"ban_for_tcp_pps_outgoing":false,"ban_for_udp_pps_outgoing":false,"ban_for_icmp_pps_outgoing":false,"threshold_tcp_mbps_outgoing":0,"threshold_udp_mbps_outgoing":0,"threshold_icmp_mbps_outgoing":0,"threshold_tcp_pps_outgoing":0,"threshold_udp_pps_outgoing":0,"threshold_icmp_pps_outgoing":0,"ban_for_tcp_syn_pps_outgoing":false,"threshold_tcp_syn_pps_outgoing":0,"ban_for_tcp_syn_bandwidth_outgoing":false,"threshold_tcp_syn_mbps_outgoing":0,"ban_for_ip_fragments_pps_outgoing":false,"threshold_ip_fragments_pps_outgoing":0,"ban_for_ip_fragments_bandwidth_outgoing":true,"threshold_ip_fragments_mbps_outgoing":12345}'
You can create new hostgroup by setting field “name” to name of new hostgroup.
Starting from 2.0.360 you can control number of entries returned by API calls asn_counters_v4, asn_counters_v6, host_counters_v6, host_counters, host_counters_per_hostgroup_v4, host_counters_per_hostgroup_v6, remote_host_counters using query parameter max_elements
curl -s -X GET -u admin:your_password_replace_it http://[::1]:10007/asn_counters_v4/outgoing?max_elements=50
Examples
We have number of example tools implemented for our API to provide examples:
- API client which creates and removes networks from FastNetMon
- API client which can block and unblock IP address
Technical details
FastNetMon REST API is implemented as gateway which accepts HTTP / HTTPS queries from end client and then reaches FastNetMon daemon using internal non public gRPC based API (which listens TCP port 50052 by default ) to execute command. For configuration management commands REST API reached MongoDB or FerretDB directly.
In case of FastNetMon daemon reachability issues you will see following error:
Show function returned error: XXX call failed: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 127.0.0.1:50052: connect: connection refused"
Schema reflection API
Our normal API endpoints do not provide detailed information about fields in main and hostgroup categories.
You can get it using special API calls:
curl -s -X GET -u admin:your_password_replace_it http://127.0.0.1:10007/fields/main
Example answer:
{
"success": true,
"error_text": "",
"values": [
{
"name": "enable_ban",
"type": "bool",
"unit": "",
"description": "Completely enable or disable all ban actions",
"tooltip": "",
"category": "ban_management",
"group": "",
"pretty_name": "Enable blocking",
"manage_with_web": true
},
{
"name": "enable_ban_hostgroup",
"type": "bool",
"unit": "",
"description": "Completely enable or disable all ban for total traffic per hostgroup",
"tooltip": "",
"category": "ban_management",
"group": "",
"pretty_name": "Enable blocking per hostgroup",
"manage_with_web": true
},
{
"name": "web_api_password",
"type": "string",
"unit": "",
"description": "Password for web API",
"tooltip": "",
"category": "web_api",
"group": "",
"pretty_name": "Password",
"sensitive": true,
"manage_with_web": true
}
]
}
For hostgroup configuration it will look this way:
curl -s -X GET -u admin:your_password_replace_it http://127.0.0.1:10007/fields/hostgroup
Example output:
{
"success": true,
"error_text": "",
"values": [
{
"name": "name",
"type": "string",
"unit": "",
"description": "Name of host group",
"tooltip": "Name of newly created group of hosts",
"category": "",
"group": "",
"pretty_name": "Host group name",
"manage_with_web": true
},
{
"name": "parent_name",
"type": "string",
"unit": "",
"description": "Parent host group name",
"tooltip": "Parent host group name",
"category": "",
"group": "",
"pretty_name": "Parent host group name",
"manage_with_web": true
}
]
}
Due to large number of configuration option in main configuration we distinguish them into categories and full list of categories with description can be requested this way:
curl -s -X GET -u admin:your_password_replace_it http://127.0.0.1:10007/configuration_categories/main
Example output:
{
"success": true,
"error_text": "",
"values": [
{
"name": "traffic_calculation_management",
"pretty_name": "Traffic calculation",
"manage_with_web": true
},
{
"name": "ban_management",
"pretty_name": "Attack detection",
"manage_with_web": true
},
{
"name": "network_management",
"pretty_name": "Networks configuration",
"manage_with_web": true
},
{
"name": "af_packet",
"pretty_name": "Mirror / SPAN AF_PACKET",
"manage_with_web": true
},
{
"name": "xdp",
"pretty_name": "Mirror / SPAN AF_XDP",
"manage_with_web": true
},
{
"name": "sflow",
"pretty_name": "sFlow",
"manage_with_web": true
},
{
"name": "netflow",
"pretty_name": "Netflow / IPFIX",
"manage_with_web": true
},
{
"name": "tera_flow",
"pretty_name": "Tera Flow",
"manage_with_web": true
},
{
"name": "bgp",
"pretty_name": "BGP settings",
"manage_with_web": true
},
{
"name": "email_notification",
"pretty_name": "Email notification",
"manage_with_web": true
},
{
"name": "notify_script",
"pretty_name": "Notify script",
"manage_with_web": true
},
{
"name": "web_callback",
"pretty_name": "Web hooks",
"manage_with_web": true
},
{
"name": "influxdb",
"pretty_name": "InfluxDB metrics",
"manage_with_web": true
},
{
"name": "clickhouse_metrics",
"pretty_name": "Clickhouse metrics",
"manage_with_web": true
},
{
"name": "graphite",
"pretty_name": "Graphite metrics",
"manage_with_web": true
},
{
"name": "traffic_db",
"pretty_name": "Traffic persistency",
"manage_with_web": true
},
{
"name": "redis",
"pretty_name": "Redis configuration",
"manage_with_web": true
},
{
"name": "system",
"pretty_name": "System options",
"manage_with_web": true
},
{
"name": "web_api",
"pretty_name": "Web API",
"manage_with_web": true
},
{
"name": "logging",
"pretty_name": "Log configuration",
"manage_with_web": true
}
]
}
Getting total traffic counters
To get total traffic counters you can use following query:
curl -q -X GET -u admin:password http://127.0.0.1:10007/total_traffic_counters
{
"success": true,
"values": [
{
"counter_name": "incoming traffic",
"value": 74960,
"unit": "pps"
},
{
"counter_name": "incoming tcp traffic",
"value": 43982,
"unit": "pps"
},
{
"counter_name": "incoming udp traffic",
"value": 30830,
"unit": "pps"
},
{
"counter_name": "incoming icmp traffic",
"value": 107,
"unit": "pps"
},
{
"counter_name": "incoming fragmented traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "incoming tcp_syn traffic",
"value": 9483,
"unit": "pps"
},
{
"counter_name": "incoming dropped traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "incoming traffic",
"value": 739,
"unit": "mbps"
},
{
"counter_name": "incoming tcp traffic",
"value": 458,
"unit": "mbps"
},
{
"counter_name": "incoming udp traffic",
"value": 281,
"unit": "mbps"
},
{
"counter_name": "incoming icmp traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "incoming fragmented traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "incoming tcp_syn traffic",
"value": 90,
"unit": "mbps"
},
{
"counter_name": "incoming dropped traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "incoming traffic",
"value": 676,
"unit": "flows"
},
{
"counter_name": "outgoing traffic",
"value": 30533,
"unit": "pps"
},
{
"counter_name": "outgoing tcp traffic",
"value": 21009,
"unit": "pps"
},
{
"counter_name": "outgoing udp traffic",
"value": 9378,
"unit": "pps"
},
{
"counter_name": "outgoing icmp traffic",
"value": 99,
"unit": "pps"
},
{
"counter_name": "outgoing fragmented traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "outgoing tcp_syn traffic",
"value": 5341,
"unit": "pps"
},
{
"counter_name": "outgoing dropped traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "outgoing traffic",
"value": 57,
"unit": "mbps"
},
{
"counter_name": "outgoing tcp traffic",
"value": 24,
"unit": "mbps"
},
{
"counter_name": "outgoing udp traffic",
"value": 32,
"unit": "mbps"
},
{
"counter_name": "outgoing icmp traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "outgoing fragmented traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "outgoing tcp_syn traffic",
"value": 6,
"unit": "mbps"
},
{
"counter_name": "outgoing dropped traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "outgoing traffic",
"value": 661,
"unit": "flows"
},
{
"counter_name": "internal traffic",
"value": 173,
"unit": "pps"
},
{
"counter_name": "internal tcp traffic",
"value": 172,
"unit": "pps"
},
{
"counter_name": "internal udp traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "internal icmp traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "internal fragmented traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "internal tcp_syn traffic",
"value": 37,
"unit": "pps"
},
{
"counter_name": "internal dropped traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "internal traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "internal tcp traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "internal udp traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "internal icmp traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "internal fragmented traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "internal tcp_syn traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "internal dropped traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "other traffic",
"value": 2475,
"unit": "pps"
},
{
"counter_name": "other tcp traffic",
"value": 2132,
"unit": "pps"
},
{
"counter_name": "other udp traffic",
"value": 260,
"unit": "pps"
},
{
"counter_name": "other icmp traffic",
"value": 50,
"unit": "pps"
},
{
"counter_name": "other fragmented traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "other tcp_syn traffic",
"value": 1118,
"unit": "pps"
},
{
"counter_name": "other dropped traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "other traffic",
"value": 20,
"unit": "mbps"
},
{
"counter_name": "other tcp traffic",
"value": 19,
"unit": "mbps"
},
{
"counter_name": "other udp traffic",
"value": 1,
"unit": "mbps"
},
{
"counter_name": "other icmp traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "other fragmented traffic",
"value": 0,
"unit": "mbps"
},
{
"counter_name": "other tcp_syn traffic",
"value": 10,
"unit": "mbps"
},
{
"counter_name": "other dropped traffic",
"value": 0,
"unit": "mbps"
}
]
}
If mbits granularity is not precise for you then you can specify bits per second using query argument this way:
curl -X GET -u admin:password http://127.0.0.1:10007/total_traffic_counters?bandwidth_unit=bps
Example output:
{
"success": true,
"values": [
{
"counter_name": "incoming traffic",
"value": 79322,
"unit": "pps"
},
{
"counter_name": "incoming tcp traffic",
"value": 43687,
"unit": "pps"
},
{
"counter_name": "incoming udp traffic",
"value": 35519,
"unit": "pps"
},
{
"counter_name": "incoming icmp traffic",
"value": 72,
"unit": "pps"
},
{
"counter_name": "incoming fragmented traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "incoming tcp_syn traffic",
"value": 12040,
"unit": "pps"
},
{
"counter_name": "incoming dropped traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "incoming traffic",
"value": 723954760,
"unit": "bps"
},
{
"counter_name": "incoming tcp traffic",
"value": 414577552,
"unit": "bps"
},
{
"counter_name": "incoming udp traffic",
"value": 309300432,
"unit": "bps"
},
{
"counter_name": "incoming icmp traffic",
"value": 56304,
"unit": "bps"
},
{
"counter_name": "incoming fragmented traffic",
"value": 0,
"unit": "bps"
},
{
"counter_name": "incoming tcp_syn traffic",
"value": 104146192,
"unit": "bps"
},
{
"counter_name": "incoming dropped traffic",
"value": 0,
"unit": "bps"
},
{
"counter_name": "incoming traffic",
"value": 677,
"unit": "flows"
},
{
"counter_name": "outgoing traffic",
"value": 32456,
"unit": "pps"
},
{
"counter_name": "outgoing tcp traffic",
"value": 19920,
"unit": "pps"
},
{
"counter_name": "outgoing udp traffic",
"value": 12376,
"unit": "pps"
},
{
"counter_name": "outgoing icmp traffic",
"value": 112,
"unit": "pps"
},
{
"counter_name": "outgoing fragmented traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "outgoing tcp_syn traffic",
"value": 5556,
"unit": "pps"
},
{
"counter_name": "outgoing dropped traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "outgoing traffic",
"value": 66208392,
"unit": "bps"
},
{
"counter_name": "outgoing tcp traffic",
"value": 21041712,
"unit": "bps"
},
{
"counter_name": "outgoing udp traffic",
"value": 45059632,
"unit": "bps"
},
{
"counter_name": "outgoing icmp traffic",
"value": 89744,
"unit": "bps"
},
{
"counter_name": "outgoing fragmented traffic",
"value": 0,
"unit": "bps"
},
{
"counter_name": "outgoing tcp_syn traffic",
"value": 6489344,
"unit": "bps"
},
{
"counter_name": "outgoing dropped traffic",
"value": 0,
"unit": "bps"
},
{
"counter_name": "outgoing traffic",
"value": 654,
"unit": "flows"
},
{
"counter_name": "internal traffic",
"value": 64,
"unit": "pps"
},
{
"counter_name": "internal tcp traffic",
"value": 53,
"unit": "pps"
},
{
"counter_name": "internal udp traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "internal icmp traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "internal fragmented traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "internal tcp_syn traffic",
"value": 38,
"unit": "pps"
},
{
"counter_name": "internal dropped traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "internal traffic",
"value": 59352,
"unit": "bps"
},
{
"counter_name": "internal tcp traffic",
"value": 28912,
"unit": "bps"
},
{
"counter_name": "internal udp traffic",
"value": 30304,
"unit": "bps"
},
{
"counter_name": "internal icmp traffic",
"value": 0,
"unit": "bps"
},
{
"counter_name": "internal fragmented traffic",
"value": 0,
"unit": "bps"
},
{
"counter_name": "internal tcp_syn traffic",
"value": 22848,
"unit": "bps"
},
{
"counter_name": "internal dropped traffic",
"value": 0,
"unit": "bps"
},
{
"counter_name": "other traffic",
"value": 7165,
"unit": "pps"
},
{
"counter_name": "other tcp traffic",
"value": 6857,
"unit": "pps"
},
{
"counter_name": "other udp traffic",
"value": 270,
"unit": "pps"
},
{
"counter_name": "other icmp traffic",
"value": 9,
"unit": "pps"
},
{
"counter_name": "other fragmented traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "other tcp_syn traffic",
"value": 3710,
"unit": "pps"
},
{
"counter_name": "other dropped traffic",
"value": 0,
"unit": "pps"
},
{
"counter_name": "other traffic",
"value": 68813904,
"unit": "bps"
},
{
"counter_name": "other tcp traffic",
"value": 67173808,
"unit": "bps"
},
{
"counter_name": "other udp traffic",
"value": 1626032,
"unit": "bps"
},
{
"counter_name": "other icmp traffic",
"value": 13856,
"unit": "bps"
},
{
"counter_name": "other fragmented traffic",
"value": 0,
"unit": "bps"
},
{
"counter_name": "other tcp_syn traffic",
"value": 35634448,
"unit": "bps"
},
{
"counter_name": "other dropped traffic",
"value": 0,
"unit": "bps"
}
]
}
Getting per network counters
Example for IPv4:
curl -s -q -X GET -u admin:password 'http://127.0.0.1:10007/network_counters'
Output:
{
"success": true,
"values": [
{
"network_name": "1.2.3.0/22",
"incoming_packets": 55977,
"incoming_bytes": 60999091,
"fragmented_incoming_packets": 0,
"fragmented_incoming_bytes": 0,
"dropped_incoming_packets": 0,
"dropped_incoming_bytes": 0,
"tcp_incoming_packets": 26120,
"tcp_incoming_bytes": 27493327,
"tcp_syn_incoming_packets": 7124,
"tcp_syn_incoming_bytes": 5356426,
"udp_incoming_packets": 29717,
"udp_incoming_bytes": 33478976,
"icmp_incoming_packets": 86,
"icmp_incoming_bytes": 7169,
"outgoing_packets": 21648,
"outgoing_bytes": 5241102,
"fragmented_outgoing_packets": 0,
"fragmented_outgoing_bytes": 0,
"dropped_outgoing_packets": 0,
"dropped_outgoing_bytes": 0,
"tcp_outgoing_packets": 12606,
"tcp_outgoing_bytes": 2141609,
"tcp_syn_outgoing_packets": 3058,
"tcp_syn_outgoing_bytes": 615520,
"udp_outgoing_packets": 8883,
"udp_outgoing_bytes": 3086342,
"icmp_outgoing_packets": 96,
"icmp_outgoing_bytes": 8507
}
]
}
Example for IPv4 per /24:
curl -s -q -X GET -u admin:password 'http://127.0.0.1:10007/network_counters_24'
Output:
{
"success": true,
"values": [
{
"network_name": "3.2.1.0/24",
"incoming_packets": 11594,
"incoming_bytes": 13214969,
"fragmented_incoming_packets": 0,
"fragmented_incoming_bytes": 0,
"dropped_incoming_packets": 0,
"dropped_incoming_bytes": 0,
"tcp_incoming_packets": 5168,
"tcp_incoming_bytes": 6276432,
"tcp_syn_incoming_packets": 842,
"tcp_syn_incoming_bytes": 867279,
"udp_incoming_packets": 6404,
"udp_incoming_bytes": 6937760,
"icmp_incoming_packets": 1,
"icmp_incoming_bytes": 715,
"outgoing_packets": 5174,
"outgoing_bytes": 1394130,
"fragmented_outgoing_packets": 0,
"fragmented_outgoing_bytes": 0,
"dropped_outgoing_packets": 0,
"dropped_outgoing_bytes": 0,
"tcp_outgoing_packets": 2844,
"tcp_outgoing_bytes": 466008,
"tcp_syn_outgoing_packets": 567,
"tcp_syn_outgoing_bytes": 117357,
"udp_outgoing_packets": 2301,
"udp_outgoing_bytes": 927206,
"icmp_outgoing_packets": 1,
"icmp_outgoing_bytes": 853
},
{
"network_name": "1.2.3.0/24",
"incoming_packets": 5837,
"incoming_bytes": 2983589,
"fragmented_incoming_packets": 0,
"fragmented_incoming_bytes": 0,
"dropped_incoming_packets": 0,
"dropped_incoming_bytes": 0,
"tcp_incoming_packets": 4582,
"tcp_incoming_bytes": 1557957,
"tcp_syn_incoming_packets": 2403,
"tcp_syn_incoming_bytes": 770899,
"udp_incoming_packets": 1166,
"udp_incoming_bytes": 1402097,
"icmp_incoming_packets": 37,
"icmp_incoming_bytes": 3631,
"outgoing_packets": 980,
"outgoing_bytes": 258966,
"fragmented_outgoing_packets": 0,
"fragmented_outgoing_bytes": 0,
"dropped_outgoing_packets": 0,
"dropped_outgoing_bytes": 0,
"tcp_outgoing_packets": 636,
"tcp_outgoing_bytes": 96589,
"tcp_syn_outgoing_packets": 75,
"tcp_syn_outgoing_bytes": 23469,
"udp_outgoing_packets": 281,
"udp_outgoing_bytes": 158878,
"icmp_outgoing_packets": 16,
"icmp_outgoing_bytes": 1694
}
]
}
Example for IPv6 networks:
curl -s -q -X GET -u admin:password 'http://127.0.0.1:10007/network_counters_v6'
Getting top ASN counters
Example query:
curl -X GET -u admin:password http://127.0.0.1:10007/asn_counters_v4
{
"success": true,
"values": [
{
"asn_number": 12345,
"incoming_packets": 23726,
"incoming_bytes": 32799035,
"incoming_flows": 0,
"fragmented_incoming_packets": 0,
"fragmented_incoming_bytes": 0,
"dropped_incoming_packets": 0,
"dropped_incoming_bytes": 0,
"tcp_incoming_packets": 14191,
"tcp_incoming_bytes": 20256697,
"tcp_syn_incoming_packets": 2804,
"tcp_syn_incoming_bytes": 4027798,
"udp_incoming_packets": 9520,
"udp_incoming_bytes": 12542321,
"icmp_incoming_packets": 0,
"icmp_incoming_bytes": 0
}]
}
For IPv6 traffic you need to use another query:
curl -X GET -u admin:password http://127.0.0.1:10007/asn_counters_v6
Getting whole main configuration
curl -q -X GET -u admin:admin 'http://127.0.0.1:10007/main'
Example output:
{
"success": true,
"error_text": "",
"object": {
"mirror_afpacket": false,
"af_packet_extract_tunnel_traffic": false,
"mirror_af_packet_sampling": true,
"mirror_af_external_packet_sampling": false,
"mirror_af_packet_socket_stats": true,
"mirror_af_packet_disable_multithreading": true,
"mirror_af_packet_fanout_mode": "cpu",
"mirror_af_packet_sampling_rate": 100,
"mirror_external_af_packet_sampling_rate": 100,
"mirror_af_packet_workers_number_override": false,
"mirror_af_packet_workers_number": 1,
"afpacket_strict_cpu_affinity": false,
"af_packet_read_packet_length_from_ip_header": false,
"enable_api": true,
"api_host": "127.0.0.1",
"api_port": 50052,
"app_packet_sr": false,
"app_packet_sr_tunnel_traffic": false,
"app_packet_sr_read_packet_length_from_ip_header": false,
"enable_ban": false,
"enable_ban_hostgroup": false,
"enable_ban_remote_outgoing": false,
"enable_ban_remote_incoming": false,
"do_not_ban_incoming": false,
"do_not_ban_outgoing": false,
"per_direction_hostgroup_thresholds": true,
"flexible_thresholds": true,
"flexible_thresholds_disable_multi_alerts": false,
"keep_flow_spec_announces_during_restart": false,
"keep_blocked_hosts_during_restart": false,
"keep_blocked_hostgroups_during_restart": false,
"enable_ban_ipv6": false,
"unban_enabled": true,
"ban_status_updates": false,
"ban_status_delay": 20,
"ban_time": 300,
"unban_only_if_attack_finished": true,
"gobgp_flow_spec_announces": false,
"gobgp_flow_spec_v6_announces": false,
"flow_spec_unban_enabled": true,
"flow_spec_per_hostgroup_management": false,
"flow_spec_ban_time": 1900,
"collect_attack_pcap_dumps": false,
"collect_simple_attack_dumps": true,
"ban_details_records_count": 25,
"threshold_specific_ban_details": false,
"do_not_cap_ban_details_records_count": false,
"unban_total_hostgroup_enabled": true,
"ban_time_total_hostgroup": 675,
"bucket_traffic_collection_timeout": 60,
"gobgp": false,
"gobgp_api_host": "localhost",
"gobgp_api_port": 50051,
"gobgp_bgp_listen_port": 179,
"gobgp_router_id": "",
"gobgp_next_hop": "1.2.3.4",
"gobgp_next_hop_host_ipv4": "0.0.0.0",
"gobgp_next_hop_subnet_ipv4": "0.0.0.0",
"gobgp_next_hop_remote_host": "0.0.0.0",
"gobgp_do_not_manage_daemon": false,
"gobgp_announce_host": false,
"gobgp_announce_whole_subnet": false,
"gobgp_announce_whole_subnet_force_custom_prefix_length": false,
"gobgp_announce_whole_subnet_custom_prefix_length": 24,
"gobgp_announce_whole_subnet_force_custom_ipv6_prefix_length": false,
"gobgp_announce_whole_subnet_custom_ipv6_prefix_length": 48,
"gobgp_announce_remote_host": false,
"gobgp_community_host": "65536:668",
"gobgp_community_subnet": "65001:667",
"gobgp_community_remote_host": "65001:669",
"gobgp_ipv6": false,
"gobgp_next_hop_ipv6": "100::1",
"gobgp_next_hop_host_ipv6": "",
"gobgp_next_hop_subnet_ipv6": "",
"gobgp_announce_host_ipv6": false,
"gobgp_announce_whole_subnet_ipv6": false,
"gobgp_community_host_ipv6": "65001:668",
"gobgp_community_subnet_ipv6": "65001:667",
"gobgp_flow_spec_default_action": "discard",
"gobgp_flow_spec_v4_redirect_target_as": 0,
"gobgp_flow_spec_v4_redirect_target_community": 0,
"gobgp_flow_spec_v6_redirect_target_as": 0,
"gobgp_flow_spec_v6_redirect_target_community": 0,
"gobgp_flow_spec_v6_default_action": "discard",
"gobgp_flow_spec_v6_rate_limit_value": 1024,
"gobgp_flow_spec_rate_limit_value": 1024,
"flow_spec_tcp_options_use_match_bit": false,
"flow_spec_fragmentation_options_use_match_bit": false,
"flow_spec_strip_ports_for_fragmented_traffic": false,
"flow_spec_do_not_process_length_field": false,
"flow_spec_do_not_process_tcp_flags_field": false,
"flow_spec_do_not_process_ip_fragmentation_flags_field": false,
"flow_spec_ignore_do_not_fragment_flag": false,
"flow_spec_do_not_process_source_address_field": false,
"flow_spec_execute_validation": false,
"do_not_withdraw_unicast_announces_on_restart": false,
"do_not_withdraw_flow_spec_announces_on_restart": false,
"gobgp_announce_hostgroup_networks": false,
"gobgp_announce_hostgroup_networks_ipv4": false,
"gobgp_announce_hostgroup_networks_ipv6": false,
"gobgp_next_hop_hostgroup_networks_ipv4": "0.0.0.0",
"gobgp_next_hop_hostgroup_networks_ipv6": "100::1",
"clickhouse_metrics": true,
"clickhouse_metrics_database": "fastnetmon",
"clickhouse_metrics_username": "default",
"clickhouse_metrics_password": "",
"clickhouse_metrics_host": "127.0.0.1",
"clickhouse_metrics_port": 9000,
"clickhouse_metrics_push_period": 1,
"clickhouse_metrics_export_top_hosts": true,
"email_notifications_enabled": true,
"email_notifications_disable_certificate_checks": false,
"email_notifications_host": "smtp.gmail.com",
"email_notifications_port": 587,
"email_notifications_tls": true,
"email_notifications_auth": true,
"email_notifications_auth_method": "",
"email_notifications_username": "fastnetmon@yourdomain.com",
"email_notifications_password": "super-secret-password",
"email_notifications_from": "fastnetmon@yourdomain.com",
"email_notifications_recipients": [
"pavel@fastnetmon.com"
],
"email_notifications_hide_flow_spec_rules": false,
"email_notifications_add_simple_packet_dump": true,
"email_subject_blackhole_block": "FastNetMon blocked host {{ ip }}",
"email_subject_blackhole_unblock": "FastNetMon unblocked host {{ ip }}",
"email_subject_partial_block": "FastNetMon partially blocked traffic for host {{ ip }}",
"email_subject_partial_unblock": "FastNetMon partially unblocked traffic for host {{ ip }}",
"slack_notifications_add_simple_packet_dump": true,
"filter_xdp": false,
"filter_xdp_mode": "skb",
"graphite": false,
"graphite_host": "127.0.0.1",
"graphite_port": 2003,
"graphite_prefix": "fastnetmon",
"graphite_push_period": 1,
"influxdb_kafka": false,
"influxdb_kafka_topic": "fastnetmon",
"influxdb_kafka_partitioner": "consistent",
"influxdb": false,
"influxdb_database": "fastnetmon",
"influxdb_host": "127.0.0.1",
"influxdb_port": 8086,
"influxdb_custom_tags": false,
"influxdb_tag_name": "node",
"influxdb_tag_value": "master",
"influxdb_skip_host_counters": false,
"influxdb_push_host_ipv6_counters": false,
"influxdb_push_host_ipv4_flexible_counters": false,
"influxdb_push_host_ipv6_flexible_counters": false,
"influxdb_user": "fastnetmon",
"influxdb_password": "fastnetmon",
"influxdb_auth": false,
"influxdb_attack_notification": false,
"influxdb_push_period": 1,
"logging_level": "info",
"logging_local_syslog_logging": false,
"logging_remote_syslog_logging": false,
"logging_remote_syslog_server": "10.10.10.10",
"logging_remote_syslog_port": 514,
"mikrotik_announce_host": false,
"mikrotik_announce_host_blackhole": true,
"mongo_store_attack_information": true,
"netflow": true,
"netflow_count_packets_per_device": true,
"netflow_multi_thread_processing": false,
"netflow_threads_per_port": 1,
"netflow_multi_thread_mode": "",
"netflow_ports": [
2055
],
"netflow_host": "0.0.0.0",
"netflow_socket_read_mode": "recvfrom",
"netflow_rx_queue_overflow_monitoring": false,
"netflow_ignore_sampling_rate_from_device": false,
"netflow_ignore_long_duration_flow_enable": false,
"netflow_long_duration_flow_limit": 1,
"netflow_v9_read_sampling_rate_in_data_section": false,
"netflow_v9_extract_tunnel_traffic": false,
"ipfix_extract_tunnel_traffic": false,
"netflow_sampling_ratio": 1,
"netflow_v5_custom_sampling_ratio_enable": false,
"netflow_v5_sampling_ratio": 1,
"netflow_templates_cache": true,
"netflow_sampling_cache": true,
"netflow_process_only_flows_with_dropped_packets": false,
"netflow_mark_zero_next_hop_and_zero_output_as_dropped": false,
"networks_list": [
"1.2.3.0/22",
"aaaa:bbb::36ff/64"
],
"monitor_local_ip_addresses": false,
"notify_script_hostgroup_enabled": false,
"notify_script_hostgroup_path": "/etc/fastnetmon/scripts/notify_about_attack.sh",
"notify_script_enabled": true,
"notify_script_attack_status_updates": false,
"notify_script_path": "/var/www/html/notify_json.php",
"notify_script_format": "json",
"prometheus": true,
"prometheus_host": "0.0.0.0",
"prometheus_port": 9209,
"prometheus_export_host_ipv4_counters": true,
"prometheus_export_host_ipv6_counters": true,
"prometheus_export_network_ipv4_counters": true,
"prometheus_export_network_ipv6_counters": true,
"redis_enabled": false,
"redis_host": "127.0.0.1",
"redis_port": 6379,
"redis_prefix": "fastnetmon",
"sflow": false,
"sflow_extract_tunnel_traffic": false,
"sflow_count_packets_per_device": false,
"sflow_ports": [
6343
],
"sflow_host": "0.0.0.0",
"sflow_read_packet_length_from_ip_header": false,
"sflow_track_sampling_rate": false,
"slack_notifications_enabled": false,
"slack_notifications_url": "https://hooks.slack.com/services/TXXXXXXXX/BXXXXXXXXX/LXXXXXXXXX",
"cache_path": "/var/cache/fastnetmon",
"asn_lookup": true,
"country_lookup": false,
"force_asn_lookup": false,
"pid_path": "/var/run/fastnetmon.pid",
"api_host_counters_max_hosts_in_response": 100,
"system_user": "fastnetmon",
"system_group": "fastnetmon",
"drop_root_permissions": false,
"license_use_port_443": true,
"telegram_notifications_enabled": false,
"telegram_notifications_bot_token": "xxx:xxx",
"telegram_notifications_add_simple_packet_dump": true,
"tera_flow": false,
"tera_flow_host": "0.0.0.0",
"tera_flow_tls_certificate_path": "",
"tera_flow_tls_certificate_chain": false,
"tera_flow_tls_private_key_path": "",
"keep_traffic_counters_during_restart": true,
"process_incoming_traffic": true,
"process_outgoing_traffic": true,
"override_internal_traffic_as_incoming": false,
"override_internal_traffic_as_outgoing": false,
"process_ipv6_traffic": true,
"enable_connection_tracking": true,
"remote_host_tracking": false,
"connection_tracking_skip_ports": false,
"enable_total_hostgroup_counters": true,
"enable_interface_counters": true,
"enable_asn_counters": true,
"build_total_hostgroups_from_per_host_hostgroups": false,
"dump_other_traffic": false,
"dump_internal_traffic": false,
"dump_all_traffic": false,
"dump_all_traffic_json": false,
"speed_calculation_delay": 1,
"parallel_speed_calculation": false,
"parallel_speed_calculation_threads": 0,
"average_calculation_time": 30,
"flow_forwarder": false,
"flow_forwarder_sampling_rate": 512,
"ipv6_automatic_data_cleanup": true,
"ipv6_automatic_data_cleanup_threshold": 300,
"ipv6_automatic_data_cleanup_delay": 300,
"ipv4_automatic_data_cleanup": true,
"ipv4_automatic_data_cleanup_threshold": 300,
"ipv4_automatic_data_cleanup_delay": 300,
"ipv4_remote_automatic_data_cleanup": true,
"ipv4_remote_automatic_data_cleanup_threshold": 300,
"ipv4_remote_automatic_data_cleanup_delay": 300,
"traffic_buffer": true,
"traffic_buffer_size": 100000,
"traffic_buffer_port_mirror": false,
"generate_attack_traffic_samples": false,
"generate_attack_traffic_samples_delay": 60,
"generate_max_talkers_report": true,
"generate_max_talkers_report_delay": 60,
"generate_hostgroup_traffic_samples": true,
"generate_hostgroup_traffic_samples_delay": 60,
"traffic_db": true,
"traffic_db_host": "127.0.0.1",
"traffic_db_port": 8100,
"traffic_db_sampling_rate": 512,
"vyos_announce_host": false,
"vyos_announce_host_blackhole": true,
"web_api_host": "127.0.0.1",
"web_api_port": 10007,
"web_api_login": "admin",
"web_api_password": "xxxx",
"web_api_ssl": false,
"web_api_trace_queries": true,
"web_api_ssl_port": 10443,
"web_api_ssl_host": "127.0.0.1",
"web_api_ssl_certificate_path": "",
"web_api_ssl_private_key_path": "",
"web_callback_enabled": false,
"web_callback_url": "http://127.0.0.1:8080/attack/notify",
"mirror_xdp": false,
"xdp_read_packet_length_from_ip_header": false,
"force_native_mode_xdp": false,
"zero_copy_xdp": false,
"poll_mode_xdp": false,
"xdp_set_promisc": false,
"xdp_extract_tunnel_traffic": false,
"microcode_xdp_path": "/etc/fastnetmon/xdp_kernel.o"
}
}
Getting whole BGP settings
curl -q -X GET -u admin:admin 'http://127.0.0.1:10007/bgp'
Example output:
{
"success": true,
"error_text": "",
"values": [
{
"name": "new",
"description": "",
"local_asn": 5435,
"local_address": "1.2.3.4",
"subnet_learning": false,
"remote_asn": 12323,
"remote_address": "1.2.3.4",
"multihop": false,
"ipv4_unicast_add_path": false,
"ipv6_unicast_add_path": false,
"md5_auth": false,
"md5_auth_password": "",
"ipv4_unicast": true,
"ipv6_unicast": false,
"ipv4_flowspec": false,
"ipv6_flowspec": false,
"ipv4_unicast_announces_limit": 0,
"ipv6_unicast_announces_limit": 0,
"ipv4_flowspec_announces_limit": 0,
"ipv6_flowspec_announces_limit": 0,
"active": true
},
{
"name": "second_peer",
"description": "",
"local_asn": 0,
"local_address": "",
"subnet_learning": false,
"remote_asn": 0,
"remote_address": "",
"multihop": false,
"ipv4_unicast_add_path": false,
"ipv6_unicast_add_path": false,
"md5_auth": false,
"md5_auth_password": "",
"ipv4_unicast": false,
"ipv6_unicast": false,
"ipv4_flowspec": false,
"ipv6_flowspec": false,
"ipv4_unicast_announces_limit": 0,
"ipv6_unicast_announces_limit": 0,
"ipv4_flowspec_announces_limit": 0,
"ipv6_flowspec_announces_limit": 0,
"active": false
}
]
}
Getting whole hostgroup configuration
curl -q -X GET -u admin:admin 'http://127.0.0.1:10007/hostgroup'
Example output:
{
"success": true,
"error_text": "",
"values": [
{
"name": "global",
"parent_name": "",
"description": "This is default group for all hosts",
"calculation_method": "per_host",
"enable_ban": false,
"ban_for_pps": false,
"ban_for_bandwidth": false,
"ban_for_flows": false,
"threshold_pps": 100000,
"threshold_mbps": 1000,
"threshold_flows": 3500,
"ban_for_tcp_bandwidth": false,
"ban_for_udp_bandwidth": true,
"ban_for_icmp_bandwidth": false,
"ban_for_tcp_pps": false,
"ban_for_udp_pps": false,
"ban_for_icmp_pps": false,
"threshold_tcp_mbps": 1000,
"threshold_udp_mbps": 700,
"threshold_icmp_mbps": 1000,
"threshold_tcp_pps": 100000,
"threshold_udp_pps": 100000,
"threshold_icmp_pps": 100000,
"ban_for_tcp_syn_pps": false,
"threshold_tcp_syn_pps": 1000,
"ban_for_tcp_syn_bandwidth": false,
"threshold_tcp_syn_mbps": 1000,
"ban_for_ip_fragments_pps": false,
"threshold_ip_fragments_pps": 1000,
"ban_for_ip_fragments_bandwidth": false,
"threshold_ip_fragments_mbps": 1000,
"enable_ban_incoming": false,
"enable_ban_outgoing": false,
"enable_bgp_flow_spec": false,
"ban_for_pps_outgoing": false,
"ban_for_bandwidth_outgoing": false,
"ban_for_flows_outgoing": false,
"threshold_pps_outgoing": 100000,
"threshold_mbps_outgoing": 1000,
"threshold_flows_outgoing": 3500,
"ban_for_tcp_bandwidth_outgoing": false,
"ban_for_udp_bandwidth_outgoing": false,
"ban_for_icmp_bandwidth_outgoing": false,
"ban_for_tcp_pps_outgoing": false,
"ban_for_udp_pps_outgoing": false,
"ban_for_icmp_pps_outgoing": false,
"threshold_tcp_mbps_outgoing": 1000,
"threshold_udp_mbps_outgoing": 1000,
"threshold_icmp_mbps_outgoing": 1000,
"threshold_tcp_pps_outgoing": 100000,
"threshold_udp_pps_outgoing": 100000,
"threshold_icmp_pps_outgoing": 100000,
"ban_for_tcp_syn_pps_outgoing": false,
"threshold_tcp_syn_pps_outgoing": 1000,
"ban_for_tcp_syn_bandwidth_outgoing": false,
"threshold_tcp_syn_mbps_outgoing": 1000,
"ban_for_ip_fragments_pps_outgoing": false,
"threshold_ip_fragments_pps_outgoing": 1000,
"ban_for_ip_fragments_bandwidth_outgoing": false,
"threshold_ip_fragments_mbps_outgoing": 1000,
"flexible_thresholds": {
"dns": {
"name": "dns",
"active": false,
"incoming_mbits_enable": false,
"outgoing_mbits_enable": false,
"incoming_mbits_value": 0,
"outgoing_mbits_value": 0,
"incoming_packets_enable": false,
"outgoing_packets_enable": false,
"incoming_packets_value": 0,
"outgoing_packets_value": 0,
"incoming_flows_enable": false,
"outgoing_flows_enable": false,
"incoming_flows_value": 0,
"outgoing_flows_value": 0
},
"memcache": {
"name": "memcache",
"active": true,
"incoming_mbits_enable": true,
"outgoing_mbits_enable": false,
"incoming_mbits_value": 200,
"outgoing_mbits_value": 0,
"incoming_packets_enable": false,
"outgoing_packets_enable": false,
"incoming_packets_value": 0,
"outgoing_packets_value": 0,
"incoming_flows_enable": false,
"outgoing_flows_enable": false,
"incoming_flows_value": 0,
"outgoing_flows_value": 0
},
"ntp": {
"name": "ntp",
"active": false,
"incoming_mbits_enable": false,
"outgoing_mbits_enable": false,
"incoming_mbits_value": 0,
"outgoing_mbits_value": 0,
"incoming_packets_enable": false,
"outgoing_packets_enable": false,
"incoming_packets_value": 0,
"outgoing_packets_value": 0,
"incoming_flows_enable": false,
"outgoing_flows_enable": false,
"incoming_flows_value": 0,
"outgoing_flows_value": 0
}
}
},
]
}
Blackhole attack information
To get information about blackhole attack you can use following API query:
curl -q -X GET -u admin:admin 'http://127.0.0.1:10007/blackhole/b76cbf5c-4857-4148-8639-e59c0fa846e7'
Example response:
{"success":true,"error_text":"","attack_uuid":"e8581e65-b734-4d09-b0c7-5d3648ef6276","ip_address":"10.0.0.1","protocol_version":"ipv4","host_group":"global","attack_detection_threshold":"unknown","attack_detection_threshold_direction":"unknown","host_network":"10.0.0.0/24","attack_detection_source":"manual","attack_severity":"middle"}
Getting total hostgroups counters
Example query:
curl -q -X GET -u admin:admin 'http://127.0.0.1:10007/hostgroup_counters_total'
Example answer:
{
"success": true,
"values": [
{
"bgp_in_bytes": 0,
"bgp_in_packets": 0,
"bgp_out_bytes": 0,
"bgp_out_packets": 0,
"chargen_in_bytes": 0,
"chargen_in_packets": 0,
"chargen_out_bytes": 0,
"chargen_out_packets": 0,
"dhcp_in_bytes": 0,
"dhcp_in_packets": 0,
"dhcp_out_bytes": 0,
"dhcp_out_packets": 0,
"dns_in_bytes": 18469,
"dns_in_packets": 104,
"dns_out_bytes": 0,
"dns_out_packets": 0,
"dropped_in_bytes": 0,
"dropped_in_packets": 0,
"dropped_out_bytes": 0,
"dropped_out_packets": 0,
"fragmented_in_bytes": 0,
"fragmented_in_packets": 0,
"fragmented_out_bytes": 0,
"fragmented_out_packets": 0,
"hostgroup_name": "global_total",
"icmp_in_bytes": 8918,
"icmp_in_packets": 113,
"icmp_out_bytes": 5265,
"icmp_out_packets": 50,
"in_bytes": 24334186,
"in_flows": 0,
"in_packets": 21007,
"incoming_bytes": 24334186,
"incoming_bytes_dropped": 0,
"incoming_bytes_fragmented": 0,
"incoming_bytes_icmp": 8918,
"incoming_bytes_tcp": 16140753,
"incoming_bytes_tcp_syn": 2913653,
"incoming_bytes_udp": 8182418,
"incoming_packets": 21007,
"incoming_packets_dropped": 0,
"incoming_packets_fragmented": 0,
"incoming_packets_icmp": 113,
"incoming_packets_tcp": 13101,
"incoming_packets_tcp_syn": 2686,
"incoming_packets_udp": 7755,
"memcache_in_bytes": 0,
"memcache_in_packets": 0,
"memcache_out_bytes": 0,
"memcache_out_packets": 0,
"mt_api_in_bytes": 47,
"mt_api_in_packets": 0,
"mt_api_out_bytes": 0,
"mt_api_out_packets": 0,
"mt_winbox_in_bytes": 24,
"mt_winbox_in_packets": 0,
"mt_winbox_out_bytes": 54054,
"mt_winbox_out_packets": 333,
"ntp_in_bytes": 329,
"ntp_in_packets": 0,
"ntp_out_bytes": 2,
"ntp_out_packets": 0,
"out_bytes": 3094181,
"out_flows": 0,
"out_packets": 10297,
"outgoing_bytes": 3094181,
"outgoing_bytes_dropped": 0,
"outgoing_bytes_fragmented": 0,
"outgoing_bytes_icmp": 5265,
"outgoing_bytes_tcp": 1425819,
"outgoing_bytes_tcp_syn": 477591,
"outgoing_bytes_udp": 1660954,
"outgoing_packets": 10297,
"outgoing_packets_dropped": 0,
"outgoing_packets_fragmented": 0,
"outgoing_packets_icmp": 50,
"outgoing_packets_tcp": 7086,
"outgoing_packets_tcp_syn": 1606,
"outgoing_packets_udp": 3110,
"tcp_in_bytes": 16140753,
"tcp_in_packets": 13101,
"tcp_out_bytes": 1425819,
"tcp_out_packets": 7086,
"tcp_syn_in_bytes": 2913653,
"tcp_syn_in_packets": 2686,
"tcp_syn_out_bytes": 477591,
"tcp_syn_out_packets": 1606,
"udp_in_bytes": 8182418,
"udp_in_packets": 7755,
"udp_out_bytes": 1660954,
"udp_out_packets": 3110
}
]
}
Total per hostgroup blocks
To block hostgroup you can use following query:
curl -q -X PUT -u admin:admin@1518 'http://127.0.0.1:10007/hostgroup_block/global_total'
Example response:
{"success":true,"error_text":""}
To list all blocked hostgroups please use this command:
curl -q -X GET -u admin:admin 'http://127.0.0.1:10007/hostgroup_block'
Example response:
{"success":true,"values":[{"uuid":"61475403-cf4a-45cb-b685-8c5f9706c164","hostgroup_name":"global_total"}]}
To unblock hostgroup please use this command:
curl -q -X DELETE -u admin:admin 'http://127.0.0.1:10007/hostgroup_block/61475403-cf4a-45cb-b685-8c5f9706c164'
Example response:
{"success":true,"error_text":""}
Getting list of all physical interfaces on server
Query:
curl -q -X GET -u admin:admin 'http://127.0.0.1:10007/interfaces'
Example response:
{"success":true,"error_text":"","values":["ens4"]}