FastNetMon Advanced has capability to send attack information in JSON format to remote URL when it detects attack against IP or identifies malicious pattern (BGP Flow Spec mode). In addition it can report information ongoing attacks using attack status capability
To send information it uses POST request with JSON encoded document inside and content-type is set to application/json.
FastNetMon use standard JSON documents which are described here.
To enable this logic you need to use following options:
sudo fcli set main web_callback_enabled enable sudo fcli set main web_callback_url https://127.0.0.1:8080/attack/notify sudo fcli commit
Starting from FastNetMon 2.0.320, you will be able to use IPv6 addresses for callbacks this way:
sudo fcli set main web_callback_enabled enable sudo fcli set main web_callback_url https://[::1]:8080/attack/notify sudo fcli commit
Attack status information
Starting from version 2.0.375, FastNetMon has the capability to send web callback for all blocked IPs (IPv4+IPv6) and pass attack details to it. Please note that attack performance is not updated in this case; we plan to add this capability in future releases.
This capability can be enabled this way;
sudo fcli set main web_callback_attack_status_updates true sudo fcli commit
You can configure how often FastNetMon runs this logic in seconds in the following way (please note that this flag is shared with notification logic which uses callback scripts):
sudo fcli set main ban_status_delay 20 sudo fcli commit
We have examples of web callbacks in following programming languages: