Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Users
Adding additional alert blacklists
ryan.g at atwgpc
Aug 17, 2017, 2:38 PM
Post #1 of 3 (412 views)
Permalink
I was wondering if its possible to add additional txt based lists of IP
addresses for ntopng to alert on besides the emerging threats list.

I tried adding another URL into the below file but it didn't seem to work?
I just wanted to confirm if that was supported because it looks like it
should but I didn't see any documentation about it.

/usr/share/ntopng/scripts/lua/modules/blacklist_utils.lua
Re: Adding additional alert blacklists [ In reply to ]
faranda at ntop
Aug 17, 2017, 2:58 PM
Post #2 of 3 (412 views)
Permalink
Hi Ryan,

That's the right place to put your own blacklist.

Please verify the following:

- the blacklist should be a valid URL and not a local file path
- the variable blacklistURLs must be updated with the blacklist url (be
sure to add a comma after the default url string)
- the url should work properly (try with "wget http://your_url_here")
- each line of the blacklist file should contain a single ip address.
Empty lines or lines starting with # are ignored
- you should restart ntopng after setting the blacklistURLs variable

Regards,
Emanuele

On Thu, Aug 17, 2017 at 11:38 PM, Ryan Gelobter <ryan.g@atwgpc.net>
wrote:
> I was wondering if its possible to add additional txt based lists of
> IP addresses for ntopng to alert on besides the emerging threats list.
>
> I tried adding another URL into the below file but it didn't seem to
> work? I just wanted to confirm if that was supported because it looks
> like it should but I didn't see any documentation about it.
>
> /usr/share/ntopng/scripts/lua/modules/blacklist_utils.lua
Re: Adding additional alert blacklists [ In reply to ]
faranda at ntop
Aug 17, 2017, 2:58 PM
Post #3 of 3 (412 views)
Permalink
Hi Ryan,

That's the right place to put your own blacklist.

Please verify the following:

- the blacklist should be a valid URL and not a local file path
- the variable blacklistURLs must be updated with the blacklist url (be
sure to add a comma after the default url string)
- the url should work properly (try with "wget http://your_url_here")
- each line of the blacklist file should contain a single ip address.
Empty lines or lines starting with # are ignored
- you should restart ntopng after setting the blacklistURLs variable

Regards,
Emanuele

On Thu, Aug 17, 2017 at 11:38 PM, Ryan Gelobter <ryan.g@atwgpc.net>
wrote:
> I was wondering if its possible to add additional txt based lists of
> IP addresses for ntopng to alert on besides the emerging threats list.
>
> I tried adding another URL into the below file but it didn't seem to
> work? I just wanted to confirm if that was supported because it looks
> like it should but I didn't see any documentation about it.
>
> /usr/share/ntopng/scripts/lua/modules/blacklist_utils.lua

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal