REST API description: Difference between revisions

REST API description (view source)

Revision as of 13:26, 12 May 2020

861 bytes added , 12 May 2020

no edit summary

Klaus

404

edits

@@ Line 221: / Line 221: @@
 $ curl --silent -k -u 'admin:allegro'  "https://allegro-mm/API/stats/modules/ip/ips/10.54.0.254?starttime=$(date --date="1 day ago" +%s)&endtime=$(date +%s)&skiphistorydata=true" | jq '.interval[1] + .interval[3]'
 </pre>
+==== Pcap parameters ====
+The Allegro Network Multimeter allows to extract the raw packets with the REST API with the special capture URI <code>/API/data/modules/capture</code>
+<code>curl -k -u USER:PASSWORD 'https://allegro-mm/API/data/modules/capture?expression=ip==10.1.2.3' > path_to/capture.pcap</code>
+The available parameters are:
+* '''startTime''': The start time of the capture. The first packet with exactly this or a later time will start the capture. The time format must be microseconds after January, 1st 1970 UTC (Unix time, epoch). If the start time is in the past, make sure you set fromCaptureBuffer parameter accordingly. If not specified, the current time will be used.
+* '''endTime''': The end time of the capture. The first packet with exactly this or a later time will stop the capture. The time format must be microseconds after January, 1st 1970 UTC (Unix time, epoch). If not specified,  unlimited will be used.
+* expression: The filter expression. There are no whitespaces allowed. You may use ‘%20’ instead. See [[Capture module]] for available expressions.
+* snapPacketLength: The maximum size of a packet applied on Layer 2 without frame check sequence. If a packet is larger than this value, it is truncated. Use 65535 for unlimited size.
+* fromCaptureBuffer: Whether to extract data from the packet ring buffer (= true) or just live traffic (= false).
+* captureToMedia: Whether to store a pcap on an external storage device (= true) or download to your computer (= false).
+Example to capture everything from now on:
+<code>curl -k -u USER:PASSWORD 'https://allegro-mm-XXXX/API/data/modules/capture' > path_to/capture.pcap</code>
+Example to capture a specific IP of the last hour
+<code>curl -k -u USER:PASSWORD "https://allegro-mm-XXXX/API/data/modules/capture?expression=ip==10.1.2.3&starttime=$(date --date="1 hour ago" +%s)&endtime=$(date +%s)&fromCaptureBuffer=true" > path_to/capture.pcap</code>
 === Virtual Link Groups ===
@@ Line 296: / Line 321: @@
 <code>curl -k -u USER:PASSWORD 'https://allegro-mm-XXXX/API/data/modules/capture?expression=IP==10.1.2.3:62887 and IP==10.1.2.100:548 and l4Protocol==TCP' > path_to/capture.pcap</code>
-==== Pcap parameters ====
-The following parameters are possible:
-* startTime: The start time of the capture. The first packet with exactly this or a later time will start the capture. The time format must be microseconds after January, 1st 1970 UTC (Unix time, epoch). If the start time is in the past, make sure you set fromCaptureBuffer parameter accordingly.
-* endTime: The end time of the capture. The first packet with exactly this or a later time will stop the capture. The time format must be microseconds after January, 1st 1970 UTC (Unix time, epoch).
-* expression: The filter expression. There are no whitespaces allowed. You may use ‘%20’ instead.
-* snapPacketLength: The maximum size of a packet applied on Layer 2 without frame check sequence. If a packet is larger than this value, it is truncated. Use 65535 for unlimited size.
-* fromCaptureBuffer: Whether to extract data from the packet ring buffer (= true) or just live traffic (= false).
-* captureToMedia: Whether to store a pcap on an external storage device (= true) or download to your computer (= false).