fluent-plugin-netflow 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2f725de99f7376988cbe9b19590d6174bea6cd65
-  data.tar.gz: bb36543ed91ab717ce298e0f8b5b6d9cab08e59c
+  metadata.gz: 6e2cf6e2ee13f2228e628ef23638219326b235a4
+  data.tar.gz: 96b90f05451f8adee07596457637779d8236e9e1
 SHA512:
-  metadata.gz: 60692620391561a0906d29c896ecfe7ef8b6da97df630bfed69a0f32104d373450dd610e23d0469742a0be821b39f9923c9eff6dbfc29cc567dbf053c25754d1
-  data.tar.gz: 8fa9ab2a6d483e08382b499cbbf7b6e52ba8b4fc19ed9fa2cfbe94088c94dcf79e6e04fc56062dd78e6327d253c477f89f030dbb9c09ac12348f0a204ce6d484
+  metadata.gz: b445f204e476373bf96f5c9acd56eabf11298f7cfcaae1c6686e848e7648b909fbcbed57834578997fb468595b6f44c55c9ab6fb2e66a06f8313b405c20c320e
+  data.tar.gz: 36e57848e318f596bb964861310b258820e4963982c8a3ca558049d5ab567d9d5ae1605b4dee65ed44e40bbdc3adf157b96a30ff88dd9e3de5ed7e4ec8e8ffec

data/VERSION

@@ -1 +1 @@
-0.1.0
+0.1.1

data/lib/fluent/plugin/in_netflow.rb

@@ -70,7 +70,7 @@ module Fluent
     protected
 
     def receive_data(host, data)
-      log.debug "received logs", :host => host, :data => data
+      log.on_debug { log.debug "received logs", :host => host, :data => data }
 
       @parser.call(data) { |time, record|
         unless time && record
@@ -89,7 +89,7 @@ module Fluent
     private
 
     def listen(callback)
-      log.debug "listening netflow socket on #{@bind}:#{@port} with #{@protocol_type}"
+      log.info "listening netflow socket on #{@bind}:#{@port} with #{@protocol_type}"
       if @protocol_type == :udp
         @usock = SocketUtil.create_udp_socket(@bind)
         @usock.bind(@bind, @port)

data/lib/fluent/plugin/{netflow.yaml → netflow_option_fields.yaml}

@@ -90,7 +90,7 @@
 - :uint8
 - :ipv6_dst_mask
 31:
-- :uint24
+- 3
 - :ipv6_flow_label
 32:
 - :uint16
@@ -140,7 +140,7 @@
 - :uint32
 - :mpls_top_label_ip_addr
 48:
-- 4
+- 1
 - :flow_sampler_id
 49:
 - :uint8
@@ -189,8 +189,6 @@
 64:
 - :uint32
 - :ipv6_option_headers
-64:
-- :skip
 65:
 - :skip
 66:
@@ -222,6 +220,18 @@
 83:
 - :string
 - :if_desc
+84:
+- :string
+- :sampler_name
 89:
 - :uint8
 - :forwarding_status
+91:
+- :uint8
+- :mpls_prefix_len
+234:
+- :uint32
+- :ingress_vrf_id
+235:
+- :uint32
+- :egress_vrf_id

data/lib/fluent/plugin/netflow_scope_fields.yaml

@@ -0,0 +1,16 @@
+---
+1:
+- :ip4_addr
+- :system
+2:
+- :skip
+- :interface
+3:
+- :skip
+- :line_card
+4:
+- :skip
+- :netflow_cache
+5:
+- :skip
+- :template

data/lib/fluent/plugin/parser_netflow.rb

@@ -25,7 +25,7 @@ module Fluent
 
         @templates = Vash.new()
         # Path to default Netflow v9 field definitions
-        filename = File.expand_path('../netflow.yaml', __FILE__)
+        filename = File.expand_path('../netflow_option_fields.yaml', __FILE__)
 
         begin
           @fields = YAML.load_file(filename)
@@ -42,6 +42,14 @@ module Fluent
             raise "Bad syntax in definitions file #{@definitions}"
           end
         end
+        # Path to default Netflow v9 scope field definitions
+        filename = File.expand_path('../netflow_scope_fields.yaml', __FILE__)
+
+        begin
+          @scope_fields = YAML.load_file(filename)
+        rescue Exception => e
+          raise "Bad syntax in scope definitions file #{filename}"
+        end
       end
 
       def call(payload)
@@ -107,7 +115,7 @@ module Fluent
                 catch (:field) do
                   fields = []
                   template.fields.each do |field|
-                    entry = netflow_field_for(field.field_type, field.field_length)
+                    entry = netflow_field_for(field.field_type, field.field_length, @fields)
                     if !entry
                       throw :field
                     end
@@ -126,8 +134,15 @@ module Fluent
               record.flowset_data.templates.each do |template|
                 catch (:field) do
                   fields = []
+                  template.scope_fields.each do |field|
+                    entry = netflow_field_for(field.field_type, field.field_length, @scope_fields)
+                    if ! entry
+                      throw :field
+                    end
+                    fields += entry
+                  end
                   template.option_fields.each do |field|
-                    entry = netflow_field_for(field.field_type, field.field_length)
+                    entry = netflow_field_for(field.field_type, field.field_length, @fields)
                     if ! entry
                       throw :field
                     end
@@ -204,9 +219,9 @@ module Fluent
         ("uint" + (((length > 0) ? length : default) * 8).to_s).to_sym
       end
 
-      def netflow_field_for(type, length)
-        if @fields.include?(type)
-          field = @fields[type]
+      def netflow_field_for(type, length, field_definitions)
+        if field_definitions.include?(type)
+          field = field_definitions[type]
           if field.is_a?(Array)
 
             if field[0].is_a?(Integer)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-netflow
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Masahiro Nakagawa
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-28 00:00:00.000000000 Z
+date: 2015-12-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -71,7 +71,8 @@ files:
 - VERSION
 - fluent-plugin-netflow.gemspec
 - lib/fluent/plugin/in_netflow.rb
-- lib/fluent/plugin/netflow.yaml
+- lib/fluent/plugin/netflow_option_fields.yaml
+- lib/fluent/plugin/netflow_scope_fields.yaml
 - lib/fluent/plugin/parser_netflow.rb
 homepage: https://github.com/repeatedly/fluent-plugin-netflow
 licenses:
@@ -93,7 +94,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.3
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Netflow plugin for Fluentd