fluent-plugin-sflow 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d9c3c885041bedb4c217b540403169ced547ce9b
+  data.tar.gz: 77b1c300fac1ed1ac74fc4eb94b5b957caca45de
+SHA512:
+  metadata.gz: 0bde1017e8f337f70fdcb14d41585d1aceec7e9095805085adf284359ae41d35f8f3ef1f1a4910718a920fe834a3c9e4913405daa4364e0d4d30e0931fbfb5e8
+  data.tar.gz: a0d3e198ed3619d5b9dcabce56634501d63eb27b57e3ad0d8da7efc0ac1c4963f0864398931441fd2e0db5df4fc8e299341dc0dd9d02fdb99c715035bc601a58

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.gitmodules

@@ -0,0 +1,3 @@
+[submodule "lib/sflow"]
+	path = lib/sflow
+	url = https://github.com/NETWAYS/sflow.git

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.2.2
+before_install: gem install bundler -v 1.14.6

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in fluent-plugin-sflow.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 enukane
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,35 @@
+## Overview
+
+[Fluentd](http://fluentd.org/) input plugin that acts as sFlow collector.
+sFlow parser is based on [NETWAYS/sflow](https://github.com/NETWAYS/sflow/).
+
+
+## Installation
+
+Use RubyGems:
+
+```
+fluent-gem install fluent-plugin-sflow
+```
+
+## Configuration
+
+```
+<source>
+  @type sflow
+  bind 0.0.0.0
+  tag example.sflow
+</source>
+
+<match example.sflow>
+  @type stdout
+</match>
+```
+
+**bind**
+
+IP address on which this plugin will accept sFlow. Default is "0.0.0.0".
+
+**port**
+
+UDP port number on which this plugin will accept sFlow. Default is 6343.

data/Rakefile

@@ -0,0 +1,12 @@
+require "bundler"
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/test_*.rb']
+  #t.verbose = true
+end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "fluent/plugin/sflow"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/example/fluentd.conf

@@ -0,0 +1,9 @@
+<source>
+  @type sflow
+  bind 0.0.0.0
+  tag example.sflow
+</source>
+
+<match example.sflow>
+  @type stdout
+</match>

data/fluent-plugin-sflow.gemspec

@@ -0,0 +1,42 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name          = "fluent-plugin-sflow"
+  spec.version       = "0.1.0"
+  spec.authors       = ["enukane"]
+  spec.email         = ["enukane@glenda9.org"]
+
+  spec.summary       = %q{sFlow plugin for Fluentd}
+  spec.description   = %q{sFlow input plugin for Fluentd}
+  spec.homepage      = "https://github.com/enukane/fluent-plugin-sflow"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  gem_dir = File.expand_path(File.dirname(__FILE__)) + "/"
+  `git submodule --quiet foreach pwd`.split($\).each do |submodule_path|
+    Dir.chdir(submodule_path) do
+      submodule_relative_path = submodule_path.sub gem_dir, ""
+      # issue git ls-files in submodule's directory and
+      # prepend the submodule path to create absolute file paths
+      `git ls-files`.split($\).each do |filename|
+        spec.files << "#{submodule_relative_path}/#{filename}"
+      end
+    end
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.14"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "minitest", "~> 5.0"
+  spec.add_development_dependency "test-unit"
+
+  spec.add_dependency "fluentd", "~> 0.14.10"
+  spec.add_dependency "bindata", "1.8.1"
+  spec.add_dependency "eventmachine", "~> 1.2.3"
+end

data/lib/fluent/plugin/in_sflow.rb

@@ -0,0 +1,45 @@
+require 'fluent/plugin/input'
+
+require 'bindata'
+require 'eventmachine'
+require 'yaml'
+
+dir = 'sflow/lib/sflow'
+['models/ipv4header', 'models/tcpheader', 'models/udpheader', 'models/protocol', 'models/binary_models','parsers/parsers'].each do |req|
+  require File.join(dir, req)
+end
+
+#$:.unshift File.expand_path(File.join(File.dirname(__FILE__), '..', '..', 'sflow', 'lib'))
+#require 'sflow'
+
+module Fluent::Plugin
+  class SflowInput < Input
+    Fluent::Plugin.register_input("sflow", self)
+
+    helpers :server
+
+    config_param :bind, :string, default: '0.0.0.0'
+    config_param :port, :integer, default: 6343
+    config_param :tag, :string
+
+    def configure(conf)
+      super
+
+      # dummy data
+      $switch_hash = {}
+    end
+
+    def start
+      super
+
+      server_create(:in_sflow_server, @port, bind: @bind, proto: :udp, max_bytes: 2048) do |data, sock|
+        sflow = SflowParser.parse_packet(data)
+        router.emit(@tag, Fluent::EventTime.now, sflow)
+      end
+    end
+
+    def shutdown
+      super
+    end
+  end
+end

data/lib/sflow/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in sflow.gemspec
+gemspec
+gem "bindata"
+gem "eventmachine"
+gem "json"
+gem "minitest"

data/lib/sflow/Gemfile.lock

@@ -0,0 +1,38 @@
+PATH
+  remote: .
+  specs:
+    sflow (0.0.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    bindata (1.8.1)
+    elasticsearch (1.0.1)
+      elasticsearch-api (= 1.0.1)
+      elasticsearch-transport (= 1.0.1)
+    elasticsearch-api (1.0.1)
+      multi_json
+    elasticsearch-transport (1.0.1)
+      faraday
+      multi_json
+    eventmachine (1.0.3)
+    faraday (0.8.8)
+      multipart-post (~> 1.2.0)
+    json (1.8.1)
+    minitest (5.3.4)
+    multi_json (1.7.9)
+    multipart-post (1.2.0)
+    rake (10.2.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bindata
+  bundler (~> 1.5)
+  elasticsearch
+  eventmachine
+  json
+  minitest
+  rake
+  sflow!

data/lib/sflow/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Sebastian Saemann <ssaemann@netways.de> 
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/sflow/README.md

@@ -0,0 +1,67 @@
+# Sflow
+
+Tiny sflow collector and parser script based on eventmachine. It listens for sflow v5 samples, parses them and sends it to logstash.
+
+## Installation
+
+Clone this repository
+
+    $ git clone http://github.com/netways/sflow
+
+Change directory
+
+    $ cd sflow
+
+Install dependencies using bundler
+
+    $ bundle install
+
+Configure your logstash endpoint
+
+    $ vi ./etc/config.yaml
+
+And then execute:
+
+    $ bundle exec ./bin/sflow.rb
+
+## Logstash Configuration
+
+A complete logstash installation is a prerequisite.
+
+For getting the parsed sflow-packets as JSON via UDP into logstash you have to configure a input, filter and a output accordingly:
+
+    input {
+     udp {
+      port => 6543
+      type => "sflow"
+      codec => 'json'
+     }
+    }
+ 
+    filter {
+     json {
+      source => "message"
+      type => "json"
+     }
+    }
+ 
+    output {
+     elasticsearch_http {
+      workers => 8
+      host => "elasticsearch.host"
+     }
+    }
+
+## Kibana
+
+You can create your very own kibana dashboard for viewing the information and graphs you are interested in. For a quick start you'll find a dashboard in the misc folder, which can be imported via the kibana webinterface.
+
+![Alt text](misc/screen1.png?raw=true "Demo screen")
+
+## Contributing
+
+1. Fork it ( http://github.com/netways/sflow/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/lib/sflow/Rakefile

@@ -0,0 +1,12 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+ 
+require 'rake/testtask'
+ 
+Rake::TestTask.new do |t|
+  t.libs << 'lib/sflow'
+  t.test_files = FileList['test/lib/sflow/*_test.rb']
+  t.verbose = true
+end
+ 
+task :default => :test

data/lib/sflow/bin/bundler

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby1.9.1
+#
+# This file was generated by Bundler.
+#
+# The application 'bundler' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('bundler', 'bundler')

data/lib/sflow/bin/rake

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby1.9.1
+#
+# This file was generated by Bundler.
+#
+# The application 'rake' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('rake', 'rake')

data/lib/sflow/bin/sflow.rb

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+$:.unshift File.expand_path(File.join(File.dirname(__FILE__), '..','lib'))
+
+require 'sflow'
+
+SflowCollector.start_collector('0.0.0.0',6343)

data/lib/sflow/etc/config.yaml

@@ -0,0 +1,10 @@
+daemonize: true 
+
+switch:
+  1.2.3.4: "myswitch_hostname"
+  1.2.3.5: "my2ndswitch_hostname"
+
+logstash_host: "logstash.host"
+logstash_port: 6543
+
+