logstash-codec-sflow 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a9773b581653d998b843923848706abfe5851dad
4
- data.tar.gz: 92c48583c7b35ecdf55bd707e4196b671149cc91
3
+ metadata.gz: cd2eaaabdcac4aa04d07417a080f816d3ca10312
4
+ data.tar.gz: ed4a423a37954b8d3828da46f46b721c3970f208
5
5
  SHA512:
6
- metadata.gz: 74eb65d450dbc9b1dc05dd784a1d0b7efca1eb8f82cc09d978049d672a98802dbdcd36ce652475baa31222c9cfadb5c814a7bed2277845584db6c1ecb8877331
7
- data.tar.gz: 68dcb680539c692397aeaecaa4cc7f80fa5f381f7852450115e9b27c09609b19cf9acd3f822bc648d1c20defa63cd79944fea6ebd0bb20f8c630b8155eeaa943
6
+ metadata.gz: a4a26572a0c3cd25e870f3858be947ef83489932b20f097a5d8e7032954db83c3980e169acb1f3a96d9b562e1398fb6e02e4dfa2eb1650b9325ed07eaa164c56
7
+ data.tar.gz: 9ecbdf91625700f3a3396ff712b9a89bd2d5ba26858660d36be61a570ee479b9da8067bc58d5f1b4191e6301b674fc5358773dfd4d2aa243c13c66abc83f26f1
@@ -7,31 +7,21 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
7
7
  config_name 'sflow'
8
8
 
9
9
  # Specify which sflow must not be send in the event
10
- config :optional_removed_field, :validate => :array, :default => ['sflow_version', 'ip_version', 'header_size',
11
- 'ip_header_length', 'ip_dscp', 'ip_ecn',
12
- 'ip_total_length', 'ip_identification', 'ip_flags',
13
- 'ip_fragment_offset', 'ip_ttl', 'ip_checksum',
14
- 'ip_options', 'tcp_seq_number', 'tcp_ack_number',
15
- 'tcp_header_length', 'tcp_reserved', 'tcp_is_nonce',
16
- 'tcp_is_cwr', 'tcp_is_ecn_echo', 'tcp_is_urgent',
17
- 'tcp_is_ack', 'tcp_is_push', 'tcp_is_reset',
18
- 'tcp_is_syn', 'tcp_is_fin', 'tcp_window_size',
19
- 'tcp_checksum', 'tcp_urgent_pointer', 'tcp_options']
10
+ config :optional_removed_field, :validate => :array, :default => %w(sflow_version ip_version header_size ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags ip_fragment_offset ip_ttl ip_checksum ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin tcp_window_size tcp_checksum tcp_urgent_pointer tcp_options)
20
11
 
21
12
 
22
13
  def initialize(params = {})
23
14
  super(params)
24
15
  @threadsafe = false
25
- @removed_field = ['record_length', 'record_count', 'record_entreprise', 'record_format', 'sample_entreprise',
26
- 'sample_format', 'sample_length', 'sample_count', 'sample_header', 'layer3', 'layer4',
27
- 'tcp_nbits', 'ip_nbits'] | @optional_removed_field
16
+ # noinspection RubyResolve
17
+ @removed_field = %w(record_length record_count record_entreprise record_format sample_entreprise sample_format sample_length sample_count sample_header layer3 layer4 layer4_data header udata) | @optional_removed_field
28
18
  end
29
19
 
30
20
  # def initialize
31
21
 
32
22
  public
33
23
  def register
34
- require "logstash/codecs/sflow/datagram"
24
+ require 'logstash/codecs/sflow/datagram'
35
25
  end
36
26
 
37
27
  # def register
@@ -100,15 +90,13 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
100
90
  end
101
91
  end
102
92
 
103
- if record['record_data']['sample_header'].has_key?("layer3")
93
+ if record['record_data']['sample_header'].has_key?('layer3')
104
94
  record['record_data']['sample_header']['layer3']['header'].each_pair do |k, v|
105
95
  unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
106
96
  event["#{k}"] = v
107
97
  end
108
98
  end
109
- end
110
99
 
111
- unless record['record_data']['sample_header']['layer3']['header']['layer4'].to_s.eql? ''
112
100
  record['record_data']['sample_header']['layer3']['header']['layer4'].each_pair do |k, v|
113
101
  unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
114
102
  event["#{k}"] = v
@@ -171,4 +159,4 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
171
159
  yield event
172
160
  end
173
161
  end # def decode
174
- end # class LogStash::Filters::Sflow
162
+ end # class LogStash::Filters::Sflow
@@ -2,6 +2,7 @@
2
2
 
3
3
  require 'bindata'
4
4
 
5
+ # noinspection RubyResolve
5
6
  class GenericInterface < BinData::Record
6
7
  endian :big
7
8
  uint32 :interface_index
@@ -25,6 +26,7 @@ class GenericInterface < BinData::Record
25
26
  uint32 :promiscous_mode
26
27
  end
27
28
 
29
+ # noinspection RubyResolve
28
30
  class EthernetInterfaces < BinData::Record
29
31
  endian :big
30
32
  uint32 :dot3StatsAlignmentErrors
@@ -42,6 +44,7 @@ class EthernetInterfaces < BinData::Record
42
44
  uint32 :dot3StatsSymbolErrors
43
45
  end
44
46
 
47
+ # noinspection RubyResolve
45
48
  class TokenRing < BinData::Record
46
49
  endian :big
47
50
  uint32 :dot5StatsLineErrors
@@ -64,6 +67,7 @@ class TokenRing < BinData::Record
64
67
  uint32 :dot5StatsFreqErrors
65
68
  end
66
69
 
70
+ # noinspection RubyResolve
67
71
  class HundredBaseVG < BinData::Record
68
72
  endian :big
69
73
  uint32 :dot12InHighPriorityFrames
@@ -82,6 +86,7 @@ class HundredBaseVG < BinData::Record
82
86
  uint64 :dot12HCOutHighPriorityOctets
83
87
  end
84
88
 
89
+ # noinspection RubyResolve
85
90
  class Vlan < BinData::Record
86
91
  endian :big
87
92
  uint32 :vlan_id
@@ -93,6 +98,7 @@ class Vlan < BinData::Record
93
98
  end
94
99
 
95
100
 
101
+ # noinspection RubyResolve
96
102
  class ProcessorInformation < BinData::Record
97
103
  endian :big
98
104
  uint32 :five_sec_cpu_percent
@@ -102,6 +108,7 @@ class ProcessorInformation < BinData::Record
102
108
  uint64 :free_memory
103
109
  end
104
110
 
111
+ # noinspection RubyResolve
105
112
  class HttpCounters < BinData::Record
106
113
  endian :big
107
114
  uint32 :method_option_count
@@ -4,6 +4,7 @@ require 'bindata'
4
4
  require 'logstash/codecs/sflow/util'
5
5
  require 'logstash/codecs/sflow/sample'
6
6
 
7
+ # noinspection RubyResolve
7
8
  class SFlow < BinData::Record
8
9
  endian :big
9
10
  uint32 :sflow_version
@@ -21,8 +22,8 @@ class SFlow < BinData::Record
21
22
  bit12 :sample_format
22
23
  uint32 :sample_length
23
24
  choice :sample_data, :selection => lambda { "#{sample_entreprise}-#{sample_format}" } do
24
- flow_sample "0-1"
25
- counter_sample "0-2"
25
+ flow_sample '0-1'
26
+ counter_sample '0-2'
26
27
  skip :default, :length => :sample_length
27
28
  end
28
29
  end
@@ -4,6 +4,7 @@ require 'bindata'
4
4
  require 'logstash/codecs/sflow/util'
5
5
  require 'logstash/codecs/sflow/packet_header'
6
6
 
7
+ # noinspection RubyResolve
7
8
  class RawPacketHeader < BinData::Record
8
9
  endian :big
9
10
  uint32 :protocol
@@ -17,6 +18,7 @@ class RawPacketHeader < BinData::Record
17
18
  end
18
19
  end
19
20
 
21
+ # noinspection RubyResolve
20
22
  class EthernetFrameData < BinData::Record
21
23
  endian :big
22
24
  uint32 :packet_length
@@ -27,6 +29,7 @@ class EthernetFrameData < BinData::Record
27
29
  uint32 :type
28
30
  end
29
31
 
32
+ # noinspection RubyResolve
30
33
  class IP4Data < BinData::Record
31
34
  endian :big
32
35
  uint32 :ip_packet_length
@@ -39,6 +42,7 @@ class IP4Data < BinData::Record
39
42
  uint32 :type
40
43
  end
41
44
 
45
+ # noinspection RubyResolve
42
46
  class IP6Data < BinData::Record
43
47
  endian :big
44
48
  uint32 :ip_packet_length
@@ -51,6 +55,7 @@ class IP6Data < BinData::Record
51
55
  uint32 :ip_priority
52
56
  end
53
57
 
58
+ # noinspection RubyResolve
54
59
  class ExtendedSwitchData < BinData::Record
55
60
  endian :big
56
61
  uint32 :src_vlan
@@ -59,6 +64,7 @@ class ExtendedSwitchData < BinData::Record
59
64
  uint32 :dst_priority
60
65
  end
61
66
 
67
+ # noinspection RubyResolve
62
68
  class ExtendedRouterData < BinData::Record
63
69
  endian :big
64
70
  uint32 :ip_version
@@ -4,6 +4,16 @@ require 'bindata'
4
4
  require 'logstash/codecs/sflow/util'
5
5
 
6
6
 
7
+ # noinspection RubyResolve
8
+ class UnknownHeader < BinData::Record
9
+ mandatory_parameter :size_header
10
+
11
+ endian :big
12
+ bit :udata, :nbits => :size_header
13
+ end
14
+
15
+
16
+ # noinspection RubyResolve,RubyResolve
7
17
  class TcpHeader < BinData::Record
8
18
  mandatory_parameter :size_header
9
19
 
@@ -29,22 +39,27 @@ class TcpHeader < BinData::Record
29
39
  array :tcp_options, :initial_length => lambda { (((tcp_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
30
40
  string :tcp_option, :length => 4, :pad_byte => "\0"
31
41
  end
32
- bit :nbits => lambda { size_header - (tcp_header_length * 4 * 8) }
42
+ bit :layer4_data, :nbits => lambda { size_header - (tcp_header_length * 4 * 8) }
33
43
 
34
44
  def is_options?
35
45
  tcp_header_length.to_i > 5
36
46
  end
37
47
  end
38
48
 
49
+ # noinspection RubyResolve
39
50
  class UdpHeader < BinData::Record
51
+ mandatory_parameter :size_header
52
+
40
53
  endian :big
41
54
  uint16 :src_port
42
55
  uint16 :dst_port
43
56
  uint16 :udp_length
44
57
  uint16 :udp_checksum
45
- skip :length => lambda { udp_length - 64 } #skip udp data
58
+ #skip :length => lambda { udp_length - 64 } #skip udp data
59
+ bit :layer4_data, :nbits => lambda { size_header - 64 } #skip udp data
46
60
  end
47
61
 
62
+ # noinspection RubyResolve,RubyResolve
48
63
  class IPV4Header < BinData::Record
49
64
  mandatory_parameter :size_header
50
65
 
@@ -66,8 +81,8 @@ class IPV4Header < BinData::Record
66
81
  end
67
82
  choice :layer4, :selection => :ip_protocol do
68
83
  tcp_header 6, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
69
- udp_header 17
70
- bit :default, :nbits => lambda { size_header - (ip_header_length * 4 * 8) }
84
+ udp_header 17, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
85
+ unknown_header :default, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
71
86
  end
72
87
 
73
88
  def is_options?
@@ -75,6 +90,8 @@ class IPV4Header < BinData::Record
75
90
  end
76
91
  end
77
92
 
93
+
94
+ # noinspection RubyResolve
78
95
  class IPHeader < BinData::Record
79
96
  mandatory_parameter :size_header
80
97
 
@@ -82,10 +99,11 @@ class IPHeader < BinData::Record
82
99
  bit4 :ip_version
83
100
  choice :header, :selection => :ip_version do
84
101
  ipv4_header 4, :size_header => :size_header
85
- bit :default, :nbits => lambda { size_header - 4 }
102
+ unknown_header :default, :size_header => lambda { size_header - 4 }
86
103
  end
87
104
  end
88
105
 
106
+ # noinspection RubyResolve
89
107
  class EthernetHeader < BinData::Record
90
108
  mandatory_parameter :size_header
91
109
 
@@ -95,6 +113,6 @@ class EthernetHeader < BinData::Record
95
113
  uint16 :eth_type
96
114
  choice :layer3, :selection => :eth_type do
97
115
  ip_header 2048, :size_header => lambda { size_header - (14 * 8) }
98
- bit :default, :nbits => lambda { size_header - (14 * 8) }
116
+ unknown_header :default, :size_header => lambda { size_header - (14 * 8) }
99
117
  end
100
- end
118
+ end
@@ -4,9 +4,10 @@ require 'bindata'
4
4
  require 'logstash/codecs/sflow/flow_record'
5
5
  require 'logstash/codecs/sflow/counter_record'
6
6
 
7
+ # noinspection RubyResolve
7
8
  class FlowSample < BinData::Record
8
9
  endian :big
9
- uint32 :sequence_number
10
+ uint32 :flow_sequence_number
10
11
  uint8 :source_id_type
11
12
  uint24 :source_id_index
12
13
  uint32 :sampling_rate
@@ -20,17 +21,18 @@ class FlowSample < BinData::Record
20
21
  bit12 :record_format
21
22
  uint32 :record_length
22
23
  choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
23
- raw_packet_header "0-1"
24
- ethernet_frame_data "0-2"
25
- ip4_data "0-3"
26
- ip6_data "0-4"
27
- extended_switch_data "0-1001"
28
- extended_router_data "0-1002"
24
+ raw_packet_header '0-1'
25
+ ethernet_frame_data '0-2'
26
+ ip4_data '0-3'
27
+ ip6_data '0-4'
28
+ extended_switch_data '0-1001'
29
+ extended_router_data '0-1002'
29
30
  skip :default, :length => :record_length
30
31
  end
31
32
  end
32
33
  end
33
34
 
35
+ # noinspection RubyResolve
34
36
  class CounterSample < BinData::Record
35
37
  endian :big
36
38
  uint32 :sample_seq_number
@@ -42,13 +44,13 @@ class CounterSample < BinData::Record
42
44
  bit12 :record_format
43
45
  uint32 :record_length
44
46
  choice :record_data, :selection => lambda { "#{record_entreprise}-#{record_format}" } do
45
- generic_interface "0-1"
46
- ethernet_interfaces "0-2"
47
- token_ring "0-3"
48
- hundred_base_vg "0-4"
49
- vlan "0-5"
50
- processor_information "0-1001"
51
- http_counters "0-2201"
47
+ generic_interface '0-1'
48
+ ethernet_interfaces '0-2'
49
+ token_ring '0-3'
50
+ hundred_base_vg '0-4'
51
+ vlan '0-5'
52
+ processor_information '0-1001'
53
+ http_counters '0-2201'
52
54
  skip :default, :length => :record_length
53
55
  end
54
56
  #processor_information :record_data
@@ -3,6 +3,7 @@
3
3
  require 'bindata'
4
4
  require 'ipaddr'
5
5
 
6
+ # noinspection RubyResolve
6
7
  class MacAddress < BinData::Primitive
7
8
  array :bytes, :type => :uint8, :initial_length => 6
8
9
 
@@ -12,17 +13,18 @@ class MacAddress < BinData::Primitive
12
13
  end
13
14
 
14
15
  def get
15
- self.bytes.collect { |byte| byte.value.to_s(16).rjust(2, '0') }.join(":")
16
+ self.bytes.collect { |byte| byte.value.to_s(16).rjust(2, '0') }.join(':')
16
17
  end
17
18
  end
18
19
 
20
+ # noinspection RubyResolve,RubyResolve,RubyResolve
19
21
  class IP4Addr < BinData::Primitive
20
22
  endian :big
21
23
  uint32 :storage
22
24
 
23
25
  def set(val)
24
26
  ip = IPAddr.new(val)
25
- if !ip.ipv4?
27
+ unless ip.ipv4?
26
28
  raise ArgumentError, "invalid IPv4 address '#{val}'"
27
29
  end
28
30
  self.storage = ip.to_i
@@ -33,13 +35,14 @@ class IP4Addr < BinData::Primitive
33
35
  end
34
36
  end
35
37
 
38
+ # noinspection RubyResolve
36
39
  class IP6Addr < BinData::Primitive
37
40
  endian :big
38
41
  uint128 :storage
39
42
 
40
43
  def set(val)
41
44
  ip = IPAddr.new(val)
42
- if !ip.ipv6?
45
+ unless ip.ipv6?
43
46
  raise ArgumentError, "invalid IPv6 address `#{val}'"
44
47
  end
45
48
  self.storage = ip.to_i
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-codec-sflow'
4
- s.version = '0.2.0'
4
+ s.version = '0.3.0'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "The sflow codec is for decoding SFlow v5 flows."
7
7
  s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
@@ -6,7 +6,7 @@ require "logstash/codecs/sflow/packet_header"
6
6
  describe UdpHeader do
7
7
  it "should decode udp header" do
8
8
  payload = IO.read(File.join(File.dirname(__FILE__), "udp.dat"), :mode => "rb")
9
- decoded = UdpHeader.read(payload)
9
+ decoded = UdpHeader.new(:size_header => payload.bytesize * 8).read(payload)
10
10
 
11
11
  decoded["src_port"].to_s.should eq("20665")
12
12
  decoded["dst_port"].to_s.should eq("514")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-codec-sflow
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nicolas Fraison
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-12-13 00:00:00.000000000 Z
11
+ date: 2015-12-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement