RubyGems - logstash-codec-sflow - Versions diffs - 0.3.0 → 0.4.0 - Mend

logstash-codec-sflow 0.3.0 → 0.4.0

Files changed (5) hide show

checksums.yaml +4 -4
data/README.md +5 -5
data/lib/logstash/codecs/sflow.rb +29 -85
data/logstash-codec-sflow.gemspec +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cd2eaaabdcac4aa04d07417a080f816d3ca10312
-  data.tar.gz: ed4a423a37954b8d3828da46f46b721c3970f208
+  metadata.gz: 7eed203acbba949c5f6db0d5d1d73b0b0f058236
+  data.tar.gz: 15d9572d80d50e9c130b9aa6f53e581676e95930
 SHA512:
-  metadata.gz: a4a26572a0c3cd25e870f3858be947ef83489932b20f097a5d8e7032954db83c3980e169acb1f3a96d9b562e1398fb6e02e4dfa2eb1650b9325ed07eaa164c56
-  data.tar.gz: 9ecbdf91625700f3a3396ff712b9a89bd2d5ba26858660d36be61a570ee479b9da8067bc58d5f1b4191e6301b674fc5358773dfd4d2aa243c13c66abc83f26f1
+  metadata.gz: b1f27e4c93a87f4c69f42db0ec71556bb683a307283c8963df58caad3d8d35c2b47a447df3f1c60b74460423c70d43522bdf540c12126760f24e2e7357170236
+  data.tar.gz: 398fdfe771b31be2f222f2b2af7ae328050a27173a9a0da60e22e52db36cc5dec0f31207bd68170238aaa05b289cda2740ffa0f7d373cb2ff8c1a97e749bd178

data/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # Logstash Codec SFlow Plugin
 ## Description
-Logstash codec plugin to decrypt sflow
+Logstash codec plugin to decode sflow codec
 [![Build
 Status](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Codecs/job/logstash-plugin-codec-example-unit/badge/icon)](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Codecs/job/logstash-plugin-codec-example-unit/)
@@ -65,7 +65,7 @@ bundle exec rspec
 - Edit Logstash `tools/Gemfile` and add the local plugin path, for example:
 ```ruby
-gem "logstash-codec-sflow", :path => "/your/local/logstash-filter-awesome"
+gem "logstash-codec-sflow", :path => "/your/local/logstash-codec-sflow"
 ```
 - Update Logstash dependencies
 ```sh
@@ -73,7 +73,7 @@ rake vendor:gems
 ```
 - Run Logstash with your plugin
 ```sh
-bin/logstash -e 'filter {awesome {}}'
+bin/logstash -e 'input { udp { port => 6343 codec => sflow }}'
 ```
 At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
@@ -81,11 +81,11 @@ At this point any modifications to the plugin code will be applied to this local
 - Build your plugin gem
 ```sh
-gem build logstash-filter-awesome.gemspec
+gem build logstash-codec-sflow.gemspec
 ```
 - Install the plugin from the Logstash home
 ```sh
-bin/plugin install /your/local/plugin/logstash-filter-awesome.gem
+bin/plugin install /your/local/plugin/logstash-codec-sflow.gem
 ```
 - Start Logstash and proceed to test the plugin

data/lib/logstash/codecs/sflow.rb CHANGED Viewed

@@ -14,11 +14,34 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
     super(params)
     @threadsafe = false
     # noinspection RubyResolve
-    @removed_field = %w(record_length record_count record_entreprise record_format sample_entreprise sample_format sample_length sample_count sample_header layer3 layer4 layer4_data header udata) | @optional_removed_field
+    @removed_field = %w(records record_data record_length record_count record_entreprise record_format samples sample_data sample_entreprise sample_format sample_length sample_count sample_header layer3 layer4 layer4_data header udata) | @optional_removed_field
   end
   # def initialize
+  def assign_key_value(event, bindata_kv)
+    bindata_kv.each_pair do |k, v|
+      unless @removed_field.include? k.to_s
+        event["#{k}"] = v
+      end
+    end
+  end
+  def common_sflow(event, decoded, sample, record)
+    # Ensure that some data exist for the record
+    if record['record_data'].to_s.eql? ''
+      @logger.warn("Unknown record entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
+      next
+    end
+    assign_key_value(event, decoded)
+    assign_key_value(event, sample)
+    assign_key_value(event, sample['sample_data'])
+    assign_key_value(event, record)
+    assign_key_value(event, record['record_data'])
+  end
   public
   def register
     require 'logstash/codecs/sflow/datagram'
@@ -47,61 +70,14 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
             LogStash::Event::TIMESTAMP => LogStash::Timestamp.now
         }
         sample['sample_data']['records'].each do |record|
-          # Ensure that some data exist for the record
-          if record['record_data'].to_s.eql? ''
-            @logger.warn("Unknown record entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
-            next
-          end
-          decoded.each_pair do |k, v|
-            unless k.to_s.eql? 'samples' or @removed_field.include? k.to_s
-              event["#{k}"] = v
-            end
-          end
-          sample.each_pair do |k, v|
-            unless k.to_s.eql? 'sample_data' or @removed_field.include? k.to_s
-              event["#{k}"] = v
-            end
-          end
-          sample['sample_data'].each_pair do |k, v|
-            unless k.to_s.eql? 'records' or @removed_field.include? k.to_s
-              event["#{k}"] = v
-            end
-          end
-          record.each_pair do |k, v|
-            unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
-              event["#{k}"] = v
-            end
-          end
-          record['record_data'].each_pair do |k, v|
-            unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
-              event["#{k}"] = v
-            end
-          end
+          common_sflow(event, decoded, sample, record)
           unless record['record_data']['sample_header'].to_s.eql? ''
-            record['record_data']['sample_header'].each_pair do |k, v|
-              unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
-                event["#{k}"] = v
-              end
-            end
+            assign_key_value(event, record['record_data']['sample_header'])
             if record['record_data']['sample_header'].has_key?('layer3')
-              record['record_data']['sample_header']['layer3']['header'].each_pair do |k, v|
-                unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
-                  event["#{k}"] = v
-                end
-              end
-              record['record_data']['sample_header']['layer3']['header']['layer4'].each_pair do |k, v|
-                unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
-                  event["#{k}"] = v
-                end
-              end
+              assign_key_value(event, record['record_data']['sample_header']['layer3']['header'])
+              assign_key_value(event, record['record_data']['sample_header']['layer3']['header']['layer4'])
             end
           end
@@ -111,44 +87,12 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
         #treat counter flow
       elsif sample['sample_entreprise'] == 0 && sample['sample_format'] == 2
         sample['sample_data']['records'].each do |record|
-          # Ensure that some data exist for the record
-          if record['record_data'].to_s.eql? ''
-            @logger.warn("Unknown record entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
-            next
-          end
           # Create the logstash event
           event = {
               LogStash::Event::TIMESTAMP => LogStash::Timestamp.now
           }
-          decoded.each_pair do |k, v|
-            unless k.to_s.eql? 'samples' or @removed_field.include? k.to_s
-              event["#{k}"] = v
-            end
-          end
-          sample.each_pair do |k, v|
-            unless k.to_s.eql? 'sample_data' or @removed_field.include? k.to_s
-              event["#{k}"] = v
-            end
-          end
-          sample['sample_data'].each_pair do |k, v|
-            unless k.to_s.eql? 'records' or @removed_field.include? k.to_s
-              event["#{k}"] = v
-            end
-          end
-          record.each_pair do |k, v|
-            unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
-              event["#{k}"] = v
-            end
-          end
-          record['record_data'].each_pair do |k, v|
-            event["#{k}"] = v
-          end
+          common_sflow(event, decoded, sample, record)
           events.push(event)
         end

data/logstash-codec-sflow.gemspec CHANGED Viewed

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name = 'logstash-codec-sflow'
-  s.version = '0.3.0'
+  s.version = '0.4.0'
   s.licenses = ['Apache License (2.0)']
   s.summary = "The sflow codec is for decoding SFlow v5 flows."
   s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-codec-sflow
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Nicolas Fraison
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-12-14 00:00:00.000000000 Z
+date: 2015-12-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement