logstash-codec-sflow 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -5
- data/lib/logstash/codecs/sflow.rb +29 -85
- data/logstash-codec-sflow.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7eed203acbba949c5f6db0d5d1d73b0b0f058236
|
|
4
|
+
data.tar.gz: 15d9572d80d50e9c130b9aa6f53e581676e95930
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b1f27e4c93a87f4c69f42db0ec71556bb683a307283c8963df58caad3d8d35c2b47a447df3f1c60b74460423c70d43522bdf540c12126760f24e2e7357170236
|
|
7
|
+
data.tar.gz: 398fdfe771b31be2f222f2b2af7ae328050a27173a9a0da60e22e52db36cc5dec0f31207bd68170238aaa05b289cda2740ffa0f7d373cb2ff8c1a97e749bd178
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Logstash Codec SFlow Plugin
|
|
2
2
|
## Description
|
|
3
|
-
Logstash codec plugin to
|
|
3
|
+
Logstash codec plugin to decode sflow codec
|
|
4
4
|
|
|
5
5
|
[](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Codecs/job/logstash-plugin-codec-example-unit/)
|
|
@@ -65,7 +65,7 @@ bundle exec rspec
|
|
|
65
65
|
|
|
66
66
|
- Edit Logstash `tools/Gemfile` and add the local plugin path, for example:
|
|
67
67
|
```ruby
|
|
68
|
-
gem "logstash-codec-sflow", :path => "/your/local/logstash-
|
|
68
|
+
gem "logstash-codec-sflow", :path => "/your/local/logstash-codec-sflow"
|
|
69
69
|
```
|
|
70
70
|
- Update Logstash dependencies
|
|
71
71
|
```sh
|
|
@@ -73,7 +73,7 @@ rake vendor:gems
|
|
|
73
73
|
```
|
|
74
74
|
- Run Logstash with your plugin
|
|
75
75
|
```sh
|
|
76
|
-
bin/logstash -e '
|
|
76
|
+
bin/logstash -e 'input { udp { port => 6343 codec => sflow }}'
|
|
77
77
|
```
|
|
78
78
|
At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
|
|
79
79
|
|
|
@@ -81,11 +81,11 @@ At this point any modifications to the plugin code will be applied to this local
|
|
|
81
81
|
|
|
82
82
|
- Build your plugin gem
|
|
83
83
|
```sh
|
|
84
|
-
gem build logstash-
|
|
84
|
+
gem build logstash-codec-sflow.gemspec
|
|
85
85
|
```
|
|
86
86
|
- Install the plugin from the Logstash home
|
|
87
87
|
```sh
|
|
88
|
-
bin/plugin install /your/local/plugin/logstash-
|
|
88
|
+
bin/plugin install /your/local/plugin/logstash-codec-sflow.gem
|
|
89
89
|
```
|
|
90
90
|
- Start Logstash and proceed to test the plugin
|
|
91
91
|
|
|
@@ -14,11 +14,34 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
14
14
|
super(params)
|
|
15
15
|
@threadsafe = false
|
|
16
16
|
# noinspection RubyResolve
|
|
17
|
-
@removed_field = %w(record_length record_count record_entreprise record_format sample_entreprise sample_format sample_length sample_count sample_header layer3 layer4 layer4_data header udata) | @optional_removed_field
|
|
17
|
+
@removed_field = %w(records record_data record_length record_count record_entreprise record_format samples sample_data sample_entreprise sample_format sample_length sample_count sample_header layer3 layer4 layer4_data header udata) | @optional_removed_field
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
# def initialize
|
|
21
21
|
|
|
22
|
+
def assign_key_value(event, bindata_kv)
|
|
23
|
+
bindata_kv.each_pair do |k, v|
|
|
24
|
+
unless @removed_field.include? k.to_s
|
|
25
|
+
event["#{k}"] = v
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def common_sflow(event, decoded, sample, record)
|
|
31
|
+
# Ensure that some data exist for the record
|
|
32
|
+
if record['record_data'].to_s.eql? ''
|
|
33
|
+
@logger.warn("Unknown record entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
|
|
34
|
+
next
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
assign_key_value(event, decoded)
|
|
38
|
+
assign_key_value(event, sample)
|
|
39
|
+
assign_key_value(event, sample['sample_data'])
|
|
40
|
+
assign_key_value(event, record)
|
|
41
|
+
assign_key_value(event, record['record_data'])
|
|
42
|
+
|
|
43
|
+
end
|
|
44
|
+
|
|
22
45
|
public
|
|
23
46
|
def register
|
|
24
47
|
require 'logstash/codecs/sflow/datagram'
|
|
@@ -47,61 +70,14 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
47
70
|
LogStash::Event::TIMESTAMP => LogStash::Timestamp.now
|
|
48
71
|
}
|
|
49
72
|
sample['sample_data']['records'].each do |record|
|
|
50
|
-
|
|
51
|
-
if record['record_data'].to_s.eql? ''
|
|
52
|
-
@logger.warn("Unknown record entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
|
|
53
|
-
next
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
decoded.each_pair do |k, v|
|
|
57
|
-
unless k.to_s.eql? 'samples' or @removed_field.include? k.to_s
|
|
58
|
-
event["#{k}"] = v
|
|
59
|
-
end
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
sample.each_pair do |k, v|
|
|
63
|
-
unless k.to_s.eql? 'sample_data' or @removed_field.include? k.to_s
|
|
64
|
-
event["#{k}"] = v
|
|
65
|
-
end
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
sample['sample_data'].each_pair do |k, v|
|
|
69
|
-
unless k.to_s.eql? 'records' or @removed_field.include? k.to_s
|
|
70
|
-
event["#{k}"] = v
|
|
71
|
-
end
|
|
72
|
-
end
|
|
73
|
-
|
|
74
|
-
record.each_pair do |k, v|
|
|
75
|
-
unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
|
|
76
|
-
event["#{k}"] = v
|
|
77
|
-
end
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
record['record_data'].each_pair do |k, v|
|
|
81
|
-
unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
|
|
82
|
-
event["#{k}"] = v
|
|
83
|
-
end
|
|
84
|
-
end
|
|
73
|
+
common_sflow(event, decoded, sample, record)
|
|
85
74
|
|
|
86
75
|
unless record['record_data']['sample_header'].to_s.eql? ''
|
|
87
|
-
record['record_data']['sample_header']
|
|
88
|
-
unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
|
|
89
|
-
event["#{k}"] = v
|
|
90
|
-
end
|
|
91
|
-
end
|
|
76
|
+
assign_key_value(event, record['record_data']['sample_header'])
|
|
92
77
|
|
|
93
78
|
if record['record_data']['sample_header'].has_key?('layer3')
|
|
94
|
-
record['record_data']['sample_header']['layer3']['header']
|
|
95
|
-
|
|
96
|
-
event["#{k}"] = v
|
|
97
|
-
end
|
|
98
|
-
end
|
|
99
|
-
|
|
100
|
-
record['record_data']['sample_header']['layer3']['header']['layer4'].each_pair do |k, v|
|
|
101
|
-
unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
|
|
102
|
-
event["#{k}"] = v
|
|
103
|
-
end
|
|
104
|
-
end
|
|
79
|
+
assign_key_value(event, record['record_data']['sample_header']['layer3']['header'])
|
|
80
|
+
assign_key_value(event, record['record_data']['sample_header']['layer3']['header']['layer4'])
|
|
105
81
|
end
|
|
106
82
|
end
|
|
107
83
|
|
|
@@ -111,44 +87,12 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
111
87
|
#treat counter flow
|
|
112
88
|
elsif sample['sample_entreprise'] == 0 && sample['sample_format'] == 2
|
|
113
89
|
sample['sample_data']['records'].each do |record|
|
|
114
|
-
# Ensure that some data exist for the record
|
|
115
|
-
if record['record_data'].to_s.eql? ''
|
|
116
|
-
@logger.warn("Unknown record entreprise #{record['record_entreprise'].to_s}, format #{record['record_format'].to_s}")
|
|
117
|
-
next
|
|
118
|
-
end
|
|
119
|
-
|
|
120
90
|
# Create the logstash event
|
|
121
91
|
event = {
|
|
122
92
|
LogStash::Event::TIMESTAMP => LogStash::Timestamp.now
|
|
123
93
|
}
|
|
124
94
|
|
|
125
|
-
decoded
|
|
126
|
-
unless k.to_s.eql? 'samples' or @removed_field.include? k.to_s
|
|
127
|
-
event["#{k}"] = v
|
|
128
|
-
end
|
|
129
|
-
end
|
|
130
|
-
|
|
131
|
-
sample.each_pair do |k, v|
|
|
132
|
-
unless k.to_s.eql? 'sample_data' or @removed_field.include? k.to_s
|
|
133
|
-
event["#{k}"] = v
|
|
134
|
-
end
|
|
135
|
-
end
|
|
136
|
-
|
|
137
|
-
sample['sample_data'].each_pair do |k, v|
|
|
138
|
-
unless k.to_s.eql? 'records' or @removed_field.include? k.to_s
|
|
139
|
-
event["#{k}"] = v
|
|
140
|
-
end
|
|
141
|
-
end
|
|
142
|
-
|
|
143
|
-
record.each_pair do |k, v|
|
|
144
|
-
unless k.to_s.eql? 'record_data' or @removed_field.include? k.to_s
|
|
145
|
-
event["#{k}"] = v
|
|
146
|
-
end
|
|
147
|
-
end
|
|
148
|
-
|
|
149
|
-
record['record_data'].each_pair do |k, v|
|
|
150
|
-
event["#{k}"] = v
|
|
151
|
-
end
|
|
95
|
+
common_sflow(event, decoded, sample, record)
|
|
152
96
|
|
|
153
97
|
events.push(event)
|
|
154
98
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-sflow'
|
|
4
|
-
s.version = '0.
|
|
4
|
+
s.version = '0.4.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "The sflow codec is for decoding SFlow v5 flows."
|
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-sflow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nicolas Fraison
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-12-
|
|
11
|
+
date: 2015-12-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|