logstash-codec-sflow 0.9.0 → 0.10.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0dd6c6453a6f16c8f7526f8e210f9c7e6a9de5b3
4
- data.tar.gz: 51951483cfd88c3c7a3a310e2c1a4fd064259656
3
+ metadata.gz: ee69bffd79c2302c265793141d26e6ae3c326632
4
+ data.tar.gz: 9eacb61fc2d49846dd66157d429fef84389346d4
5
5
  SHA512:
6
- metadata.gz: f3b2675a5d8f30c131c94751e294723939cacba36b30f008b4a6cc5328f285043076e13298475ceb2e26b4ff7919f66ae3448ed62a877bcf081d517cd4028418
7
- data.tar.gz: 3e6510c59a4939d7079f50960657dba71629833ab4f12b37247c9f2af32095ca896fc3db4429b09f0bd295bb142a255e2b0b2b2f6e8c8acb9c68e656f6c245e9
6
+ metadata.gz: 542aab3cbbd1c11b87914b4533fd38c2451cbfd236b341df4d93aaef680ee253fb1ab57b4144c9be2c8aa13dd1c45b147ef0121d9e11e43728ce9a8ce5d99578
7
+ data.tar.gz: 7403d549f59c9bedf7a911efd7590e508d1f29531d48680c4bbfb37084b322a1443663e28cd3ebd3016144866709da65816e14b9ea4148966f1a7e3bd493ea25
data/README.md CHANGED
@@ -1,16 +1,18 @@
1
1
  # Logstash Codec SFlow Plugin
2
2
  ## Description
3
- Logstash codec plugin to decode sflow codec
3
+ Logstash codec plugin to decode sflow codec.
4
+
4
5
  This codec manage flow sample and counter flow.
5
6
 
6
- For the flow sample it is able to decode Ethernet, IPv4, UDP and TCP header
7
+ For the flow sample it is able to decode Ethernet, 802.1Q VLAN, IPv4, UDP and TCP header
7
8
 
8
9
  For the counter flow it is able to decode some records of type:
9
- - Generic Interface
10
- - Ethernet Interface
11
- - VLAN
12
- - Processor Information
13
- - HTTP
10
+
11
+ - Generic Interface
12
+ - Ethernet Interface
13
+ - VLAN
14
+ - Processor Information
15
+ - HTTP
14
16
 
15
17
 
16
18
  [![Build
@@ -9,23 +9,42 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
9
9
  # Specify which Sflow versions you will accept.
10
10
  config :versions, :validate => :array, :default => [5]
11
11
 
12
- # Specify which sflow must not be send in the event
13
- config :optional_removed_field, :validate => :array, :default => %w(sflow_version ip_version header_size ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags ip_fragment_offset ip_ttl ip_checksum ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin tcp_window_size tcp_checksum tcp_urgent_pointer tcp_options)
12
+ # Specify which sflow fields must not be send in the event
13
+ config :optional_removed_field, :validate => :array, :default => %w(sflow_version ip_version header_size
14
+ ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags ip_fragment_offset ip_ttl ip_checksum
15
+ ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo
16
+ tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin tcp_window_size tcp_checksum
17
+ tcp_urgent_pointer tcp_options vlan_cfi sequence_number flow_sequence_number vlan_type udp_length udp_checksum)
14
18
 
19
+ # Specify if codec must perform SNMP call so agent_ip for interface resolution.
20
+ config :snmp_interface, :validate => :boolean, :default => true
21
+
22
+ # Specify if codec must perform SNMP call so agent_ip for interface resolution.
23
+ config :snmp_community, :validate => :string, :default => 'public'
24
+
25
+ # Specify the max number of element in the interface resolution local cache (only if snmp_interface true)
26
+ config :interface_cache_size, :validate => :number, :default => 1000
27
+
28
+ # Specify the duration for each element in the interface resolution local cache (only if snmp_interface true)
29
+ config :interface_cache_ttl, :validate => :number, :default => 3600
15
30
 
16
31
  def initialize(params = {})
17
32
  super(params)
18
33
  @threadsafe = false
19
- # noinspection RubyResolve
20
- @removed_field = %w(records record_data record_length record_count record_entreprise record_format samples sample_data sample_entreprise sample_format sample_length sample_count sample_header layer3 layer4 layer4_data header udata) | @optional_removed_field
21
34
  end
22
35
 
23
36
  # def initialize
24
37
 
25
38
  def assign_key_value(event, bindata_kv)
26
- bindata_kv.each_pair do |k, v|
27
- unless @removed_field.include? k.to_s
28
- event["#{k.to_s}"] = v.to_s
39
+ unless bindata_kv.nil? or bindata_kv.to_s.eql? ''
40
+ bindata_kv.each_pair do |k, v|
41
+ if v.is_a?(BinData::Choice)
42
+ assign_key_value(event, bindata_kv[k])
43
+ else
44
+ unless @removed_field.include? k.to_s or v.is_a?(BinData::Array)
45
+ event["#{k.to_s}"] = v.to_s
46
+ end
47
+ end
29
48
  end
30
49
  end
31
50
  end
@@ -34,17 +53,41 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
34
53
  # @param [Object] decoded
35
54
  # @param [Object] sample
36
55
  # @param [Object] record
37
- def common_sflow(event, decoded, sample, record)
56
+ def common_sflow(event, decoded, sample)
57
+ event['agent_ip'] = decoded['agent_ip'].to_s
38
58
  assign_key_value(event, decoded)
39
59
  assign_key_value(event, sample)
40
- assign_key_value(event, sample['sample_data'])
41
- assign_key_value(event, record)
42
- assign_key_value(event, record['record_data'])
60
+ end
61
+
62
+ def snmp_call(event)
63
+ if @snmp_interface
64
+ if event.include?('source_id_index')
65
+ event["source_id_index"] = @snmp.get_interface(event["agent_ip"], event["source_id_index"])
66
+ end
67
+ if event.include?('input_interface')
68
+ event["input_interface"] = @snmp.get_interface(event["agent_ip"], event["input_interface"])
69
+ end
70
+ if event.include?('output_interface')
71
+ event["output_interface"] = @snmp.get_interface(event["agent_ip"], event["output_interface"])
72
+ end
73
+ if event.include?('interface_index')
74
+ event["interface_index"] = @snmp.get_interface(event["agent_ip"], event["interface_index"])
75
+ end
76
+ end
43
77
  end
44
78
 
45
79
  public
46
80
  def register
47
81
  require 'logstash/codecs/sflow/datagram'
82
+ require 'logstash/codecs/snmp/interface_resolver'
83
+
84
+ # noinspection RubyResolve
85
+ @removed_field = %w(record_length record_count record_entreprise record_format sample_entreprise sample_format
86
+ sample_length sample_count sample_header data storage) | @optional_removed_field
87
+
88
+ if @snmp_interface
89
+ @snmp = SNMPInterfaceResolver.new(@snmp_community, @interface_cache_size, @interface_cache_ttl)
90
+ end
48
91
  end
49
92
 
50
93
  # def register
@@ -71,7 +114,9 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
71
114
  #treat sample flow
72
115
  if sample['sample_entreprise'] == 0 && sample['sample_format'] == 1
73
116
  # Create the logstash event
74
- event = LogStash::Event.new
117
+ event = LogStash::Event.new({})
118
+ common_sflow(event, decoded, sample)
119
+
75
120
  sample['sample_data']['records'].each do |record|
76
121
  # Ensure that some data exist for the record
77
122
  if record['record_data'].to_s.eql? ''
@@ -79,16 +124,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
79
124
  next
80
125
  end
81
126
 
82
- common_sflow(event, decoded, sample, record)
83
-
84
- unless record['record_data']['sample_header'].to_s.eql? ''
85
- assign_key_value(event, record['record_data']['sample_header'])
86
-
87
- if record['record_data']['sample_header'].has_key?('layer3')
88
- assign_key_value(event, record['record_data']['sample_header']['layer3']['header'])
89
- assign_key_value(event, record['record_data']['sample_header']['layer3']['header']['layer4'])
90
- end
91
- end
127
+ assign_key_value(event, record)
92
128
 
93
129
  end
94
130
  #compute frame_length_times_sampling_rate
@@ -97,6 +133,10 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
97
133
  end
98
134
 
99
135
  event["sflow_type"] = 'sample'
136
+
137
+ #Get interface dfescr if snmp_interface true
138
+ snmp_call(event)
139
+
100
140
  events.push(event)
101
141
 
102
142
  #treat counter flow
@@ -109,11 +149,16 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
109
149
  end
110
150
 
111
151
  # Create the logstash event
112
- event = LogStash::Event.new
152
+ event = LogStash::Event.new({})
153
+ common_sflow(event, decoded, sample)
113
154
 
114
- common_sflow(event, decoded, sample, record)
155
+ assign_key_value(event, record)
115
156
 
116
157
  event["sflow_type"] = 'counter'
158
+
159
+ #Get interface dfescr if snmp_interface true
160
+ snmp_call(event)
161
+
117
162
  events.push(event)
118
163
  end
119
164
  end
@@ -9,7 +9,7 @@ class UnknownHeader < BinData::Record
9
9
  mandatory_parameter :size_header
10
10
 
11
11
  endian :big
12
- bit :udata, :nbits => :size_header
12
+ bit :data, :nbits => :size_header
13
13
  end
14
14
 
15
15
 
@@ -39,7 +39,7 @@ class TcpHeader < BinData::Record
39
39
  array :tcp_options, :initial_length => lambda { (((tcp_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
40
40
  string :tcp_option, :length => 4, :pad_byte => "\0"
41
41
  end
42
- bit :layer4_data, :nbits => lambda { size_header - (tcp_header_length * 4 * 8) }
42
+ bit :data, :nbits => lambda { size_header - (tcp_header_length * 4 * 8) }
43
43
 
44
44
  def is_options?
45
45
  tcp_header_length.to_i > 5
@@ -56,7 +56,7 @@ class UdpHeader < BinData::Record
56
56
  uint16 :udp_length
57
57
  uint16 :udp_checksum
58
58
  #skip :length => lambda { udp_length - 64 } #skip udp data
59
- bit :layer4_data, :nbits => lambda { size_header - 64 } #skip udp data
59
+ bit :data, :nbits => lambda { size_header - 64 } #skip udp data
60
60
  end
61
61
 
62
62
  # noinspection RubyResolve,RubyResolve
@@ -79,7 +79,7 @@ class IPV4Header < BinData::Record
79
79
  array :ip_options, :initial_length => lambda { (((ip_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
80
80
  string :ip_option, :length => 4, :pad_byte => "\0"
81
81
  end
82
- choice :layer4, :selection => :ip_protocol do
82
+ choice :ip_data, :selection => :ip_protocol do
83
83
  tcp_header 6, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
84
84
  udp_header 17, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
85
85
  unknown_header :default, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
@@ -90,19 +90,33 @@ class IPV4Header < BinData::Record
90
90
  end
91
91
  end
92
92
 
93
-
94
93
  # noinspection RubyResolve
95
94
  class IPHeader < BinData::Record
96
95
  mandatory_parameter :size_header
97
96
 
98
97
  endian :big
99
98
  bit4 :ip_version
100
- choice :header, :selection => :ip_version do
99
+ choice :ip_header, :selection => :ip_version do
101
100
  ipv4_header 4, :size_header => :size_header
102
101
  unknown_header :default, :size_header => lambda { size_header - 4 }
103
102
  end
104
103
  end
105
104
 
105
+ # noinspection RubyResolve
106
+ class VLANHeader < BinData::Record
107
+ mandatory_parameter :size_header
108
+
109
+ endian :big
110
+ bit3 :vlan_priority
111
+ bit1 :vlan_cfi
112
+ bit12 :vlan_id
113
+ uint16 :vlan_type
114
+ choice :vlan_data, :selection => :vlan_type do
115
+ ip_header 2048, :size_header => lambda { size_header - (4 * 8) }
116
+ unknown_header :default, :size_header => lambda { size_header - (4 * 8) }
117
+ end
118
+ end
119
+
106
120
  # noinspection RubyResolve
107
121
  class EthernetHeader < BinData::Record
108
122
  mandatory_parameter :size_header
@@ -111,8 +125,9 @@ class EthernetHeader < BinData::Record
111
125
  sflow_mac_address :eth_dst
112
126
  sflow_mac_address :eth_src
113
127
  uint16 :eth_type
114
- choice :layer3, :selection => :eth_type do
128
+ choice :eth_data, :selection => :eth_type do
115
129
  ip_header 2048, :size_header => lambda { size_header - (14 * 8) }
130
+ vlan_header 33024, :size_header => lambda { size_header - (14 * 8) }
116
131
  unknown_header :default, :size_header => lambda { size_header - (14 * 8) }
117
132
  end
118
133
  end
@@ -0,0 +1,21 @@
1
+ require 'snmp'
2
+ require 'lru_redux'
3
+
4
+ class SNMPInterfaceResolver
5
+ def initialize(community, cache_size, cache_ttl)
6
+ @community = community
7
+ @cacheSnmpInterface = LruRedux::TTL::Cache.new(cache_size, cache_ttl)
8
+ end
9
+
10
+ def get_interface(host, ifIndex)
11
+ unless @cacheSnmpInterface.key?("#{host}-#{ifIndex}")
12
+ SNMP::Manager.open(:host => host, :community => @community, :version => :SNMPv2c) do |manager|
13
+ response = manager.get("ifDescr.#{ifIndex}")
14
+ response.each_varbind do |vb|
15
+ @cacheSnmpInterface["#{host}-#{ifIndex}"] = vb.value.to_s
16
+ end
17
+ end
18
+ end
19
+ return @cacheSnmpInterface["#{host}-#{ifIndex}"]
20
+ end
21
+ end
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-codec-sflow'
4
- s.version = '0.9.0'
4
+ s.version = '0.10.0'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "The sflow codec is for decoding SFlow v5 flows."
7
7
  s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
@@ -22,6 +22,8 @@ Gem::Specification.new do |s|
22
22
  # Gem dependencies
23
23
  s.add_runtime_dependency "logstash-core", ">= 1.4.0", "< 3.0.0"
24
24
  s.add_runtime_dependency 'bindata', ['>= 2.1.0']
25
+ s.add_runtime_dependency 'lru_redux', ['>= 1.1.0']
26
+ s.add_runtime_dependency 'snmp', ['>= 1.2.0']
25
27
  s.add_development_dependency 'logstash-devutils'
26
28
  end
27
29
 
@@ -42,53 +42,67 @@ end
42
42
 
43
43
 
44
44
  describe IPHeader do
45
- it "should decode ipv4 over tcp header" do
46
- payload = IO.read(File.join(File.dirname(__FILE__), "ipv4_over_tcp_header.dat"), :mode => "rb")
45
+ it "should decode ipv4 tcp header" do
46
+ payload = IO.read(File.join(File.dirname(__FILE__), "ipv4_tcp_header.dat"), :mode => "rb")
47
47
  decoded = IPHeader.new(:size_header => payload.bytesize * 8).read(payload)
48
48
 
49
49
  decoded["ip_version"].to_s.should eq("4")
50
- decoded["header"]["ip_header_length"].to_s.should eq("5")
51
- decoded["header"]["ip_dscp"].to_s.should eq("0")
52
- decoded["header"]["ip_ecn"].to_s.should eq("0")
53
- decoded["header"]["ip_total_length"].to_s.should eq("476")
54
- decoded["header"]["ip_identification"].to_s.should eq("30529")
55
- decoded["header"]["ip_flags"].to_s.should eq("2")
56
- decoded["header"]["ip_fragment_offset"].to_s.should eq("0")
57
- decoded["header"]["ip_ttl"].to_s.should eq("62")
58
- decoded["header"]["ip_protocol"].to_s.should eq("6")
59
- decoded["header"]["ip_checksum"].to_s.should eq("37559")
60
- decoded["header"]["src_ip"].to_s.should eq("10.243.27.17")
61
- decoded["header"]["dst_ip"].to_s.should eq("10.243.0.45")
62
- decoded["header"]["layer4"]["src_port"].to_s.should eq("5672")
63
- decoded["header"]["layer4"]["dst_port"].to_s.should eq("59451")
64
- decoded["header"]["layer4"]["tcp_seq_number"].to_s.should eq("2671357038")
65
- decoded["header"]["layer4"]["tcp_ack_number"].to_s.should eq("2651945969")
66
- (decoded["header"]["layer4"]["tcp_header_length"].to_i*4).to_s.should eq("32")
67
- decoded["header"]["layer4"]["tcp_is_nonce"].to_s.should eq("0")
68
- decoded["header"]["layer4"]["tcp_is_cwr"].to_s.should eq("0")
69
- decoded["header"]["layer4"]["tcp_is_ecn_echo"].to_s.should eq("0")
70
- decoded["header"]["layer4"]["tcp_is_urgent"].to_s.should eq("0")
71
- decoded["header"]["layer4"]["tcp_is_ack"].to_s.should eq("1")
72
- decoded["header"]["layer4"]["tcp_is_push"].to_s.should eq("1")
73
- decoded["header"]["layer4"]["tcp_is_reset"].to_s.should eq("0")
74
- decoded["header"]["layer4"]["tcp_is_syn"].to_s.should eq("0")
75
- decoded["header"]["layer4"]["tcp_is_fin"].to_s.should eq("0")
76
- decoded["header"]["layer4"]["tcp_window_size"].to_s.should eq("147")
77
- decoded["header"]["layer4"]["tcp_checksum"].to_s.should eq("13042")
78
- decoded["header"]["layer4"]["tcp_urgent_pointer"].to_s.should eq("0")
50
+ decoded["ip_header"]["ip_header_length"].to_s.should eq("5")
51
+ decoded["ip_header"]["ip_dscp"].to_s.should eq("0")
52
+ decoded["ip_header"]["ip_ecn"].to_s.should eq("0")
53
+ decoded["ip_header"]["ip_total_length"].to_s.should eq("476")
54
+ decoded["ip_header"]["ip_identification"].to_s.should eq("30529")
55
+ decoded["ip_header"]["ip_flags"].to_s.should eq("2")
56
+ decoded["ip_header"]["ip_fragment_offset"].to_s.should eq("0")
57
+ decoded["ip_header"]["ip_ttl"].to_s.should eq("62")
58
+ decoded["ip_header"]["ip_protocol"].to_s.should eq("6")
59
+ decoded["ip_header"]["ip_checksum"].to_s.should eq("37559")
60
+ decoded["ip_header"]["src_ip"].to_s.should eq("10.243.27.17")
61
+ decoded["ip_header"]["dst_ip"].to_s.should eq("10.243.0.45")
62
+ decoded["ip_header"]["ip_data"]["src_port"].to_s.should eq("5672")
63
+ decoded["ip_header"]["ip_data"]["dst_port"].to_s.should eq("59451")
64
+ decoded["ip_header"]["ip_data"]["tcp_seq_number"].to_s.should eq("2671357038")
65
+ decoded["ip_header"]["ip_data"]["tcp_ack_number"].to_s.should eq("2651945969")
66
+ (decoded["ip_header"]["ip_data"]["tcp_header_length"].to_i*4).to_s.should eq("32")
67
+ decoded["ip_header"]["ip_data"]["tcp_is_nonce"].to_s.should eq("0")
68
+ decoded["ip_header"]["ip_data"]["tcp_is_cwr"].to_s.should eq("0")
69
+ decoded["ip_header"]["ip_data"]["tcp_is_ecn_echo"].to_s.should eq("0")
70
+ decoded["ip_header"]["ip_data"]["tcp_is_urgent"].to_s.should eq("0")
71
+ decoded["ip_header"]["ip_data"]["tcp_is_ack"].to_s.should eq("1")
72
+ decoded["ip_header"]["ip_data"]["tcp_is_push"].to_s.should eq("1")
73
+ decoded["ip_header"]["ip_data"]["tcp_is_reset"].to_s.should eq("0")
74
+ decoded["ip_header"]["ip_data"]["tcp_is_syn"].to_s.should eq("0")
75
+ decoded["ip_header"]["ip_data"]["tcp_is_fin"].to_s.should eq("0")
76
+ decoded["ip_header"]["ip_data"]["tcp_window_size"].to_s.should eq("147")
77
+ decoded["ip_header"]["ip_data"]["tcp_checksum"].to_s.should eq("13042")
78
+ decoded["ip_header"]["ip_data"]["tcp_urgent_pointer"].to_s.should eq("0")
79
79
  end
80
80
  end
81
81
 
82
82
 
83
83
  describe EthernetHeader do
84
- it "should decode ipv4 over udp header" do
85
- payload = IO.read(File.join(File.dirname(__FILE__), "ethernet_ipv4_over_udp_header.dat"), :mode => "rb")
84
+ it "should decode ethernet ipv4 udp header" do
85
+ payload = IO.read(File.join(File.dirname(__FILE__), "ethernet_ipv4_udp_header.dat"), :mode => "rb")
86
86
  decoded = EthernetHeader.new(:size_header => payload.bytesize * 8).read(payload)
87
87
 
88
88
  decoded["eth_dst"].to_s.should eq("00:23:e9:78:16:c6")
89
89
  decoded["eth_src"].to_s.should eq("58:f3:9c:81:4b:81")
90
90
  decoded["eth_type"].to_s.should eq("2048")
91
- decoded["layer3"]["header"]["dst_ip"].to_s.should eq("10.243.27.9")
92
- decoded["layer3"]["header"]["layer4"]["dst_port"].to_s.should eq("514")
91
+ decoded["eth_data"]["ip_header"]["dst_ip"].to_s.should eq("10.243.27.9")
92
+ decoded["eth_data"]["ip_header"]["ip_data"]["dst_port"].to_s.should eq("514")
93
+ end
94
+ end
95
+
96
+
97
+ describe EthernetHeader do
98
+ it "should decode ethernet vlan ipv4 tcp header" do
99
+ payload = IO.read(File.join(File.dirname(__FILE__), "ethernet_vlan_ipv4_tcp_header.dat"), :mode => "rb")
100
+ decoded = EthernetHeader.new(:size_header => payload.bytesize * 8).read(payload)
101
+
102
+ decoded["eth_dst"].to_s.should eq("a0:36:9f:71:d2:e0")
103
+ decoded["eth_src"].to_s.should eq("00:09:0f:09:37:1c")
104
+ decoded["eth_type"].to_s.should eq("33024")
105
+ decoded["eth_data"]["vlan_id"].to_s.should eq("2422")
106
+ decoded["eth_data"]["vlan_type"].to_s.should eq("2048")
93
107
  end
94
108
  end
@@ -15,9 +15,13 @@ describe SFlow do
15
15
  decoded = SFlow.read(payload)
16
16
  end
17
17
 
18
-
19
18
  it "should decode sflow sample" do
20
19
  payload = IO.read(File.join(File.dirname(__FILE__), "sflow_flow_sample.dat"), :mode => "rb")
21
20
  decoded = SFlow.read(payload)
22
21
  end
22
+
23
+ it "should decode sflow sample eth vlan" do
24
+ payload = IO.read(File.join(File.dirname(__FILE__), "sflow_flow_sample_eth_vlan.dat"), :mode => "rb")
25
+ decoded = SFlow.read(payload)
26
+ end
23
27
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-codec-sflow
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.0
4
+ version: 0.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nicolas Fraison
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-12-22 00:00:00.000000000 Z
11
+ date: 2015-12-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -44,6 +44,34 @@ dependencies:
44
44
  - - ">="
45
45
  - !ruby/object:Gem::Version
46
46
  version: 2.1.0
47
+ - !ruby/object:Gem::Dependency
48
+ requirement: !ruby/object:Gem::Requirement
49
+ requirements:
50
+ - - ">="
51
+ - !ruby/object:Gem::Version
52
+ version: 1.1.0
53
+ name: lru_redux
54
+ prerelease: false
55
+ type: :runtime
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ version: 1.1.0
61
+ - !ruby/object:Gem::Dependency
62
+ requirement: !ruby/object:Gem::Requirement
63
+ requirements:
64
+ - - ">="
65
+ - !ruby/object:Gem::Version
66
+ version: 1.2.0
67
+ name: snmp
68
+ prerelease: false
69
+ type: :runtime
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - ">="
73
+ - !ruby/object:Gem::Version
74
+ version: 1.2.0
47
75
  - !ruby/object:Gem::Dependency
48
76
  requirement: !ruby/object:Gem::Requirement
49
77
  requirements:
@@ -77,15 +105,18 @@ files:
77
105
  - lib/logstash/codecs/sflow/packet_header.rb
78
106
  - lib/logstash/codecs/sflow/sample.rb
79
107
  - lib/logstash/codecs/sflow/util.rb
108
+ - lib/logstash/codecs/snmp/interface_resolver.rb
80
109
  - logstash-codec-sflow.gemspec
81
- - spec/codecs/sflow/ethernet_ipv4_over_udp_header.dat
82
- - spec/codecs/sflow/ipv4_over_tcp_header.dat
110
+ - spec/codecs/sflow/ethernet_ipv4_udp_header.dat
111
+ - spec/codecs/sflow/ethernet_vlan_ipv4_tcp_header.dat
112
+ - spec/codecs/sflow/ipv4_tcp_header.dat
83
113
  - spec/codecs/sflow/packet_header_spec.rb
84
114
  - spec/codecs/sflow/tcp.dat
85
115
  - spec/codecs/sflow/udp.dat
86
116
  - spec/codecs/sflow_1_counters_sample.dat
87
117
  - spec/codecs/sflow_counters_sample.dat
88
118
  - spec/codecs/sflow_flow_sample.dat
119
+ - spec/codecs/sflow_flow_sample_eth_vlan.dat
89
120
  - spec/codecs/sflow_spec.rb
90
121
  homepage: ''
91
122
  licenses:
@@ -114,12 +145,14 @@ signing_key:
114
145
  specification_version: 4
115
146
  summary: The sflow codec is for decoding SFlow v5 flows.
116
147
  test_files:
117
- - spec/codecs/sflow/ethernet_ipv4_over_udp_header.dat
118
- - spec/codecs/sflow/ipv4_over_tcp_header.dat
148
+ - spec/codecs/sflow/ethernet_ipv4_udp_header.dat
149
+ - spec/codecs/sflow/ethernet_vlan_ipv4_tcp_header.dat
150
+ - spec/codecs/sflow/ipv4_tcp_header.dat
119
151
  - spec/codecs/sflow/packet_header_spec.rb
120
152
  - spec/codecs/sflow/tcp.dat
121
153
  - spec/codecs/sflow/udp.dat
122
154
  - spec/codecs/sflow_1_counters_sample.dat
123
155
  - spec/codecs/sflow_counters_sample.dat
124
156
  - spec/codecs/sflow_flow_sample.dat
157
+ - spec/codecs/sflow_flow_sample_eth_vlan.dat
125
158
  - spec/codecs/sflow_spec.rb