logstash-codec-sflow 0.9.0 → 0.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +9 -7
- data/lib/logstash/codecs/sflow.rb +69 -24
- data/lib/logstash/codecs/sflow/packet_header.rb +22 -7
- data/lib/logstash/codecs/snmp/interface_resolver.rb +21 -0
- data/logstash-codec-sflow.gemspec +3 -1
- data/spec/codecs/sflow/{ethernet_ipv4_over_udp_header.dat → ethernet_ipv4_udp_header.dat} +0 -0
- data/spec/codecs/sflow/ethernet_vlan_ipv4_tcp_header.dat +0 -0
- data/spec/codecs/sflow/{ipv4_over_tcp_header.dat → ipv4_tcp_header.dat} +0 -0
- data/spec/codecs/sflow/packet_header_spec.rb +49 -35
- data/spec/codecs/sflow_flow_sample_eth_vlan.dat +0 -0
- data/spec/codecs/sflow_spec.rb +5 -1
- metadata +39 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ee69bffd79c2302c265793141d26e6ae3c326632
|
4
|
+
data.tar.gz: 9eacb61fc2d49846dd66157d429fef84389346d4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 542aab3cbbd1c11b87914b4533fd38c2451cbfd236b341df4d93aaef680ee253fb1ab57b4144c9be2c8aa13dd1c45b147ef0121d9e11e43728ce9a8ce5d99578
|
7
|
+
data.tar.gz: 7403d549f59c9bedf7a911efd7590e508d1f29531d48680c4bbfb37084b322a1443663e28cd3ebd3016144866709da65816e14b9ea4148966f1a7e3bd493ea25
|
data/README.md
CHANGED
@@ -1,16 +1,18 @@
|
|
1
1
|
# Logstash Codec SFlow Plugin
|
2
2
|
## Description
|
3
|
-
Logstash codec plugin to decode sflow codec
|
3
|
+
Logstash codec plugin to decode sflow codec.
|
4
|
+
|
4
5
|
This codec manage flow sample and counter flow.
|
5
6
|
|
6
|
-
For the flow sample it is able to decode Ethernet, IPv4, UDP and TCP header
|
7
|
+
For the flow sample it is able to decode Ethernet, 802.1Q VLAN, IPv4, UDP and TCP header
|
7
8
|
|
8
9
|
For the counter flow it is able to decode some records of type:
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
10
|
+
|
11
|
+
- Generic Interface
|
12
|
+
- Ethernet Interface
|
13
|
+
- VLAN
|
14
|
+
- Processor Information
|
15
|
+
- HTTP
|
14
16
|
|
15
17
|
|
16
18
|
[![Build
|
@@ -9,23 +9,42 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
9
9
|
# Specify which Sflow versions you will accept.
|
10
10
|
config :versions, :validate => :array, :default => [5]
|
11
11
|
|
12
|
-
# Specify which sflow must not be send in the event
|
13
|
-
config :optional_removed_field, :validate => :array, :default => %w(sflow_version ip_version header_size
|
12
|
+
# Specify which sflow fields must not be send in the event
|
13
|
+
config :optional_removed_field, :validate => :array, :default => %w(sflow_version ip_version header_size
|
14
|
+
ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags ip_fragment_offset ip_ttl ip_checksum
|
15
|
+
ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo
|
16
|
+
tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin tcp_window_size tcp_checksum
|
17
|
+
tcp_urgent_pointer tcp_options vlan_cfi sequence_number flow_sequence_number vlan_type udp_length udp_checksum)
|
14
18
|
|
19
|
+
# Specify if codec must perform SNMP call so agent_ip for interface resolution.
|
20
|
+
config :snmp_interface, :validate => :boolean, :default => true
|
21
|
+
|
22
|
+
# Specify if codec must perform SNMP call so agent_ip for interface resolution.
|
23
|
+
config :snmp_community, :validate => :string, :default => 'public'
|
24
|
+
|
25
|
+
# Specify the max number of element in the interface resolution local cache (only if snmp_interface true)
|
26
|
+
config :interface_cache_size, :validate => :number, :default => 1000
|
27
|
+
|
28
|
+
# Specify the duration for each element in the interface resolution local cache (only if snmp_interface true)
|
29
|
+
config :interface_cache_ttl, :validate => :number, :default => 3600
|
15
30
|
|
16
31
|
def initialize(params = {})
|
17
32
|
super(params)
|
18
33
|
@threadsafe = false
|
19
|
-
# noinspection RubyResolve
|
20
|
-
@removed_field = %w(records record_data record_length record_count record_entreprise record_format samples sample_data sample_entreprise sample_format sample_length sample_count sample_header layer3 layer4 layer4_data header udata) | @optional_removed_field
|
21
34
|
end
|
22
35
|
|
23
36
|
# def initialize
|
24
37
|
|
25
38
|
def assign_key_value(event, bindata_kv)
|
26
|
-
bindata_kv.
|
27
|
-
|
28
|
-
|
39
|
+
unless bindata_kv.nil? or bindata_kv.to_s.eql? ''
|
40
|
+
bindata_kv.each_pair do |k, v|
|
41
|
+
if v.is_a?(BinData::Choice)
|
42
|
+
assign_key_value(event, bindata_kv[k])
|
43
|
+
else
|
44
|
+
unless @removed_field.include? k.to_s or v.is_a?(BinData::Array)
|
45
|
+
event["#{k.to_s}"] = v.to_s
|
46
|
+
end
|
47
|
+
end
|
29
48
|
end
|
30
49
|
end
|
31
50
|
end
|
@@ -34,17 +53,41 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
34
53
|
# @param [Object] decoded
|
35
54
|
# @param [Object] sample
|
36
55
|
# @param [Object] record
|
37
|
-
def common_sflow(event, decoded, sample
|
56
|
+
def common_sflow(event, decoded, sample)
|
57
|
+
event['agent_ip'] = decoded['agent_ip'].to_s
|
38
58
|
assign_key_value(event, decoded)
|
39
59
|
assign_key_value(event, sample)
|
40
|
-
|
41
|
-
|
42
|
-
|
60
|
+
end
|
61
|
+
|
62
|
+
def snmp_call(event)
|
63
|
+
if @snmp_interface
|
64
|
+
if event.include?('source_id_index')
|
65
|
+
event["source_id_index"] = @snmp.get_interface(event["agent_ip"], event["source_id_index"])
|
66
|
+
end
|
67
|
+
if event.include?('input_interface')
|
68
|
+
event["input_interface"] = @snmp.get_interface(event["agent_ip"], event["input_interface"])
|
69
|
+
end
|
70
|
+
if event.include?('output_interface')
|
71
|
+
event["output_interface"] = @snmp.get_interface(event["agent_ip"], event["output_interface"])
|
72
|
+
end
|
73
|
+
if event.include?('interface_index')
|
74
|
+
event["interface_index"] = @snmp.get_interface(event["agent_ip"], event["interface_index"])
|
75
|
+
end
|
76
|
+
end
|
43
77
|
end
|
44
78
|
|
45
79
|
public
|
46
80
|
def register
|
47
81
|
require 'logstash/codecs/sflow/datagram'
|
82
|
+
require 'logstash/codecs/snmp/interface_resolver'
|
83
|
+
|
84
|
+
# noinspection RubyResolve
|
85
|
+
@removed_field = %w(record_length record_count record_entreprise record_format sample_entreprise sample_format
|
86
|
+
sample_length sample_count sample_header data storage) | @optional_removed_field
|
87
|
+
|
88
|
+
if @snmp_interface
|
89
|
+
@snmp = SNMPInterfaceResolver.new(@snmp_community, @interface_cache_size, @interface_cache_ttl)
|
90
|
+
end
|
48
91
|
end
|
49
92
|
|
50
93
|
# def register
|
@@ -71,7 +114,9 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
71
114
|
#treat sample flow
|
72
115
|
if sample['sample_entreprise'] == 0 && sample['sample_format'] == 1
|
73
116
|
# Create the logstash event
|
74
|
-
event = LogStash::Event.new
|
117
|
+
event = LogStash::Event.new({})
|
118
|
+
common_sflow(event, decoded, sample)
|
119
|
+
|
75
120
|
sample['sample_data']['records'].each do |record|
|
76
121
|
# Ensure that some data exist for the record
|
77
122
|
if record['record_data'].to_s.eql? ''
|
@@ -79,16 +124,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
79
124
|
next
|
80
125
|
end
|
81
126
|
|
82
|
-
|
83
|
-
|
84
|
-
unless record['record_data']['sample_header'].to_s.eql? ''
|
85
|
-
assign_key_value(event, record['record_data']['sample_header'])
|
86
|
-
|
87
|
-
if record['record_data']['sample_header'].has_key?('layer3')
|
88
|
-
assign_key_value(event, record['record_data']['sample_header']['layer3']['header'])
|
89
|
-
assign_key_value(event, record['record_data']['sample_header']['layer3']['header']['layer4'])
|
90
|
-
end
|
91
|
-
end
|
127
|
+
assign_key_value(event, record)
|
92
128
|
|
93
129
|
end
|
94
130
|
#compute frame_length_times_sampling_rate
|
@@ -97,6 +133,10 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
97
133
|
end
|
98
134
|
|
99
135
|
event["sflow_type"] = 'sample'
|
136
|
+
|
137
|
+
#Get interface dfescr if snmp_interface true
|
138
|
+
snmp_call(event)
|
139
|
+
|
100
140
|
events.push(event)
|
101
141
|
|
102
142
|
#treat counter flow
|
@@ -109,11 +149,16 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
109
149
|
end
|
110
150
|
|
111
151
|
# Create the logstash event
|
112
|
-
event = LogStash::Event.new
|
152
|
+
event = LogStash::Event.new({})
|
153
|
+
common_sflow(event, decoded, sample)
|
113
154
|
|
114
|
-
|
155
|
+
assign_key_value(event, record)
|
115
156
|
|
116
157
|
event["sflow_type"] = 'counter'
|
158
|
+
|
159
|
+
#Get interface dfescr if snmp_interface true
|
160
|
+
snmp_call(event)
|
161
|
+
|
117
162
|
events.push(event)
|
118
163
|
end
|
119
164
|
end
|
@@ -9,7 +9,7 @@ class UnknownHeader < BinData::Record
|
|
9
9
|
mandatory_parameter :size_header
|
10
10
|
|
11
11
|
endian :big
|
12
|
-
bit :
|
12
|
+
bit :data, :nbits => :size_header
|
13
13
|
end
|
14
14
|
|
15
15
|
|
@@ -39,7 +39,7 @@ class TcpHeader < BinData::Record
|
|
39
39
|
array :tcp_options, :initial_length => lambda { (((tcp_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
|
40
40
|
string :tcp_option, :length => 4, :pad_byte => "\0"
|
41
41
|
end
|
42
|
-
bit :
|
42
|
+
bit :data, :nbits => lambda { size_header - (tcp_header_length * 4 * 8) }
|
43
43
|
|
44
44
|
def is_options?
|
45
45
|
tcp_header_length.to_i > 5
|
@@ -56,7 +56,7 @@ class UdpHeader < BinData::Record
|
|
56
56
|
uint16 :udp_length
|
57
57
|
uint16 :udp_checksum
|
58
58
|
#skip :length => lambda { udp_length - 64 } #skip udp data
|
59
|
-
bit :
|
59
|
+
bit :data, :nbits => lambda { size_header - 64 } #skip udp data
|
60
60
|
end
|
61
61
|
|
62
62
|
# noinspection RubyResolve,RubyResolve
|
@@ -79,7 +79,7 @@ class IPV4Header < BinData::Record
|
|
79
79
|
array :ip_options, :initial_length => lambda { (((ip_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
|
80
80
|
string :ip_option, :length => 4, :pad_byte => "\0"
|
81
81
|
end
|
82
|
-
choice :
|
82
|
+
choice :ip_data, :selection => :ip_protocol do
|
83
83
|
tcp_header 6, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
|
84
84
|
udp_header 17, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
|
85
85
|
unknown_header :default, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
|
@@ -90,19 +90,33 @@ class IPV4Header < BinData::Record
|
|
90
90
|
end
|
91
91
|
end
|
92
92
|
|
93
|
-
|
94
93
|
# noinspection RubyResolve
|
95
94
|
class IPHeader < BinData::Record
|
96
95
|
mandatory_parameter :size_header
|
97
96
|
|
98
97
|
endian :big
|
99
98
|
bit4 :ip_version
|
100
|
-
choice :
|
99
|
+
choice :ip_header, :selection => :ip_version do
|
101
100
|
ipv4_header 4, :size_header => :size_header
|
102
101
|
unknown_header :default, :size_header => lambda { size_header - 4 }
|
103
102
|
end
|
104
103
|
end
|
105
104
|
|
105
|
+
# noinspection RubyResolve
|
106
|
+
class VLANHeader < BinData::Record
|
107
|
+
mandatory_parameter :size_header
|
108
|
+
|
109
|
+
endian :big
|
110
|
+
bit3 :vlan_priority
|
111
|
+
bit1 :vlan_cfi
|
112
|
+
bit12 :vlan_id
|
113
|
+
uint16 :vlan_type
|
114
|
+
choice :vlan_data, :selection => :vlan_type do
|
115
|
+
ip_header 2048, :size_header => lambda { size_header - (4 * 8) }
|
116
|
+
unknown_header :default, :size_header => lambda { size_header - (4 * 8) }
|
117
|
+
end
|
118
|
+
end
|
119
|
+
|
106
120
|
# noinspection RubyResolve
|
107
121
|
class EthernetHeader < BinData::Record
|
108
122
|
mandatory_parameter :size_header
|
@@ -111,8 +125,9 @@ class EthernetHeader < BinData::Record
|
|
111
125
|
sflow_mac_address :eth_dst
|
112
126
|
sflow_mac_address :eth_src
|
113
127
|
uint16 :eth_type
|
114
|
-
choice :
|
128
|
+
choice :eth_data, :selection => :eth_type do
|
115
129
|
ip_header 2048, :size_header => lambda { size_header - (14 * 8) }
|
130
|
+
vlan_header 33024, :size_header => lambda { size_header - (14 * 8) }
|
116
131
|
unknown_header :default, :size_header => lambda { size_header - (14 * 8) }
|
117
132
|
end
|
118
133
|
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'snmp'
|
2
|
+
require 'lru_redux'
|
3
|
+
|
4
|
+
class SNMPInterfaceResolver
|
5
|
+
def initialize(community, cache_size, cache_ttl)
|
6
|
+
@community = community
|
7
|
+
@cacheSnmpInterface = LruRedux::TTL::Cache.new(cache_size, cache_ttl)
|
8
|
+
end
|
9
|
+
|
10
|
+
def get_interface(host, ifIndex)
|
11
|
+
unless @cacheSnmpInterface.key?("#{host}-#{ifIndex}")
|
12
|
+
SNMP::Manager.open(:host => host, :community => @community, :version => :SNMPv2c) do |manager|
|
13
|
+
response = manager.get("ifDescr.#{ifIndex}")
|
14
|
+
response.each_varbind do |vb|
|
15
|
+
@cacheSnmpInterface["#{host}-#{ifIndex}"] = vb.value.to_s
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
return @cacheSnmpInterface["#{host}-#{ifIndex}"]
|
20
|
+
end
|
21
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-codec-sflow'
|
4
|
-
s.version = '0.
|
4
|
+
s.version = '0.10.0'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "The sflow codec is for decoding SFlow v5 flows."
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
@@ -22,6 +22,8 @@ Gem::Specification.new do |s|
|
|
22
22
|
# Gem dependencies
|
23
23
|
s.add_runtime_dependency "logstash-core", ">= 1.4.0", "< 3.0.0"
|
24
24
|
s.add_runtime_dependency 'bindata', ['>= 2.1.0']
|
25
|
+
s.add_runtime_dependency 'lru_redux', ['>= 1.1.0']
|
26
|
+
s.add_runtime_dependency 'snmp', ['>= 1.2.0']
|
25
27
|
s.add_development_dependency 'logstash-devutils'
|
26
28
|
end
|
27
29
|
|
File without changes
|
Binary file
|
File without changes
|
@@ -42,53 +42,67 @@ end
|
|
42
42
|
|
43
43
|
|
44
44
|
describe IPHeader do
|
45
|
-
it "should decode ipv4
|
46
|
-
payload = IO.read(File.join(File.dirname(__FILE__), "
|
45
|
+
it "should decode ipv4 tcp header" do
|
46
|
+
payload = IO.read(File.join(File.dirname(__FILE__), "ipv4_tcp_header.dat"), :mode => "rb")
|
47
47
|
decoded = IPHeader.new(:size_header => payload.bytesize * 8).read(payload)
|
48
48
|
|
49
49
|
decoded["ip_version"].to_s.should eq("4")
|
50
|
-
decoded["
|
51
|
-
decoded["
|
52
|
-
decoded["
|
53
|
-
decoded["
|
54
|
-
decoded["
|
55
|
-
decoded["
|
56
|
-
decoded["
|
57
|
-
decoded["
|
58
|
-
decoded["
|
59
|
-
decoded["
|
60
|
-
decoded["
|
61
|
-
decoded["
|
62
|
-
decoded["
|
63
|
-
decoded["
|
64
|
-
decoded["
|
65
|
-
decoded["
|
66
|
-
(decoded["
|
67
|
-
decoded["
|
68
|
-
decoded["
|
69
|
-
decoded["
|
70
|
-
decoded["
|
71
|
-
decoded["
|
72
|
-
decoded["
|
73
|
-
decoded["
|
74
|
-
decoded["
|
75
|
-
decoded["
|
76
|
-
decoded["
|
77
|
-
decoded["
|
78
|
-
decoded["
|
50
|
+
decoded["ip_header"]["ip_header_length"].to_s.should eq("5")
|
51
|
+
decoded["ip_header"]["ip_dscp"].to_s.should eq("0")
|
52
|
+
decoded["ip_header"]["ip_ecn"].to_s.should eq("0")
|
53
|
+
decoded["ip_header"]["ip_total_length"].to_s.should eq("476")
|
54
|
+
decoded["ip_header"]["ip_identification"].to_s.should eq("30529")
|
55
|
+
decoded["ip_header"]["ip_flags"].to_s.should eq("2")
|
56
|
+
decoded["ip_header"]["ip_fragment_offset"].to_s.should eq("0")
|
57
|
+
decoded["ip_header"]["ip_ttl"].to_s.should eq("62")
|
58
|
+
decoded["ip_header"]["ip_protocol"].to_s.should eq("6")
|
59
|
+
decoded["ip_header"]["ip_checksum"].to_s.should eq("37559")
|
60
|
+
decoded["ip_header"]["src_ip"].to_s.should eq("10.243.27.17")
|
61
|
+
decoded["ip_header"]["dst_ip"].to_s.should eq("10.243.0.45")
|
62
|
+
decoded["ip_header"]["ip_data"]["src_port"].to_s.should eq("5672")
|
63
|
+
decoded["ip_header"]["ip_data"]["dst_port"].to_s.should eq("59451")
|
64
|
+
decoded["ip_header"]["ip_data"]["tcp_seq_number"].to_s.should eq("2671357038")
|
65
|
+
decoded["ip_header"]["ip_data"]["tcp_ack_number"].to_s.should eq("2651945969")
|
66
|
+
(decoded["ip_header"]["ip_data"]["tcp_header_length"].to_i*4).to_s.should eq("32")
|
67
|
+
decoded["ip_header"]["ip_data"]["tcp_is_nonce"].to_s.should eq("0")
|
68
|
+
decoded["ip_header"]["ip_data"]["tcp_is_cwr"].to_s.should eq("0")
|
69
|
+
decoded["ip_header"]["ip_data"]["tcp_is_ecn_echo"].to_s.should eq("0")
|
70
|
+
decoded["ip_header"]["ip_data"]["tcp_is_urgent"].to_s.should eq("0")
|
71
|
+
decoded["ip_header"]["ip_data"]["tcp_is_ack"].to_s.should eq("1")
|
72
|
+
decoded["ip_header"]["ip_data"]["tcp_is_push"].to_s.should eq("1")
|
73
|
+
decoded["ip_header"]["ip_data"]["tcp_is_reset"].to_s.should eq("0")
|
74
|
+
decoded["ip_header"]["ip_data"]["tcp_is_syn"].to_s.should eq("0")
|
75
|
+
decoded["ip_header"]["ip_data"]["tcp_is_fin"].to_s.should eq("0")
|
76
|
+
decoded["ip_header"]["ip_data"]["tcp_window_size"].to_s.should eq("147")
|
77
|
+
decoded["ip_header"]["ip_data"]["tcp_checksum"].to_s.should eq("13042")
|
78
|
+
decoded["ip_header"]["ip_data"]["tcp_urgent_pointer"].to_s.should eq("0")
|
79
79
|
end
|
80
80
|
end
|
81
81
|
|
82
82
|
|
83
83
|
describe EthernetHeader do
|
84
|
-
it "should decode ipv4
|
85
|
-
payload = IO.read(File.join(File.dirname(__FILE__), "
|
84
|
+
it "should decode ethernet ipv4 udp header" do
|
85
|
+
payload = IO.read(File.join(File.dirname(__FILE__), "ethernet_ipv4_udp_header.dat"), :mode => "rb")
|
86
86
|
decoded = EthernetHeader.new(:size_header => payload.bytesize * 8).read(payload)
|
87
87
|
|
88
88
|
decoded["eth_dst"].to_s.should eq("00:23:e9:78:16:c6")
|
89
89
|
decoded["eth_src"].to_s.should eq("58:f3:9c:81:4b:81")
|
90
90
|
decoded["eth_type"].to_s.should eq("2048")
|
91
|
-
decoded["
|
92
|
-
decoded["
|
91
|
+
decoded["eth_data"]["ip_header"]["dst_ip"].to_s.should eq("10.243.27.9")
|
92
|
+
decoded["eth_data"]["ip_header"]["ip_data"]["dst_port"].to_s.should eq("514")
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
|
97
|
+
describe EthernetHeader do
|
98
|
+
it "should decode ethernet vlan ipv4 tcp header" do
|
99
|
+
payload = IO.read(File.join(File.dirname(__FILE__), "ethernet_vlan_ipv4_tcp_header.dat"), :mode => "rb")
|
100
|
+
decoded = EthernetHeader.new(:size_header => payload.bytesize * 8).read(payload)
|
101
|
+
|
102
|
+
decoded["eth_dst"].to_s.should eq("a0:36:9f:71:d2:e0")
|
103
|
+
decoded["eth_src"].to_s.should eq("00:09:0f:09:37:1c")
|
104
|
+
decoded["eth_type"].to_s.should eq("33024")
|
105
|
+
decoded["eth_data"]["vlan_id"].to_s.should eq("2422")
|
106
|
+
decoded["eth_data"]["vlan_type"].to_s.should eq("2048")
|
93
107
|
end
|
94
108
|
end
|
Binary file
|
data/spec/codecs/sflow_spec.rb
CHANGED
@@ -15,9 +15,13 @@ describe SFlow do
|
|
15
15
|
decoded = SFlow.read(payload)
|
16
16
|
end
|
17
17
|
|
18
|
-
|
19
18
|
it "should decode sflow sample" do
|
20
19
|
payload = IO.read(File.join(File.dirname(__FILE__), "sflow_flow_sample.dat"), :mode => "rb")
|
21
20
|
decoded = SFlow.read(payload)
|
22
21
|
end
|
22
|
+
|
23
|
+
it "should decode sflow sample eth vlan" do
|
24
|
+
payload = IO.read(File.join(File.dirname(__FILE__), "sflow_flow_sample_eth_vlan.dat"), :mode => "rb")
|
25
|
+
decoded = SFlow.read(payload)
|
26
|
+
end
|
23
27
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-codec-sflow
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.10.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nicolas Fraison
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-12-
|
11
|
+
date: 2015-12-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -44,6 +44,34 @@ dependencies:
|
|
44
44
|
- - ">="
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: 2.1.0
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
requirements:
|
50
|
+
- - ">="
|
51
|
+
- !ruby/object:Gem::Version
|
52
|
+
version: 1.1.0
|
53
|
+
name: lru_redux
|
54
|
+
prerelease: false
|
55
|
+
type: :runtime
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - ">="
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: 1.1.0
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
requirement: !ruby/object:Gem::Requirement
|
63
|
+
requirements:
|
64
|
+
- - ">="
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: 1.2.0
|
67
|
+
name: snmp
|
68
|
+
prerelease: false
|
69
|
+
type: :runtime
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - ">="
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: 1.2.0
|
47
75
|
- !ruby/object:Gem::Dependency
|
48
76
|
requirement: !ruby/object:Gem::Requirement
|
49
77
|
requirements:
|
@@ -77,15 +105,18 @@ files:
|
|
77
105
|
- lib/logstash/codecs/sflow/packet_header.rb
|
78
106
|
- lib/logstash/codecs/sflow/sample.rb
|
79
107
|
- lib/logstash/codecs/sflow/util.rb
|
108
|
+
- lib/logstash/codecs/snmp/interface_resolver.rb
|
80
109
|
- logstash-codec-sflow.gemspec
|
81
|
-
- spec/codecs/sflow/
|
82
|
-
- spec/codecs/sflow/
|
110
|
+
- spec/codecs/sflow/ethernet_ipv4_udp_header.dat
|
111
|
+
- spec/codecs/sflow/ethernet_vlan_ipv4_tcp_header.dat
|
112
|
+
- spec/codecs/sflow/ipv4_tcp_header.dat
|
83
113
|
- spec/codecs/sflow/packet_header_spec.rb
|
84
114
|
- spec/codecs/sflow/tcp.dat
|
85
115
|
- spec/codecs/sflow/udp.dat
|
86
116
|
- spec/codecs/sflow_1_counters_sample.dat
|
87
117
|
- spec/codecs/sflow_counters_sample.dat
|
88
118
|
- spec/codecs/sflow_flow_sample.dat
|
119
|
+
- spec/codecs/sflow_flow_sample_eth_vlan.dat
|
89
120
|
- spec/codecs/sflow_spec.rb
|
90
121
|
homepage: ''
|
91
122
|
licenses:
|
@@ -114,12 +145,14 @@ signing_key:
|
|
114
145
|
specification_version: 4
|
115
146
|
summary: The sflow codec is for decoding SFlow v5 flows.
|
116
147
|
test_files:
|
117
|
-
- spec/codecs/sflow/
|
118
|
-
- spec/codecs/sflow/
|
148
|
+
- spec/codecs/sflow/ethernet_ipv4_udp_header.dat
|
149
|
+
- spec/codecs/sflow/ethernet_vlan_ipv4_tcp_header.dat
|
150
|
+
- spec/codecs/sflow/ipv4_tcp_header.dat
|
119
151
|
- spec/codecs/sflow/packet_header_spec.rb
|
120
152
|
- spec/codecs/sflow/tcp.dat
|
121
153
|
- spec/codecs/sflow/udp.dat
|
122
154
|
- spec/codecs/sflow_1_counters_sample.dat
|
123
155
|
- spec/codecs/sflow_counters_sample.dat
|
124
156
|
- spec/codecs/sflow_flow_sample.dat
|
157
|
+
- spec/codecs/sflow_flow_sample_eth_vlan.dat
|
125
158
|
- spec/codecs/sflow_spec.rb
|