logstash-codec-sflow 0.9.0 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +9 -7
- data/lib/logstash/codecs/sflow.rb +69 -24
- data/lib/logstash/codecs/sflow/packet_header.rb +22 -7
- data/lib/logstash/codecs/snmp/interface_resolver.rb +21 -0
- data/logstash-codec-sflow.gemspec +3 -1
- data/spec/codecs/sflow/{ethernet_ipv4_over_udp_header.dat → ethernet_ipv4_udp_header.dat} +0 -0
- data/spec/codecs/sflow/ethernet_vlan_ipv4_tcp_header.dat +0 -0
- data/spec/codecs/sflow/{ipv4_over_tcp_header.dat → ipv4_tcp_header.dat} +0 -0
- data/spec/codecs/sflow/packet_header_spec.rb +49 -35
- data/spec/codecs/sflow_flow_sample_eth_vlan.dat +0 -0
- data/spec/codecs/sflow_spec.rb +5 -1
- metadata +39 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ee69bffd79c2302c265793141d26e6ae3c326632
|
4
|
+
data.tar.gz: 9eacb61fc2d49846dd66157d429fef84389346d4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 542aab3cbbd1c11b87914b4533fd38c2451cbfd236b341df4d93aaef680ee253fb1ab57b4144c9be2c8aa13dd1c45b147ef0121d9e11e43728ce9a8ce5d99578
|
7
|
+
data.tar.gz: 7403d549f59c9bedf7a911efd7590e508d1f29531d48680c4bbfb37084b322a1443663e28cd3ebd3016144866709da65816e14b9ea4148966f1a7e3bd493ea25
|
data/README.md
CHANGED
@@ -1,16 +1,18 @@
|
|
1
1
|
# Logstash Codec SFlow Plugin
|
2
2
|
## Description
|
3
|
-
Logstash codec plugin to decode sflow codec
|
3
|
+
Logstash codec plugin to decode sflow codec.
|
4
|
+
|
4
5
|
This codec manage flow sample and counter flow.
|
5
6
|
|
6
|
-
For the flow sample it is able to decode Ethernet, IPv4, UDP and TCP header
|
7
|
+
For the flow sample it is able to decode Ethernet, 802.1Q VLAN, IPv4, UDP and TCP header
|
7
8
|
|
8
9
|
For the counter flow it is able to decode some records of type:
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
10
|
+
|
11
|
+
- Generic Interface
|
12
|
+
- Ethernet Interface
|
13
|
+
- VLAN
|
14
|
+
- Processor Information
|
15
|
+
- HTTP
|
14
16
|
|
15
17
|
|
16
18
|
[![Build
|
@@ -9,23 +9,42 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
9
9
|
# Specify which Sflow versions you will accept.
|
10
10
|
config :versions, :validate => :array, :default => [5]
|
11
11
|
|
12
|
-
# Specify which sflow must not be send in the event
|
13
|
-
config :optional_removed_field, :validate => :array, :default => %w(sflow_version ip_version header_size
|
12
|
+
# Specify which sflow fields must not be send in the event
|
13
|
+
config :optional_removed_field, :validate => :array, :default => %w(sflow_version ip_version header_size
|
14
|
+
ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags ip_fragment_offset ip_ttl ip_checksum
|
15
|
+
ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo
|
16
|
+
tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin tcp_window_size tcp_checksum
|
17
|
+
tcp_urgent_pointer tcp_options vlan_cfi sequence_number flow_sequence_number vlan_type udp_length udp_checksum)
|
14
18
|
|
19
|
+
# Specify if codec must perform SNMP call so agent_ip for interface resolution.
|
20
|
+
config :snmp_interface, :validate => :boolean, :default => true
|
21
|
+
|
22
|
+
# Specify if codec must perform SNMP call so agent_ip for interface resolution.
|
23
|
+
config :snmp_community, :validate => :string, :default => 'public'
|
24
|
+
|
25
|
+
# Specify the max number of element in the interface resolution local cache (only if snmp_interface true)
|
26
|
+
config :interface_cache_size, :validate => :number, :default => 1000
|
27
|
+
|
28
|
+
# Specify the duration for each element in the interface resolution local cache (only if snmp_interface true)
|
29
|
+
config :interface_cache_ttl, :validate => :number, :default => 3600
|
15
30
|
|
16
31
|
def initialize(params = {})
|
17
32
|
super(params)
|
18
33
|
@threadsafe = false
|
19
|
-
# noinspection RubyResolve
|
20
|
-
@removed_field = %w(records record_data record_length record_count record_entreprise record_format samples sample_data sample_entreprise sample_format sample_length sample_count sample_header layer3 layer4 layer4_data header udata) | @optional_removed_field
|
21
34
|
end
|
22
35
|
|
23
36
|
# def initialize
|
24
37
|
|
25
38
|
def assign_key_value(event, bindata_kv)
|
26
|
-
bindata_kv.
|
27
|
-
|
28
|
-
|
39
|
+
unless bindata_kv.nil? or bindata_kv.to_s.eql? ''
|
40
|
+
bindata_kv.each_pair do |k, v|
|
41
|
+
if v.is_a?(BinData::Choice)
|
42
|
+
assign_key_value(event, bindata_kv[k])
|
43
|
+
else
|
44
|
+
unless @removed_field.include? k.to_s or v.is_a?(BinData::Array)
|
45
|
+
event["#{k.to_s}"] = v.to_s
|
46
|
+
end
|
47
|
+
end
|
29
48
|
end
|
30
49
|
end
|
31
50
|
end
|
@@ -34,17 +53,41 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
34
53
|
# @param [Object] decoded
|
35
54
|
# @param [Object] sample
|
36
55
|
# @param [Object] record
|
37
|
-
def common_sflow(event, decoded, sample
|
56
|
+
def common_sflow(event, decoded, sample)
|
57
|
+
event['agent_ip'] = decoded['agent_ip'].to_s
|
38
58
|
assign_key_value(event, decoded)
|
39
59
|
assign_key_value(event, sample)
|
40
|
-
|
41
|
-
|
42
|
-
|
60
|
+
end
|
61
|
+
|
62
|
+
def snmp_call(event)
|
63
|
+
if @snmp_interface
|
64
|
+
if event.include?('source_id_index')
|
65
|
+
event["source_id_index"] = @snmp.get_interface(event["agent_ip"], event["source_id_index"])
|
66
|
+
end
|
67
|
+
if event.include?('input_interface')
|
68
|
+
event["input_interface"] = @snmp.get_interface(event["agent_ip"], event["input_interface"])
|
69
|
+
end
|
70
|
+
if event.include?('output_interface')
|
71
|
+
event["output_interface"] = @snmp.get_interface(event["agent_ip"], event["output_interface"])
|
72
|
+
end
|
73
|
+
if event.include?('interface_index')
|
74
|
+
event["interface_index"] = @snmp.get_interface(event["agent_ip"], event["interface_index"])
|
75
|
+
end
|
76
|
+
end
|
43
77
|
end
|
44
78
|
|
45
79
|
public
|
46
80
|
def register
|
47
81
|
require 'logstash/codecs/sflow/datagram'
|
82
|
+
require 'logstash/codecs/snmp/interface_resolver'
|
83
|
+
|
84
|
+
# noinspection RubyResolve
|
85
|
+
@removed_field = %w(record_length record_count record_entreprise record_format sample_entreprise sample_format
|
86
|
+
sample_length sample_count sample_header data storage) | @optional_removed_field
|
87
|
+
|
88
|
+
if @snmp_interface
|
89
|
+
@snmp = SNMPInterfaceResolver.new(@snmp_community, @interface_cache_size, @interface_cache_ttl)
|
90
|
+
end
|
48
91
|
end
|
49
92
|
|
50
93
|
# def register
|
@@ -71,7 +114,9 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
71
114
|
#treat sample flow
|
72
115
|
if sample['sample_entreprise'] == 0 && sample['sample_format'] == 1
|
73
116
|
# Create the logstash event
|
74
|
-
event = LogStash::Event.new
|
117
|
+
event = LogStash::Event.new({})
|
118
|
+
common_sflow(event, decoded, sample)
|
119
|
+
|
75
120
|
sample['sample_data']['records'].each do |record|
|
76
121
|
# Ensure that some data exist for the record
|
77
122
|
if record['record_data'].to_s.eql? ''
|
@@ -79,16 +124,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
79
124
|
next
|
80
125
|
end
|
81
126
|
|
82
|
-
|
83
|
-
|
84
|
-
unless record['record_data']['sample_header'].to_s.eql? ''
|
85
|
-
assign_key_value(event, record['record_data']['sample_header'])
|
86
|
-
|
87
|
-
if record['record_data']['sample_header'].has_key?('layer3')
|
88
|
-
assign_key_value(event, record['record_data']['sample_header']['layer3']['header'])
|
89
|
-
assign_key_value(event, record['record_data']['sample_header']['layer3']['header']['layer4'])
|
90
|
-
end
|
91
|
-
end
|
127
|
+
assign_key_value(event, record)
|
92
128
|
|
93
129
|
end
|
94
130
|
#compute frame_length_times_sampling_rate
|
@@ -97,6 +133,10 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
97
133
|
end
|
98
134
|
|
99
135
|
event["sflow_type"] = 'sample'
|
136
|
+
|
137
|
+
#Get interface dfescr if snmp_interface true
|
138
|
+
snmp_call(event)
|
139
|
+
|
100
140
|
events.push(event)
|
101
141
|
|
102
142
|
#treat counter flow
|
@@ -109,11 +149,16 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
109
149
|
end
|
110
150
|
|
111
151
|
# Create the logstash event
|
112
|
-
event = LogStash::Event.new
|
152
|
+
event = LogStash::Event.new({})
|
153
|
+
common_sflow(event, decoded, sample)
|
113
154
|
|
114
|
-
|
155
|
+
assign_key_value(event, record)
|
115
156
|
|
116
157
|
event["sflow_type"] = 'counter'
|
158
|
+
|
159
|
+
#Get interface dfescr if snmp_interface true
|
160
|
+
snmp_call(event)
|
161
|
+
|
117
162
|
events.push(event)
|
118
163
|
end
|
119
164
|
end
|
@@ -9,7 +9,7 @@ class UnknownHeader < BinData::Record
|
|
9
9
|
mandatory_parameter :size_header
|
10
10
|
|
11
11
|
endian :big
|
12
|
-
bit :
|
12
|
+
bit :data, :nbits => :size_header
|
13
13
|
end
|
14
14
|
|
15
15
|
|
@@ -39,7 +39,7 @@ class TcpHeader < BinData::Record
|
|
39
39
|
array :tcp_options, :initial_length => lambda { (((tcp_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
|
40
40
|
string :tcp_option, :length => 4, :pad_byte => "\0"
|
41
41
|
end
|
42
|
-
bit :
|
42
|
+
bit :data, :nbits => lambda { size_header - (tcp_header_length * 4 * 8) }
|
43
43
|
|
44
44
|
def is_options?
|
45
45
|
tcp_header_length.to_i > 5
|
@@ -56,7 +56,7 @@ class UdpHeader < BinData::Record
|
|
56
56
|
uint16 :udp_length
|
57
57
|
uint16 :udp_checksum
|
58
58
|
#skip :length => lambda { udp_length - 64 } #skip udp data
|
59
|
-
bit :
|
59
|
+
bit :data, :nbits => lambda { size_header - 64 } #skip udp data
|
60
60
|
end
|
61
61
|
|
62
62
|
# noinspection RubyResolve,RubyResolve
|
@@ -79,7 +79,7 @@ class IPV4Header < BinData::Record
|
|
79
79
|
array :ip_options, :initial_length => lambda { (((ip_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
|
80
80
|
string :ip_option, :length => 4, :pad_byte => "\0"
|
81
81
|
end
|
82
|
-
choice :
|
82
|
+
choice :ip_data, :selection => :ip_protocol do
|
83
83
|
tcp_header 6, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
|
84
84
|
udp_header 17, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
|
85
85
|
unknown_header :default, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
|
@@ -90,19 +90,33 @@ class IPV4Header < BinData::Record
|
|
90
90
|
end
|
91
91
|
end
|
92
92
|
|
93
|
-
|
94
93
|
# noinspection RubyResolve
|
95
94
|
class IPHeader < BinData::Record
|
96
95
|
mandatory_parameter :size_header
|
97
96
|
|
98
97
|
endian :big
|
99
98
|
bit4 :ip_version
|
100
|
-
choice :
|
99
|
+
choice :ip_header, :selection => :ip_version do
|
101
100
|
ipv4_header 4, :size_header => :size_header
|
102
101
|
unknown_header :default, :size_header => lambda { size_header - 4 }
|
103
102
|
end
|
104
103
|
end
|
105
104
|
|
105
|
+
# noinspection RubyResolve
|
106
|
+
class VLANHeader < BinData::Record
|
107
|
+
mandatory_parameter :size_header
|
108
|
+
|
109
|
+
endian :big
|
110
|
+
bit3 :vlan_priority
|
111
|
+
bit1 :vlan_cfi
|
112
|
+
bit12 :vlan_id
|
113
|
+
uint16 :vlan_type
|
114
|
+
choice :vlan_data, :selection => :vlan_type do
|
115
|
+
ip_header 2048, :size_header => lambda { size_header - (4 * 8) }
|
116
|
+
unknown_header :default, :size_header => lambda { size_header - (4 * 8) }
|
117
|
+
end
|
118
|
+
end
|
119
|
+
|
106
120
|
# noinspection RubyResolve
|
107
121
|
class EthernetHeader < BinData::Record
|
108
122
|
mandatory_parameter :size_header
|
@@ -111,8 +125,9 @@ class EthernetHeader < BinData::Record
|
|
111
125
|
sflow_mac_address :eth_dst
|
112
126
|
sflow_mac_address :eth_src
|
113
127
|
uint16 :eth_type
|
114
|
-
choice :
|
128
|
+
choice :eth_data, :selection => :eth_type do
|
115
129
|
ip_header 2048, :size_header => lambda { size_header - (14 * 8) }
|
130
|
+
vlan_header 33024, :size_header => lambda { size_header - (14 * 8) }
|
116
131
|
unknown_header :default, :size_header => lambda { size_header - (14 * 8) }
|
117
132
|
end
|
118
133
|
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'snmp'
|
2
|
+
require 'lru_redux'
|
3
|
+
|
4
|
+
class SNMPInterfaceResolver
|
5
|
+
def initialize(community, cache_size, cache_ttl)
|
6
|
+
@community = community
|
7
|
+
@cacheSnmpInterface = LruRedux::TTL::Cache.new(cache_size, cache_ttl)
|
8
|
+
end
|
9
|
+
|
10
|
+
def get_interface(host, ifIndex)
|
11
|
+
unless @cacheSnmpInterface.key?("#{host}-#{ifIndex}")
|
12
|
+
SNMP::Manager.open(:host => host, :community => @community, :version => :SNMPv2c) do |manager|
|
13
|
+
response = manager.get("ifDescr.#{ifIndex}")
|
14
|
+
response.each_varbind do |vb|
|
15
|
+
@cacheSnmpInterface["#{host}-#{ifIndex}"] = vb.value.to_s
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
return @cacheSnmpInterface["#{host}-#{ifIndex}"]
|
20
|
+
end
|
21
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-codec-sflow'
|
4
|
-
s.version = '0.
|
4
|
+
s.version = '0.10.0'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "The sflow codec is for decoding SFlow v5 flows."
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
@@ -22,6 +22,8 @@ Gem::Specification.new do |s|
|
|
22
22
|
# Gem dependencies
|
23
23
|
s.add_runtime_dependency "logstash-core", ">= 1.4.0", "< 3.0.0"
|
24
24
|
s.add_runtime_dependency 'bindata', ['>= 2.1.0']
|
25
|
+
s.add_runtime_dependency 'lru_redux', ['>= 1.1.0']
|
26
|
+
s.add_runtime_dependency 'snmp', ['>= 1.2.0']
|
25
27
|
s.add_development_dependency 'logstash-devutils'
|
26
28
|
end
|
27
29
|
|
File without changes
|
Binary file
|
File without changes
|
@@ -42,53 +42,67 @@ end
|
|
42
42
|
|
43
43
|
|
44
44
|
describe IPHeader do
|
45
|
-
it "should decode ipv4
|
46
|
-
payload = IO.read(File.join(File.dirname(__FILE__), "
|
45
|
+
it "should decode ipv4 tcp header" do
|
46
|
+
payload = IO.read(File.join(File.dirname(__FILE__), "ipv4_tcp_header.dat"), :mode => "rb")
|
47
47
|
decoded = IPHeader.new(:size_header => payload.bytesize * 8).read(payload)
|
48
48
|
|
49
49
|
decoded["ip_version"].to_s.should eq("4")
|
50
|
-
decoded["
|
51
|
-
decoded["
|
52
|
-
decoded["
|
53
|
-
decoded["
|
54
|
-
decoded["
|
55
|
-
decoded["
|
56
|
-
decoded["
|
57
|
-
decoded["
|
58
|
-
decoded["
|
59
|
-
decoded["
|
60
|
-
decoded["
|
61
|
-
decoded["
|
62
|
-
decoded["
|
63
|
-
decoded["
|
64
|
-
decoded["
|
65
|
-
decoded["
|
66
|
-
(decoded["
|
67
|
-
decoded["
|
68
|
-
decoded["
|
69
|
-
decoded["
|
70
|
-
decoded["
|
71
|
-
decoded["
|
72
|
-
decoded["
|
73
|
-
decoded["
|
74
|
-
decoded["
|
75
|
-
decoded["
|
76
|
-
decoded["
|
77
|
-
decoded["
|
78
|
-
decoded["
|
50
|
+
decoded["ip_header"]["ip_header_length"].to_s.should eq("5")
|
51
|
+
decoded["ip_header"]["ip_dscp"].to_s.should eq("0")
|
52
|
+
decoded["ip_header"]["ip_ecn"].to_s.should eq("0")
|
53
|
+
decoded["ip_header"]["ip_total_length"].to_s.should eq("476")
|
54
|
+
decoded["ip_header"]["ip_identification"].to_s.should eq("30529")
|
55
|
+
decoded["ip_header"]["ip_flags"].to_s.should eq("2")
|
56
|
+
decoded["ip_header"]["ip_fragment_offset"].to_s.should eq("0")
|
57
|
+
decoded["ip_header"]["ip_ttl"].to_s.should eq("62")
|
58
|
+
decoded["ip_header"]["ip_protocol"].to_s.should eq("6")
|
59
|
+
decoded["ip_header"]["ip_checksum"].to_s.should eq("37559")
|
60
|
+
decoded["ip_header"]["src_ip"].to_s.should eq("10.243.27.17")
|
61
|
+
decoded["ip_header"]["dst_ip"].to_s.should eq("10.243.0.45")
|
62
|
+
decoded["ip_header"]["ip_data"]["src_port"].to_s.should eq("5672")
|
63
|
+
decoded["ip_header"]["ip_data"]["dst_port"].to_s.should eq("59451")
|
64
|
+
decoded["ip_header"]["ip_data"]["tcp_seq_number"].to_s.should eq("2671357038")
|
65
|
+
decoded["ip_header"]["ip_data"]["tcp_ack_number"].to_s.should eq("2651945969")
|
66
|
+
(decoded["ip_header"]["ip_data"]["tcp_header_length"].to_i*4).to_s.should eq("32")
|
67
|
+
decoded["ip_header"]["ip_data"]["tcp_is_nonce"].to_s.should eq("0")
|
68
|
+
decoded["ip_header"]["ip_data"]["tcp_is_cwr"].to_s.should eq("0")
|
69
|
+
decoded["ip_header"]["ip_data"]["tcp_is_ecn_echo"].to_s.should eq("0")
|
70
|
+
decoded["ip_header"]["ip_data"]["tcp_is_urgent"].to_s.should eq("0")
|
71
|
+
decoded["ip_header"]["ip_data"]["tcp_is_ack"].to_s.should eq("1")
|
72
|
+
decoded["ip_header"]["ip_data"]["tcp_is_push"].to_s.should eq("1")
|
73
|
+
decoded["ip_header"]["ip_data"]["tcp_is_reset"].to_s.should eq("0")
|
74
|
+
decoded["ip_header"]["ip_data"]["tcp_is_syn"].to_s.should eq("0")
|
75
|
+
decoded["ip_header"]["ip_data"]["tcp_is_fin"].to_s.should eq("0")
|
76
|
+
decoded["ip_header"]["ip_data"]["tcp_window_size"].to_s.should eq("147")
|
77
|
+
decoded["ip_header"]["ip_data"]["tcp_checksum"].to_s.should eq("13042")
|
78
|
+
decoded["ip_header"]["ip_data"]["tcp_urgent_pointer"].to_s.should eq("0")
|
79
79
|
end
|
80
80
|
end
|
81
81
|
|
82
82
|
|
83
83
|
describe EthernetHeader do
|
84
|
-
it "should decode ipv4
|
85
|
-
payload = IO.read(File.join(File.dirname(__FILE__), "
|
84
|
+
it "should decode ethernet ipv4 udp header" do
|
85
|
+
payload = IO.read(File.join(File.dirname(__FILE__), "ethernet_ipv4_udp_header.dat"), :mode => "rb")
|
86
86
|
decoded = EthernetHeader.new(:size_header => payload.bytesize * 8).read(payload)
|
87
87
|
|
88
88
|
decoded["eth_dst"].to_s.should eq("00:23:e9:78:16:c6")
|
89
89
|
decoded["eth_src"].to_s.should eq("58:f3:9c:81:4b:81")
|
90
90
|
decoded["eth_type"].to_s.should eq("2048")
|
91
|
-
decoded["
|
92
|
-
decoded["
|
91
|
+
decoded["eth_data"]["ip_header"]["dst_ip"].to_s.should eq("10.243.27.9")
|
92
|
+
decoded["eth_data"]["ip_header"]["ip_data"]["dst_port"].to_s.should eq("514")
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
|
97
|
+
describe EthernetHeader do
|
98
|
+
it "should decode ethernet vlan ipv4 tcp header" do
|
99
|
+
payload = IO.read(File.join(File.dirname(__FILE__), "ethernet_vlan_ipv4_tcp_header.dat"), :mode => "rb")
|
100
|
+
decoded = EthernetHeader.new(:size_header => payload.bytesize * 8).read(payload)
|
101
|
+
|
102
|
+
decoded["eth_dst"].to_s.should eq("a0:36:9f:71:d2:e0")
|
103
|
+
decoded["eth_src"].to_s.should eq("00:09:0f:09:37:1c")
|
104
|
+
decoded["eth_type"].to_s.should eq("33024")
|
105
|
+
decoded["eth_data"]["vlan_id"].to_s.should eq("2422")
|
106
|
+
decoded["eth_data"]["vlan_type"].to_s.should eq("2048")
|
93
107
|
end
|
94
108
|
end
|
Binary file
|
data/spec/codecs/sflow_spec.rb
CHANGED
@@ -15,9 +15,13 @@ describe SFlow do
|
|
15
15
|
decoded = SFlow.read(payload)
|
16
16
|
end
|
17
17
|
|
18
|
-
|
19
18
|
it "should decode sflow sample" do
|
20
19
|
payload = IO.read(File.join(File.dirname(__FILE__), "sflow_flow_sample.dat"), :mode => "rb")
|
21
20
|
decoded = SFlow.read(payload)
|
22
21
|
end
|
22
|
+
|
23
|
+
it "should decode sflow sample eth vlan" do
|
24
|
+
payload = IO.read(File.join(File.dirname(__FILE__), "sflow_flow_sample_eth_vlan.dat"), :mode => "rb")
|
25
|
+
decoded = SFlow.read(payload)
|
26
|
+
end
|
23
27
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-codec-sflow
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.10.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nicolas Fraison
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-12-
|
11
|
+
date: 2015-12-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -44,6 +44,34 @@ dependencies:
|
|
44
44
|
- - ">="
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: 2.1.0
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
requirements:
|
50
|
+
- - ">="
|
51
|
+
- !ruby/object:Gem::Version
|
52
|
+
version: 1.1.0
|
53
|
+
name: lru_redux
|
54
|
+
prerelease: false
|
55
|
+
type: :runtime
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - ">="
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: 1.1.0
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
requirement: !ruby/object:Gem::Requirement
|
63
|
+
requirements:
|
64
|
+
- - ">="
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: 1.2.0
|
67
|
+
name: snmp
|
68
|
+
prerelease: false
|
69
|
+
type: :runtime
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - ">="
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: 1.2.0
|
47
75
|
- !ruby/object:Gem::Dependency
|
48
76
|
requirement: !ruby/object:Gem::Requirement
|
49
77
|
requirements:
|
@@ -77,15 +105,18 @@ files:
|
|
77
105
|
- lib/logstash/codecs/sflow/packet_header.rb
|
78
106
|
- lib/logstash/codecs/sflow/sample.rb
|
79
107
|
- lib/logstash/codecs/sflow/util.rb
|
108
|
+
- lib/logstash/codecs/snmp/interface_resolver.rb
|
80
109
|
- logstash-codec-sflow.gemspec
|
81
|
-
- spec/codecs/sflow/
|
82
|
-
- spec/codecs/sflow/
|
110
|
+
- spec/codecs/sflow/ethernet_ipv4_udp_header.dat
|
111
|
+
- spec/codecs/sflow/ethernet_vlan_ipv4_tcp_header.dat
|
112
|
+
- spec/codecs/sflow/ipv4_tcp_header.dat
|
83
113
|
- spec/codecs/sflow/packet_header_spec.rb
|
84
114
|
- spec/codecs/sflow/tcp.dat
|
85
115
|
- spec/codecs/sflow/udp.dat
|
86
116
|
- spec/codecs/sflow_1_counters_sample.dat
|
87
117
|
- spec/codecs/sflow_counters_sample.dat
|
88
118
|
- spec/codecs/sflow_flow_sample.dat
|
119
|
+
- spec/codecs/sflow_flow_sample_eth_vlan.dat
|
89
120
|
- spec/codecs/sflow_spec.rb
|
90
121
|
homepage: ''
|
91
122
|
licenses:
|
@@ -114,12 +145,14 @@ signing_key:
|
|
114
145
|
specification_version: 4
|
115
146
|
summary: The sflow codec is for decoding SFlow v5 flows.
|
116
147
|
test_files:
|
117
|
-
- spec/codecs/sflow/
|
118
|
-
- spec/codecs/sflow/
|
148
|
+
- spec/codecs/sflow/ethernet_ipv4_udp_header.dat
|
149
|
+
- spec/codecs/sflow/ethernet_vlan_ipv4_tcp_header.dat
|
150
|
+
- spec/codecs/sflow/ipv4_tcp_header.dat
|
119
151
|
- spec/codecs/sflow/packet_header_spec.rb
|
120
152
|
- spec/codecs/sflow/tcp.dat
|
121
153
|
- spec/codecs/sflow/udp.dat
|
122
154
|
- spec/codecs/sflow_1_counters_sample.dat
|
123
155
|
- spec/codecs/sflow_counters_sample.dat
|
124
156
|
- spec/codecs/sflow_flow_sample.dat
|
157
|
+
- spec/codecs/sflow_flow_sample_eth_vlan.dat
|
125
158
|
- spec/codecs/sflow_spec.rb
|