logstash-codec-sflow 0.9.0 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0dd6c6453a6f16c8f7526f8e210f9c7e6a9de5b3
4
- data.tar.gz: 51951483cfd88c3c7a3a310e2c1a4fd064259656
3
+ metadata.gz: ee69bffd79c2302c265793141d26e6ae3c326632
4
+ data.tar.gz: 9eacb61fc2d49846dd66157d429fef84389346d4
5
5
  SHA512:
6
- metadata.gz: f3b2675a5d8f30c131c94751e294723939cacba36b30f008b4a6cc5328f285043076e13298475ceb2e26b4ff7919f66ae3448ed62a877bcf081d517cd4028418
7
- data.tar.gz: 3e6510c59a4939d7079f50960657dba71629833ab4f12b37247c9f2af32095ca896fc3db4429b09f0bd295bb142a255e2b0b2b2f6e8c8acb9c68e656f6c245e9
6
+ metadata.gz: 542aab3cbbd1c11b87914b4533fd38c2451cbfd236b341df4d93aaef680ee253fb1ab57b4144c9be2c8aa13dd1c45b147ef0121d9e11e43728ce9a8ce5d99578
7
+ data.tar.gz: 7403d549f59c9bedf7a911efd7590e508d1f29531d48680c4bbfb37084b322a1443663e28cd3ebd3016144866709da65816e14b9ea4148966f1a7e3bd493ea25
data/README.md CHANGED
@@ -1,16 +1,18 @@
1
1
  # Logstash Codec SFlow Plugin
2
2
  ## Description
3
- Logstash codec plugin to decode sflow codec
3
+ Logstash codec plugin to decode sflow codec.
4
+
4
5
  This codec manage flow sample and counter flow.
5
6
 
6
- For the flow sample it is able to decode Ethernet, IPv4, UDP and TCP header
7
+ For the flow sample it is able to decode Ethernet, 802.1Q VLAN, IPv4, UDP and TCP header
7
8
 
8
9
  For the counter flow it is able to decode some records of type:
9
- - Generic Interface
10
- - Ethernet Interface
11
- - VLAN
12
- - Processor Information
13
- - HTTP
10
+
11
+ - Generic Interface
12
+ - Ethernet Interface
13
+ - VLAN
14
+ - Processor Information
15
+ - HTTP
14
16
 
15
17
 
16
18
  [![Build
@@ -9,23 +9,42 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
9
9
  # Specify which Sflow versions you will accept.
10
10
  config :versions, :validate => :array, :default => [5]
11
11
 
12
- # Specify which sflow must not be send in the event
13
- config :optional_removed_field, :validate => :array, :default => %w(sflow_version ip_version header_size ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags ip_fragment_offset ip_ttl ip_checksum ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin tcp_window_size tcp_checksum tcp_urgent_pointer tcp_options)
12
+ # Specify which sflow fields must not be send in the event
13
+ config :optional_removed_field, :validate => :array, :default => %w(sflow_version ip_version header_size
14
+ ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags ip_fragment_offset ip_ttl ip_checksum
15
+ ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo
16
+ tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin tcp_window_size tcp_checksum
17
+ tcp_urgent_pointer tcp_options vlan_cfi sequence_number flow_sequence_number vlan_type udp_length udp_checksum)
14
18
 
19
+ # Specify if codec must perform SNMP call so agent_ip for interface resolution.
20
+ config :snmp_interface, :validate => :boolean, :default => true
21
+
22
+ # Specify if codec must perform SNMP call so agent_ip for interface resolution.
23
+ config :snmp_community, :validate => :string, :default => 'public'
24
+
25
+ # Specify the max number of element in the interface resolution local cache (only if snmp_interface true)
26
+ config :interface_cache_size, :validate => :number, :default => 1000
27
+
28
+ # Specify the duration for each element in the interface resolution local cache (only if snmp_interface true)
29
+ config :interface_cache_ttl, :validate => :number, :default => 3600
15
30
 
16
31
  def initialize(params = {})
17
32
  super(params)
18
33
  @threadsafe = false
19
- # noinspection RubyResolve
20
- @removed_field = %w(records record_data record_length record_count record_entreprise record_format samples sample_data sample_entreprise sample_format sample_length sample_count sample_header layer3 layer4 layer4_data header udata) | @optional_removed_field
21
34
  end
22
35
 
23
36
  # def initialize
24
37
 
25
38
  def assign_key_value(event, bindata_kv)
26
- bindata_kv.each_pair do |k, v|
27
- unless @removed_field.include? k.to_s
28
- event["#{k.to_s}"] = v.to_s
39
+ unless bindata_kv.nil? or bindata_kv.to_s.eql? ''
40
+ bindata_kv.each_pair do |k, v|
41
+ if v.is_a?(BinData::Choice)
42
+ assign_key_value(event, bindata_kv[k])
43
+ else
44
+ unless @removed_field.include? k.to_s or v.is_a?(BinData::Array)
45
+ event["#{k.to_s}"] = v.to_s
46
+ end
47
+ end
29
48
  end
30
49
  end
31
50
  end
@@ -34,17 +53,41 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
34
53
  # @param [Object] decoded
35
54
  # @param [Object] sample
36
55
  # @param [Object] record
37
- def common_sflow(event, decoded, sample, record)
56
+ def common_sflow(event, decoded, sample)
57
+ event['agent_ip'] = decoded['agent_ip'].to_s
38
58
  assign_key_value(event, decoded)
39
59
  assign_key_value(event, sample)
40
- assign_key_value(event, sample['sample_data'])
41
- assign_key_value(event, record)
42
- assign_key_value(event, record['record_data'])
60
+ end
61
+
62
+ def snmp_call(event)
63
+ if @snmp_interface
64
+ if event.include?('source_id_index')
65
+ event["source_id_index"] = @snmp.get_interface(event["agent_ip"], event["source_id_index"])
66
+ end
67
+ if event.include?('input_interface')
68
+ event["input_interface"] = @snmp.get_interface(event["agent_ip"], event["input_interface"])
69
+ end
70
+ if event.include?('output_interface')
71
+ event["output_interface"] = @snmp.get_interface(event["agent_ip"], event["output_interface"])
72
+ end
73
+ if event.include?('interface_index')
74
+ event["interface_index"] = @snmp.get_interface(event["agent_ip"], event["interface_index"])
75
+ end
76
+ end
43
77
  end
44
78
 
45
79
  public
46
80
  def register
47
81
  require 'logstash/codecs/sflow/datagram'
82
+ require 'logstash/codecs/snmp/interface_resolver'
83
+
84
+ # noinspection RubyResolve
85
+ @removed_field = %w(record_length record_count record_entreprise record_format sample_entreprise sample_format
86
+ sample_length sample_count sample_header data storage) | @optional_removed_field
87
+
88
+ if @snmp_interface
89
+ @snmp = SNMPInterfaceResolver.new(@snmp_community, @interface_cache_size, @interface_cache_ttl)
90
+ end
48
91
  end
49
92
 
50
93
  # def register
@@ -71,7 +114,9 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
71
114
  #treat sample flow
72
115
  if sample['sample_entreprise'] == 0 && sample['sample_format'] == 1
73
116
  # Create the logstash event
74
- event = LogStash::Event.new
117
+ event = LogStash::Event.new({})
118
+ common_sflow(event, decoded, sample)
119
+
75
120
  sample['sample_data']['records'].each do |record|
76
121
  # Ensure that some data exist for the record
77
122
  if record['record_data'].to_s.eql? ''
@@ -79,16 +124,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
79
124
  next
80
125
  end
81
126
 
82
- common_sflow(event, decoded, sample, record)
83
-
84
- unless record['record_data']['sample_header'].to_s.eql? ''
85
- assign_key_value(event, record['record_data']['sample_header'])
86
-
87
- if record['record_data']['sample_header'].has_key?('layer3')
88
- assign_key_value(event, record['record_data']['sample_header']['layer3']['header'])
89
- assign_key_value(event, record['record_data']['sample_header']['layer3']['header']['layer4'])
90
- end
91
- end
127
+ assign_key_value(event, record)
92
128
 
93
129
  end
94
130
  #compute frame_length_times_sampling_rate
@@ -97,6 +133,10 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
97
133
  end
98
134
 
99
135
  event["sflow_type"] = 'sample'
136
+
137
+ #Get interface dfescr if snmp_interface true
138
+ snmp_call(event)
139
+
100
140
  events.push(event)
101
141
 
102
142
  #treat counter flow
@@ -109,11 +149,16 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
109
149
  end
110
150
 
111
151
  # Create the logstash event
112
- event = LogStash::Event.new
152
+ event = LogStash::Event.new({})
153
+ common_sflow(event, decoded, sample)
113
154
 
114
- common_sflow(event, decoded, sample, record)
155
+ assign_key_value(event, record)
115
156
 
116
157
  event["sflow_type"] = 'counter'
158
+
159
+ #Get interface dfescr if snmp_interface true
160
+ snmp_call(event)
161
+
117
162
  events.push(event)
118
163
  end
119
164
  end
@@ -9,7 +9,7 @@ class UnknownHeader < BinData::Record
9
9
  mandatory_parameter :size_header
10
10
 
11
11
  endian :big
12
- bit :udata, :nbits => :size_header
12
+ bit :data, :nbits => :size_header
13
13
  end
14
14
 
15
15
 
@@ -39,7 +39,7 @@ class TcpHeader < BinData::Record
39
39
  array :tcp_options, :initial_length => lambda { (((tcp_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
40
40
  string :tcp_option, :length => 4, :pad_byte => "\0"
41
41
  end
42
- bit :layer4_data, :nbits => lambda { size_header - (tcp_header_length * 4 * 8) }
42
+ bit :data, :nbits => lambda { size_header - (tcp_header_length * 4 * 8) }
43
43
 
44
44
  def is_options?
45
45
  tcp_header_length.to_i > 5
@@ -56,7 +56,7 @@ class UdpHeader < BinData::Record
56
56
  uint16 :udp_length
57
57
  uint16 :udp_checksum
58
58
  #skip :length => lambda { udp_length - 64 } #skip udp data
59
- bit :layer4_data, :nbits => lambda { size_header - 64 } #skip udp data
59
+ bit :data, :nbits => lambda { size_header - 64 } #skip udp data
60
60
  end
61
61
 
62
62
  # noinspection RubyResolve,RubyResolve
@@ -79,7 +79,7 @@ class IPV4Header < BinData::Record
79
79
  array :ip_options, :initial_length => lambda { (((ip_header_length * 4) - 20)/4).ceil }, :onlyif => :is_options? do
80
80
  string :ip_option, :length => 4, :pad_byte => "\0"
81
81
  end
82
- choice :layer4, :selection => :ip_protocol do
82
+ choice :ip_data, :selection => :ip_protocol do
83
83
  tcp_header 6, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
84
84
  udp_header 17, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
85
85
  unknown_header :default, :size_header => lambda { size_header - (ip_header_length * 4 * 8) }
@@ -90,19 +90,33 @@ class IPV4Header < BinData::Record
90
90
  end
91
91
  end
92
92
 
93
-
94
93
  # noinspection RubyResolve
95
94
  class IPHeader < BinData::Record
96
95
  mandatory_parameter :size_header
97
96
 
98
97
  endian :big
99
98
  bit4 :ip_version
100
- choice :header, :selection => :ip_version do
99
+ choice :ip_header, :selection => :ip_version do
101
100
  ipv4_header 4, :size_header => :size_header
102
101
  unknown_header :default, :size_header => lambda { size_header - 4 }
103
102
  end
104
103
  end
105
104
 
105
+ # noinspection RubyResolve
106
+ class VLANHeader < BinData::Record
107
+ mandatory_parameter :size_header
108
+
109
+ endian :big
110
+ bit3 :vlan_priority
111
+ bit1 :vlan_cfi
112
+ bit12 :vlan_id
113
+ uint16 :vlan_type
114
+ choice :vlan_data, :selection => :vlan_type do
115
+ ip_header 2048, :size_header => lambda { size_header - (4 * 8) }
116
+ unknown_header :default, :size_header => lambda { size_header - (4 * 8) }
117
+ end
118
+ end
119
+
106
120
  # noinspection RubyResolve
107
121
  class EthernetHeader < BinData::Record
108
122
  mandatory_parameter :size_header
@@ -111,8 +125,9 @@ class EthernetHeader < BinData::Record
111
125
  sflow_mac_address :eth_dst
112
126
  sflow_mac_address :eth_src
113
127
  uint16 :eth_type
114
- choice :layer3, :selection => :eth_type do
128
+ choice :eth_data, :selection => :eth_type do
115
129
  ip_header 2048, :size_header => lambda { size_header - (14 * 8) }
130
+ vlan_header 33024, :size_header => lambda { size_header - (14 * 8) }
116
131
  unknown_header :default, :size_header => lambda { size_header - (14 * 8) }
117
132
  end
118
133
  end
@@ -0,0 +1,21 @@
1
+ require 'snmp'
2
+ require 'lru_redux'
3
+
4
+ class SNMPInterfaceResolver
5
+ def initialize(community, cache_size, cache_ttl)
6
+ @community = community
7
+ @cacheSnmpInterface = LruRedux::TTL::Cache.new(cache_size, cache_ttl)
8
+ end
9
+
10
+ def get_interface(host, ifIndex)
11
+ unless @cacheSnmpInterface.key?("#{host}-#{ifIndex}")
12
+ SNMP::Manager.open(:host => host, :community => @community, :version => :SNMPv2c) do |manager|
13
+ response = manager.get("ifDescr.#{ifIndex}")
14
+ response.each_varbind do |vb|
15
+ @cacheSnmpInterface["#{host}-#{ifIndex}"] = vb.value.to_s
16
+ end
17
+ end
18
+ end
19
+ return @cacheSnmpInterface["#{host}-#{ifIndex}"]
20
+ end
21
+ end
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-codec-sflow'
4
- s.version = '0.9.0'
4
+ s.version = '0.10.0'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "The sflow codec is for decoding SFlow v5 flows."
7
7
  s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
@@ -22,6 +22,8 @@ Gem::Specification.new do |s|
22
22
  # Gem dependencies
23
23
  s.add_runtime_dependency "logstash-core", ">= 1.4.0", "< 3.0.0"
24
24
  s.add_runtime_dependency 'bindata', ['>= 2.1.0']
25
+ s.add_runtime_dependency 'lru_redux', ['>= 1.1.0']
26
+ s.add_runtime_dependency 'snmp', ['>= 1.2.0']
25
27
  s.add_development_dependency 'logstash-devutils'
26
28
  end
27
29
 
@@ -42,53 +42,67 @@ end
42
42
 
43
43
 
44
44
  describe IPHeader do
45
- it "should decode ipv4 over tcp header" do
46
- payload = IO.read(File.join(File.dirname(__FILE__), "ipv4_over_tcp_header.dat"), :mode => "rb")
45
+ it "should decode ipv4 tcp header" do
46
+ payload = IO.read(File.join(File.dirname(__FILE__), "ipv4_tcp_header.dat"), :mode => "rb")
47
47
  decoded = IPHeader.new(:size_header => payload.bytesize * 8).read(payload)
48
48
 
49
49
  decoded["ip_version"].to_s.should eq("4")
50
- decoded["header"]["ip_header_length"].to_s.should eq("5")
51
- decoded["header"]["ip_dscp"].to_s.should eq("0")
52
- decoded["header"]["ip_ecn"].to_s.should eq("0")
53
- decoded["header"]["ip_total_length"].to_s.should eq("476")
54
- decoded["header"]["ip_identification"].to_s.should eq("30529")
55
- decoded["header"]["ip_flags"].to_s.should eq("2")
56
- decoded["header"]["ip_fragment_offset"].to_s.should eq("0")
57
- decoded["header"]["ip_ttl"].to_s.should eq("62")
58
- decoded["header"]["ip_protocol"].to_s.should eq("6")
59
- decoded["header"]["ip_checksum"].to_s.should eq("37559")
60
- decoded["header"]["src_ip"].to_s.should eq("10.243.27.17")
61
- decoded["header"]["dst_ip"].to_s.should eq("10.243.0.45")
62
- decoded["header"]["layer4"]["src_port"].to_s.should eq("5672")
63
- decoded["header"]["layer4"]["dst_port"].to_s.should eq("59451")
64
- decoded["header"]["layer4"]["tcp_seq_number"].to_s.should eq("2671357038")
65
- decoded["header"]["layer4"]["tcp_ack_number"].to_s.should eq("2651945969")
66
- (decoded["header"]["layer4"]["tcp_header_length"].to_i*4).to_s.should eq("32")
67
- decoded["header"]["layer4"]["tcp_is_nonce"].to_s.should eq("0")
68
- decoded["header"]["layer4"]["tcp_is_cwr"].to_s.should eq("0")
69
- decoded["header"]["layer4"]["tcp_is_ecn_echo"].to_s.should eq("0")
70
- decoded["header"]["layer4"]["tcp_is_urgent"].to_s.should eq("0")
71
- decoded["header"]["layer4"]["tcp_is_ack"].to_s.should eq("1")
72
- decoded["header"]["layer4"]["tcp_is_push"].to_s.should eq("1")
73
- decoded["header"]["layer4"]["tcp_is_reset"].to_s.should eq("0")
74
- decoded["header"]["layer4"]["tcp_is_syn"].to_s.should eq("0")
75
- decoded["header"]["layer4"]["tcp_is_fin"].to_s.should eq("0")
76
- decoded["header"]["layer4"]["tcp_window_size"].to_s.should eq("147")
77
- decoded["header"]["layer4"]["tcp_checksum"].to_s.should eq("13042")
78
- decoded["header"]["layer4"]["tcp_urgent_pointer"].to_s.should eq("0")
50
+ decoded["ip_header"]["ip_header_length"].to_s.should eq("5")
51
+ decoded["ip_header"]["ip_dscp"].to_s.should eq("0")
52
+ decoded["ip_header"]["ip_ecn"].to_s.should eq("0")
53
+ decoded["ip_header"]["ip_total_length"].to_s.should eq("476")
54
+ decoded["ip_header"]["ip_identification"].to_s.should eq("30529")
55
+ decoded["ip_header"]["ip_flags"].to_s.should eq("2")
56
+ decoded["ip_header"]["ip_fragment_offset"].to_s.should eq("0")
57
+ decoded["ip_header"]["ip_ttl"].to_s.should eq("62")
58
+ decoded["ip_header"]["ip_protocol"].to_s.should eq("6")
59
+ decoded["ip_header"]["ip_checksum"].to_s.should eq("37559")
60
+ decoded["ip_header"]["src_ip"].to_s.should eq("10.243.27.17")
61
+ decoded["ip_header"]["dst_ip"].to_s.should eq("10.243.0.45")
62
+ decoded["ip_header"]["ip_data"]["src_port"].to_s.should eq("5672")
63
+ decoded["ip_header"]["ip_data"]["dst_port"].to_s.should eq("59451")
64
+ decoded["ip_header"]["ip_data"]["tcp_seq_number"].to_s.should eq("2671357038")
65
+ decoded["ip_header"]["ip_data"]["tcp_ack_number"].to_s.should eq("2651945969")
66
+ (decoded["ip_header"]["ip_data"]["tcp_header_length"].to_i*4).to_s.should eq("32")
67
+ decoded["ip_header"]["ip_data"]["tcp_is_nonce"].to_s.should eq("0")
68
+ decoded["ip_header"]["ip_data"]["tcp_is_cwr"].to_s.should eq("0")
69
+ decoded["ip_header"]["ip_data"]["tcp_is_ecn_echo"].to_s.should eq("0")
70
+ decoded["ip_header"]["ip_data"]["tcp_is_urgent"].to_s.should eq("0")
71
+ decoded["ip_header"]["ip_data"]["tcp_is_ack"].to_s.should eq("1")
72
+ decoded["ip_header"]["ip_data"]["tcp_is_push"].to_s.should eq("1")
73
+ decoded["ip_header"]["ip_data"]["tcp_is_reset"].to_s.should eq("0")
74
+ decoded["ip_header"]["ip_data"]["tcp_is_syn"].to_s.should eq("0")
75
+ decoded["ip_header"]["ip_data"]["tcp_is_fin"].to_s.should eq("0")
76
+ decoded["ip_header"]["ip_data"]["tcp_window_size"].to_s.should eq("147")
77
+ decoded["ip_header"]["ip_data"]["tcp_checksum"].to_s.should eq("13042")
78
+ decoded["ip_header"]["ip_data"]["tcp_urgent_pointer"].to_s.should eq("0")
79
79
  end
80
80
  end
81
81
 
82
82
 
83
83
  describe EthernetHeader do
84
- it "should decode ipv4 over udp header" do
85
- payload = IO.read(File.join(File.dirname(__FILE__), "ethernet_ipv4_over_udp_header.dat"), :mode => "rb")
84
+ it "should decode ethernet ipv4 udp header" do
85
+ payload = IO.read(File.join(File.dirname(__FILE__), "ethernet_ipv4_udp_header.dat"), :mode => "rb")
86
86
  decoded = EthernetHeader.new(:size_header => payload.bytesize * 8).read(payload)
87
87
 
88
88
  decoded["eth_dst"].to_s.should eq("00:23:e9:78:16:c6")
89
89
  decoded["eth_src"].to_s.should eq("58:f3:9c:81:4b:81")
90
90
  decoded["eth_type"].to_s.should eq("2048")
91
- decoded["layer3"]["header"]["dst_ip"].to_s.should eq("10.243.27.9")
92
- decoded["layer3"]["header"]["layer4"]["dst_port"].to_s.should eq("514")
91
+ decoded["eth_data"]["ip_header"]["dst_ip"].to_s.should eq("10.243.27.9")
92
+ decoded["eth_data"]["ip_header"]["ip_data"]["dst_port"].to_s.should eq("514")
93
+ end
94
+ end
95
+
96
+
97
+ describe EthernetHeader do
98
+ it "should decode ethernet vlan ipv4 tcp header" do
99
+ payload = IO.read(File.join(File.dirname(__FILE__), "ethernet_vlan_ipv4_tcp_header.dat"), :mode => "rb")
100
+ decoded = EthernetHeader.new(:size_header => payload.bytesize * 8).read(payload)
101
+
102
+ decoded["eth_dst"].to_s.should eq("a0:36:9f:71:d2:e0")
103
+ decoded["eth_src"].to_s.should eq("00:09:0f:09:37:1c")
104
+ decoded["eth_type"].to_s.should eq("33024")
105
+ decoded["eth_data"]["vlan_id"].to_s.should eq("2422")
106
+ decoded["eth_data"]["vlan_type"].to_s.should eq("2048")
93
107
  end
94
108
  end
@@ -15,9 +15,13 @@ describe SFlow do
15
15
  decoded = SFlow.read(payload)
16
16
  end
17
17
 
18
-
19
18
  it "should decode sflow sample" do
20
19
  payload = IO.read(File.join(File.dirname(__FILE__), "sflow_flow_sample.dat"), :mode => "rb")
21
20
  decoded = SFlow.read(payload)
22
21
  end
22
+
23
+ it "should decode sflow sample eth vlan" do
24
+ payload = IO.read(File.join(File.dirname(__FILE__), "sflow_flow_sample_eth_vlan.dat"), :mode => "rb")
25
+ decoded = SFlow.read(payload)
26
+ end
23
27
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-codec-sflow
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.0
4
+ version: 0.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nicolas Fraison
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-12-22 00:00:00.000000000 Z
11
+ date: 2015-12-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -44,6 +44,34 @@ dependencies:
44
44
  - - ">="
45
45
  - !ruby/object:Gem::Version
46
46
  version: 2.1.0
47
+ - !ruby/object:Gem::Dependency
48
+ requirement: !ruby/object:Gem::Requirement
49
+ requirements:
50
+ - - ">="
51
+ - !ruby/object:Gem::Version
52
+ version: 1.1.0
53
+ name: lru_redux
54
+ prerelease: false
55
+ type: :runtime
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ version: 1.1.0
61
+ - !ruby/object:Gem::Dependency
62
+ requirement: !ruby/object:Gem::Requirement
63
+ requirements:
64
+ - - ">="
65
+ - !ruby/object:Gem::Version
66
+ version: 1.2.0
67
+ name: snmp
68
+ prerelease: false
69
+ type: :runtime
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - ">="
73
+ - !ruby/object:Gem::Version
74
+ version: 1.2.0
47
75
  - !ruby/object:Gem::Dependency
48
76
  requirement: !ruby/object:Gem::Requirement
49
77
  requirements:
@@ -77,15 +105,18 @@ files:
77
105
  - lib/logstash/codecs/sflow/packet_header.rb
78
106
  - lib/logstash/codecs/sflow/sample.rb
79
107
  - lib/logstash/codecs/sflow/util.rb
108
+ - lib/logstash/codecs/snmp/interface_resolver.rb
80
109
  - logstash-codec-sflow.gemspec
81
- - spec/codecs/sflow/ethernet_ipv4_over_udp_header.dat
82
- - spec/codecs/sflow/ipv4_over_tcp_header.dat
110
+ - spec/codecs/sflow/ethernet_ipv4_udp_header.dat
111
+ - spec/codecs/sflow/ethernet_vlan_ipv4_tcp_header.dat
112
+ - spec/codecs/sflow/ipv4_tcp_header.dat
83
113
  - spec/codecs/sflow/packet_header_spec.rb
84
114
  - spec/codecs/sflow/tcp.dat
85
115
  - spec/codecs/sflow/udp.dat
86
116
  - spec/codecs/sflow_1_counters_sample.dat
87
117
  - spec/codecs/sflow_counters_sample.dat
88
118
  - spec/codecs/sflow_flow_sample.dat
119
+ - spec/codecs/sflow_flow_sample_eth_vlan.dat
89
120
  - spec/codecs/sflow_spec.rb
90
121
  homepage: ''
91
122
  licenses:
@@ -114,12 +145,14 @@ signing_key:
114
145
  specification_version: 4
115
146
  summary: The sflow codec is for decoding SFlow v5 flows.
116
147
  test_files:
117
- - spec/codecs/sflow/ethernet_ipv4_over_udp_header.dat
118
- - spec/codecs/sflow/ipv4_over_tcp_header.dat
148
+ - spec/codecs/sflow/ethernet_ipv4_udp_header.dat
149
+ - spec/codecs/sflow/ethernet_vlan_ipv4_tcp_header.dat
150
+ - spec/codecs/sflow/ipv4_tcp_header.dat
119
151
  - spec/codecs/sflow/packet_header_spec.rb
120
152
  - spec/codecs/sflow/tcp.dat
121
153
  - spec/codecs/sflow/udp.dat
122
154
  - spec/codecs/sflow_1_counters_sample.dat
123
155
  - spec/codecs/sflow_counters_sample.dat
124
156
  - spec/codecs/sflow_flow_sample.dat
157
+ - spec/codecs/sflow_flow_sample_eth_vlan.dat
125
158
  - spec/codecs/sflow_spec.rb