logstash-codec-sflow 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +49 -0
- data/lib/logstash/codecs/sflow.rb +4 -4
- data/logstash-codec-sflow.gemspec +2 -2
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e71a4aa268b76cca9b65e5dc1aad8e122258dd9a
|
|
4
|
+
data.tar.gz: 38517dcb9ac05475b3d99571637487901ec71665
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: baa6c2ed01de48b5bb54b5648c8293d061c5ed04900704be77552e64b9ec9ca9a5c5303d863e46fd2aafc155edd745fc3af6f1874ab2b943fc7d5c3e28fe578f
|
|
7
|
+
data.tar.gz: e99fec0d9e43c09e7f4773d05fc0510617831219803e4173faba3da5d8eee97b04f02fabccd82407c412f14caab7411b52a531cad62b9618009a98c166595c0d
|
data/README.md
CHANGED
|
@@ -14,6 +14,55 @@ For the counter flow it is able to decode some records of type:
|
|
|
14
14
|
- Processor Information
|
|
15
15
|
- HTTP
|
|
16
16
|
|
|
17
|
+
## TO DO
|
|
18
|
+
Currently this plugin does not manage all sflow counter and is not able to decode
|
|
19
|
+
all kind of protocols.
|
|
20
|
+
If needed you can aks for some to be added.
|
|
21
|
+
Please provide a pcap file containing the sflow events of the counter/protocol
|
|
22
|
+
to add in order to be able to implement it.
|
|
23
|
+
|
|
24
|
+
## Human Readable Protocol
|
|
25
|
+
In order to translate protocols value to a human readable protocol, you can use the
|
|
26
|
+
logstash-filter-translate plugin
|
|
27
|
+
```
|
|
28
|
+
filter {
|
|
29
|
+
translate {
|
|
30
|
+
field => protocol
|
|
31
|
+
dictionary => [ "1", "ETHERNET",
|
|
32
|
+
"11", "IP"
|
|
33
|
+
]
|
|
34
|
+
fallback => "UNKNOWN"
|
|
35
|
+
destination => protocol
|
|
36
|
+
override => true
|
|
37
|
+
}
|
|
38
|
+
translate {
|
|
39
|
+
field => eth_type
|
|
40
|
+
dictionary => [ "2048", "IP",
|
|
41
|
+
"33024", "802.1Q VLAN"
|
|
42
|
+
]
|
|
43
|
+
fallback => "UNKNOWN"
|
|
44
|
+
destination => eth_type
|
|
45
|
+
override => true
|
|
46
|
+
}
|
|
47
|
+
translate {
|
|
48
|
+
field => vlan_type
|
|
49
|
+
dictionary => [ "2048", "IP"
|
|
50
|
+
]
|
|
51
|
+
fallback => "UNKNOWN"
|
|
52
|
+
destination => vlan_type
|
|
53
|
+
override => true
|
|
54
|
+
}
|
|
55
|
+
translate {
|
|
56
|
+
field => ip_protocol
|
|
57
|
+
dictionary => [ "6", "TCP",
|
|
58
|
+
"17", "UDP"
|
|
59
|
+
]
|
|
60
|
+
fallback => "UNKNOWN"
|
|
61
|
+
destination => ip_protocol
|
|
62
|
+
override => true
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
```
|
|
17
66
|
|
|
18
67
|
[](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Codecs/job/logstash-plugin-codec-example-unit/)
|
|
@@ -10,14 +10,14 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
10
10
|
config :versions, :validate => :array, :default => [5]
|
|
11
11
|
|
|
12
12
|
# Specify which sflow fields must not be send in the event
|
|
13
|
-
config :optional_removed_field, :validate => :array, :default => %w(sflow_version
|
|
13
|
+
config :optional_removed_field, :validate => :array, :default => %w(sflow_version header_size
|
|
14
14
|
ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags ip_fragment_offset ip_ttl ip_checksum
|
|
15
15
|
ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo
|
|
16
16
|
tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin tcp_window_size tcp_checksum
|
|
17
17
|
tcp_urgent_pointer tcp_options vlan_cfi sequence_number flow_sequence_number vlan_type udp_length udp_checksum)
|
|
18
18
|
|
|
19
19
|
# Specify if codec must perform SNMP call so agent_ip for interface resolution.
|
|
20
|
-
config :snmp_interface, :validate => :boolean, :default =>
|
|
20
|
+
config :snmp_interface, :validate => :boolean, :default => false
|
|
21
21
|
|
|
22
22
|
# Specify if codec must perform SNMP call so agent_ip for interface resolution.
|
|
23
23
|
config :snmp_community, :validate => :string, :default => 'public'
|
|
@@ -141,7 +141,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
141
141
|
|
|
142
142
|
events.push(event)
|
|
143
143
|
|
|
144
|
-
|
|
144
|
+
#treat counter flow
|
|
145
145
|
elsif sample['sample_entreprise'] == 0 && sample['sample_format'] == 2
|
|
146
146
|
sample['sample_data']['records'].each do |record|
|
|
147
147
|
# Ensure that some data exist for the record
|
|
@@ -170,4 +170,4 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
170
170
|
yield event
|
|
171
171
|
end
|
|
172
172
|
end # def decode
|
|
173
|
-
end # class LogStash::Filters::Sflow
|
|
173
|
+
end # class LogStash::Filters::Sflow
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-sflow'
|
|
4
|
-
s.version = '1.
|
|
4
|
+
s.version = '1.1.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = 'The sflow codec is for decoding SFlow v5 flows.'
|
|
7
7
|
s.description = 'This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program'
|
|
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
|
|
|
21
21
|
|
|
22
22
|
# Gem dependencies
|
|
23
23
|
s.add_runtime_dependency 'logstash-core', '>= 1.4.0', '< 3.0.0'
|
|
24
|
-
s.add_runtime_dependency 'bindata', ['>= 2.
|
|
24
|
+
s.add_runtime_dependency 'bindata', ['>= 2.3.0']
|
|
25
25
|
s.add_runtime_dependency 'lru_redux', ['>= 1.1.0']
|
|
26
26
|
s.add_runtime_dependency 'snmp', ['>= 1.2.0']
|
|
27
27
|
s.add_development_dependency 'logstash-devutils'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-sflow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nicolas Fraison
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-08-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -35,7 +35,7 @@ dependencies:
|
|
|
35
35
|
requirements:
|
|
36
36
|
- - '>='
|
|
37
37
|
- !ruby/object:Gem::Version
|
|
38
|
-
version: 2.
|
|
38
|
+
version: 2.3.0
|
|
39
39
|
name: bindata
|
|
40
40
|
prerelease: false
|
|
41
41
|
type: :runtime
|
|
@@ -43,7 +43,7 @@ dependencies:
|
|
|
43
43
|
requirements:
|
|
44
44
|
- - '>='
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
|
-
version: 2.
|
|
46
|
+
version: 2.3.0
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
49
|
requirements:
|