logstash-codec-sflow 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5074ee2cb3fc307fe88e094cec33ae46d17ba96b
4
- data.tar.gz: f22772698c0de3757d7428d954effedc9cd21d1e
3
+ metadata.gz: e71a4aa268b76cca9b65e5dc1aad8e122258dd9a
4
+ data.tar.gz: 38517dcb9ac05475b3d99571637487901ec71665
5
5
  SHA512:
6
- metadata.gz: a028d13f047b1d5c4a92a0b2507e07e2c064ee408577d86a9eb219595e48ad8b51c4111568af5918a0dc1f6c6e9a6f4736333e214c7407d159775ea0855a7a9f
7
- data.tar.gz: 8d811f0bfbff45fae54c52dbb3384789207145e6b4bbb2288ecc02dd61f0e2bc95c88934ba6e500ba92d8635e6394cd62307504d0e73e126e99c4ac688abea41
6
+ metadata.gz: baa6c2ed01de48b5bb54b5648c8293d061c5ed04900704be77552e64b9ec9ca9a5c5303d863e46fd2aafc155edd745fc3af6f1874ab2b943fc7d5c3e28fe578f
7
+ data.tar.gz: e99fec0d9e43c09e7f4773d05fc0510617831219803e4173faba3da5d8eee97b04f02fabccd82407c412f14caab7411b52a531cad62b9618009a98c166595c0d
data/README.md CHANGED
@@ -14,6 +14,55 @@ For the counter flow it is able to decode some records of type:
14
14
  - Processor Information
15
15
  - HTTP
16
16
 
17
+ ## TO DO
18
+ Currently this plugin does not manage all sflow counter and is not able to decode
19
+ all kind of protocols.
20
+ If needed you can aks for some to be added.
21
+ Please provide a pcap file containing the sflow events of the counter/protocol
22
+ to add in order to be able to implement it.
23
+
24
+ ## Human Readable Protocol
25
+ In order to translate protocols value to a human readable protocol, you can use the
26
+ logstash-filter-translate plugin
27
+ ```
28
+ filter {
29
+ translate {
30
+ field => protocol
31
+ dictionary => [ "1", "ETHERNET",
32
+ "11", "IP"
33
+ ]
34
+ fallback => "UNKNOWN"
35
+ destination => protocol
36
+ override => true
37
+ }
38
+ translate {
39
+ field => eth_type
40
+ dictionary => [ "2048", "IP",
41
+ "33024", "802.1Q VLAN"
42
+ ]
43
+ fallback => "UNKNOWN"
44
+ destination => eth_type
45
+ override => true
46
+ }
47
+ translate {
48
+ field => vlan_type
49
+ dictionary => [ "2048", "IP"
50
+ ]
51
+ fallback => "UNKNOWN"
52
+ destination => vlan_type
53
+ override => true
54
+ }
55
+ translate {
56
+ field => ip_protocol
57
+ dictionary => [ "6", "TCP",
58
+ "17", "UDP"
59
+ ]
60
+ fallback => "UNKNOWN"
61
+ destination => ip_protocol
62
+ override => true
63
+ }
64
+ }
65
+ ```
17
66
 
18
67
  [![Build
19
68
  Status](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Codecs/job/logstash-plugin-codec-example-unit/badge/icon)](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Codecs/job/logstash-plugin-codec-example-unit/)
@@ -10,14 +10,14 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
10
10
  config :versions, :validate => :array, :default => [5]
11
11
 
12
12
  # Specify which sflow fields must not be send in the event
13
- config :optional_removed_field, :validate => :array, :default => %w(sflow_version ip_version header_size
13
+ config :optional_removed_field, :validate => :array, :default => %w(sflow_version header_size
14
14
  ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags ip_fragment_offset ip_ttl ip_checksum
15
15
  ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo
16
16
  tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin tcp_window_size tcp_checksum
17
17
  tcp_urgent_pointer tcp_options vlan_cfi sequence_number flow_sequence_number vlan_type udp_length udp_checksum)
18
18
 
19
19
  # Specify if codec must perform SNMP call so agent_ip for interface resolution.
20
- config :snmp_interface, :validate => :boolean, :default => true
20
+ config :snmp_interface, :validate => :boolean, :default => false
21
21
 
22
22
  # Specify if codec must perform SNMP call so agent_ip for interface resolution.
23
23
  config :snmp_community, :validate => :string, :default => 'public'
@@ -141,7 +141,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
141
141
 
142
142
  events.push(event)
143
143
 
144
- #treat counter flow
144
+ #treat counter flow
145
145
  elsif sample['sample_entreprise'] == 0 && sample['sample_format'] == 2
146
146
  sample['sample_data']['records'].each do |record|
147
147
  # Ensure that some data exist for the record
@@ -170,4 +170,4 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
170
170
  yield event
171
171
  end
172
172
  end # def decode
173
- end # class LogStash::Filters::Sflow
173
+ end # class LogStash::Filters::Sflow
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-codec-sflow'
4
- s.version = '1.0.0'
4
+ s.version = '1.1.0'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = 'The sflow codec is for decoding SFlow v5 flows.'
7
7
  s.description = 'This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program'
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
21
21
 
22
22
  # Gem dependencies
23
23
  s.add_runtime_dependency 'logstash-core', '>= 1.4.0', '< 3.0.0'
24
- s.add_runtime_dependency 'bindata', ['>= 2.1.0']
24
+ s.add_runtime_dependency 'bindata', ['>= 2.3.0']
25
25
  s.add_runtime_dependency 'lru_redux', ['>= 1.1.0']
26
26
  s.add_runtime_dependency 'snmp', ['>= 1.2.0']
27
27
  s.add_development_dependency 'logstash-devutils'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-codec-sflow
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nicolas Fraison
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-02-14 00:00:00.000000000 Z
11
+ date: 2016-08-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -35,7 +35,7 @@ dependencies:
35
35
  requirements:
36
36
  - - '>='
37
37
  - !ruby/object:Gem::Version
38
- version: 2.1.0
38
+ version: 2.3.0
39
39
  name: bindata
40
40
  prerelease: false
41
41
  type: :runtime
@@ -43,7 +43,7 @@ dependencies:
43
43
  requirements:
44
44
  - - '>='
45
45
  - !ruby/object:Gem::Version
46
- version: 2.1.0
46
+ version: 2.3.0
47
47
  - !ruby/object:Gem::Dependency
48
48
  requirement: !ruby/object:Gem::Requirement
49
49
  requirements: