logstash-codec-sflow 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +49 -0
- data/lib/logstash/codecs/sflow.rb +4 -4
- data/logstash-codec-sflow.gemspec +2 -2
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e71a4aa268b76cca9b65e5dc1aad8e122258dd9a
|
|
4
|
+
data.tar.gz: 38517dcb9ac05475b3d99571637487901ec71665
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: baa6c2ed01de48b5bb54b5648c8293d061c5ed04900704be77552e64b9ec9ca9a5c5303d863e46fd2aafc155edd745fc3af6f1874ab2b943fc7d5c3e28fe578f
|
|
7
|
+
data.tar.gz: e99fec0d9e43c09e7f4773d05fc0510617831219803e4173faba3da5d8eee97b04f02fabccd82407c412f14caab7411b52a531cad62b9618009a98c166595c0d
|
data/README.md
CHANGED
|
@@ -14,6 +14,55 @@ For the counter flow it is able to decode some records of type:
|
|
|
14
14
|
- Processor Information
|
|
15
15
|
- HTTP
|
|
16
16
|
|
|
17
|
+
## TO DO
|
|
18
|
+
Currently this plugin does not manage all sflow counter and is not able to decode
|
|
19
|
+
all kind of protocols.
|
|
20
|
+
If needed you can aks for some to be added.
|
|
21
|
+
Please provide a pcap file containing the sflow events of the counter/protocol
|
|
22
|
+
to add in order to be able to implement it.
|
|
23
|
+
|
|
24
|
+
## Human Readable Protocol
|
|
25
|
+
In order to translate protocols value to a human readable protocol, you can use the
|
|
26
|
+
logstash-filter-translate plugin
|
|
27
|
+
```
|
|
28
|
+
filter {
|
|
29
|
+
translate {
|
|
30
|
+
field => protocol
|
|
31
|
+
dictionary => [ "1", "ETHERNET",
|
|
32
|
+
"11", "IP"
|
|
33
|
+
]
|
|
34
|
+
fallback => "UNKNOWN"
|
|
35
|
+
destination => protocol
|
|
36
|
+
override => true
|
|
37
|
+
}
|
|
38
|
+
translate {
|
|
39
|
+
field => eth_type
|
|
40
|
+
dictionary => [ "2048", "IP",
|
|
41
|
+
"33024", "802.1Q VLAN"
|
|
42
|
+
]
|
|
43
|
+
fallback => "UNKNOWN"
|
|
44
|
+
destination => eth_type
|
|
45
|
+
override => true
|
|
46
|
+
}
|
|
47
|
+
translate {
|
|
48
|
+
field => vlan_type
|
|
49
|
+
dictionary => [ "2048", "IP"
|
|
50
|
+
]
|
|
51
|
+
fallback => "UNKNOWN"
|
|
52
|
+
destination => vlan_type
|
|
53
|
+
override => true
|
|
54
|
+
}
|
|
55
|
+
translate {
|
|
56
|
+
field => ip_protocol
|
|
57
|
+
dictionary => [ "6", "TCP",
|
|
58
|
+
"17", "UDP"
|
|
59
|
+
]
|
|
60
|
+
fallback => "UNKNOWN"
|
|
61
|
+
destination => ip_protocol
|
|
62
|
+
override => true
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
```
|
|
17
66
|
|
|
18
67
|
[](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Codecs/job/logstash-plugin-codec-example-unit/)
|
|
@@ -10,14 +10,14 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
10
10
|
config :versions, :validate => :array, :default => [5]
|
|
11
11
|
|
|
12
12
|
# Specify which sflow fields must not be send in the event
|
|
13
|
-
config :optional_removed_field, :validate => :array, :default => %w(sflow_version
|
|
13
|
+
config :optional_removed_field, :validate => :array, :default => %w(sflow_version header_size
|
|
14
14
|
ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags ip_fragment_offset ip_ttl ip_checksum
|
|
15
15
|
ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo
|
|
16
16
|
tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin tcp_window_size tcp_checksum
|
|
17
17
|
tcp_urgent_pointer tcp_options vlan_cfi sequence_number flow_sequence_number vlan_type udp_length udp_checksum)
|
|
18
18
|
|
|
19
19
|
# Specify if codec must perform SNMP call so agent_ip for interface resolution.
|
|
20
|
-
config :snmp_interface, :validate => :boolean, :default =>
|
|
20
|
+
config :snmp_interface, :validate => :boolean, :default => false
|
|
21
21
|
|
|
22
22
|
# Specify if codec must perform SNMP call so agent_ip for interface resolution.
|
|
23
23
|
config :snmp_community, :validate => :string, :default => 'public'
|
|
@@ -141,7 +141,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
141
141
|
|
|
142
142
|
events.push(event)
|
|
143
143
|
|
|
144
|
-
|
|
144
|
+
#treat counter flow
|
|
145
145
|
elsif sample['sample_entreprise'] == 0 && sample['sample_format'] == 2
|
|
146
146
|
sample['sample_data']['records'].each do |record|
|
|
147
147
|
# Ensure that some data exist for the record
|
|
@@ -170,4 +170,4 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
170
170
|
yield event
|
|
171
171
|
end
|
|
172
172
|
end # def decode
|
|
173
|
-
end # class LogStash::Filters::Sflow
|
|
173
|
+
end # class LogStash::Filters::Sflow
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-sflow'
|
|
4
|
-
s.version = '1.
|
|
4
|
+
s.version = '1.1.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = 'The sflow codec is for decoding SFlow v5 flows.'
|
|
7
7
|
s.description = 'This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program'
|
|
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
|
|
|
21
21
|
|
|
22
22
|
# Gem dependencies
|
|
23
23
|
s.add_runtime_dependency 'logstash-core', '>= 1.4.0', '< 3.0.0'
|
|
24
|
-
s.add_runtime_dependency 'bindata', ['>= 2.
|
|
24
|
+
s.add_runtime_dependency 'bindata', ['>= 2.3.0']
|
|
25
25
|
s.add_runtime_dependency 'lru_redux', ['>= 1.1.0']
|
|
26
26
|
s.add_runtime_dependency 'snmp', ['>= 1.2.0']
|
|
27
27
|
s.add_development_dependency 'logstash-devutils'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-sflow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nicolas Fraison
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-08-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -35,7 +35,7 @@ dependencies:
|
|
|
35
35
|
requirements:
|
|
36
36
|
- - '>='
|
|
37
37
|
- !ruby/object:Gem::Version
|
|
38
|
-
version: 2.
|
|
38
|
+
version: 2.3.0
|
|
39
39
|
name: bindata
|
|
40
40
|
prerelease: false
|
|
41
41
|
type: :runtime
|
|
@@ -43,7 +43,7 @@ dependencies:
|
|
|
43
43
|
requirements:
|
|
44
44
|
- - '>='
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
|
-
version: 2.
|
|
46
|
+
version: 2.3.0
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
49
|
requirements:
|