logstash-codec-sflow 0.7.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/logstash/codecs/sflow.rb +14 -2
- data/lib/logstash/codecs/sflow/datagram.rb +6 -0
- data/logstash-codec-sflow.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 777103af0e2e6781f0f898e676d4115b218256ed
|
|
4
|
+
data.tar.gz: 807d579c592cd093afecdaa54ac591468030e4ae
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0b2460db2ea2d55506fd30ac0e240c52681fa718e073b3f691759aa6ac32c5d89a0991a272cddbffbce957855d93f04996034d58df20cc6bc7d4073ff8d8ad0c
|
|
7
|
+
data.tar.gz: 8c11363eb68c6959b29241f911c4827e1e3cde18ae1a9c0e0fd0f7c2a12418f6d4601fa264712acbf11a645e917f92cbed17515ee5a9ee3d054506bc5d7a5c78
|
|
@@ -6,6 +6,9 @@ require 'logstash/namespace'
|
|
|
6
6
|
class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
7
7
|
config_name 'sflow'
|
|
8
8
|
|
|
9
|
+
# Specify which Sflow versions you will accept.
|
|
10
|
+
config :versions, :validate => :array, :default => [5]
|
|
11
|
+
|
|
9
12
|
# Specify which sflow must not be send in the event
|
|
10
13
|
config :optional_removed_field, :validate => :array, :default => %w(sflow_version ip_version header_size ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags ip_fragment_offset ip_ttl ip_checksum ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin tcp_window_size tcp_checksum tcp_urgent_pointer tcp_options)
|
|
11
14
|
|
|
@@ -22,7 +25,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
22
25
|
def assign_key_value(event, bindata_kv)
|
|
23
26
|
bindata_kv.each_pair do |k, v|
|
|
24
27
|
unless @removed_field.include? k.to_s
|
|
25
|
-
event["#{k}"] = v
|
|
28
|
+
event["#{k.to_s}"] = v.to_s
|
|
26
29
|
end
|
|
27
30
|
end
|
|
28
31
|
end
|
|
@@ -48,6 +51,11 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
48
51
|
|
|
49
52
|
public
|
|
50
53
|
def decode(payload)
|
|
54
|
+
header = SFlowHeader.read(payload)
|
|
55
|
+
unless @versions.include?(header.sflow_version)
|
|
56
|
+
@logger.warn("Ignoring Sflow version v#{header.sflow_version}")
|
|
57
|
+
return
|
|
58
|
+
end
|
|
51
59
|
|
|
52
60
|
decoded = SFlow.read(payload)
|
|
53
61
|
|
|
@@ -83,6 +91,10 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
83
91
|
end
|
|
84
92
|
|
|
85
93
|
end
|
|
94
|
+
#compute frame_length_times_sampling_rate
|
|
95
|
+
if event.include?('frame_length') and event.include?('sampling_rate')
|
|
96
|
+
event["frame_length_times_sampling_rate"] = event['frame_length'].to_i * event['sampling_rate'].to_i
|
|
97
|
+
end
|
|
86
98
|
events.push(event)
|
|
87
99
|
|
|
88
100
|
#treat counter flow
|
|
@@ -108,4 +120,4 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
108
120
|
yield event
|
|
109
121
|
end
|
|
110
122
|
end # def decode
|
|
111
|
-
end # class LogStash::Filters::Sflow
|
|
123
|
+
end # class LogStash::Filters::Sflow
|
|
@@ -4,6 +4,12 @@ require 'bindata'
|
|
|
4
4
|
require 'logstash/codecs/sflow/util'
|
|
5
5
|
require 'logstash/codecs/sflow/sample'
|
|
6
6
|
|
|
7
|
+
|
|
8
|
+
class SFlowHeader < BinData::Record
|
|
9
|
+
endian :big
|
|
10
|
+
uint32 :sflow_version
|
|
11
|
+
end
|
|
12
|
+
|
|
7
13
|
# noinspection RubyResolve
|
|
8
14
|
class SFlow < BinData::Record
|
|
9
15
|
endian :big
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-sflow'
|
|
4
|
-
s.version = '0.
|
|
4
|
+
s.version = '0.8.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "The sflow codec is for decoding SFlow v5 flows."
|
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-sflow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nicolas Fraison
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-12-
|
|
11
|
+
date: 2015-12-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|