logstash-codec-sflow 0.7.0 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/logstash/codecs/sflow.rb +14 -2
- data/lib/logstash/codecs/sflow/datagram.rb +6 -0
- data/logstash-codec-sflow.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 777103af0e2e6781f0f898e676d4115b218256ed
|
|
4
|
+
data.tar.gz: 807d579c592cd093afecdaa54ac591468030e4ae
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0b2460db2ea2d55506fd30ac0e240c52681fa718e073b3f691759aa6ac32c5d89a0991a272cddbffbce957855d93f04996034d58df20cc6bc7d4073ff8d8ad0c
|
|
7
|
+
data.tar.gz: 8c11363eb68c6959b29241f911c4827e1e3cde18ae1a9c0e0fd0f7c2a12418f6d4601fa264712acbf11a645e917f92cbed17515ee5a9ee3d054506bc5d7a5c78
|
|
@@ -6,6 +6,9 @@ require 'logstash/namespace'
|
|
|
6
6
|
class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
7
7
|
config_name 'sflow'
|
|
8
8
|
|
|
9
|
+
# Specify which Sflow versions you will accept.
|
|
10
|
+
config :versions, :validate => :array, :default => [5]
|
|
11
|
+
|
|
9
12
|
# Specify which sflow must not be send in the event
|
|
10
13
|
config :optional_removed_field, :validate => :array, :default => %w(sflow_version ip_version header_size ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags ip_fragment_offset ip_ttl ip_checksum ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin tcp_window_size tcp_checksum tcp_urgent_pointer tcp_options)
|
|
11
14
|
|
|
@@ -22,7 +25,7 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
22
25
|
def assign_key_value(event, bindata_kv)
|
|
23
26
|
bindata_kv.each_pair do |k, v|
|
|
24
27
|
unless @removed_field.include? k.to_s
|
|
25
|
-
event["#{k}"] = v
|
|
28
|
+
event["#{k.to_s}"] = v.to_s
|
|
26
29
|
end
|
|
27
30
|
end
|
|
28
31
|
end
|
|
@@ -48,6 +51,11 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
48
51
|
|
|
49
52
|
public
|
|
50
53
|
def decode(payload)
|
|
54
|
+
header = SFlowHeader.read(payload)
|
|
55
|
+
unless @versions.include?(header.sflow_version)
|
|
56
|
+
@logger.warn("Ignoring Sflow version v#{header.sflow_version}")
|
|
57
|
+
return
|
|
58
|
+
end
|
|
51
59
|
|
|
52
60
|
decoded = SFlow.read(payload)
|
|
53
61
|
|
|
@@ -83,6 +91,10 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
83
91
|
end
|
|
84
92
|
|
|
85
93
|
end
|
|
94
|
+
#compute frame_length_times_sampling_rate
|
|
95
|
+
if event.include?('frame_length') and event.include?('sampling_rate')
|
|
96
|
+
event["frame_length_times_sampling_rate"] = event['frame_length'].to_i * event['sampling_rate'].to_i
|
|
97
|
+
end
|
|
86
98
|
events.push(event)
|
|
87
99
|
|
|
88
100
|
#treat counter flow
|
|
@@ -108,4 +120,4 @@ class LogStash::Codecs::Sflow < LogStash::Codecs::Base
|
|
|
108
120
|
yield event
|
|
109
121
|
end
|
|
110
122
|
end # def decode
|
|
111
|
-
end # class LogStash::Filters::Sflow
|
|
123
|
+
end # class LogStash::Filters::Sflow
|
|
@@ -4,6 +4,12 @@ require 'bindata'
|
|
|
4
4
|
require 'logstash/codecs/sflow/util'
|
|
5
5
|
require 'logstash/codecs/sflow/sample'
|
|
6
6
|
|
|
7
|
+
|
|
8
|
+
class SFlowHeader < BinData::Record
|
|
9
|
+
endian :big
|
|
10
|
+
uint32 :sflow_version
|
|
11
|
+
end
|
|
12
|
+
|
|
7
13
|
# noinspection RubyResolve
|
|
8
14
|
class SFlow < BinData::Record
|
|
9
15
|
endian :big
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-sflow'
|
|
4
|
-
s.version = '0.
|
|
4
|
+
s.version = '0.8.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "The sflow codec is for decoding SFlow v5 flows."
|
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-sflow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nicolas Fraison
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-12-
|
|
11
|
+
date: 2015-12-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|