{"id":26198374,"url":"https://github.com/path-network/logstash-codec-sflow","last_synced_at":"2025-04-15T04:45:08.098Z","repository":{"id":46969893,"uuid":"47459604","full_name":"path-network/logstash-codec-sflow","owner":"path-network","description":"Logstash codec plugin to decrypt sflow","archived":false,"fork":false,"pushed_at":"2023-09-12T08:20:45.000Z","size":86,"stargazers_count":34,"open_issues_count":10,"forks_count":17,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-04-15T04:44:51.828Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/path-network.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-12-05T14:48:03.000Z","updated_at":"2024-12-21T15:02:08.000Z","dependencies_parsed_at":"2022-07-22T09:32:26.069Z","dependency_job_id":null,"html_url":"https://github.com/path-network/logstash-codec-sflow","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/path-network%2Flogstash-codec-sflow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/path-network%2Flogstash-codec-sflow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/path-network%2Flogstash-codec-sflow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/path-network%2Flogstash-codec-sflow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/path-network","download_url":"https://codeload.github.com/path-network/logstash-codec-sflow/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249010190,"owners_count":21197797,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-12T02:52:01.734Z","updated_at":"2025-04-15T04:45:08.083Z","avatar_url":"https://github.com/path-network.png","language":"Ruby","readme":"# Logstash Codec SFlow Plugin\n## Description\nLogstash codec plugin to decode sflow codec.\n\nThis codec manage flow sample, counter flow, expanded flow sample and expanded counter flow\n\nFor the (expanded) flow sample it is able to decode Ethernet, 802.1Q VLAN, IPv4, UDP and TCP header\n\nFor the (expanded) counter flow it is able to decode some records of type:\n\n- Generic Interface\n- Ethernet Interface\n- VLAN\n- Processor Information\n- HTTP\n- LAG\n\n## TO DO\nCurrently this plugin does not manage all sflow counter and is not able to decode\nall kind of protocols.\nIf needed you can aks for some to be added.\nPlease provide a pcap file containing the sflow events of the counter/protocol\nto add in order to be able to implement it.\n\n## Tune reported fields\nBy default all those fields are removed from the emitted event:\n    \n    %w(sflow_version header_size ip_header_length ip_dscp ip_ecn ip_total_length ip_identification ip_flags \n    ip_fragment_offset ip_ttl ip_checksum ip_options tcp_seq_number tcp_ack_number tcp_header_length tcp_reserved \n    tcp_is_nonce tcp_is_cwr tcp_is_ecn_echo tcp_is_urgent tcp_is_ack tcp_is_push tcp_is_reset tcp_is_syn tcp_is_fin \n    tcp_window_size tcp_checksum tcp_urgent_pointer tcp_options vlan_cfi sequence_number flow_sequence_number vlan_type \n    udp_length udp_checksum)\n    \nYou can tune the list of removed fields by setting this parameter to the sflow codec *optional_removed_field*\n\n## frame_length_times_sampling_rate output field on (expanded) flow sample\n\nThis field is the length of the frame times the sampling rate. It permits to approximate the number of bits send/receive \non an interface/socket.\n\nYou must first ensure to have well configured the sampling rate to have an accurate output metric (See: http://blog.sflow.com/2009/06/sampling-rates.html)\n\n\n## Human Readable Protocol\nIn order to translate protocols value to a human readable protocol, you can use the\nlogstash-filter-translate plugin\n```\nfilter {\n      translate {\n        field =\u003e protocol\n        dictionary =\u003e [ \"1\", \"ETHERNET\",\n                        \"11\", \"IP\"\n                      ]\n        fallback =\u003e \"UNKNOWN\"\n        destination =\u003e protocol\n        override =\u003e true\n      }\n      translate {\n        field =\u003e eth_type\n        dictionary =\u003e [ \"2048\", \"IP\",\n                        \"33024\", \"802.1Q VLAN\"\n                      ]\n        fallback =\u003e \"UNKNOWN\"\n        destination =\u003e eth_type\n        override =\u003e true\n      }\n      translate {\n        field =\u003e vlan_type\n        dictionary =\u003e [ \"2048\", \"IP\"\n                      ]\n        fallback =\u003e \"UNKNOWN\"\n        destination =\u003e vlan_type\n        override =\u003e true\n      }\n      translate {\n        field =\u003e ip_protocol\n        dictionary =\u003e [ \"6\", \"TCP\",\n                        \"17\", \"UDP\",\n                        \"50\", \"Encapsulating Security Payload\"\n                      ]\n        fallback =\u003e \"UNKNOWN\"\n        destination =\u003e ip_protocol\n        override =\u003e true\n      }\n}\n```\n\n[![Build\nStatus](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Codecs/job/logstash-plugin-codec-example-unit/badge/icon)](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Codecs/job/logstash-plugin-codec-example-unit/)\n\nThis is a plugin for [Logstash](https://github.com/elastic/logstash).\n\nIt is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.\n\n## Documentation\n\nLogstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).\n\n- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive\n- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide\n\n## Need Help?\n\nNeed help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.\n\n## Developing\n\n### 1. Plugin Developement and Testing\n\n#### Code\n- To get started, you'll need JRuby with the Bundler gem installed.\n\n- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization.\n\n- Install dependencies\n```sh\nbundle install\n```\n\n#### Test\n\n```sh\nbundle exec rspec\n```\n\nThe Logstash code required to run the tests/specs is specified in the `Gemfile` by the line similar to:\n```ruby\ngem \"logstash\", :github =\u003e \"elasticsearch/logstash\", :branch =\u003e \"1.5\"\n```\nTo test against another version or a local Logstash, edit the `Gemfile` to specify an alternative location, for example:\n```ruby\ngem \"logstash\", :github =\u003e \"elasticsearch/logstash\", :ref =\u003e \"master\"\n```\n```ruby\ngem \"logstash\", :path =\u003e \"/your/local/logstash\"\n```\n\nThen update your dependencies and run your tests:\n\n```sh\nbundle install\nbundle exec rspec\n```\n\n### 2. Running your unpublished Plugin in Logstash\n\n#### 2.1 Run in a local Logstash clone\n\n- Edit Logstash `tools/Gemfile` and add the local plugin path, for example:\n```ruby\ngem \"logstash-codec-sflow\", :path =\u003e \"/your/local/logstash-codec-sflow\"\n```\n- Update Logstash dependencies\n```sh\nrake vendor:gems\n```\n- Run Logstash with your plugin\n```sh\nbin/logstash -e 'input { udp { port =\u003e 6343 codec =\u003e sflow }}'\n```\nAt this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.\n\n#### 2.2 Run in an installed Logstash\n\n- Build your plugin gem\n```sh\ngem build logstash-codec-sflow.gemspec\n```\n- Install the plugin from the Logstash home\n```sh\nbin/plugin install /your/local/plugin/logstash-codec-sflow.gem\n```\n- Start Logstash and proceed to test the plugin\n\n## Contributing\n\nAll contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.\n\nProgramming is not a required skill. Whatever you've seen about open source and maintainers or community members  saying \"send patches or die\" - you will not see that here.\n\nIt is more important to me that you are able to contribute.\n\nFor more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpath-network%2Flogstash-codec-sflow","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpath-network%2Flogstash-codec-sflow","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpath-network%2Flogstash-codec-sflow/lists"}