74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
# File 'lib/fluent/plugin/parser_netflow_v5.rb', line 74
def handle_v5(host, packet, block)
packet.records.each do |flowset|
record = {
"version" => packet.version,
"uptime" => packet.uptime,
"flow_records" => packet.flow_records,
"flow_seq_num" => packet.flow_seq_num,
"engine_type" => packet.engine_type,
"engine_id" => packet.engine_id,
"sampling_algorithm" => packet.sampling_algorithm,
"sampling_interval" => packet.sampling_interval,
"ipv4_src_addr" => flowset.ipv4_src_addr,
"ipv4_dst_addr" => flowset.ipv4_dst_addr,
"ipv4_next_hop" => flowset.ipv4_next_hop,
"input_snmp" => flowset.input_snmp,
"output_snmp" => flowset.output_snmp,
"in_pkts" => flowset.in_pkts,
"in_bytes" => flowset.in_bytes,
"first_switched" => flowset.first_switched,
"last_switched" => flowset.last_switched,
"l4_src_port" => flowset.l4_src_port,
"l4_dst_port" => flowset.l4_dst_port,
"tcp_flags" => flowset.tcp_flags,
"protocol" => flowset.protocol,
"src_tos" => flowset.src_tos,
"src_as" => flowset.src_as,
"dst_as" => flowset.dst_as,
"src_mask" => flowset.src_mask,
"dst_mask" => flowset.dst_mask
}
unless @switched_times_from_uptime
record["first_switched"] = format_for_switched(msec_from_boot_to_time(record["first_switched"], packet.uptime, packet.unix_sec, packet.unix_nsec))
record["last_switched"] = format_for_switched(msec_from_boot_to_time(record["last_switched"] , packet.uptime, packet.unix_sec, packet.unix_nsec))
end
time = Time.at(packet.unix_sec, packet.unix_nsec / 1000).to_i
block.call(time, record, host)
end
end
|