Example 1 with IpConnectionContext
use of loghub.IpConnectionContext in project LogHub by fbacchella.
the class SnmpTrap method processPdu.
@Override
public void processPdu(CommandResponderEvent trap) {
try {
PDU pdu = trap.getPDU();
Address localaddr = trap.getTransportMapping().getListenAddress();
Address remoteaddr = trap.getPeerAddress();
ConnectionContext ctx = ConnectionContext.EMPTY;
if (localaddr instanceof TransportIpAddress && remoteaddr instanceof TransportIpAddress) {
InetSocketAddress localinetaddr = getSA((TransportIpAddress) localaddr);
InetSocketAddress remoteinetaddr = getSA((TransportIpAddress) remoteaddr);
ctx = new IpConnectionContext(localinetaddr, remoteinetaddr, null);
}
Event event = emptyEvent(ctx);
if (pdu instanceof PDUv1) {
PDUv1 pduv1 = (PDUv1) pdu;
String enterprise = (String) convertVar(pduv1.getEnterprise());
event.put("enterprise", enterprise);
event.put("agent_addr", pduv1.getAgentAddress().getInetAddress());
if (pduv1.getGenericTrap() != PDUv1.ENTERPRISE_SPECIFIC) {
event.put("generic_trap", GENERICTRAP.values()[pduv1.getGenericTrap()].toString());
} else {
String resolved = formatter.format(pduv1.getEnterprise(), new Integer32(pduv1.getSpecificTrap()), true);
event.put("specific_trap", resolved);
}
event.put("time_stamp", 1.0 * pduv1.getTimestamp() / 100.0);
}
@SuppressWarnings("unchecked") Enumeration<VariableBinding> vbenum = (Enumeration<VariableBinding>) pdu.getVariableBindings().elements();
for (VariableBinding i : Collections.list(vbenum)) {
OID vbOID = i.getOid();
Object value = convertVar(i.getVariable());
smartPut(event, vbOID, value);
}
send(event);
} catch (Exception e) {
logger.error(e.getMessage());
logger.catching(e);
} finally {
trap.setProcessed(true);
}
}
Also used :
PDU(org.snmp4j.PDU)
Enumeration(java.util.Enumeration)
Address(org.snmp4j.smi.Address)
IpAddress(org.snmp4j.smi.IpAddress)
TransportIpAddress(org.snmp4j.smi.TransportIpAddress)
UdpAddress(org.snmp4j.smi.UdpAddress)
InetSocketAddress(java.net.InetSocketAddress)
GenericAddress(org.snmp4j.smi.GenericAddress)
TransportIpAddress(org.snmp4j.smi.TransportIpAddress)
InetSocketAddress(java.net.InetSocketAddress)
OctetString(org.snmp4j.smi.OctetString)
OID(org.snmp4j.smi.OID)
IOException(java.io.IOException)
Integer32(org.snmp4j.smi.Integer32)
UnsignedInteger32(org.snmp4j.smi.UnsignedInteger32)
IpConnectionContext(loghub.IpConnectionContext)
CommandResponderEvent(org.snmp4j.CommandResponderEvent)
Event(loghub.Event)
ConnectionContext(loghub.ConnectionContext)
IpConnectionContext(loghub.IpConnectionContext)
PDUv1(org.snmp4j.PDUv1)
VariableBinding(org.snmp4j.smi.VariableBinding)
Example 2 with IpConnectionContext
use of loghub.IpConnectionContext in project LogHub by fbacchella.
the class Udp method getConnectionContext.
@Override
public ConnectionContext getConnectionContext(ChannelHandlerContext ctx, DatagramPacket message) {
InetSocketAddress remoteaddr = message.sender();
InetSocketAddress localaddr = message.recipient();
return new IpConnectionContext(localaddr, remoteaddr, null);
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
IpConnectionContext(loghub.IpConnectionContext)
Example 3 with IpConnectionContext
use of loghub.IpConnectionContext in project LogHub by fbacchella.
the class PacketsTest method testDecode.
@SuppressWarnings("unchecked")
@Test
public void testDecode() {
Decoder nfd = new NetflowDecoder();
IpConnectionContext dummyctx = new IpConnectionContext(new InetSocketAddress(0), new InetSocketAddress(0), null);
Arrays.stream(captures).map(i -> {
logger.debug(i + ": ");
return i;
}).map(i -> "/netflow/packets/" + i).map(i -> getClass().getResourceAsStream(i)).filter(i -> i != null).map(i -> {
try {
ByteArrayOutputStream out = new ByteArrayOutputStream();
byte[] buffer = new byte[8 * 1024];
for (int length; (length = i.read(buffer)) != -1; ) {
out.write(buffer, 0, length);
}
return out;
} catch (Exception e) {
Assert.fail(e.getMessage());
return null;
}
}).filter(i -> i != null).map(i -> Unpooled.wrappedBuffer(i.toByteArray())).forEach(i -> {
try {
while (i.isReadable()) {
Map<String, Object> content = nfd.decode(dummyctx, i);
Assert.assertTrue(content.containsKey("version"));
Assert.assertTrue(content.containsKey("sequenceNumber"));
Assert.assertTrue(content.containsKey("records"));
((List<Map<String, Object>>) content.get("records")).forEach(j -> Assert.assertTrue(j.containsKey("_type")));
if (((Integer) content.get("version")) < 10) {
Assert.assertTrue(content.containsKey("SysUptime"));
}
logger.debug(content);
}
} catch (Exception e) {
Assert.fail(e.getMessage());
}
});
}
Also used :
Arrays(java.util.Arrays)
Decoder(loghub.Decoder)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
BeforeClass(org.junit.BeforeClass)
Level(org.apache.logging.log4j.Level)
IOException(java.io.IOException)
Test(org.junit.Test)
LogUtils(loghub.LogUtils)
InetSocketAddress(java.net.InetSocketAddress)
Tools(loghub.Tools)
NetflowPacket(loghub.netflow.NetflowPacket)
ArrayList(java.util.ArrayList)
Unpooled(io.netty.buffer.Unpooled)
InetAddress(java.net.InetAddress)
List(java.util.List)
Logger(org.apache.logging.log4j.Logger)
IpConnectionContext(loghub.IpConnectionContext)
Map(java.util.Map)
PacketFactory(loghub.netflow.PacketFactory)
Assert(org.junit.Assert)
LogManager(org.apache.logging.log4j.LogManager)
NetflowDecoder(loghub.netflow.NetflowDecoder)
NetflowDecoder(loghub.netflow.NetflowDecoder)
InetSocketAddress(java.net.InetSocketAddress)
IpConnectionContext(loghub.IpConnectionContext)
ArrayList(java.util.ArrayList)
List(java.util.List)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Decoder(loghub.Decoder)
NetflowDecoder(loghub.netflow.NetflowDecoder)
IOException(java.io.IOException)
Test(org.junit.Test)
Example 4 with IpConnectionContext
use of loghub.IpConnectionContext in project LogHub by fbacchella.
the class ProcessorTest method test.
@Test
public void test() throws IOException, DecodeException, ProcessorException, InterruptedException {
Processor p = new Processor();
InputStream is = getClass().getResourceAsStream("/netflow/packets/ipfix.dat");
ByteArrayOutputStream out = new ByteArrayOutputStream();
byte[] buffer = new byte[8 * 1024];
for (int length; (length = is.read(buffer)) != -1; ) {
out.write(buffer, 0, length);
}
ByteBuf bbuffer = Unpooled.wrappedBuffer(out.toByteArray());
Decoder nfd = new NetflowDecoder();
IpConnectionContext dummyctx = new IpConnectionContext(new InetSocketAddress(0), new InetSocketAddress(0), null);
Map<String, Object> content = nfd.decode(dummyctx, bbuffer);
Event e = Tools.getEvent();
e.setTimestamp((Date) content.remove(Event.TIMESTAMPKEY));
e.putAll(content);
ProcessingStatus ps = Tools.runProcessing(e, "main", Collections.singletonList(p));
logger.debug(ps.mainQueue.remove());
logger.debug(ps.mainQueue.remove());
logger.debug(ps.mainQueue.remove());
logger.debug(ps.mainQueue.remove());
logger.debug(ps.mainQueue.remove());
logger.debug(ps.mainQueue.remove());
logger.debug(ps.mainQueue.remove());
logger.debug(ps.mainQueue.remove());
Assert.assertTrue(ps.mainQueue.isEmpty());
}
Also used :
InputStream(java.io.InputStream)
InetSocketAddress(java.net.InetSocketAddress)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ByteBuf(io.netty.buffer.ByteBuf)
Decoder(loghub.Decoder)
IpConnectionContext(loghub.IpConnectionContext)
Event(loghub.Event)
ProcessingStatus(loghub.Tools.ProcessingStatus)
Test(org.junit.Test)
Example 5 with IpConnectionContext
use of loghub.IpConnectionContext in project LogHub by fbacchella.
the class NetflowDecoder method decode.
@Override
public Map<String, Object> decode(ConnectionContext ctx, ByteBuf bbuf) throws DecodeException {
InetAddress addr;
if (ctx instanceof IpConnectionContext) {
addr = ((IpConnectionContext) ctx).getRemoteAddress().getAddress();
NetflowPacket packet = PacketFactory.parsePacket(addr, bbuf);
Map<String, Object> ev = new HashMap<>();
ev.put(Event.TIMESTAMPKEY, Date.from(packet.getExportTime()));
ev.put("sequenceNumber", packet.getSequenceNumber());
switch(packet.getVersion()) {
case 5:
Netflow5Packet packet5 = (Netflow5Packet) packet;
ev.put("engine_type", packet5.getEngineType());
ev.put("sampling_interval", packet5.getSamplingInterval());
ev.put("sampling_mode", packet5.getSamplingMode());
ev.put("SysUptime", packet5.getSysUpTime());
break;
case 9:
ev.put("SysUptime", ((Netflow9Packet) packet).getSysUpTime());
break;
case 10:
break;
default:
throw new UnsupportedOperationException();
}
ev.put("version", packet.getVersion());
ev.put("records", packet.getRecords());
return ev;
}
return null;
}
Also used :
HashMap(java.util.HashMap)
IpConnectionContext(loghub.IpConnectionContext)
InetAddress(java.net.InetAddress)
Aggregations
IpConnectionContext (loghub.IpConnectionContext)6
InetSocketAddress (java.net.InetSocketAddress)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
IOException (java.io.IOException)2
InetAddress (java.net.InetAddress)2
Decoder (loghub.Decoder)2
Event (loghub.Event)2
Test (org.junit.Test)2
ByteBuf (io.netty.buffer.ByteBuf)1
Unpooled (io.netty.buffer.Unpooled)1
InputStream (java.io.InputStream)1
SocketAddress (java.net.SocketAddress)1
ArrayList (java.util.ArrayList)1
Arrays (java.util.Arrays)1
Enumeration (java.util.Enumeration)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
ConnectionContext (loghub.ConnectionContext)1
LogUtils (loghub.LogUtils)1
