Example 1 with NetFlowV5Packet
use of org.graylog.plugins.netflow.v5.NetFlowV5Packet in project graylog2-server by Graylog2.
the class NetFlowCodec method decodeMessages.
@Nullable
@Override
public Collection<Message> decodeMessages(@Nonnull RawMessage rawMessage) {
try {
final ResolvableInetSocketAddress remoteAddress = rawMessage.getRemoteAddress();
final InetSocketAddress sender = remoteAddress != null ? remoteAddress.getInetSocketAddress() : null;
final byte[] payload = rawMessage.getPayload();
if (payload.length < 3) {
LOG.debug("NetFlow message (source: {}) doesn't even fit the NetFlow version (size: {} bytes)", sender, payload.length);
return null;
}
final ByteBuf buffer = Unpooled.wrappedBuffer(payload);
switch(buffer.readByte()) {
case PASSTHROUGH_MARKER:
final NetFlowV5Packet netFlowV5Packet = NetFlowV5Parser.parsePacket(buffer);
return netFlowV5Packet.records().stream().map(record -> NetFlowFormatter.toMessage(netFlowV5Packet.header(), record, sender)).collect(Collectors.toList());
case ORDERED_V9_MARKER:
// our "custom" netflow v9 that has all the templates in the same packet
return decodeV9(sender, buffer);
default:
final List<RawMessage.SourceNode> sourceNodes = rawMessage.getSourceNodes();
final RawMessage.SourceNode sourceNode = sourceNodes.isEmpty() ? null : sourceNodes.get(sourceNodes.size() - 1);
final String inputId = sourceNode == null ? "<unknown>" : sourceNode.inputId;
LOG.warn("Unsupported NetFlow packet on input {} (source: {})", inputId, sender);
return null;
}
} catch (FlowException e) {
LOG.error("Error parsing NetFlow packet <{}> received from <{}>", rawMessage.getId(), rawMessage.getRemoteAddress(), e);
if (LOG.isDebugEnabled()) {
LOG.debug("NetFlow packet hexdump:\n{}", ByteBufUtil.prettyHexDump(Unpooled.wrappedBuffer(rawMessage.getPayload())));
}
return null;
} catch (InvalidProtocolBufferException e) {
LOG.error("Invalid NetFlowV9 entry found, cannot parse the messages", ExceptionUtils.getRootCause(e));
return null;
}
}
Also used :
Configuration(org.graylog2.plugin.configuration.Configuration)
TextField(org.graylog2.plugin.configuration.fields.TextField)
NetFlowV5Packet(org.graylog.plugins.netflow.v5.NetFlowV5Packet)
NetFlowV9OptionTemplate(org.graylog.plugins.netflow.v9.NetFlowV9OptionTemplate)
LoggerFactory(org.slf4j.LoggerFactory)
Unpooled(io.netty.buffer.Unpooled)
NettyTransport(org.graylog2.plugin.inputs.transports.NettyTransport)
Assisted(com.google.inject.assistedinject.Assisted)
Inject(javax.inject.Inject)
ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress)
NetFlowFormatter(org.graylog.plugins.netflow.flows.NetFlowFormatter)
ByteBuf(io.netty.buffer.ByteBuf)
NetFlowV9Journal(org.graylog.plugins.netflow.v9.NetFlowV9Journal)
Map(java.util.Map)
RawMessage(org.graylog2.plugin.journal.RawMessage)
NetFlowV9FieldTypeRegistry(org.graylog.plugins.netflow.v9.NetFlowV9FieldTypeRegistry)
NetFlowV9Packet(org.graylog.plugins.netflow.v9.NetFlowV9Packet)
CodecAggregator(org.graylog2.plugin.inputs.codecs.CodecAggregator)
Codec(org.graylog2.plugin.inputs.annotations.Codec)
Nonnull(javax.annotation.Nonnull)
Nullable(javax.annotation.Nullable)
ConfigurationRequest(org.graylog2.plugin.configuration.ConfigurationRequest)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
ConfigurationField(org.graylog2.plugin.configuration.fields.ConfigurationField)
ExceptionUtils(org.graylog2.shared.utilities.ExceptionUtils)
Logger(org.slf4j.Logger)
MultiMessageCodec(org.graylog2.plugin.inputs.codecs.MultiMessageCodec)
Collection(java.util.Collection)
FactoryClass(org.graylog2.plugin.inputs.annotations.FactoryClass)
IOException(java.io.IOException)
FileInputStream(java.io.FileInputStream)
Maps(com.google.common.collect.Maps)
NetFlowV5Parser(org.graylog.plugins.netflow.v5.NetFlowV5Parser)
InetSocketAddress(java.net.InetSocketAddress)
Collectors(java.util.stream.Collectors)
FlowException(org.graylog.plugins.netflow.flows.FlowException)
NetFlowV9Template(org.graylog.plugins.netflow.v9.NetFlowV9Template)
ByteBufUtil(io.netty.buffer.ByteBufUtil)
List(java.util.List)
ConfigClass(org.graylog2.plugin.inputs.annotations.ConfigClass)
NetFlowV9Record(org.graylog.plugins.netflow.v9.NetFlowV9Record)
NetFlowV9Parser(org.graylog.plugins.netflow.v9.NetFlowV9Parser)
AbstractCodec(org.graylog2.plugin.inputs.codecs.AbstractCodec)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Message(org.graylog2.plugin.Message)
InputStream(java.io.InputStream)
ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress)
InetSocketAddress(java.net.InetSocketAddress)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
ByteBuf(io.netty.buffer.ByteBuf)
ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress)
FlowException(org.graylog.plugins.netflow.flows.FlowException)
NetFlowV5Packet(org.graylog.plugins.netflow.v5.NetFlowV5Packet)
RawMessage(org.graylog2.plugin.journal.RawMessage)
Nullable(javax.annotation.Nullable)
Aggregations
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
Maps (com.google.common.collect.Maps)1
Assisted (com.google.inject.assistedinject.Assisted)1
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1
ByteBuf (io.netty.buffer.ByteBuf)1
ByteBufUtil (io.netty.buffer.ByteBufUtil)1
Unpooled (io.netty.buffer.Unpooled)1
FileInputStream (java.io.FileInputStream)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
InetSocketAddress (java.net.InetSocketAddress)1
Collection (java.util.Collection)1
List (java.util.List)1
Map (java.util.Map)1
Collectors (java.util.stream.Collectors)1
Nonnull (javax.annotation.Nonnull)1
Nullable (javax.annotation.Nullable)1
Inject (javax.inject.Inject)1
FlowException (org.graylog.plugins.netflow.flows.FlowException)1
NetFlowFormatter (org.graylog.plugins.netflow.flows.NetFlowFormatter)1
