Examples with NetFlowV9Packet org.graylog.plugins.netflow.v9.NetFlowV9Packet used on opensource projects

Search in sources :

Example 1 with NetFlowV9Packet

use of org.graylog.plugins.netflow.v9.NetFlowV9Packet in project graylog2-server by Graylog2.

the class NetflowV9CodecAggregatorTest method pcap_fortinet_NetFlowV9.

@Test
public void pcap_fortinet_NetFlowV9() throws Exception {
    final List<NetFlowV9BaseRecord> allRecords = new ArrayList<>();
    final List<NetFlowV9Template> allTemplates = new ArrayList<>();
    final Collection<NetFlowV9Packet> packets = parseNetflowPcapStream("netflow-data/fgt300d-netflow9.pcap");
    packets.forEach(packet -> {
        List<NetFlowV9BaseRecord> recs = packet.records();
        allRecords.addAll(packet.records());
        allTemplates.addAll(packet.templates());
    });
    assertThat(allRecords).hasSize(146);
    assertThat(allTemplates).hasSize(12);
    NetFlowV9BaseRecord foo = allRecords.iterator().next();
    assertThat(allRecords).contains(NetFlowV9Record.create(ImmutableMap.<String, Object>builder().put("in_bytes", 371L).put("out_bytes", 371L).put("in_pkts", 2L).put("out_pkts", 2L).put("ipv4_src_addr", "98.158.128.103").put("ipv4_dst_addr", "172.30.1.154").put("l4_src_port", 32161).put("l4_dst_port", 38461).put("protocol", (short) 17).put("field_65", 3141).put("forwarding_status", (short) 64).put("flow_end_reason", (short) 2).put("input_snmp", 5).put("output_snmp", 15).put("first_switched", 2056606986L).put("last_switched", 2056787066L).put("xlate_src_addr_ipv4", "0.0.0.0").put("xlate_dst_addr_ipv4", "139.60.168.65").put("xlate_src_port", 0).put("xlate_dst_port", 38461).build()));
}
Also used : NetFlowV9Template(org.graylog.plugins.netflow.v9.NetFlowV9Template) NetFlowV9BaseRecord(org.graylog.plugins.netflow.v9.NetFlowV9BaseRecord) NetFlowV9Packet(org.graylog.plugins.netflow.v9.NetFlowV9Packet) ArrayList(java.util.ArrayList) Test(org.junit.Test)

Example 2 with NetFlowV9Packet

use of org.graylog.plugins.netflow.v9.NetFlowV9Packet in project graylog2-server by Graylog2.

the class NetFlowCodec method decodeV9Packets.

@VisibleForTesting
List<NetFlowV9Packet> decodeV9Packets(ByteBuf buffer) throws InvalidProtocolBufferException {
    byte[] v9JournalEntry = new byte[buffer.readableBytes()];
    buffer.readBytes(v9JournalEntry);
    final NetFlowV9Journal.RawNetflowV9 rawNetflowV9 = NetFlowV9Journal.RawNetflowV9.parseFrom(v9JournalEntry);
    // parse all templates used in the packet
    final Map<Integer, NetFlowV9Template> templateMap = Maps.newHashMap();
    rawNetflowV9.getTemplatesMap().forEach((templateId, byteString) -> {
        final NetFlowV9Template netFlowV9Template = NetFlowV9Parser.parseTemplate(Unpooled.wrappedBuffer(byteString.toByteArray()), typeRegistry);
        templateMap.put(templateId, netFlowV9Template);
    });
    final NetFlowV9OptionTemplate[] optionTemplate = { null };
    rawNetflowV9.getOptionTemplateMap().forEach((templateId, byteString) -> {
        optionTemplate[0] = NetFlowV9Parser.parseOptionTemplate(Unpooled.wrappedBuffer(byteString.toByteArray()), typeRegistry);
    });
    return rawNetflowV9.getPacketsList().stream().map(bytes -> Unpooled.wrappedBuffer(bytes.toByteArray())).map(buf -> NetFlowV9Parser.parsePacket(buf, typeRegistry, templateMap, optionTemplate[0])).collect(Collectors.toList());
}
Also used : Configuration(org.graylog2.plugin.configuration.Configuration) TextField(org.graylog2.plugin.configuration.fields.TextField) NetFlowV5Packet(org.graylog.plugins.netflow.v5.NetFlowV5Packet) NetFlowV9OptionTemplate(org.graylog.plugins.netflow.v9.NetFlowV9OptionTemplate) LoggerFactory(org.slf4j.LoggerFactory) Unpooled(io.netty.buffer.Unpooled) NettyTransport(org.graylog2.plugin.inputs.transports.NettyTransport) Assisted(com.google.inject.assistedinject.Assisted) Inject(javax.inject.Inject) ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress) NetFlowFormatter(org.graylog.plugins.netflow.flows.NetFlowFormatter) ByteBuf(io.netty.buffer.ByteBuf) NetFlowV9Journal(org.graylog.plugins.netflow.v9.NetFlowV9Journal) Map(java.util.Map) RawMessage(org.graylog2.plugin.journal.RawMessage) NetFlowV9FieldTypeRegistry(org.graylog.plugins.netflow.v9.NetFlowV9FieldTypeRegistry) NetFlowV9Packet(org.graylog.plugins.netflow.v9.NetFlowV9Packet) CodecAggregator(org.graylog2.plugin.inputs.codecs.CodecAggregator) Codec(org.graylog2.plugin.inputs.annotations.Codec) Nonnull(javax.annotation.Nonnull) Nullable(javax.annotation.Nullable) ConfigurationRequest(org.graylog2.plugin.configuration.ConfigurationRequest) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) ConfigurationField(org.graylog2.plugin.configuration.fields.ConfigurationField) ExceptionUtils(org.graylog2.shared.utilities.ExceptionUtils) Logger(org.slf4j.Logger) MultiMessageCodec(org.graylog2.plugin.inputs.codecs.MultiMessageCodec) Collection(java.util.Collection) FactoryClass(org.graylog2.plugin.inputs.annotations.FactoryClass) IOException(java.io.IOException) FileInputStream(java.io.FileInputStream) Maps(com.google.common.collect.Maps) NetFlowV5Parser(org.graylog.plugins.netflow.v5.NetFlowV5Parser) InetSocketAddress(java.net.InetSocketAddress) Collectors(java.util.stream.Collectors) FlowException(org.graylog.plugins.netflow.flows.FlowException) NetFlowV9Template(org.graylog.plugins.netflow.v9.NetFlowV9Template) ByteBufUtil(io.netty.buffer.ByteBufUtil) List(java.util.List) ConfigClass(org.graylog2.plugin.inputs.annotations.ConfigClass) NetFlowV9Record(org.graylog.plugins.netflow.v9.NetFlowV9Record) NetFlowV9Parser(org.graylog.plugins.netflow.v9.NetFlowV9Parser) AbstractCodec(org.graylog2.plugin.inputs.codecs.AbstractCodec) VisibleForTesting(com.google.common.annotations.VisibleForTesting) Message(org.graylog2.plugin.Message) InputStream(java.io.InputStream) NetFlowV9Template(org.graylog.plugins.netflow.v9.NetFlowV9Template) NetFlowV9OptionTemplate(org.graylog.plugins.netflow.v9.NetFlowV9OptionTemplate) NetFlowV9Journal(org.graylog.plugins.netflow.v9.NetFlowV9Journal) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Example 3 with NetFlowV9Packet

use of org.graylog.plugins.netflow.v9.NetFlowV9Packet in project graylog2-server by Graylog2.

the class NetflowV9CodecAggregatorTest method parseNetflowPcapStream.

private Collection<NetFlowV9Packet> parseNetflowPcapStream(String resourceName) throws IOException {
    final List<NetFlowV9Packet> allPackets = Lists.newArrayList();
    try (InputStream inputStream = Resources.getResource(resourceName).openStream()) {
        final Pcap pcap = Pcap.openStream(inputStream);
        pcap.loop(packet -> {
            if (packet.hasProtocol(Protocol.UDP)) {
                final UDPPacket udp = (UDPPacket) packet.getPacket(Protocol.UDP);
                final InetSocketAddress source = new InetSocketAddress(udp.getParentPacket().getSourceIP(), udp.getSourcePort());
                final CodecAggregator.Result result = codecAggregator.addChunk(Unpooled.copiedBuffer(udp.getPayload().getArray()), source);
                if (result.isValid() && result.getMessage() != null) {
                    final ByteBuf buffer = result.getMessage();
                    // must read the marker byte off the buffer first.
                    buffer.readByte();
                    allPackets.addAll(codec.decodeV9Packets(buffer));
                }
            }
            return true;
        });
    }
    return allPackets;
}
Also used : CodecAggregator(org.graylog2.plugin.inputs.codecs.CodecAggregator) InputStream(java.io.InputStream) InetSocketAddress(java.net.InetSocketAddress) NetFlowV9Packet(org.graylog.plugins.netflow.v9.NetFlowV9Packet) Pcap(io.pkts.Pcap) ByteBuf(io.netty.buffer.ByteBuf) UDPPacket(io.pkts.packet.UDPPacket)

Aggregations

NetFlowV9Packet (org.graylog.plugins.netflow.v9.NetFlowV9Packet)3 ByteBuf (io.netty.buffer.ByteBuf)2 InputStream (java.io.InputStream)2 InetSocketAddress (java.net.InetSocketAddress)2 NetFlowV9Template (org.graylog.plugins.netflow.v9.NetFlowV9Template)2 CodecAggregator (org.graylog2.plugin.inputs.codecs.CodecAggregator)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 Maps (com.google.common.collect.Maps)1 Assisted (com.google.inject.assistedinject.Assisted)1 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1 ByteBufUtil (io.netty.buffer.ByteBufUtil)1 Unpooled (io.netty.buffer.Unpooled)1 Pcap (io.pkts.Pcap)1 UDPPacket (io.pkts.packet.UDPPacket)1 FileInputStream (java.io.FileInputStream)1 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 Collection (java.util.Collection)1 List (java.util.List)1 Map (java.util.Map)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial