Example 6 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class NetFlowCodec method decodeMessages.
@Nullable
@Override
public Collection<Message> decodeMessages(@Nonnull RawMessage rawMessage) {
try {
final ResolvableInetSocketAddress remoteAddress = rawMessage.getRemoteAddress();
final InetSocketAddress sender = remoteAddress != null ? remoteAddress.getInetSocketAddress() : null;
final byte[] payload = rawMessage.getPayload();
if (payload.length < 3) {
LOG.debug("NetFlow message (source: {}) doesn't even fit the NetFlow version (size: {} bytes)", sender, payload.length);
return null;
}
final ByteBuf buffer = Unpooled.wrappedBuffer(payload);
switch(buffer.readByte()) {
case PASSTHROUGH_MARKER:
final NetFlowV5Packet netFlowV5Packet = NetFlowV5Parser.parsePacket(buffer);
return netFlowV5Packet.records().stream().map(record -> NetFlowFormatter.toMessage(netFlowV5Packet.header(), record, sender)).collect(Collectors.toList());
case ORDERED_V9_MARKER:
// our "custom" netflow v9 that has all the templates in the same packet
return decodeV9(sender, buffer);
default:
final List<RawMessage.SourceNode> sourceNodes = rawMessage.getSourceNodes();
final RawMessage.SourceNode sourceNode = sourceNodes.isEmpty() ? null : sourceNodes.get(sourceNodes.size() - 1);
final String inputId = sourceNode == null ? "<unknown>" : sourceNode.inputId;
LOG.warn("Unsupported NetFlow packet on input {} (source: {})", inputId, sender);
return null;
}
} catch (FlowException e) {
LOG.error("Error parsing NetFlow packet <{}> received from <{}>", rawMessage.getId(), rawMessage.getRemoteAddress(), e);
if (LOG.isDebugEnabled()) {
LOG.debug("NetFlow packet hexdump:\n{}", ByteBufUtil.prettyHexDump(Unpooled.wrappedBuffer(rawMessage.getPayload())));
}
return null;
} catch (InvalidProtocolBufferException e) {
LOG.error("Invalid NetFlowV9 entry found, cannot parse the messages", ExceptionUtils.getRootCause(e));
return null;
}
}
Also used :
Configuration(org.graylog2.plugin.configuration.Configuration)
TextField(org.graylog2.plugin.configuration.fields.TextField)
NetFlowV5Packet(org.graylog.plugins.netflow.v5.NetFlowV5Packet)
NetFlowV9OptionTemplate(org.graylog.plugins.netflow.v9.NetFlowV9OptionTemplate)
LoggerFactory(org.slf4j.LoggerFactory)
Unpooled(io.netty.buffer.Unpooled)
NettyTransport(org.graylog2.plugin.inputs.transports.NettyTransport)
Assisted(com.google.inject.assistedinject.Assisted)
Inject(javax.inject.Inject)
ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress)
NetFlowFormatter(org.graylog.plugins.netflow.flows.NetFlowFormatter)
ByteBuf(io.netty.buffer.ByteBuf)
NetFlowV9Journal(org.graylog.plugins.netflow.v9.NetFlowV9Journal)
Map(java.util.Map)
RawMessage(org.graylog2.plugin.journal.RawMessage)
NetFlowV9FieldTypeRegistry(org.graylog.plugins.netflow.v9.NetFlowV9FieldTypeRegistry)
NetFlowV9Packet(org.graylog.plugins.netflow.v9.NetFlowV9Packet)
CodecAggregator(org.graylog2.plugin.inputs.codecs.CodecAggregator)
Codec(org.graylog2.plugin.inputs.annotations.Codec)
Nonnull(javax.annotation.Nonnull)
Nullable(javax.annotation.Nullable)
ConfigurationRequest(org.graylog2.plugin.configuration.ConfigurationRequest)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
ConfigurationField(org.graylog2.plugin.configuration.fields.ConfigurationField)
ExceptionUtils(org.graylog2.shared.utilities.ExceptionUtils)
Logger(org.slf4j.Logger)
MultiMessageCodec(org.graylog2.plugin.inputs.codecs.MultiMessageCodec)
Collection(java.util.Collection)
FactoryClass(org.graylog2.plugin.inputs.annotations.FactoryClass)
IOException(java.io.IOException)
FileInputStream(java.io.FileInputStream)
Maps(com.google.common.collect.Maps)
NetFlowV5Parser(org.graylog.plugins.netflow.v5.NetFlowV5Parser)
InetSocketAddress(java.net.InetSocketAddress)
Collectors(java.util.stream.Collectors)
FlowException(org.graylog.plugins.netflow.flows.FlowException)
NetFlowV9Template(org.graylog.plugins.netflow.v9.NetFlowV9Template)
ByteBufUtil(io.netty.buffer.ByteBufUtil)
List(java.util.List)
ConfigClass(org.graylog2.plugin.inputs.annotations.ConfigClass)
NetFlowV9Record(org.graylog.plugins.netflow.v9.NetFlowV9Record)
NetFlowV9Parser(org.graylog.plugins.netflow.v9.NetFlowV9Parser)
AbstractCodec(org.graylog2.plugin.inputs.codecs.AbstractCodec)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Message(org.graylog2.plugin.Message)
InputStream(java.io.InputStream)
ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress)
InetSocketAddress(java.net.InetSocketAddress)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
ByteBuf(io.netty.buffer.ByteBuf)
ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress)
FlowException(org.graylog.plugins.netflow.flows.FlowException)
NetFlowV5Packet(org.graylog.plugins.netflow.v5.NetFlowV5Packet)
RawMessage(org.graylog2.plugin.journal.RawMessage)
Nullable(javax.annotation.Nullable)
Example 7 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class AbstractTcpTransport method getChildChannelHandlers.
@Override
protected LinkedHashMap<String, Callable<? extends ChannelHandler>> getChildChannelHandlers(MessageInput input) {
final LinkedHashMap<String, Callable<? extends ChannelHandler>> handlers = new LinkedHashMap<>();
final CodecAggregator aggregator = getAggregator();
handlers.put("channel-registration", () -> new ChannelRegistrationHandler(childChannels));
handlers.put("traffic-counter", () -> throughputCounter);
handlers.put("connection-counter", () -> connectionCounter);
if (tlsEnable) {
LOG.info("Enabled TLS for input [{}/{}]. key-file=\"{}\" cert-file=\"{}\"", input.getName(), input.getId(), tlsKeyFile, tlsCertFile);
handlers.put("tls", getSslHandlerCallable(input));
}
handlers.putAll(getCustomChildChannelHandlers(input));
if (aggregator != null) {
LOG.debug("Adding codec aggregator {} to channel pipeline", aggregator);
handlers.put("codec-aggregator", () -> new ByteBufMessageAggregationHandler(aggregator, localRegistry));
}
handlers.put("rawmessage-handler", () -> new RawMessageHandler(input));
handlers.put("exception-logger", () -> new ExceptionLoggingChannelHandler(input, LOG, this.tcpKeepalive));
return handlers;
}
Also used :
CodecAggregator(org.graylog2.plugin.inputs.codecs.CodecAggregator)
ExceptionLoggingChannelHandler(org.graylog2.inputs.transports.netty.ExceptionLoggingChannelHandler)
ByteBufMessageAggregationHandler(org.graylog2.inputs.transports.netty.ByteBufMessageAggregationHandler)
ChannelRegistrationHandler(org.graylog2.inputs.transports.netty.ChannelRegistrationHandler)
ChannelHandler(io.netty.channel.ChannelHandler)
ExceptionLoggingChannelHandler(org.graylog2.inputs.transports.netty.ExceptionLoggingChannelHandler)
Callable(java.util.concurrent.Callable)
LinkedHashMap(java.util.LinkedHashMap)
RawMessageHandler(org.graylog2.inputs.transports.netty.RawMessageHandler)
Example 8 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class RawMessage method encode.
public byte[] encode() {
try {
final JournalMessages.CodecInfo codec = msgBuilder.getCodec();
final JournalMessages.CodecInfo.Builder builder = JournalMessages.CodecInfo.newBuilder(codec);
final String codecConfigJson = codecConfig.serializeToJson();
if (codecConfigJson != null) {
builder.setConfig(codecConfigJson);
}
msgBuilder.setCodec(builder.build());
final JournalMessage journalMessage = msgBuilder.build();
return journalMessage.toByteArray();
} catch (UninitializedMessageException e) {
log.error("Unable to write RawMessage to journal because required fields are missing, " + "this message will be discarded. This is a bug.", e);
return null;
}
}
Also used :
UninitializedMessageException(com.google.protobuf.UninitializedMessageException)
JournalMessage(org.graylog2.plugin.journal.JournalMessages.JournalMessage)
ByteString(com.google.protobuf.ByteString)
Example 9 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class RawMessageHandler method channelRead0.
@Override
protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {
final byte[] bytes = new byte[msg.readableBytes()];
msg.readBytes(bytes);
final RawMessage raw = new RawMessage(bytes, (InetSocketAddress) ctx.channel().remoteAddress());
input.processRawMessage(raw);
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Example 10 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class JsonPathCodec method decode.
@Nullable
@Override
public Message decode(@Nonnull RawMessage rawMessage) {
if (jsonPath == null) {
return null;
}
final String json = new String(rawMessage.getPayload(), StandardCharsets.UTF_8);
final Map<String, Object> fields = read(json);
final Message message = new Message(buildShortMessage(fields), configuration.getString(CK_SOURCE), rawMessage.getTimestamp());
message.addFields(fields);
return message;
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
Nullable(javax.annotation.Nullable)
Aggregations
RawMessage (org.graylog2.plugin.journal.RawMessage)59
Test (org.junit.Test)35
Message (org.graylog2.plugin.Message)23
InetSocketAddress (java.net.InetSocketAddress)13
IOException (java.io.IOException)7
Nullable (javax.annotation.Nullable)7
MappedMessage (org.graylog.plugins.cef.parser.MappedMessage)6
ResolvableInetSocketAddress (org.graylog2.plugin.ResolvableInetSocketAddress)6
DateTime (org.joda.time.DateTime)5
Configuration (org.graylog2.plugin.configuration.Configuration)4
ByteBuf (io.netty.buffer.ByteBuf)3
URL (java.net.URL)3
ZonedDateTime (java.time.ZonedDateTime)3
Timer (com.codahale.metrics.Timer)2
List (java.util.List)2
Map (java.util.Map)2
Properties (java.util.Properties)2
CountDownLatch (java.util.concurrent.CountDownLatch)2
NotFoundException (javax.ws.rs.NotFoundException)2
DocumentNotFoundException (org.graylog2.indexer.messages.DocumentNotFoundException)2
