Documentation ¶
Index ¶
- Variables
- func BulkAdd(data []string) error
- func CreateEs(data, typed, id string) error
- func InitEs(hostUrl, indexName string)
- func ParseSflowV5ToEs(sample *FlowSamples, counter *SFlowCounterSample) (string, error)
- func Search(index, typs string)
- type BinaryRecordV5
- type Collected
- func (this *Collected) CheckInfo(ppp []byte)
- func (this *Collected) ListenNetFlowV5(protocol, port string)
- func (this *Collected) ListenSFlowSample(protocol, port string)
- func (this *Collected) ListenSflowAll(protocol, port string)
- func (this *Collected) ListenSflowCounter(protocol, port string)
- func (this *Collected) SendUdp(result string, counter bool)
- type Data
- type Datagram
- type FlowSamples
- type Header
- type HeaderV5
- type NetFlowV5
- type RecordBaseV5
- type SFlowBaseCounterRecord
- type SFlowBaseFlowRecord
- type SFlowCounterSample
- type SFlowEthernetCounters
- type SFlowEthernetFrameRecord
- type SFlowExtendedGatewayFlowRecord
- type SFlowExtendedRouterFlowRecord
- type SFlowExtendedSwitchFlowRecord
- type SFlowExtendedUserFlow
- type SFlowGenericInterfaceCounters
- type SFlowProcessorCounters
- type SFlowRawPacketFlowRecord
Constants ¶
This section is empty.
Variables ¶
var DataChannel chan string
Functions ¶
func ParseSflowV5ToEs ¶
func ParseSflowV5ToEs(sample *FlowSamples, counter *SFlowCounterSample) (string, error)
Types ¶
type BinaryRecordV5 ¶
type BinaryRecordV5 struct { Ipv4SrcAddrInt uint32 `json:"-" codec:"-"` Ipv4DstAddrInt uint32 `json:"-" codec:"-"` Ipv4NextHopInt uint32 `json:"-" codec:"-"` RecordBaseV5 }
type Collected ¶
type Collected struct { DeviceName string //设备名称 SnapShotLen int32 SnapShotLenUint uint32 Promiscuous bool //是否开启混杂模式 Timeout time.Duration Udpbool bool //是否开启udp sample and netflow传输 Host string //udp 发送客户端及端口 127.0.0.1:8888 CounterHost string //udp counter 传输 EsPath string // elasticsearch address path IsEs bool // 是否传送到es Index string // es索引名称 }
func (*Collected) ListenNetFlowV5 ¶
func (*Collected) ListenSFlowSample ¶
func (*Collected) ListenSflowAll ¶
func (*Collected) ListenSflowCounter ¶
type Data ¶
type Datagram ¶
type Datagram struct { SrcMac string DstMac string SrcIP string DstIP string SrcPort string DstPort string }
原始报文信息即交换机物理设备信息
type FlowSamples ¶
type FlowSamples struct { Data *Data EnterpriseID string Format string SampleLength uint32 SequenceNumber uint32 SourceIDClass string SourceIDIndex string SamplingRate uint32 SamplePool uint32 Dropped uint32 InputInterfaceFormat uint32 InputInterface uint32 OutputInterfaceFormat uint32 OutputInterface uint32 RecordCount uint32 SFlowRawPacketFlowRecord SFlowRawPacketFlowRecord SFlowExtendedSwitchFlowRecord SFlowExtendedSwitchFlowRecord SFlowExtendedRouterFlowRecord SFlowExtendedRouterFlowRecord SFlowExtendedGatewayFlowRecord SFlowExtendedGatewayFlowRecord SFlowExtendedUserFlow SFlowExtendedUserFlow }
func NewFlowSamples ¶
func NewFlowSamples() *FlowSamples
func (*FlowSamples) InitFlowSampleData ¶
func (this *FlowSamples) InitFlowSampleData(p layers.SFlowFlowSample) error
func (*FlowSamples) InitOriginData ¶
func (this *FlowSamples) InitOriginData(p gopacket.Packet) error
func (*FlowSamples) ParseLayers ¶
func (this *FlowSamples) ParseLayers(p gopacket.Packet) error
func (*FlowSamples) SendUdp ¶
func (this *FlowSamples) SendUdp(result, CounterHost, Host string, counter bool)
type Header ¶
type Header struct { FlowRecords uint32 //flow流数据量 Packets int //包个数 Bytes uint32 //字节大小 RateBytes uint32 //自动采样率计算 SrcMac string DstMac string SrcIP string DstIP string Ipv4_version uint8 Ipv4_ihl uint8 Ipv4_tos uint8 Ipv4_ttl uint8 Ipv4_protocol string SrcPort string //如果是icmp的就只把数据写入这个 DstPort string }
flow流详细信息
type HeaderV5 ¶
type HeaderV5 struct { Version uint16 `json:"version" codec:"version"` FlowRecords uint16 `json:"flow_records" codec:"flow_records"` Uptime uint32 `json:"uptime" codec:"uptime"` UnixSec uint32 `json:"unix_sec" codec:"unix_sec"` UnixNsec uint32 `json:"unix_nsec" codec:"unix_nsec"` FlowSeqNum uint32 `json:"flow_seq_num" codec:"flow_seq_num"` EngineType uint8 `json:"engine_type" codec:"engine_type"` EngineId uint8 `json:"engine_id" codec:"engine_id"` SamplingInterval uint16 `json:"sampling_interval" codec:"sampling_interval"` }
type NetFlowV5 ¶
type NetFlowV5 struct { HeaderV5 BinaryRecordV5 Host string `json:"host" codec:"host"` SamplingAlgorithm uint8 `json:"sampling_algorithm" codec:"sampling_algorithm"` Ipv4SrcAddr string `json:"ipv4_src_addr" codec:"ipv4_src_addr"` Ipv4DstAddr string `json:"ipv4_dst_addr" codec:"ipv4_dst_addr"` Ipv4NextHop string `json:"ipv4_next_hop" codec:"ipv4_next_hop"` }
func (*NetFlowV5) DecodeNetFlowV5 ¶
func (this *NetFlowV5) DecodeNetFlowV5(header *HeaderV5, binRecord *BinaryRecordV5, ip string) NetFlowV5
type RecordBaseV5 ¶
type RecordBaseV5 struct { InputSnmp uint16 `json:"input_snmp" codec:"input_snmp"` OutputSnmp uint16 `json:"output_snmp" codec:"output_snmp"` InPkts uint32 `json:"in_pkts" codec:"in_pkts"` InBytes uint32 `json:"in_bytes" codec:"in_bytes"` FirstSwitched uint32 `json:"first_switched" codec:"first_switched"` LastSwitched uint32 `json:"last_switched" codec:"last_switched"` L4SrcPort uint16 `json:"l4_src_port" codec:"l4_src_port"` L4DstPort uint16 `json:"l4_dst_port" codec:"l4_dst_port"` TcpFlags uint8 `json:"tcp_flags" codec:"tcp_flags"` Protocol uint8 `json:"protocol" codec:"protocol"` SrcTos uint8 `json:"src_tos" codec:"src_tos"` SrcAs uint16 `json:"src_as" codec:"src_as"` DstAs uint16 `json:"dst_as" codec:"dst_as"` SrcMask uint8 `json:"src_mask" codec:"src_mask"` DstMask uint8 `json:"dst_mask" codec:"dst_mask"` // contains filtered or unexported fields }
type SFlowBaseCounterRecord ¶
type SFlowBaseFlowRecord ¶
SFlowBaseFlowRecord holds the fields common to all records of type SFlowFlowRecordType
type SFlowCounterSample ¶
type SFlowCounterSample struct { Data Data EnterpriseID string Format string SampleLength uint32 SequenceNumber uint32 SourceIDClass string SourceIDIndex string RecordCount uint32 SFlowGenericInterfaceCounters SFlowGenericInterfaceCounters SFlowEthernetCounters SFlowEthernetCounters SFlowProcessorCounters SFlowProcessorCounters }
Counter samples report information about various counter objects. Typically these are items like IfInOctets, or CPU / Memory stats, etc. SFlow will report these at regular intervals as configured on the agent. If one were sufficiently industrious, this could be used to replace the typical SNMP polling used for such things.
func NewCounterFlow ¶
func NewCounterFlow() *SFlowCounterSample
func (*SFlowCounterSample) InitCounterSample ¶
func (this *SFlowCounterSample) InitCounterSample(p layers.SFlowCounterSample) error
func (*SFlowCounterSample) InitCounterSampleStruct ¶
func (this *SFlowCounterSample) InitCounterSampleStruct(p *layers.SFlowDatagram) error
func (*SFlowCounterSample) InitOriginData ¶
func (this *SFlowCounterSample) InitOriginData(p gopacket.Packet) error
type SFlowEthernetCounters ¶
type SFlowEthernetCounters struct { SFlowBaseCounterRecord SFlowBaseCounterRecord AlignmentErrors uint32 FCSErrors uint32 SingleCollisionFrames uint32 MultipleCollisionFrames uint32 SQETestErrors uint32 DeferredTransmissions uint32 LateCollisions uint32 ExcessiveCollisions uint32 InternalMacTransmitErrors uint32 CarrierSenseErrors uint32 FrameTooLongs uint32 InternalMacReceiveErrors uint32 SymbolErrors uint32 }
type SFlowEthernetFrameRecord ¶
type SFlowEthernetFrameRecord struct { //为2代表是Ethernet Frame Data字段 Format uint32 //总的字节数(不包含tag和length字段) Length uint32 //源mac地址8字节 SrcMac []byte //目的mac地址8字节 DstMac []byte Type uint32 }
0 15 31 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | Tag | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | Length | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | Length Bytes | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | Src Mac | Dst Mac | +--+--+--+--+--+--+--+--+
type SFlowExtendedRouterFlowRecord ¶
type SFlowExtendedRouterFlowRecord struct { SFlowBaseFlowRecord SFlowBaseFlowRecord NextHop net.IP NextHopSourceMask uint32 NextHopDestinationMask uint32 }
SFlowExtendedRouterFlowRecord gives additional information about the layer 3 routing information used to forward the packet
type SFlowExtendedSwitchFlowRecord ¶
type SFlowExtendedSwitchFlowRecord struct { SFlowBaseFlowRecord SFlowBaseFlowRecord IncomingVLAN uint32 IncomingVLANPriority uint32 OutgoingVLAN uint32 OutgoingVLANPriority uint32 }
SFlowExtendedSwitchFlowRecord give additional information about the sampled packet if it's available. It's mainly useful for getting at the incoming and outgoing VLANs An agent may or may not provide this information.
type SFlowExtendedUserFlow ¶
type SFlowExtendedUserFlow struct { SFlowBaseFlowRecord SFlowBaseFlowRecord SourceCharSet string SourceUserID string DestinationCharSet string DestinationUserID string }
type SFlowGenericInterfaceCounters ¶
type SFlowGenericInterfaceCounters struct { SFlowBaseCounterRecord SFlowBaseCounterRecord IfIndex uint32 IfType uint32 IfSpeed uint64 IfDirection uint32 IfStatus uint32 IfInOctets uint64 IfInUcastPkts uint32 IfInMulticastPkts uint32 IfInBroadcastPkts uint32 IfInDiscards uint32 IfInErrors uint32 IfInUnknownProtos uint32 IfOutOctets uint64 IfOutUcastPkts uint32 IfOutMulticastPkts uint32 IfOutBroadcastPkts uint32 IfOutDiscards uint32 IfOutErrors uint32 IfPromiscuousMode uint32 }
type SFlowProcessorCounters ¶
type SFlowProcessorCounters struct { SFlowBaseCounterRecord SFlowBaseCounterRecord FiveSecCpu uint32 // 5 second average CPU utilization OneMinCpu uint32 // 1 minute average CPU utilization FiveMinCpu uint32 // 5 minute average CPU utilization TotalMemory uint64 // total memory (in bytes) FreeMemory uint64 // free memory (in bytes) }