Documentation
¶
Index ¶
- Variables
- func BulkAdd(data []string) error
- func CreateEs(data, typed, id string) error
- func InitEs(hostUrl, indexName string)
- func ParseSflowV5ToEs(sample *FlowSamples, counter *SFlowCounterSample) (string, error)
- func Search(index, typs string)
- type BinaryRecordV5
- type Collected
- func (this *Collected) CheckInfo(ppp []byte)
- func (this *Collected) ListenNetFlowV5(protocol, port string)
- func (this *Collected) ListenSFlowSample(protocol, port string)
- func (this *Collected) ListenSflowAll(protocol, port string)
- func (this *Collected) ListenSflowCounter(protocol, port string)
- func (this *Collected) SendUdp(result string, counter bool)
- type Data
- type Datagram
- type FlowSamples
- type Header
- type HeaderV5
- type NetFlowV5
- type RecordBaseV5
- type SFlowBaseCounterRecord
- type SFlowBaseFlowRecord
- type SFlowCounterSample
- type SFlowEthernetCounters
- type SFlowEthernetFrameRecord
- type SFlowExtendedGatewayFlowRecord
- type SFlowExtendedRouterFlowRecord
- type SFlowExtendedSwitchFlowRecord
- type SFlowExtendedUserFlow
- type SFlowGenericInterfaceCounters
- type SFlowProcessorCounters
- type SFlowRawPacketFlowRecord
Constants ¶
This section is empty.
Variables ¶
View Source
var DataChannel chan string
Functions ¶
func ParseSflowV5ToEs ¶
func ParseSflowV5ToEs(sample *FlowSamples, counter *SFlowCounterSample) (string, error)
Types ¶
type BinaryRecordV5 ¶
type BinaryRecordV5 struct {
Ipv4SrcAddrInt uint32 `json:"-" codec:"-"`
Ipv4DstAddrInt uint32 `json:"-" codec:"-"`
Ipv4NextHopInt uint32 `json:"-" codec:"-"`
RecordBaseV5
}
type Collected ¶
type Collected struct {
DeviceName string //设备名称
SnapShotLen int32
SnapShotLenUint uint32
Promiscuous bool //是否开启混杂模式
Timeout time.Duration
Udpbool bool //是否开启udp sample and netflow传输
Host string //udp 发送客户端及端口 127.0.0.1:8888
CounterHost string //udp counter 传输
EsPath string // elasticsearch address path
IsEs bool // 是否传送到es
Index string // es索引名称
}
func (*Collected) ListenNetFlowV5 ¶
func (*Collected) ListenSFlowSample ¶
func (*Collected) ListenSflowAll ¶
func (*Collected) ListenSflowCounter ¶
type Data ¶
type Datagram ¶
type Datagram struct {
SrcMac string
DstMac string
SrcIP string
DstIP string
SrcPort string
DstPort string
}
原始报文信息即交换机物理设备信息
type FlowSamples ¶
type FlowSamples struct {
Data *Data
EnterpriseID string
Format string
SampleLength uint32
SequenceNumber uint32
SourceIDClass string
SourceIDIndex string
SamplingRate uint32
SamplePool uint32
Dropped uint32
InputInterfaceFormat uint32
InputInterface uint32
OutputInterfaceFormat uint32
OutputInterface uint32
RecordCount uint32
SFlowRawPacketFlowRecord SFlowRawPacketFlowRecord
SFlowExtendedSwitchFlowRecord SFlowExtendedSwitchFlowRecord
SFlowExtendedRouterFlowRecord SFlowExtendedRouterFlowRecord
SFlowExtendedGatewayFlowRecord SFlowExtendedGatewayFlowRecord
SFlowExtendedUserFlow SFlowExtendedUserFlow
}
func NewFlowSamples ¶
func NewFlowSamples() *FlowSamples
func (*FlowSamples) InitFlowSampleData ¶
func (this *FlowSamples) InitFlowSampleData(p layers.SFlowFlowSample) error
func (*FlowSamples) InitOriginData ¶
func (this *FlowSamples) InitOriginData(p gopacket.Packet) error
func (*FlowSamples) ParseLayers ¶
func (this *FlowSamples) ParseLayers(p gopacket.Packet) error
func (*FlowSamples) SendUdp ¶
func (this *FlowSamples) SendUdp(result, CounterHost, Host string, counter bool)
type Header ¶
type Header struct {
FlowRecords uint32 //flow流数据量
Packets int //包个数
Bytes uint32 //字节大小
RateBytes uint32 //自动采样率计算
SrcMac string
DstMac string
SrcIP string
DstIP string
Ipv4_version uint8
Ipv4_ihl uint8
Ipv4_tos uint8
Ipv4_ttl uint8
Ipv4_protocol string
SrcPort string //如果是icmp的就只把数据写入这个
DstPort string
}
flow流详细信息
type HeaderV5 ¶
type HeaderV5 struct {
Version uint16 `json:"version" codec:"version"`
FlowRecords uint16 `json:"flow_records" codec:"flow_records"`
Uptime uint32 `json:"uptime" codec:"uptime"`
UnixSec uint32 `json:"unix_sec" codec:"unix_sec"`
UnixNsec uint32 `json:"unix_nsec" codec:"unix_nsec"`
FlowSeqNum uint32 `json:"flow_seq_num" codec:"flow_seq_num"`
EngineType uint8 `json:"engine_type" codec:"engine_type"`
EngineId uint8 `json:"engine_id" codec:"engine_id"`
SamplingInterval uint16 `json:"sampling_interval" codec:"sampling_interval"`
}
type NetFlowV5 ¶
type NetFlowV5 struct {
HeaderV5
BinaryRecordV5
Host string `json:"host" codec:"host"`
SamplingAlgorithm uint8 `json:"sampling_algorithm" codec:"sampling_algorithm"`
Ipv4SrcAddr string `json:"ipv4_src_addr" codec:"ipv4_src_addr"`
Ipv4DstAddr string `json:"ipv4_dst_addr" codec:"ipv4_dst_addr"`
Ipv4NextHop string `json:"ipv4_next_hop" codec:"ipv4_next_hop"`
}
func (*NetFlowV5) DecodeNetFlowV5 ¶
func (this *NetFlowV5) DecodeNetFlowV5(header *HeaderV5, binRecord *BinaryRecordV5, ip string) NetFlowV5
type RecordBaseV5 ¶
type RecordBaseV5 struct {
InputSnmp uint16 `json:"input_snmp" codec:"input_snmp"`
OutputSnmp uint16 `json:"output_snmp" codec:"output_snmp"`
InPkts uint32 `json:"in_pkts" codec:"in_pkts"`
InBytes uint32 `json:"in_bytes" codec:"in_bytes"`
FirstSwitched uint32 `json:"first_switched" codec:"first_switched"`
LastSwitched uint32 `json:"last_switched" codec:"last_switched"`
L4SrcPort uint16 `json:"l4_src_port" codec:"l4_src_port"`
L4DstPort uint16 `json:"l4_dst_port" codec:"l4_dst_port"`
TcpFlags uint8 `json:"tcp_flags" codec:"tcp_flags"`
Protocol uint8 `json:"protocol" codec:"protocol"`
SrcTos uint8 `json:"src_tos" codec:"src_tos"`
SrcAs uint16 `json:"src_as" codec:"src_as"`
DstAs uint16 `json:"dst_as" codec:"dst_as"`
SrcMask uint8 `json:"src_mask" codec:"src_mask"`
DstMask uint8 `json:"dst_mask" codec:"dst_mask"`
// contains filtered or unexported fields
}
type SFlowBaseCounterRecord ¶
type SFlowBaseFlowRecord ¶
SFlowBaseFlowRecord holds the fields common to all records of type SFlowFlowRecordType
type SFlowCounterSample ¶
type SFlowCounterSample struct {
Data Data
EnterpriseID string
Format string
SampleLength uint32
SequenceNumber uint32
SourceIDClass string
SourceIDIndex string
RecordCount uint32
SFlowGenericInterfaceCounters SFlowGenericInterfaceCounters
SFlowEthernetCounters SFlowEthernetCounters
SFlowProcessorCounters SFlowProcessorCounters
}
Counter samples report information about various counter objects. Typically these are items like IfInOctets, or CPU / Memory stats, etc. SFlow will report these at regular intervals as configured on the agent. If one were sufficiently industrious, this could be used to replace the typical SNMP polling used for such things.
func NewCounterFlow ¶
func NewCounterFlow() *SFlowCounterSample
func (*SFlowCounterSample) InitCounterSample ¶
func (this *SFlowCounterSample) InitCounterSample(p layers.SFlowCounterSample) error
func (*SFlowCounterSample) InitCounterSampleStruct ¶
func (this *SFlowCounterSample) InitCounterSampleStruct(p *layers.SFlowDatagram) error
func (*SFlowCounterSample) InitOriginData ¶
func (this *SFlowCounterSample) InitOriginData(p gopacket.Packet) error
type SFlowEthernetCounters ¶
type SFlowEthernetCounters struct {
SFlowBaseCounterRecord SFlowBaseCounterRecord
AlignmentErrors uint32
FCSErrors uint32
SingleCollisionFrames uint32
MultipleCollisionFrames uint32
SQETestErrors uint32
DeferredTransmissions uint32
LateCollisions uint32
ExcessiveCollisions uint32
InternalMacTransmitErrors uint32
CarrierSenseErrors uint32
FrameTooLongs uint32
InternalMacReceiveErrors uint32
SymbolErrors uint32
}
type SFlowEthernetFrameRecord ¶
type SFlowEthernetFrameRecord struct {
//为2代表是Ethernet Frame Data字段
Format uint32
//总的字节数(不包含tag和length字段)
Length uint32
//源mac地址8字节
SrcMac []byte
//目的mac地址8字节
DstMac []byte
Type uint32
}
0 15 31 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | Tag | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | Length | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | Length Bytes | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | Src Mac | Dst Mac | +--+--+--+--+--+--+--+--+
type SFlowExtendedRouterFlowRecord ¶
type SFlowExtendedRouterFlowRecord struct {
SFlowBaseFlowRecord SFlowBaseFlowRecord
NextHop net.IP
NextHopSourceMask uint32
NextHopDestinationMask uint32
}
SFlowExtendedRouterFlowRecord gives additional information about the layer 3 routing information used to forward the packet
type SFlowExtendedSwitchFlowRecord ¶
type SFlowExtendedSwitchFlowRecord struct {
SFlowBaseFlowRecord SFlowBaseFlowRecord
IncomingVLAN uint32
IncomingVLANPriority uint32
OutgoingVLAN uint32
OutgoingVLANPriority uint32
}
SFlowExtendedSwitchFlowRecord give additional information about the sampled packet if it's available. It's mainly useful for getting at the incoming and outgoing VLANs An agent may or may not provide this information.
type SFlowExtendedUserFlow ¶
type SFlowExtendedUserFlow struct {
SFlowBaseFlowRecord SFlowBaseFlowRecord
SourceCharSet string
SourceUserID string
DestinationCharSet string
DestinationUserID string
}
type SFlowGenericInterfaceCounters ¶
type SFlowGenericInterfaceCounters struct {
SFlowBaseCounterRecord SFlowBaseCounterRecord
IfIndex uint32
IfType uint32
IfSpeed uint64
IfDirection uint32
IfStatus uint32
IfInOctets uint64
IfInUcastPkts uint32
IfInMulticastPkts uint32
IfInBroadcastPkts uint32
IfInDiscards uint32
IfInErrors uint32
IfInUnknownProtos uint32
IfOutOctets uint64
IfOutUcastPkts uint32
IfOutMulticastPkts uint32
IfOutBroadcastPkts uint32
IfOutDiscards uint32
IfOutErrors uint32
IfPromiscuousMode uint32
}
type SFlowProcessorCounters ¶
type SFlowProcessorCounters struct {
SFlowBaseCounterRecord SFlowBaseCounterRecord
FiveSecCpu uint32 // 5 second average CPU utilization
OneMinCpu uint32 // 1 minute average CPU utilization
FiveMinCpu uint32 // 5 minute average CPU utilization
TotalMemory uint64 // total memory (in bytes)
FreeMemory uint64 // free memory (in bytes)
}
Source Files
Click to show internal directories.
Click to hide internal directories.