Comments (3)
cameronkerrnz
commented on September 24, 2024
This would be a better use-case for the 'files' output (not the database-backed collector). The only benefit to using the database-backed connector is that we would drop data messages post restart (when we've effectively forgotten what templates we had previously learned about).
Perhaps it would be long-term best to create a persistence mechanism for learned templates. Perhaps writing them as JSON files (one file for each template, with the filename based on the enterprise number and attribute number). Long-term, it would best to divorce the PEN IEs from the code and put that into a data-file, so you can add more without modifying the code.
Short-term, it would be easiest to use the database collector, but only use the database for the templates, and have data updates streamed out via JSON. I think that works nicely, and doesn't preclude storing the templates otherwise in the future, so that is what I shall do.
Note that the output will be one JSON document per line, so the entire file will not be valid JSON. In logstash terms, this is 'jsonlines' input.
- Add an argument --data-jsonlines=FILENAME (5ab7a4f)
- Create a function in lib/ipfix_col_db.c called ipfix_export_drecord_jsonfile similar to ipfix_export_drecord_db, which will write out the data record as JSON to a file
- parsing of timestamps will be the most difficult thing (this is not currently done in libipfix, and timestamps of various types, including NTP are frequently seen from the Netscaler) (d22a064)
- extend ipfixe_data_db_t to add a filename (and FILE* preferably, although we need to be able to rotate the file...) (08b2389)
- modify ipfix_export_init_db to take jsonfile argument and initialises the jsonfile particulars (08b2389)
- alter ipfix_col_init_mysqlexport to add jsonfile argument (NULL if not used), call ipfix_export_init_jsonfile and set g_colinfo->export_drecord to ipfix_export_drecord_jsonfile. (7b21bfb )
- alter collector/collector.c to add the jsonfile command-line option, and add par.jsonfile as an argument to ipfix_col_init_mysqlexport (5ab7a4f )
from libipfix.
cameronkerrnz
commented on September 24, 2024
There are a number of 64-bit integers being emitted in the Netscaler. Kibana, being written in JavaScript can't natively support a 64-bit integer. This will be true in Kibana 4 also. Elasticsearch can support them, but you would need to ensure they are mapped as 'long'
from libipfix.
cameronkerrnz
commented on September 24, 2024
This is about as complete as it is likely to get in this milestone; unless the Netscaler sends me FLOAT or BOOLEAN types...
from libipfix.
Related Issues (20)
- Allow --jsonfile to be given '-' as an argument to mean stdout
- Listen for SIGHUP to reopen JSON datafile (for log rotation) HOT 1
- Create deployment documentation for integrating this with Elasticsearch etc. HOT 1
- Create an RPM for this package
- Log IP address of device sending the messages HOT 2
- Write a sample init script (for RHEL6) HOT 1
- Be able to specify custom static attributes to add to each message.
- Be able to run the collector as a deamon HOT 1
- DB table ipfix_messages is still being added to per-message with JSON output HOT 3
- Completely divorce the JSON emitter from MySQL, making a separate collector
- Create a mapping to give templates a useful name
- Emit events via JSON to capture 'no template for XXX, skip data set' so we can see data loss HOT 2
- Report template flush events via JSON
- Create a mechanism to persist template definitions based on a whitelist. HOT 5
- Omit JSON attributes if value is an empty string HOT 5
- Emit a timestamp for each log message; don't rely on others. HOT 3
- ipfix_print_newmsg outputs faulty timestamp
- Make inclusion of dropped bytes for missing-template nofitications a command-line option HOT 1
- Send JSON output to stdout rather than to a file HOT 2
- "record2: msg too short" for Netscaler Appflow record 258 (Netscaler version 11 onwards?) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libipfix.