Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: packetbeat flows support #756

Merged
merged 4 commits into from
Feb 26, 2016
Merged

Feature: packetbeat flows support #756

merged 4 commits into from
Feb 26, 2016

Conversation

urso
Copy link

@urso urso commented Jan 18, 2016
edited
Loading

Implements flow feature. For details see related issue: #670

@urso urso added enhancement in progress Pull request is currently in progress. Packetbeat labels Jan 18, 2016
@urso urso force-pushed the feature/packetbeat-flows branch from 3feb499 to ac99f0a Compare January 21, 2016 23:38
ruflin
ruflin reviewed Jan 25, 2016
View reviewed changes
packetbeat/beat/packetbeat.go
func (pb *Packetbeat) setupSniffer(pub publisher.Client) error {
cfg := &pb.PbConfig

withVlans := cfg.Interfaces.With_vlans
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After this PR we should probably to a "cleanup rename var" PR.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hehe

@ruflin
Copy link
Contributor

ruflin commented Jan 25, 2016

Some high level thoughts:

  • Any chance to add some basic system tests that check the output?
  • Would it make sense to add this to a dashboard (would be a follow up issue)?

@urso urso force-pushed the feature/packetbeat-flows branch from b0fec2f to d0868b1 Compare January 27, 2016 12:50
@urso
Copy link
Author

urso commented Jan 27, 2016

Any chance to add some basic system tests that check the output?

to be done

Would it make sense to add this to a dashboard (would be a follow up issue)?

Yeah, a dedicated dashboard or kibana app.

@urso urso added the review label Jan 27, 2016
@urso urso force-pushed the feature/packetbeat-flows branch 3 times, most recently from 48a8abd to f7b3b9a Compare February 2, 2016 14:09
tsg
tsg reviewed Feb 3, 2016
View reviewed changes
packetbeat/flows/flowid.go
ICMPv6Flow FlowIDFlag = (1 << 8)
UDPFlow FlowIDFlag = (1 << 9)
TCPFlow FlowIDFlag = (1 << 10)
ConnectionID FlowIDFlag = (1 << 11)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not use iota for these? See Effective Go for an example of using iota for powers of two.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, wasn't aware of this.

@urso urso removed the in progress Pull request is currently in progress. label Feb 4, 2016
@urso urso force-pushed the feature/packetbeat-flows branch from b125cae to d876bd8 Compare February 5, 2016 12:18
tsg
tsg reviewed Feb 5, 2016
View reviewed changes
packetbeat/docs/configuration.asciidoc
===== period

Configure the reporting interval. All flows are reported at the very same point
in time. Periodical reporting can be disabled by setting the value to -1. If
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not 0 instead of -1? That would also be invalid, right?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0 should have a similar effect. Due to parsing function it must say '0s' or '-1s' though.

@kkirsche
Copy link
Contributor

When we say flows, is it worth clarifying which flow formats, e.g. NetFlow v5, NetFlow v9, IPFIX, sFlow, jFlow, ArborFlow, etc.

@urso urso force-pushed the feature/packetbeat-flows branch from d876bd8 to d5bbcc4 Compare February 26, 2016 12:07
@urso urso force-pushed the feature/packetbeat-flows branch from d5bbcc4 to 0ff12f6 Compare February 26, 2016 13:26
ruflin added a commit that referenced this pull request Feb 26, 2016
@ruflin
Merge pull request #756 from urso/feature/packetbeat-flows
5238573 
Feature: packetbeat flows support
@ruflin ruflin merged commit 5238573 into elastic:master Feb 26, 2016
@andrewkroh andrewkroh mentioned this pull request Mar 9, 2016
Closed
@urso urso deleted the feature/packetbeat-flows branch April 27, 2016 12:22
@monicasarbu monicasarbu mentioned this pull request Feb 14, 2017
Closed
@gaby
Copy link

gaby commented May 21, 2024

When we say flows, is it worth clarifying which flow formats, e.g. NetFlow v5, NetFlow v9, IPFIX, sFlow, jFlow, ArborFlow, etc.

@kkirsche Your comment was never addressed by @urso @ruflin 8 years later Packetbeat Flows still dont say what kind they are: sflow, netflow?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement Packetbeat review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@urso @ruflin @kkirsche @gaby @tsg