diff --git a/plugins/filters/app_sonus_monitor/filter_app_sonusmonitor.js b/plugins/filters/app_sonus_monitor/filter_app_sonusmonitor.js new file mode 100644 index 0000000..a91bd90 --- /dev/null +++ b/plugins/filters/app_sonus_monitor/filter_app_sonusmonitor.js @@ -0,0 +1,81 @@ +/* + Custom, Unoptimized Sonus Log to SIP/HEP3 Parser w/ Header extraction + (C) 2024 QXIP BV +*/ + +var base_filter = require('@pastash/pastash').base_filter, + util = require('util'), + logger = require('@pastash/pastash').logger; + +var moment = require('moment'); + +function FilterAppSonusMonitor() { + base_filter.BaseFilter.call(this); + this.mergeConfig({ + name: 'AppSonusMonitor', + optional_params: ['correlation_hdr','remove_headers', 'debug'], + default_values: { + 'correlation_hdr': false, + 'remove_headers': false, + 'debug': false + }, + start_hook: this.start, + }); +} + +util.inherits(FilterAppSonusMonitor, base_filter.BaseFilter); + +FilterAppSonusMonitor.prototype.start = function(callback) { + logger.info('Initialized App Sonus Monitoring to HEP parser'); + callback(); +}; + +FilterAppSonusMonitor.prototype.process = function(data) { + if(!data.payload) return; + + try { + // PARSE HEADERS + const srcRegex = [...data.payload.matchAll(/srcIp: ([0-9.]+):([0-9]+)/g)]; + const dstRegex = [...data.payload.matchAll(/dstIp: ([0-9.]+):([0-9]+)/g)]; + const tsRegex = [...data.payload.matchAll(/Timestamp=([0-9.]+).([0-9]+)/g)]; + + // REMOVE HEADERS + if (this.remove_headers) { + data.payload = str.replace(/(srcIp.*?)(?:\r|\n|\r\n){2}/, "") + data.payload = str.replace(/(dstIp.*?)(?:\r|\n|\r\n){2}/, "") + } + } catch(e) { console.log('failed parsing', e) } + + // HEP MAKER + data.rcinfo = { + type: 'HEP', + version: 3, + payload_type: 1, + ip_family: 2, + protocol: 17, + proto_type: 1, + srcIp: srcRegex[1] || '127.0.0.1', + srcPort: srcRegex[2] || 5061, + dstIp: dstRegex[1] || '127.0.0.2', + dstPort: dstRegex[2] || 5061, + time_sec: tsRegex[1] || new Date().getTime(), + time_usec: tsRegex[2] || 000 + }; + + // EXTRACT CORRELATION HEADER, IF ANY + if (this.correlation_hdr) { + var xcid = data.payload.match(this.correlation_hdr+":\s?(.*)\\r"); + if (xcid && xcid[1]) data.rcinfo.correlation_id = xcid[1].trim(); + } + + if (data.payload.indexOf('2.0/TCP') !== -1 || data.payload.indexOf('2.0/TLS') !== -1){ + data.rcinfo.protocol = 6; + } + + this.emit('output', data); + +}; + +exports.create = function() { + return new FilterAppSonusMonitor(); +}; diff --git a/plugins/filters/app_sonus_monitor/package.json b/plugins/filters/app_sonus_monitor/package.json new file mode 100644 index 0000000..1007670 --- /dev/null +++ b/plugins/filters/app_sonus_monitor/package.json @@ -0,0 +1,14 @@ +{ + "name": "@pastash/filter_app_sonus_monitor", + "version": "1.0.1", + "description": "Sonus Monitor Profile Plugin for @pastash/pastash", + "main": "filter_app_sonusmonitor.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "optionalDependencies": { + "moment": "2.19.3" + }, + "author": "Lorenzo Mangani ", + "license": "ISC" +} diff --git a/plugins/filters/app_sonus_monitor/readme.md b/plugins/filters/app_sonus_monitor/readme.md new file mode 100644 index 0000000..d81739f --- /dev/null +++ b/plugins/filters/app_sonus_monitor/readme.md @@ -0,0 +1,46 @@ + + +App Sonus Monitor +--- + +Status : functional, experimental plugin. + +The filter is used to parse/reassemble Sonus Monitor Profile messages to complete HEP-SIP payloads. + +Installation: +``` +# sudo npm install --unsafe-perm -g @pastash/pastash @pastash/filter_app_sonus_monitor +``` + + +Example 1: parse SM logs. +```` +input { + udp { + host => 0.0.0.0 + port => 8002 + } +} + +filter { + app_sonus_monitor { + remove_headers => true + } +} + +output { + stdout {} + hep { + host => HEP-SERVER-ADDRESS + port => 9063 + hep_id => 2233 + } +} +````` + + +Parameters: + +* ``correlation_hdr``: SIP Header to use for correlation IDs. Default : false. + ``remove_headers``: Remove Injected Headers. Default : false. +