From c598d9c47ea628cef1acdfd1e2cf029b23ac96b4 Mon Sep 17 00:00:00 2001 From: Lorenzo Mangani Date: Sat, 13 Apr 2024 21:00:57 +0200 Subject: [PATCH 1/5] Sonus Monitoring App --- .../app_sonus_monitor/app_sonus_monitor.md | 27 +++++++ .../filter_app_sonusmonitor.js | 81 +++++++++++++++++++ .../filters/app_sonus_monitor/package.json | 14 ++++ 3 files changed, 122 insertions(+) create mode 100644 plugins/filters/app_sonus_monitor/app_sonus_monitor.md create mode 100644 plugins/filters/app_sonus_monitor/filter_app_sonusmonitor.js create mode 100644 plugins/filters/app_sonus_monitor/package.json diff --git a/plugins/filters/app_sonus_monitor/app_sonus_monitor.md b/plugins/filters/app_sonus_monitor/app_sonus_monitor.md new file mode 100644 index 0000000..4f06ccd --- /dev/null +++ b/plugins/filters/app_sonus_monitor/app_sonus_monitor.md @@ -0,0 +1,27 @@ +App Sonus filter +--- + +Status : functional, experimental plugin. + +The filter is used to parse/reassemble Sonus Monitor Profile messages to complete HEP-SIP payloads. + +Example 1: parse SM logs. +```` +filter { + app_sonus_monitor {} +} +````` + +Example 2: parse SM logs and extract ``correlation_hdr`` for HEP pairing. +```` +filter { + app_sonus_monitor { + correlation_hdr => "X-CID" + remove_headers => true + } +} +````` + +Parameters: + +* ``correlation_hdr``: SIP Header to use for correlation IDs. Default : false. diff --git a/plugins/filters/app_sonus_monitor/filter_app_sonusmonitor.js b/plugins/filters/app_sonus_monitor/filter_app_sonusmonitor.js new file mode 100644 index 0000000..b82ca2d --- /dev/null +++ b/plugins/filters/app_sonus_monitor/filter_app_sonusmonitor.js @@ -0,0 +1,81 @@ +/* + Custom, Unoptimized Sonus Log to SIP/HEP3 Parser w/ reassembly of rows + (C) 2024 QXIP BV +*/ + +var base_filter = require('@pastash/pastash').base_filter, + util = require('util'), + logger = require('@pastash/pastash').logger; + +var moment = require('moment'); + +function FilterAppSonusMonitor() { + base_filter.BaseFilter.call(this); + this.mergeConfig({ + name: 'AppSonusMonitor', + optional_params: ['correlation_hdr','type'], + default_values: { + 'correlation_hdr': false, + 'remove_headers': false, + 'debug': false + }, + start_hook: this.start, + }); +} + +util.inherits(FilterAppSonusMonitor, base_filter.BaseFilter); + +FilterAppSonusMonitor.prototype.start = function(callback) { + logger.info('Initialized App Sonus Monitoring to HEP parser'); + callback(); +}; + +FilterAppSonusMonitor.prototype.process = function(data) { + if(!data.payload) return; + + try { + // PARSE HEADERS + const srcRegex = [...data.payload.matchAll(/srcIp: ([0-9.]+):([0-9]+)/g)]; + const dstRegex = [...data.payload.matchAll(/dstIp: ([0-9.]+):([0-9]+)/g)]; + const tsRegex = [...data.payload.matchAll(/Timestamp=([0-9.]+).([0-9]+)/g)]; + + // REMOVE HEADERS + if (this.remove_headers) { + data.payload = str.replace(/(srcIp.*?)(?:\r|\n|\r\n){2}/, "") + data.payload = str.replace(/(dstIp.*?)(?:\r|\n|\r\n){2}/, "") + } + } catch(e) { console.log('failed parsing', e) } + + // HEP MAKER + data.rcinfo = { + type: 'HEP', + version: 3, + payload_type: 1, + ip_family: 2, + protocol: 17, + proto_type: 1, + srcIp: srcRegex[1] || '127.0.0.1', + srcPort: srcRegex[2] || 5061, + dstIp: dstRegex[1] || '127.0.0.2', + dstPort: dstRegex[2] || 5061, + time_sec: tsRegex[1] || new Date().getTime(), + time_usec: tsRegex[2] || 000 + }; + + // EXTRACT CORRELATION HEADER, IF ANY + if (this.correlation_hdr) { + var xcid = data.payload.match(this.correlation_hdr+":\s?(.*)\\r"); + if (xcid && xcid[1]) data.rcinfo.correlation_id = xcid[1].trim(); + } + + if (last.indexOf('2.0/TCP') !== -1 || last.indexOf('2.0/TLS') !== -1){ + rcinfo.protocol = 6; + } + + this.emit('output', data); + +}; + +exports.create = function() { + return new FilterAppSonusMonitor(); +}; diff --git a/plugins/filters/app_sonus_monitor/package.json b/plugins/filters/app_sonus_monitor/package.json new file mode 100644 index 0000000..1007670 --- /dev/null +++ b/plugins/filters/app_sonus_monitor/package.json @@ -0,0 +1,14 @@ +{ + "name": "@pastash/filter_app_sonus_monitor", + "version": "1.0.1", + "description": "Sonus Monitor Profile Plugin for @pastash/pastash", + "main": "filter_app_sonusmonitor.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "optionalDependencies": { + "moment": "2.19.3" + }, + "author": "Lorenzo Mangani ", + "license": "ISC" +} From a0e0ba5a3435df39479fab6f92b35fb0008f914c Mon Sep 17 00:00:00 2001 From: Lorenzo Mangani Date: Sat, 13 Apr 2024 21:02:44 +0200 Subject: [PATCH 2/5] Update and rename app_sonus_monitor.md to readme.md --- .../app_sonus_monitor/{app_sonus_monitor.md => readme.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename plugins/filters/app_sonus_monitor/{app_sonus_monitor.md => readme.md} (96%) diff --git a/plugins/filters/app_sonus_monitor/app_sonus_monitor.md b/plugins/filters/app_sonus_monitor/readme.md similarity index 96% rename from plugins/filters/app_sonus_monitor/app_sonus_monitor.md rename to plugins/filters/app_sonus_monitor/readme.md index 4f06ccd..0665490 100644 --- a/plugins/filters/app_sonus_monitor/app_sonus_monitor.md +++ b/plugins/filters/app_sonus_monitor/readme.md @@ -1,4 +1,4 @@ -App Sonus filter +App Sonus Monitor --- Status : functional, experimental plugin. From c81b815fec95ff2de71e29c72bbf96763606fb43 Mon Sep 17 00:00:00 2001 From: Lorenzo Mangani Date: Sat, 13 Apr 2024 21:07:21 +0200 Subject: [PATCH 3/5] Update readme.md --- plugins/filters/app_sonus_monitor/readme.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/plugins/filters/app_sonus_monitor/readme.md b/plugins/filters/app_sonus_monitor/readme.md index 0665490..169cd98 100644 --- a/plugins/filters/app_sonus_monitor/readme.md +++ b/plugins/filters/app_sonus_monitor/readme.md @@ -5,6 +5,12 @@ Status : functional, experimental plugin. The filter is used to parse/reassemble Sonus Monitor Profile messages to complete HEP-SIP payloads. +Installation: +``` +# sudo npm install -g @pastash/pastash @pastash/filter_app_sonus_monitor +``` + + Example 1: parse SM logs. ```` filter { From 72664ced7aff1d78b73854e012b2eb91cf73a119 Mon Sep 17 00:00:00 2001 From: Lorenzo Mangani Date: Sat, 13 Apr 2024 21:10:11 +0200 Subject: [PATCH 4/5] Update readme.md --- plugins/filters/app_sonus_monitor/readme.md | 29 +++++++++++++++------ 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/plugins/filters/app_sonus_monitor/readme.md b/plugins/filters/app_sonus_monitor/readme.md index 169cd98..d81739f 100644 --- a/plugins/filters/app_sonus_monitor/readme.md +++ b/plugins/filters/app_sonus_monitor/readme.md @@ -1,3 +1,5 @@ + + App Sonus Monitor --- @@ -7,27 +9,38 @@ The filter is used to parse/reassemble Sonus Monitor Profile messages to complet Installation: ``` -# sudo npm install -g @pastash/pastash @pastash/filter_app_sonus_monitor +# sudo npm install --unsafe-perm -g @pastash/pastash @pastash/filter_app_sonus_monitor ``` Example 1: parse SM logs. ```` -filter { - app_sonus_monitor {} +input { + udp { + host => 0.0.0.0 + port => 8002 + } } -````` -Example 2: parse SM logs and extract ``correlation_hdr`` for HEP pairing. -```` filter { app_sonus_monitor { - correlation_hdr => "X-CID" - remove_headers => true + remove_headers => true } } + +output { + stdout {} + hep { + host => HEP-SERVER-ADDRESS + port => 9063 + hep_id => 2233 + } +} ````` + Parameters: * ``correlation_hdr``: SIP Header to use for correlation IDs. Default : false. + ``remove_headers``: Remove Injected Headers. Default : false. + From e3962f1b3e6b59467c8cb2adf4b3262e50d62f01 Mon Sep 17 00:00:00 2001 From: Lorenzo Mangani Date: Sat, 13 Apr 2024 21:42:45 +0200 Subject: [PATCH 5/5] Fix parameters --- .../app_sonus_monitor/filter_app_sonusmonitor.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugins/filters/app_sonus_monitor/filter_app_sonusmonitor.js b/plugins/filters/app_sonus_monitor/filter_app_sonusmonitor.js index b82ca2d..a91bd90 100644 --- a/plugins/filters/app_sonus_monitor/filter_app_sonusmonitor.js +++ b/plugins/filters/app_sonus_monitor/filter_app_sonusmonitor.js @@ -1,5 +1,5 @@ /* - Custom, Unoptimized Sonus Log to SIP/HEP3 Parser w/ reassembly of rows + Custom, Unoptimized Sonus Log to SIP/HEP3 Parser w/ Header extraction (C) 2024 QXIP BV */ @@ -13,7 +13,7 @@ function FilterAppSonusMonitor() { base_filter.BaseFilter.call(this); this.mergeConfig({ name: 'AppSonusMonitor', - optional_params: ['correlation_hdr','type'], + optional_params: ['correlation_hdr','remove_headers', 'debug'], default_values: { 'correlation_hdr': false, 'remove_headers': false, @@ -37,7 +37,7 @@ FilterAppSonusMonitor.prototype.process = function(data) { // PARSE HEADERS const srcRegex = [...data.payload.matchAll(/srcIp: ([0-9.]+):([0-9]+)/g)]; const dstRegex = [...data.payload.matchAll(/dstIp: ([0-9.]+):([0-9]+)/g)]; - const tsRegex = [...data.payload.matchAll(/Timestamp=([0-9.]+).([0-9]+)/g)]; + const tsRegex = [...data.payload.matchAll(/Timestamp=([0-9.]+).([0-9]+)/g)]; // REMOVE HEADERS if (this.remove_headers) { @@ -68,8 +68,8 @@ FilterAppSonusMonitor.prototype.process = function(data) { if (xcid && xcid[1]) data.rcinfo.correlation_id = xcid[1].trim(); } - if (last.indexOf('2.0/TCP') !== -1 || last.indexOf('2.0/TLS') !== -1){ - rcinfo.protocol = 6; + if (data.payload.indexOf('2.0/TCP') !== -1 || data.payload.indexOf('2.0/TLS') !== -1){ + data.rcinfo.protocol = 6; } this.emit('output', data);