use json.net to serialize, line endings
This commit is contained in:
Greg Oliver
Родитель
d962ab4e30
Коммит
f5bf1c23a1
|
|
@ -65,7 +65,7 @@ namespace nsgFunc
|
|||
{
|
||||
byte[] nsgMessages = new byte[dataLength];
|
||||
CloudBlockBlob blob = nsgDataBlobBinder.BindAsync<CloudBlockBlob>(attributes).Result;
|
||||
blob.DownloadRangeToByteArrayAsync(nsgMessages, 0, startingByte, dataLength).Wait();
|
||||
await blob.DownloadRangeToByteArrayAsync(nsgMessages, 0, startingByte, dataLength);
|
||||
nsgMessagesString = System.Text.Encoding.UTF8.GetString(nsgMessages);
|
||||
}
|
||||
catch (Exception ex)
|
||||
|
|
@ -74,7 +74,7 @@ namespace nsgFunc
|
|||
throw ex;
|
||||
}
|
||||
|
||||
//log.LogDebug(nsgMessagesString);
|
||||
log.LogDebug(nsgMessagesString);
|
||||
|
||||
try
|
||||
{
|
||||
|
|
|
|||
|
|
@ -24,17 +24,17 @@ namespace nsgFunc
|
|||
//
|
||||
// nsgMessagesString looks like this:
|
||||
//
|
||||
// ,{...}, <-- note leading comma
|
||||
// {...}
|
||||
// ,{...} <-- note leading comma
|
||||
// ,{...}
|
||||
// ...
|
||||
// {...}
|
||||
// ,{...}
|
||||
//
|
||||
// - OR -
|
||||
//
|
||||
// {...}, <-- note lack of leading comma
|
||||
// {...}
|
||||
// {...} <-- note lack of leading comma
|
||||
// ,{...}
|
||||
// ...
|
||||
// {...}
|
||||
// ,{...}
|
||||
//
|
||||
string outputBinding = Util.GetEnvironmentVariable("outputBinding");
|
||||
if (outputBinding.Length == 0)
|
||||
|
|
|
|||
|
|
@ -4,25 +4,94 @@ using System.Text;
|
|||
using System.Text.RegularExpressions;
|
||||
using Newtonsoft.Json;
|
||||
|
||||
class ObjectDenormalizer
|
||||
{
|
||||
public string time { get; set; }
|
||||
public string category { get; set; }
|
||||
public string operationName { get; set; }
|
||||
public string resourceId { get; set; }
|
||||
public float version { get; set; }
|
||||
public string deviceExtId { get; set; }
|
||||
public string nsgRuleName { get; set; }
|
||||
public string mac { get; set; }
|
||||
public string startTime { get; set; }
|
||||
public string sourceAddress { get; set; }
|
||||
public string destinationAddress { get; set; }
|
||||
public string sourcePort { get; set; }
|
||||
public string destinationPort { get; set; }
|
||||
public string transportProtocol { get; set; }
|
||||
public string deviceDirection { get; set; }
|
||||
public string deviceAction { get; set; }
|
||||
public string flowState { get; set; }
|
||||
public string packetsStoD { get; set; }
|
||||
public string bytesStoD { get; set; }
|
||||
public string packetsDtoS { get; set; }
|
||||
public string bytesDtoS { get; set; }
|
||||
|
||||
public ObjectDenormalizer(
|
||||
float version,
|
||||
string time,
|
||||
string category,
|
||||
string operationName,
|
||||
string resourceId,
|
||||
string nsgRuleName,
|
||||
string mac,
|
||||
NSGFlowLogTuple tuple
|
||||
)
|
||||
{
|
||||
this.version = version;
|
||||
this.time = time;
|
||||
this.category = category;
|
||||
this.operationName = operationName;
|
||||
this.resourceId = resourceId;
|
||||
this.nsgRuleName = nsgRuleName;
|
||||
this.mac = mac;
|
||||
this.startTime = tuple.startTime;
|
||||
this.sourceAddress = tuple.sourceAddress;
|
||||
this.destinationAddress = tuple.destinationAddress;
|
||||
this.sourcePort = tuple.sourcePort;
|
||||
this.destinationPort = tuple.destinationPort;
|
||||
this.deviceDirection = tuple.deviceDirection;
|
||||
this.deviceAction = tuple.deviceAction;
|
||||
if (this.version >= 2.0)
|
||||
{
|
||||
this.flowState = tuple.flowState;
|
||||
this.packetsDtoS = tuple.packetsDtoS;
|
||||
this.packetsStoD = tuple.packetsStoD;
|
||||
this.bytesDtoS = tuple.bytesDtoS;
|
||||
this.bytesStoD = tuple.bytesStoD;
|
||||
}
|
||||
}
|
||||
|
||||
public override string ToString()
|
||||
{
|
||||
return JsonConvert.SerializeObject(this, new JsonSerializerSettings
|
||||
{
|
||||
NullValueHandling = NullValueHandling.Ignore
|
||||
});
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
class NSGFlowLogTuple
|
||||
{
|
||||
float schemaVersion;
|
||||
public float schemaVersion { get; set; }
|
||||
|
||||
string startTime;
|
||||
string sourceAddress;
|
||||
string destinationAddress;
|
||||
string sourcePort;
|
||||
string destinationPort;
|
||||
string transportProtocol;
|
||||
string deviceDirection;
|
||||
string deviceAction;
|
||||
public string startTime { get; set; }
|
||||
public string sourceAddress { get; set; }
|
||||
public string destinationAddress { get; set; }
|
||||
public string sourcePort { get; set; }
|
||||
public string destinationPort { get; set; }
|
||||
public string transportProtocol { get; set; }
|
||||
public string deviceDirection { get; set; }
|
||||
public string deviceAction { get; set; }
|
||||
|
||||
// version 2 tuple properties
|
||||
string flowState;
|
||||
string packetsStoD;
|
||||
string bytesStoD;
|
||||
string packetsDtoS;
|
||||
string bytesDtoS;
|
||||
public string flowState { get; set; }
|
||||
public string packetsStoD { get; set; }
|
||||
public string bytesStoD { get; set; }
|
||||
public string packetsDtoS { get; set; }
|
||||
public string bytesDtoS { get; set; }
|
||||
|
||||
public NSGFlowLogTuple(string tuple, float version)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,3 +1,6 @@
|
|||
{
|
||||
"version": "2.0"
|
||||
"version": "2.0",
|
||||
"logging": {
|
||||
"logLevel": { "default": "Debug" }
|
||||
}
|
||||
}
|
||||
|
|
@ -120,47 +120,30 @@ namespace nsgFunc
|
|||
}
|
||||
}
|
||||
|
||||
var sbBase = new StringBuilder(500);
|
||||
foreach (var record in logs.records)
|
||||
{
|
||||
float version = record.properties.Version;
|
||||
|
||||
sbBase.Clear();
|
||||
sbBase.Append("{");
|
||||
|
||||
sbBase.Append(eqs("time", true)).Append(eqs(record.time));
|
||||
sbBase.Append(eqs(true, "category")).Append(eqs(record.category));
|
||||
sbBase.Append(eqs(true, "operationName")).Append(eqs(record.operationName));
|
||||
sbBase.Append(eqs(true, "version")).Append(eqs(version.ToString("0.0")));
|
||||
sbBase.Append(eqs(true, "deviceExtId")).Append(eqs(record.MakeDeviceExternalID()));
|
||||
|
||||
int count = 1;
|
||||
var sbOuterFlowRecord = new StringBuilder();
|
||||
foreach (var outerFlows in record.properties.flows)
|
||||
foreach (var outerFlow in record.properties.flows)
|
||||
{
|
||||
sbOuterFlowRecord.Clear();
|
||||
sbOuterFlowRecord.Append(sbBase.ToString());
|
||||
sbOuterFlowRecord.Append(eqs(true, "flowOrder")).Append(eqs(count.ToString()));
|
||||
sbOuterFlowRecord.Append(eqs(true, "nsgRuleName")).Append(eqs(outerFlows.rule));
|
||||
|
||||
var sbInnerFlowRecord = new StringBuilder();
|
||||
foreach (var innerFlows in outerFlows.flows)
|
||||
foreach (var innerFlow in outerFlow.flows)
|
||||
{
|
||||
sbInnerFlowRecord.Clear();
|
||||
sbInnerFlowRecord.Append(sbOuterFlowRecord.ToString());
|
||||
|
||||
var firstFlowTupleEncountered = true;
|
||||
foreach (var flowTuple in innerFlows.flowTuples)
|
||||
foreach (var flowTuple in innerFlow.flowTuples)
|
||||
{
|
||||
var tuple = new NSGFlowLogTuple(flowTuple, version);
|
||||
|
||||
if (firstFlowTupleEncountered)
|
||||
{
|
||||
sbInnerFlowRecord.Append((tuple.GetDirection == "I" ? eqs(true, "dmac") : eqs(true, "smac"))).Append(eqs(innerFlows.MakeMAC()));
|
||||
firstFlowTupleEncountered = false;
|
||||
}
|
||||
var denormalizedObject = new ObjectDenormalizer(
|
||||
record.properties.Version,
|
||||
record.time,
|
||||
record.category,
|
||||
record.operationName,
|
||||
record.resourceId,
|
||||
outerFlow.rule,
|
||||
innerFlow.mac,
|
||||
tuple);
|
||||
string outgoingJson = denormalizedObject.ToString();
|
||||
|
||||
yield return sbInnerFlowRecord.ToString() + tuple.JsonSubString() + "}";
|
||||
yield return outgoingJson;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче