blob: fd9b44defd8b110532fa854be08472d481b72cf9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
-- Dissector for Graylog Extended Log Format (GELF)
-- Docs: http://docs.graylog.org/en/2.0/pages/gelf.html
local gelf = Proto("GELF", "Graylog Extended Log Format")
local json = Dissector.get("json")
gelf.fields.data = ProtoField.string("gelf.data", "Message")
function gelf.dissector(tvb, pinfo, tree)
if tvb:raw(0, 2) ~= "\x1f\x8b" then
-- not a gzip header, ignore
return 0
end
pinfo.cols.protocol = "GELF"
local tvb_uncompress = tvb():uncompress("GELF")
-- raw text
tree:add(gelf.fields.data, tvb_uncompress)
-- as JSON structure
json:call(tvb_uncompress:tvb(), pinfo, tree)
end
gelf:register_heuristic("udp", gelf.dissector)
|