
Fluentd filter plugin to map TCP/UDP ports to Network Service

Primary LanguageRubyThe UnlicenseUnlicense


Build Status Gem Version


Fluentd filter plugin to map TCP/UDP ports to service names. This is useful for parsing firewall logs and similar network based information, by adding easy to read service information into your logs based on TCP/UDP port information. The lookup values are stored in a SQLite database file on the local disk for simplicity and perfomance.

This package includes a Ruby script that will build the SQLite database based on the local /etc/services file. However, you're free to build the database on your own.


fluent-plugin-port_to_service fluentd ruby sqlite3
> 0.0.9 >= v0.14.0 >= 2.1 >= 1.3.7


Before use, install dependant libraries, namely sqlite3.

# for RHEL/CentOS
$ sudo yum groupinstall "Development Tools"
$ sudo yum install sqlite sqlite-devel

# for Ubuntu/Debian
$ sudo apt-get install build-essential
$ sudo apt-get install sqlite3 libsqlite3-dev

# for MacOS
$ brew install sqlite3


# for fluentd
$ gem install fluent-plugin-port_to_service

# for td-agent
$ sudo fluent-gem install fluent-plugin-port_to_service

# for td-agent2
$ sudo td-agent-gem install fluent-plugin-port_to_service

After installation, you can use the built-in executable to create a database based on the /etc/services file on host. You have to give the script one parameter, where you want the database to be created.

$ fluent-plugin-port_to_service_build_db /etc/td-agent/plugin/port_to_service.db


<filter **>
  @type port_to_service

  # Required parameters
  path          /etc/td-agent/plugin/port_to_service.db

  # Optional parameters
  port_key      port
  protocol_key  protocol
  service_key   service

If the following record is passed in:

{"protocol": "tcp", "port": "22", "foo": "bar"}

The filtered record will be:

{"protocol": "tcp", "port": "22", "service": "ssh", "foo": "bar"}

SQLite3 Database Setup

The plugin requires a SQLite database to be built. There is a script provided that parses /etc/services and creates the required database with the services. You have to specify one command line parameter, and that is the file path you wish to install the database to.

$ fluent-plugin-port_to_service_build_db /etc/td-agent/plugin/port_to_service.db

Alternatively, you can build your own database. It just needs a single table that must be called services with 3 mandatory columns:

  • port - Integer
  • protocol - Text
  • service - Text

You can also add a primary key, id, but it's only required for posterity.


$ sqlite3 /etc/td-agent/plugin/port_to_service.db
sqlite> CREATE TABLE services(id INTEGER PRIMARY KEY, port INTEGER, protocol TEXT, service TEXT);
sqlite> INSERT INTO services(port, protocol, service) VALUES (22, 'tcp', 'ssh');


​ Copyright(c) 2019- Chris Pedro


The Unlicense