logstash-codec-netflow 3.3.0 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTORS +1 -0
- data/lib/logstash/codecs/netflow.rb +10 -2
- data/lib/logstash/codecs/netflow/netflow.yaml +13 -1
- data/lib/logstash/codecs/netflow/util.rb +18 -2
- data/logstash-codec-netflow.gemspec +1 -1
- data/spec/codecs/netflow9_test_cisco_nbar_data262.dat +0 -0
- data/spec/codecs/netflow9_test_cisco_nbar_opttpl260.dat +0 -0
- data/spec/codecs/netflow9_test_cisco_nbar_tpl262.dat +0 -0
- data/spec/codecs/netflow_spec.rb +97 -1
- metadata +68 -60
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ffbcfb5f7060a15a914f28a8dc4060d3c4bb0249
|
4
|
+
data.tar.gz: 64d0ef8ea3727572035c681d8278c0fe7c4cdb85
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b167a1d6300bf833673be39852d55895fee81994098a174ef5def894a183d0554c41bef7c89ae21755a052c20053c35a2b93ab44cd35b888c5a68c71c33bdb0e
|
7
|
+
data.tar.gz: 7f12d909b7c1fc92586b488e3501d4f315d9460f5184b68d72aa883353af4153e2e6523e8f546fa55f273ae0078cd5bb2374329ef5a5a8053cbfc6b8af081bc2
|
data/CONTRIBUTORS
CHANGED
@@ -2,7 +2,8 @@
|
|
2
2
|
require "logstash/codecs/base"
|
3
3
|
require "logstash/namespace"
|
4
4
|
require "logstash/timestamp"
|
5
|
-
require "logstash/json"
|
5
|
+
#require "logstash/json"
|
6
|
+
require "json"
|
6
7
|
|
7
8
|
# The "netflow" codec is used for decoding Netflow v5/v9/v10 (IPFIX) flows.
|
8
9
|
#
|
@@ -263,6 +264,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
263
264
|
template_length = 0
|
264
265
|
# Template flowset (0) or Options template flowset (1) ?
|
265
266
|
if record.flowset_id == 0
|
267
|
+
@logger.debug? and @logger.debug("Start processing template")
|
266
268
|
template.record_fields.each do |field|
|
267
269
|
if field.field_length > 0
|
268
270
|
entry = netflow_field_for(field.field_type, field.field_length, template.template_id)
|
@@ -272,10 +274,12 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
272
274
|
end
|
273
275
|
end
|
274
276
|
else
|
277
|
+
@logger.debug? and @logger.debug("Start processing options template")
|
275
278
|
template.scope_fields.each do |field|
|
276
279
|
if field.field_length > 0
|
277
280
|
fields << [uint_field(0, field.field_length), NETFLOW9_SCOPES[field.field_type]]
|
278
281
|
end
|
282
|
+
template_length += field.field_length
|
279
283
|
end
|
280
284
|
template.option_fields.each do |field|
|
281
285
|
entry = netflow_field_for(field.field_type, field.field_length, template.template_id)
|
@@ -295,7 +299,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
295
299
|
@logger.debug("Received template #{template.template_id} with fields #{fields.inspect}")
|
296
300
|
@logger.debug("Received template #{template.template_id} of size #{template_length} bytes. Representing in #{@netflow_templates[key].num_bytes} BinData bytes")
|
297
301
|
if template_length != @netflow_templates[key].num_bytes
|
298
|
-
@logger.warn("Received template #{template.template_id} of size
|
302
|
+
@logger.warn("Received template #{template.template_id} of size #{template_length} bytes doesn't match BinData representation we built (#{@netflow_templates[key].num_bytes} bytes)")
|
299
303
|
end
|
300
304
|
# Purge any expired templates
|
301
305
|
@netflow_templates.cleanup!
|
@@ -308,6 +312,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
308
312
|
when 256..65535
|
309
313
|
# Data flowset
|
310
314
|
#key = "#{flowset.source_id}|#{event["source"]}|#{record.flowset_id}"
|
315
|
+
@logger.debug? and @logger.debug("Start processing data flowset #{record.flowset_id}")
|
311
316
|
if metadata != nil
|
312
317
|
key = "#{flowset.source_id}|#{record.flowset_id}|#{metadata["host"]}|#{metadata["port"]}"
|
313
318
|
else
|
@@ -333,7 +338,9 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
333
338
|
array = BinData::Array.new(:type => template, :initial_length => length / template.num_bytes)
|
334
339
|
records = array.read(record.flowset_data)
|
335
340
|
|
341
|
+
flowcounter = 1
|
336
342
|
records.each do |r|
|
343
|
+
@logger.debug? and @logger.debug("Start processing flow #{flowcounter} from data flowset id #{record.flowset_id}")
|
337
344
|
event = {
|
338
345
|
LogStash::Event::TIMESTAMP => LogStash::Timestamp.at(flowset.unix_sec),
|
339
346
|
@target => {}
|
@@ -360,6 +367,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
360
367
|
end
|
361
368
|
|
362
369
|
events << LogStash::Event.new(event)
|
370
|
+
flowcounter += 1
|
363
371
|
end
|
364
372
|
else
|
365
373
|
@logger.warn("Unsupported flowset id #{record.flowset_id}")
|
@@ -223,9 +223,15 @@
|
|
223
223
|
89:
|
224
224
|
- :forwarding_status
|
225
225
|
- :forwarding_status
|
226
|
+
94:
|
227
|
+
- :string
|
228
|
+
- :application_description
|
226
229
|
95:
|
227
|
-
- :uint32
|
228
230
|
- :application_id
|
231
|
+
- :application_id
|
232
|
+
96:
|
233
|
+
- :string
|
234
|
+
- :application_name
|
229
235
|
136:
|
230
236
|
- :uint8
|
231
237
|
- :flow_end_reason
|
@@ -259,6 +265,12 @@
|
|
259
265
|
183:
|
260
266
|
- :uint16
|
261
267
|
- :tcp_dst_port
|
268
|
+
194:
|
269
|
+
- :uint8
|
270
|
+
- :ip_tos
|
271
|
+
195:
|
272
|
+
- :uint8
|
273
|
+
- :ip_dscp
|
262
274
|
201:
|
263
275
|
- mpls_label_stack_octets
|
264
276
|
- mpls_label_stack_octets
|
@@ -108,6 +108,22 @@ class Forwarding_Status < BinData::Record
|
|
108
108
|
bit6 :reason
|
109
109
|
end
|
110
110
|
|
111
|
+
class Application_Id < BinData::Primitive
|
112
|
+
endian :big
|
113
|
+
uint8 :classification_id
|
114
|
+
uint24 :selector_id
|
115
|
+
|
116
|
+
def set(val)
|
117
|
+
self.classification_id=val.to_i<<24
|
118
|
+
self.selector_id = val.to_i-((val.to_i>>24)<<24)
|
119
|
+
end
|
120
|
+
|
121
|
+
def get
|
122
|
+
self.classification_id.to_s + ":" + self.selector_id.to_s
|
123
|
+
end
|
124
|
+
|
125
|
+
end
|
126
|
+
|
111
127
|
class OctetArray < BinData::Primitive
|
112
128
|
# arg_processor :octetarray
|
113
129
|
mandatory_parameter :initial_length
|
@@ -177,7 +193,7 @@ end
|
|
177
193
|
|
178
194
|
class NetflowOptionFlowset < BinData::Record
|
179
195
|
endian :big
|
180
|
-
array :templates, :read_until => lambda { flowset_length - 4
|
196
|
+
array :templates, :read_until => lambda { array.num_bytes == flowset_length - 4 } do
|
181
197
|
uint16 :template_id
|
182
198
|
uint16 :scope_length, :assert => lambda { scope_length > 0 }
|
183
199
|
uint16 :option_length, :assert => lambda { option_length > 0 }
|
@@ -189,8 +205,8 @@ class NetflowOptionFlowset < BinData::Record
|
|
189
205
|
uint16 :field_type
|
190
206
|
uint16 :field_length, :assert => lambda { field_length > 0 }
|
191
207
|
end
|
208
|
+
string :padding, :read_length => lambda { flowset_length - 4 - scope_length - option_length - 2 - 2 -2}
|
192
209
|
end
|
193
|
-
skip :length => lambda { templates.length.odd? ? 2 : 0 }
|
194
210
|
end
|
195
211
|
|
196
212
|
class Netflow9PDU < BinData::Record
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-codec-netflow'
|
4
|
-
s.version = '3.
|
4
|
+
s.version = '3.4.0'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "The netflow codec is for decoding Netflow v5/v9/v10 (IPFIX) flows."
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
Binary file
|
Binary file
|
Binary file
|
data/spec/codecs/netflow_spec.rb
CHANGED
@@ -300,7 +300,7 @@ describe LogStash::Codecs::Netflow do
|
|
300
300
|
end
|
301
301
|
end
|
302
302
|
|
303
|
-
context "Netflow 9
|
303
|
+
context "Netflow 9 multiple netflow exporters" do
|
304
304
|
let(:data) do
|
305
305
|
# This tests whether a template from a 2nd netflow exporter overwrites the template sent from the first.
|
306
306
|
# In this test the 3rd packet (from nprobe) should still decode succesfully.
|
@@ -1602,6 +1602,102 @@ describe LogStash::Codecs::Netflow do
|
|
1602
1602
|
end
|
1603
1603
|
end
|
1604
1604
|
|
1605
|
+
context "Netflow 9 Cisco NBAR options template 260" do
|
1606
|
+
let(:data) do
|
1607
|
+
packets = []
|
1608
|
+
packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_cisco_nbar_opttpl260.dat"), :mode => "rb")
|
1609
|
+
end
|
1610
|
+
|
1611
|
+
let(:json_events) do
|
1612
|
+
events = []
|
1613
|
+
events << <<-END
|
1614
|
+
{
|
1615
|
+
"netflow": {
|
1616
|
+
"flow_seq_num": 655860,
|
1617
|
+
"scope_system": 168755571,
|
1618
|
+
"application_name": "argus",
|
1619
|
+
"application_description": "ARGUS",
|
1620
|
+
"flowset_id": 260,
|
1621
|
+
"version": 9,
|
1622
|
+
"application_id": "1:13"
|
1623
|
+
},
|
1624
|
+
"@timestamp": "2017-02-14T11:09:59.000Z",
|
1625
|
+
"@version": "1"
|
1626
|
+
}
|
1627
|
+
END
|
1628
|
+
events.map{|event| event.gsub(/\s+/, "")}
|
1629
|
+
end
|
1630
|
+
|
1631
|
+
it "should decode raw data" do
|
1632
|
+
expect(decode.size).to eq(15)
|
1633
|
+
expect(decode[14].get("[netflow][application_id]")).to eq("1:13")
|
1634
|
+
expect(decode[14].get("[netflow][application_description]")).to eq("ARGUS")
|
1635
|
+
end
|
1636
|
+
|
1637
|
+
it "should serialize to json" do
|
1638
|
+
expect(JSON.parse(decode[14].to_json)).to eq(JSON.parse(json_events[0]))
|
1639
|
+
end
|
1640
|
+
end
|
1641
|
+
|
1642
|
+
context "Netflow 9 Cisco NBAR flowset 262" do
|
1643
|
+
let(:data) do
|
1644
|
+
packets = []
|
1645
|
+
packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_cisco_nbar_tpl262.dat"), :mode => "rb")
|
1646
|
+
packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_cisco_nbar_data262.dat"), :mode => "rb")
|
1647
|
+
end
|
1648
|
+
|
1649
|
+
let(:json_events) do
|
1650
|
+
events = []
|
1651
|
+
events << <<-END
|
1652
|
+
{
|
1653
|
+
"netflow": {
|
1654
|
+
"dst_as": 0,
|
1655
|
+
"in_pkts": 36,
|
1656
|
+
"ipv4_src_prefix": "0.0.0.0",
|
1657
|
+
"first_switched": "2017-02-14T11:10:20.999Z",
|
1658
|
+
"flowset_id": 262,
|
1659
|
+
"l4_src_port": 45269,
|
1660
|
+
"ipv4_next_hop": "0.0.0.0",
|
1661
|
+
"protocol": 17,
|
1662
|
+
"in_bytes": 2794,
|
1663
|
+
"tcp_src_port": 0,
|
1664
|
+
"l4_dst_port": 161,
|
1665
|
+
"direction": 0,
|
1666
|
+
"src_as": 0,
|
1667
|
+
"output_snmp": 0,
|
1668
|
+
"ip_dscp": 0,
|
1669
|
+
"ipv4_ident": 0,
|
1670
|
+
"ipv4_dst_addr": "10.30.19.180",
|
1671
|
+
"src_tos": 0,
|
1672
|
+
"in_dst_mac": "1c:df:0f:7e:c3:58",
|
1673
|
+
"udp_dst_port": 161,
|
1674
|
+
"src_mask": 0,
|
1675
|
+
"version": 9,
|
1676
|
+
"application_id": "5:38",
|
1677
|
+
"flow_seq_num": 1509134,
|
1678
|
+
"ipv4_src_addr": "10.10.172.60",
|
1679
|
+
"in_src_mac": "00:18:19:9e:6c:01",
|
1680
|
+
"input_snmp": 1,
|
1681
|
+
"last_switched": "2017-02-14T11:10:21.999Z",
|
1682
|
+
"flow_sampler_id": 0
|
1683
|
+
},
|
1684
|
+
"@timestamp": "2017-02-14T11:10:36.000Z",
|
1685
|
+
"@version": "1"
|
1686
|
+
}
|
1687
|
+
END
|
1688
|
+
events.map{|event| event.gsub(/\s+/, "")}
|
1689
|
+
end
|
1690
|
+
|
1691
|
+
it "should decode raw data" do
|
1692
|
+
expect(decode.size).to eq(5)
|
1693
|
+
expect(decode[4].get("[netflow][application_id]")).to eq("5:38")
|
1694
|
+
end
|
1695
|
+
|
1696
|
+
it "should serialize to json" do
|
1697
|
+
expect(JSON.parse(decode[4].to_json)).to eq(JSON.parse(json_events[0]))
|
1698
|
+
end
|
1699
|
+
end
|
1700
|
+
|
1605
1701
|
end
|
1606
1702
|
|
1607
1703
|
describe LogStash::Codecs::Netflow, 'missing templates, no template caching configured' do
|
metadata
CHANGED
@@ -1,16 +1,17 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-codec-netflow
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-03-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
+
name: logstash-core-plugin-api
|
14
15
|
requirement: !ruby/object:Gem::Requirement
|
15
16
|
requirements:
|
16
17
|
- - '>='
|
@@ -19,9 +20,8 @@ dependencies:
|
|
19
20
|
- - <=
|
20
21
|
- !ruby/object:Gem::Version
|
21
22
|
version: '2.99'
|
22
|
-
name: logstash-core-plugin-api
|
23
|
-
prerelease: false
|
24
23
|
type: :runtime
|
24
|
+
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
26
26
|
requirements:
|
27
27
|
- - '>='
|
@@ -31,99 +31,104 @@ dependencies:
|
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: '2.99'
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
|
+
name: bindata
|
34
35
|
requirement: !ruby/object:Gem::Requirement
|
35
36
|
requirements:
|
36
37
|
- - '>='
|
37
38
|
- !ruby/object:Gem::Version
|
38
39
|
version: 1.5.0
|
39
|
-
name: bindata
|
40
|
-
prerelease: false
|
41
40
|
type: :runtime
|
41
|
+
prerelease: false
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
43
43
|
requirements:
|
44
44
|
- - '>='
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: 1.5.0
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
|
+
name: logstash-devutils
|
48
49
|
requirement: !ruby/object:Gem::Requirement
|
49
50
|
requirements:
|
50
51
|
- - '>='
|
51
52
|
- !ruby/object:Gem::Version
|
52
53
|
version: 1.0.0
|
53
|
-
name: logstash-devutils
|
54
|
-
prerelease: false
|
55
54
|
type: :development
|
55
|
+
prerelease: false
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
57
57
|
requirements:
|
58
58
|
- - '>='
|
59
59
|
- !ruby/object:Gem::Version
|
60
60
|
version: 1.0.0
|
61
|
-
description: This gem is a Logstash plugin required to be installed on top of the
|
61
|
+
description: This gem is a Logstash plugin required to be installed on top of the
|
62
|
+
Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
|
63
|
+
gem is not a stand-alone program
|
62
64
|
email: info@elastic.co
|
63
65
|
executables: []
|
64
66
|
extensions: []
|
65
67
|
extra_rdoc_files: []
|
66
68
|
files:
|
67
|
-
- CHANGELOG.md
|
68
|
-
- CONTRIBUTORS
|
69
|
-
- Gemfile
|
70
|
-
- LICENSE
|
71
|
-
- NOTICE.TXT
|
72
|
-
- README.md
|
73
|
-
- lib/logstash/codecs/netflow.rb
|
74
69
|
- lib/logstash/codecs/netflow/iana2yaml.rb
|
75
70
|
- lib/logstash/codecs/netflow/ipfix.yaml
|
76
71
|
- lib/logstash/codecs/netflow/netflow.yaml
|
77
72
|
- lib/logstash/codecs/netflow/util.rb
|
78
|
-
- logstash
|
73
|
+
- lib/logstash/codecs/netflow.rb
|
79
74
|
- spec/codecs/ipfix.dat
|
80
|
-
- spec/codecs/ipfix_test_netscaler_data.dat
|
81
|
-
- spec/codecs/ipfix_test_netscaler_tpl.dat
|
82
75
|
- spec/codecs/ipfix_test_openbsd_pflow_data.dat
|
83
76
|
- spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
|
84
|
-
- spec/codecs/ipfix_test_vmware_vds_data264.dat
|
85
|
-
- spec/codecs/ipfix_test_vmware_vds_data266.dat
|
86
|
-
- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
|
87
|
-
- spec/codecs/ipfix_test_vmware_vds_tpl.dat
|
88
77
|
- spec/codecs/netflow5.dat
|
89
78
|
- spec/codecs/netflow5_test_invalid01.dat
|
90
79
|
- spec/codecs/netflow5_test_invalid02.dat
|
91
80
|
- spec/codecs/netflow5_test_juniper_mx80.dat
|
92
81
|
- spec/codecs/netflow5_test_microtik.dat
|
93
|
-
- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
|
94
82
|
- spec/codecs/netflow9_test_cisco_asa_1_data.dat
|
95
83
|
- spec/codecs/netflow9_test_cisco_asa_1_tpl.dat
|
96
84
|
- spec/codecs/netflow9_test_cisco_asa_2_data.dat
|
97
85
|
- spec/codecs/netflow9_test_cisco_asa_2_tpl_26x.dat
|
98
86
|
- spec/codecs/netflow9_test_cisco_asa_2_tpl_27x.dat
|
99
|
-
- spec/codecs/netflow9_test_cisco_asr9k_data256.dat
|
100
|
-
- spec/codecs/netflow9_test_cisco_asr9k_data260.dat
|
101
|
-
- spec/codecs/netflow9_test_cisco_asr9k_opttpl256.dat
|
102
|
-
- spec/codecs/netflow9_test_cisco_asr9k_opttpl257.dat
|
103
|
-
- spec/codecs/netflow9_test_cisco_asr9k_opttpl334.dat
|
104
|
-
- spec/codecs/netflow9_test_cisco_asr9k_tpl260.dat
|
105
|
-
- spec/codecs/netflow9_test_cisco_asr9k_tpl266.dat
|
106
87
|
- spec/codecs/netflow9_test_invalid01.dat
|
107
|
-
- spec/codecs/netflow9_test_juniper_srx_tplopt.dat
|
108
88
|
- spec/codecs/netflow9_test_macaddr_data.dat
|
109
89
|
- spec/codecs/netflow9_test_macaddr_tpl.dat
|
110
90
|
- spec/codecs/netflow9_test_nprobe_data.dat
|
111
91
|
- spec/codecs/netflow9_test_nprobe_tpl.dat
|
112
92
|
- spec/codecs/netflow9_test_softflowd_tpl_data.dat
|
113
|
-
- spec/codecs/
|
114
|
-
- spec/codecs/
|
93
|
+
- spec/codecs/netflow9_test_valid01.dat
|
94
|
+
- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
|
115
95
|
- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
|
116
96
|
- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
|
117
|
-
- spec/codecs/
|
118
|
-
- spec/codecs/
|
97
|
+
- spec/codecs/ipfix_test_netscaler_data.dat
|
98
|
+
- spec/codecs/ipfix_test_netscaler_tpl.dat
|
99
|
+
- spec/codecs/ipfix_test_vmware_vds_data264.dat
|
100
|
+
- spec/codecs/ipfix_test_vmware_vds_data266.dat
|
101
|
+
- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
|
102
|
+
- spec/codecs/ipfix_test_vmware_vds_tpl.dat
|
103
|
+
- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
|
104
|
+
- spec/codecs/netflow9_test_juniper_srx_tplopt.dat
|
105
|
+
- spec/codecs/netflow9_test_streamcore_tpl_data256.dat
|
106
|
+
- spec/codecs/netflow9_test_streamcore_tpl_data260.dat
|
107
|
+
- spec/codecs/netflow9_test_cisco_asr9k_data256.dat
|
108
|
+
- spec/codecs/netflow9_test_cisco_asr9k_data260.dat
|
109
|
+
- spec/codecs/netflow9_test_cisco_asr9k_opttpl256.dat
|
110
|
+
- spec/codecs/netflow9_test_cisco_asr9k_opttpl257.dat
|
111
|
+
- spec/codecs/netflow9_test_cisco_asr9k_opttpl334.dat
|
112
|
+
- spec/codecs/netflow9_test_cisco_asr9k_tpl260.dat
|
113
|
+
- spec/codecs/netflow9_test_cisco_asr9k_tpl266.dat
|
114
|
+
- spec/codecs/netflow9_test_cisco_nbar_data262.dat
|
115
|
+
- spec/codecs/netflow9_test_cisco_nbar_opttpl260.dat
|
116
|
+
- spec/codecs/netflow9_test_cisco_nbar_tpl262.dat
|
119
117
|
- spec/codecs/netflow_spec.rb
|
118
|
+
- logstash-codec-netflow.gemspec
|
119
|
+
- README.md
|
120
|
+
- CHANGELOG.md
|
121
|
+
- CONTRIBUTORS
|
122
|
+
- Gemfile
|
123
|
+
- LICENSE
|
124
|
+
- NOTICE.TXT
|
120
125
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
121
126
|
licenses:
|
122
127
|
- Apache License (2.0)
|
123
128
|
metadata:
|
124
129
|
logstash_plugin: 'true'
|
125
130
|
logstash_group: codec
|
126
|
-
post_install_message:
|
131
|
+
post_install_message:
|
127
132
|
rdoc_options: []
|
128
133
|
require_paths:
|
129
134
|
- lib
|
@@ -138,50 +143,53 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
138
143
|
- !ruby/object:Gem::Version
|
139
144
|
version: '0'
|
140
145
|
requirements: []
|
141
|
-
rubyforge_project:
|
142
|
-
rubygems_version: 2.
|
143
|
-
signing_key:
|
146
|
+
rubyforge_project:
|
147
|
+
rubygems_version: 2.0.14
|
148
|
+
signing_key:
|
144
149
|
specification_version: 4
|
145
150
|
summary: The netflow codec is for decoding Netflow v5/v9/v10 (IPFIX) flows.
|
146
151
|
test_files:
|
147
152
|
- spec/codecs/ipfix.dat
|
148
|
-
- spec/codecs/ipfix_test_netscaler_data.dat
|
149
|
-
- spec/codecs/ipfix_test_netscaler_tpl.dat
|
150
153
|
- spec/codecs/ipfix_test_openbsd_pflow_data.dat
|
151
154
|
- spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
|
152
|
-
- spec/codecs/ipfix_test_vmware_vds_data264.dat
|
153
|
-
- spec/codecs/ipfix_test_vmware_vds_data266.dat
|
154
|
-
- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
|
155
|
-
- spec/codecs/ipfix_test_vmware_vds_tpl.dat
|
156
155
|
- spec/codecs/netflow5.dat
|
157
156
|
- spec/codecs/netflow5_test_invalid01.dat
|
158
157
|
- spec/codecs/netflow5_test_invalid02.dat
|
159
158
|
- spec/codecs/netflow5_test_juniper_mx80.dat
|
160
159
|
- spec/codecs/netflow5_test_microtik.dat
|
161
|
-
- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
|
162
160
|
- spec/codecs/netflow9_test_cisco_asa_1_data.dat
|
163
161
|
- spec/codecs/netflow9_test_cisco_asa_1_tpl.dat
|
164
162
|
- spec/codecs/netflow9_test_cisco_asa_2_data.dat
|
165
163
|
- spec/codecs/netflow9_test_cisco_asa_2_tpl_26x.dat
|
166
164
|
- spec/codecs/netflow9_test_cisco_asa_2_tpl_27x.dat
|
167
|
-
- spec/codecs/netflow9_test_cisco_asr9k_data256.dat
|
168
|
-
- spec/codecs/netflow9_test_cisco_asr9k_data260.dat
|
169
|
-
- spec/codecs/netflow9_test_cisco_asr9k_opttpl256.dat
|
170
|
-
- spec/codecs/netflow9_test_cisco_asr9k_opttpl257.dat
|
171
|
-
- spec/codecs/netflow9_test_cisco_asr9k_opttpl334.dat
|
172
|
-
- spec/codecs/netflow9_test_cisco_asr9k_tpl260.dat
|
173
|
-
- spec/codecs/netflow9_test_cisco_asr9k_tpl266.dat
|
174
165
|
- spec/codecs/netflow9_test_invalid01.dat
|
175
|
-
- spec/codecs/netflow9_test_juniper_srx_tplopt.dat
|
176
166
|
- spec/codecs/netflow9_test_macaddr_data.dat
|
177
167
|
- spec/codecs/netflow9_test_macaddr_tpl.dat
|
178
168
|
- spec/codecs/netflow9_test_nprobe_data.dat
|
179
169
|
- spec/codecs/netflow9_test_nprobe_tpl.dat
|
180
170
|
- spec/codecs/netflow9_test_softflowd_tpl_data.dat
|
181
|
-
- spec/codecs/
|
182
|
-
- spec/codecs/
|
171
|
+
- spec/codecs/netflow9_test_valid01.dat
|
172
|
+
- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
|
183
173
|
- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
|
184
174
|
- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
|
185
|
-
- spec/codecs/
|
186
|
-
- spec/codecs/
|
175
|
+
- spec/codecs/ipfix_test_netscaler_data.dat
|
176
|
+
- spec/codecs/ipfix_test_netscaler_tpl.dat
|
177
|
+
- spec/codecs/ipfix_test_vmware_vds_data264.dat
|
178
|
+
- spec/codecs/ipfix_test_vmware_vds_data266.dat
|
179
|
+
- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
|
180
|
+
- spec/codecs/ipfix_test_vmware_vds_tpl.dat
|
181
|
+
- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
|
182
|
+
- spec/codecs/netflow9_test_juniper_srx_tplopt.dat
|
183
|
+
- spec/codecs/netflow9_test_streamcore_tpl_data256.dat
|
184
|
+
- spec/codecs/netflow9_test_streamcore_tpl_data260.dat
|
185
|
+
- spec/codecs/netflow9_test_cisco_asr9k_data256.dat
|
186
|
+
- spec/codecs/netflow9_test_cisco_asr9k_data260.dat
|
187
|
+
- spec/codecs/netflow9_test_cisco_asr9k_opttpl256.dat
|
188
|
+
- spec/codecs/netflow9_test_cisco_asr9k_opttpl257.dat
|
189
|
+
- spec/codecs/netflow9_test_cisco_asr9k_opttpl334.dat
|
190
|
+
- spec/codecs/netflow9_test_cisco_asr9k_tpl260.dat
|
191
|
+
- spec/codecs/netflow9_test_cisco_asr9k_tpl266.dat
|
192
|
+
- spec/codecs/netflow9_test_cisco_nbar_data262.dat
|
193
|
+
- spec/codecs/netflow9_test_cisco_nbar_opttpl260.dat
|
194
|
+
- spec/codecs/netflow9_test_cisco_nbar_tpl262.dat
|
187
195
|
- spec/codecs/netflow_spec.rb
|