logstash-codec-netflow 3.8.1 → 3.8.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/CONTRIBUTORS +1 -0
- data/lib/logstash/codecs/netflow.rb +18 -11
- data/lib/logstash/codecs/netflow/util.rb +64 -30
- data/logstash-codec-netflow.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eb35147ecbca3f014d8ba75ae96d5b5190cca121
|
|
4
|
+
data.tar.gz: 2faec212bb770aa4bcae045c2f30d4046b12cbdd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6fecbcfdb821d74677230e402afd21964ab4a7d6190a548439cf8b2118e1af584365ad5a951231ba45647cfdee33a01cb2a51e5f5344b69b1202f969332ece1d
|
|
7
|
+
data.tar.gz: 3df0991010965dc1630ff39b7fdefc96ca102b51241a12c55d5cb829cadc76ccaf840684272b769a7452a5abe4293684a4717894df4139a1155c7090ea2a05c3
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
## 3.8.3
|
|
2
|
+
|
|
3
|
+
- Fixed a race condition that could cause some errors when running in a multithreaded input
|
|
4
|
+
|
|
5
|
+
## 3.8.2
|
|
6
|
+
|
|
7
|
+
- Fixed exceptions due to NilClass in util.rb and netflow.rb
|
|
8
|
+
|
|
1
9
|
## 3.8.1
|
|
2
10
|
|
|
3
11
|
- Prevent Netflow and IPFIX templates from being modified concurrently
|
data/CONTRIBUTORS
CHANGED
|
@@ -50,6 +50,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
|
50
50
|
FLOWSET_ID = "flowset_id"
|
|
51
51
|
|
|
52
52
|
def initialize(params = {})
|
|
53
|
+
@file_cache_mutex = Mutex.new
|
|
53
54
|
super(params)
|
|
54
55
|
@threadsafe = true
|
|
55
56
|
@decode_mutex_netflow = Mutex.new
|
|
@@ -240,9 +241,10 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
|
240
241
|
else
|
|
241
242
|
key = "#{flowset.source_id}|#{record.flowset_id}"
|
|
242
243
|
end
|
|
243
|
-
template = @netflow_templates[key]
|
|
244
244
|
|
|
245
|
-
|
|
245
|
+
template = @decode_mutex_netflow.synchronize { @netflow_templates[key] }
|
|
246
|
+
|
|
247
|
+
if !template
|
|
246
248
|
@logger.warn("Can't (yet) decode flowset id #{record.flowset_id} from source id #{flowset.source_id}, because no template to decode it with has been received. This message will usually go away after 1 minute.")
|
|
247
249
|
return events
|
|
248
250
|
end
|
|
@@ -252,9 +254,11 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
|
252
254
|
# Template shouldn't be longer than the record
|
|
253
255
|
# As fas as padding is concerned, the RFC defines a SHOULD for 4-word alignment
|
|
254
256
|
# so we won't complain about that.
|
|
255
|
-
if template.num_bytes
|
|
256
|
-
|
|
257
|
-
|
|
257
|
+
if template.num_bytes != nil
|
|
258
|
+
if template.num_bytes > length
|
|
259
|
+
@logger.warn("Template length exceeds flowset length, skipping", :template_id => record.flowset_id, :template_length => template.num_bytes, :record_length => length)
|
|
260
|
+
return events
|
|
261
|
+
end
|
|
258
262
|
end
|
|
259
263
|
|
|
260
264
|
array = BinData::Array.new(:type => template, :initial_length => length / template.num_bytes)
|
|
@@ -336,9 +340,9 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
|
336
340
|
when 256..65535
|
|
337
341
|
# Data flowset
|
|
338
342
|
key = "#{flowset.observation_domain_id}|#{record.flowset_id}"
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
343
|
+
if @ipfix_templates[key] != nil
|
|
344
|
+
template = @ipfix_templates[key]
|
|
345
|
+
else
|
|
342
346
|
@logger.warn("Can't (yet) decode flowset id #{record.flowset_id} from observation domain id #{flowset.observation_domain_id}, because no template to decode it with has been received. This message will usually go away after 1 minute.")
|
|
343
347
|
return events
|
|
344
348
|
end
|
|
@@ -417,9 +421,10 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
|
417
421
|
templates_cache = {}
|
|
418
422
|
begin
|
|
419
423
|
@logger.debug? and @logger.debug("Loading templates from template cache #{file_path}")
|
|
420
|
-
|
|
424
|
+
file_data = @file_cache_mutex.synchronize { File.read(file_path)}
|
|
425
|
+
templates_cache = JSON.parse(file_data)
|
|
421
426
|
rescue Exception => e
|
|
422
|
-
raise "#{self.class.name}: templates cache file
|
|
427
|
+
raise "#{self.class.name}: templates cache file could not be read @ (#{file_path}: #{e.class.name} #{e.message})"
|
|
423
428
|
end
|
|
424
429
|
|
|
425
430
|
templates_cache
|
|
@@ -428,7 +433,9 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
|
428
433
|
def save_templates_cache(templates_cache, file_path)
|
|
429
434
|
begin
|
|
430
435
|
@logger.debug? and @logger.debug("Writing templates to template cache #{file_path}")
|
|
431
|
-
|
|
436
|
+
@file_cache_mutex.synchronize do
|
|
437
|
+
File.open(file_path, 'w') {|file| file.write templates_cache.to_json }
|
|
438
|
+
end
|
|
432
439
|
rescue Exception => e
|
|
433
440
|
raise "#{self.class.name}: saving templates cache file failed (#{file_path}) with error #{e}"
|
|
434
441
|
end
|
|
@@ -7,15 +7,19 @@ class IP4Addr < BinData::Primitive
|
|
|
7
7
|
uint32 :storage
|
|
8
8
|
|
|
9
9
|
def set(val)
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
10
|
+
unless val.nil?
|
|
11
|
+
ip = IPAddr.new(val)
|
|
12
|
+
if ! ip.ipv4?
|
|
13
|
+
raise ArgumentError, "invalid IPv4 address '#{val}'"
|
|
14
|
+
end
|
|
15
|
+
self.storage = ip.to_i
|
|
13
16
|
end
|
|
14
|
-
self.storage = ip.to_i
|
|
15
17
|
end
|
|
16
18
|
|
|
17
19
|
def get
|
|
18
|
-
|
|
20
|
+
unless self.storage.nil?
|
|
21
|
+
IPAddr.new_ntoh([self.storage].pack('N')).to_s
|
|
22
|
+
end
|
|
19
23
|
end
|
|
20
24
|
end
|
|
21
25
|
|
|
@@ -24,17 +28,21 @@ class IP6Addr < BinData::Primitive
|
|
|
24
28
|
uint128 :storage
|
|
25
29
|
|
|
26
30
|
def set(val)
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
31
|
+
unless val.nil?
|
|
32
|
+
ip = IPAddr.new(val)
|
|
33
|
+
if ! ip.ipv6?
|
|
34
|
+
raise ArgumentError, "invalid IPv6 address `#{val}'"
|
|
35
|
+
end
|
|
36
|
+
self.storage = ip.to_i
|
|
30
37
|
end
|
|
31
|
-
self.storage = ip.to_i
|
|
32
38
|
end
|
|
33
39
|
|
|
34
40
|
def get
|
|
35
|
-
|
|
36
|
-
(
|
|
37
|
-
|
|
41
|
+
unless self.storage.nil?
|
|
42
|
+
IPAddr.new_ntoh((0..7).map { |i|
|
|
43
|
+
(self.storage >> (112 - 16 * i)) & 0xffff
|
|
44
|
+
}.pack('n8')).to_s
|
|
45
|
+
end
|
|
38
46
|
end
|
|
39
47
|
end
|
|
40
48
|
|
|
@@ -42,12 +50,18 @@ class MacAddr < BinData::Primitive
|
|
|
42
50
|
array :bytes, :type => :uint8, :initial_length => 6
|
|
43
51
|
|
|
44
52
|
def set(val)
|
|
45
|
-
|
|
46
|
-
|
|
53
|
+
unless val.nil?
|
|
54
|
+
ints = val.split(/:/).collect { |int| int.to_i(16) }
|
|
55
|
+
self.bytes = ints
|
|
56
|
+
end
|
|
47
57
|
end
|
|
48
58
|
|
|
49
59
|
def get
|
|
50
|
-
self.bytes.collect { |byte|
|
|
60
|
+
self.bytes.collect { |byte|
|
|
61
|
+
unless byte.nil?
|
|
62
|
+
byte.value.to_s(16).rjust(2,'0')
|
|
63
|
+
end
|
|
64
|
+
}.join(":")
|
|
51
65
|
end
|
|
52
66
|
end
|
|
53
67
|
|
|
@@ -85,11 +99,17 @@ class ACLIdASA < BinData::Primitive
|
|
|
85
99
|
array :bytes, :type => :uint8, :initial_length => 12
|
|
86
100
|
|
|
87
101
|
def set(val)
|
|
88
|
-
|
|
102
|
+
unless val.nil?
|
|
103
|
+
self.bytes = val.split("-").collect { |aclid| aclid.scan(/../).collect { |hex| hex.to_i(16)} }.flatten
|
|
104
|
+
end
|
|
89
105
|
end
|
|
90
106
|
|
|
91
107
|
def get
|
|
92
|
-
hexstring = self.bytes.collect { |byte|
|
|
108
|
+
hexstring = self.bytes.collect { |byte|
|
|
109
|
+
unless byte.nil?
|
|
110
|
+
byte.value.to_s(16).rjust(2,'0')
|
|
111
|
+
end
|
|
112
|
+
}.join
|
|
93
113
|
hexstring.scan(/......../).collect { |aclid| aclid }.join("-")
|
|
94
114
|
end
|
|
95
115
|
end
|
|
@@ -114,8 +134,10 @@ class Application_Id16 < BinData::Primitive
|
|
|
114
134
|
uint24 :selector_id
|
|
115
135
|
|
|
116
136
|
def set(val)
|
|
117
|
-
|
|
118
|
-
|
|
137
|
+
unless val.nil?
|
|
138
|
+
self.classification_id=val.to_i<<24
|
|
139
|
+
self.selector_id = val.to_i-((val.to_i>>24)<<24)
|
|
140
|
+
end
|
|
119
141
|
end
|
|
120
142
|
|
|
121
143
|
def get
|
|
@@ -129,8 +151,10 @@ class Application_Id24 < BinData::Primitive
|
|
|
129
151
|
uint16 :selector_id
|
|
130
152
|
|
|
131
153
|
def set(val)
|
|
132
|
-
|
|
133
|
-
|
|
154
|
+
unless val.nil?
|
|
155
|
+
self.classification_id=val.to_i<<16
|
|
156
|
+
self.selector_id = val.to_i-((val.to_i>>16)<<16)
|
|
157
|
+
end
|
|
134
158
|
end
|
|
135
159
|
|
|
136
160
|
def get
|
|
@@ -144,8 +168,10 @@ class Application_Id32 < BinData::Primitive
|
|
|
144
168
|
uint24 :selector_id
|
|
145
169
|
|
|
146
170
|
def set(val)
|
|
147
|
-
|
|
148
|
-
|
|
171
|
+
unless val.nil?
|
|
172
|
+
self.classification_id=val.to_i<<24
|
|
173
|
+
self.selector_id = val.to_i-((val.to_i>>24)<<24)
|
|
174
|
+
end
|
|
149
175
|
end
|
|
150
176
|
|
|
151
177
|
def get
|
|
@@ -159,8 +185,10 @@ class Application_Id40 < BinData::Primitive
|
|
|
159
185
|
uint32 :selector_id
|
|
160
186
|
|
|
161
187
|
def set(val)
|
|
162
|
-
|
|
163
|
-
|
|
188
|
+
unless val.nil?
|
|
189
|
+
self.classification_id=val.to_i<<32
|
|
190
|
+
self.selector_id = val.to_i-((val.to_i>>32)<<32)
|
|
191
|
+
end
|
|
164
192
|
end
|
|
165
193
|
|
|
166
194
|
def get
|
|
@@ -174,8 +202,10 @@ class Application_Id64 < BinData::Primitive
|
|
|
174
202
|
uint56 :selector_id
|
|
175
203
|
|
|
176
204
|
def set(val)
|
|
177
|
-
|
|
178
|
-
|
|
205
|
+
unless val.nil?
|
|
206
|
+
self.classification_id=val.to_i<<56
|
|
207
|
+
self.selector_id = val.to_i-((val.to_i>>56)<<56)
|
|
208
|
+
end
|
|
179
209
|
end
|
|
180
210
|
|
|
181
211
|
def get
|
|
@@ -189,8 +219,10 @@ class Application_Id72 < BinData::Primitive
|
|
|
189
219
|
uint64 :selector_id
|
|
190
220
|
|
|
191
221
|
def set(val)
|
|
192
|
-
|
|
193
|
-
|
|
222
|
+
unless val.nil?
|
|
223
|
+
self.classification_id=val.to_i<<64
|
|
224
|
+
self.selector_id = val.to_i-((val.to_i>>64)<<64)
|
|
225
|
+
end
|
|
194
226
|
end
|
|
195
227
|
|
|
196
228
|
def get
|
|
@@ -204,7 +236,9 @@ class OctetArray < BinData::Primitive
|
|
|
204
236
|
array :bytes, :type => :uint8, :initial_length => :initial_length
|
|
205
237
|
|
|
206
238
|
def set(val)
|
|
207
|
-
|
|
239
|
+
unless val.nil?
|
|
240
|
+
self.bytes = val.scan(/../).collect { |hex| hex.to_i(16)}
|
|
241
|
+
end
|
|
208
242
|
end
|
|
209
243
|
|
|
210
244
|
def get
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-netflow'
|
|
4
|
-
s.version = '3.8.
|
|
4
|
+
s.version = '3.8.3'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Reads Netflow v5 and Netflow v9 data"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-netflow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.8.
|
|
4
|
+
version: 3.8.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-11-
|
|
11
|
+
date: 2017-11-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: logstash-core-plugin-api
|