logstash-codec-netflow 3.8.1 → 3.8.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/CONTRIBUTORS +1 -0
- data/lib/logstash/codecs/netflow.rb +18 -11
- data/lib/logstash/codecs/netflow/util.rb +64 -30
- data/logstash-codec-netflow.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eb35147ecbca3f014d8ba75ae96d5b5190cca121
|
|
4
|
+
data.tar.gz: 2faec212bb770aa4bcae045c2f30d4046b12cbdd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6fecbcfdb821d74677230e402afd21964ab4a7d6190a548439cf8b2118e1af584365ad5a951231ba45647cfdee33a01cb2a51e5f5344b69b1202f969332ece1d
|
|
7
|
+
data.tar.gz: 3df0991010965dc1630ff39b7fdefc96ca102b51241a12c55d5cb829cadc76ccaf840684272b769a7452a5abe4293684a4717894df4139a1155c7090ea2a05c3
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
## 3.8.3
|
|
2
|
+
|
|
3
|
+
- Fixed a race condition that could cause some errors when running in a multithreaded input
|
|
4
|
+
|
|
5
|
+
## 3.8.2
|
|
6
|
+
|
|
7
|
+
- Fixed exceptions due to NilClass in util.rb and netflow.rb
|
|
8
|
+
|
|
1
9
|
## 3.8.1
|
|
2
10
|
|
|
3
11
|
- Prevent Netflow and IPFIX templates from being modified concurrently
|
data/CONTRIBUTORS
CHANGED
|
@@ -50,6 +50,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
|
50
50
|
FLOWSET_ID = "flowset_id"
|
|
51
51
|
|
|
52
52
|
def initialize(params = {})
|
|
53
|
+
@file_cache_mutex = Mutex.new
|
|
53
54
|
super(params)
|
|
54
55
|
@threadsafe = true
|
|
55
56
|
@decode_mutex_netflow = Mutex.new
|
|
@@ -240,9 +241,10 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
|
240
241
|
else
|
|
241
242
|
key = "#{flowset.source_id}|#{record.flowset_id}"
|
|
242
243
|
end
|
|
243
|
-
template = @netflow_templates[key]
|
|
244
244
|
|
|
245
|
-
|
|
245
|
+
template = @decode_mutex_netflow.synchronize { @netflow_templates[key] }
|
|
246
|
+
|
|
247
|
+
if !template
|
|
246
248
|
@logger.warn("Can't (yet) decode flowset id #{record.flowset_id} from source id #{flowset.source_id}, because no template to decode it with has been received. This message will usually go away after 1 minute.")
|
|
247
249
|
return events
|
|
248
250
|
end
|
|
@@ -252,9 +254,11 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
|
252
254
|
# Template shouldn't be longer than the record
|
|
253
255
|
# As fas as padding is concerned, the RFC defines a SHOULD for 4-word alignment
|
|
254
256
|
# so we won't complain about that.
|
|
255
|
-
if template.num_bytes
|
|
256
|
-
|
|
257
|
-
|
|
257
|
+
if template.num_bytes != nil
|
|
258
|
+
if template.num_bytes > length
|
|
259
|
+
@logger.warn("Template length exceeds flowset length, skipping", :template_id => record.flowset_id, :template_length => template.num_bytes, :record_length => length)
|
|
260
|
+
return events
|
|
261
|
+
end
|
|
258
262
|
end
|
|
259
263
|
|
|
260
264
|
array = BinData::Array.new(:type => template, :initial_length => length / template.num_bytes)
|
|
@@ -336,9 +340,9 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
|
336
340
|
when 256..65535
|
|
337
341
|
# Data flowset
|
|
338
342
|
key = "#{flowset.observation_domain_id}|#{record.flowset_id}"
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
343
|
+
if @ipfix_templates[key] != nil
|
|
344
|
+
template = @ipfix_templates[key]
|
|
345
|
+
else
|
|
342
346
|
@logger.warn("Can't (yet) decode flowset id #{record.flowset_id} from observation domain id #{flowset.observation_domain_id}, because no template to decode it with has been received. This message will usually go away after 1 minute.")
|
|
343
347
|
return events
|
|
344
348
|
end
|
|
@@ -417,9 +421,10 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
|
417
421
|
templates_cache = {}
|
|
418
422
|
begin
|
|
419
423
|
@logger.debug? and @logger.debug("Loading templates from template cache #{file_path}")
|
|
420
|
-
|
|
424
|
+
file_data = @file_cache_mutex.synchronize { File.read(file_path)}
|
|
425
|
+
templates_cache = JSON.parse(file_data)
|
|
421
426
|
rescue Exception => e
|
|
422
|
-
raise "#{self.class.name}: templates cache file
|
|
427
|
+
raise "#{self.class.name}: templates cache file could not be read @ (#{file_path}: #{e.class.name} #{e.message})"
|
|
423
428
|
end
|
|
424
429
|
|
|
425
430
|
templates_cache
|
|
@@ -428,7 +433,9 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
|
428
433
|
def save_templates_cache(templates_cache, file_path)
|
|
429
434
|
begin
|
|
430
435
|
@logger.debug? and @logger.debug("Writing templates to template cache #{file_path}")
|
|
431
|
-
|
|
436
|
+
@file_cache_mutex.synchronize do
|
|
437
|
+
File.open(file_path, 'w') {|file| file.write templates_cache.to_json }
|
|
438
|
+
end
|
|
432
439
|
rescue Exception => e
|
|
433
440
|
raise "#{self.class.name}: saving templates cache file failed (#{file_path}) with error #{e}"
|
|
434
441
|
end
|
|
@@ -7,15 +7,19 @@ class IP4Addr < BinData::Primitive
|
|
|
7
7
|
uint32 :storage
|
|
8
8
|
|
|
9
9
|
def set(val)
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
10
|
+
unless val.nil?
|
|
11
|
+
ip = IPAddr.new(val)
|
|
12
|
+
if ! ip.ipv4?
|
|
13
|
+
raise ArgumentError, "invalid IPv4 address '#{val}'"
|
|
14
|
+
end
|
|
15
|
+
self.storage = ip.to_i
|
|
13
16
|
end
|
|
14
|
-
self.storage = ip.to_i
|
|
15
17
|
end
|
|
16
18
|
|
|
17
19
|
def get
|
|
18
|
-
|
|
20
|
+
unless self.storage.nil?
|
|
21
|
+
IPAddr.new_ntoh([self.storage].pack('N')).to_s
|
|
22
|
+
end
|
|
19
23
|
end
|
|
20
24
|
end
|
|
21
25
|
|
|
@@ -24,17 +28,21 @@ class IP6Addr < BinData::Primitive
|
|
|
24
28
|
uint128 :storage
|
|
25
29
|
|
|
26
30
|
def set(val)
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
31
|
+
unless val.nil?
|
|
32
|
+
ip = IPAddr.new(val)
|
|
33
|
+
if ! ip.ipv6?
|
|
34
|
+
raise ArgumentError, "invalid IPv6 address `#{val}'"
|
|
35
|
+
end
|
|
36
|
+
self.storage = ip.to_i
|
|
30
37
|
end
|
|
31
|
-
self.storage = ip.to_i
|
|
32
38
|
end
|
|
33
39
|
|
|
34
40
|
def get
|
|
35
|
-
|
|
36
|
-
(
|
|
37
|
-
|
|
41
|
+
unless self.storage.nil?
|
|
42
|
+
IPAddr.new_ntoh((0..7).map { |i|
|
|
43
|
+
(self.storage >> (112 - 16 * i)) & 0xffff
|
|
44
|
+
}.pack('n8')).to_s
|
|
45
|
+
end
|
|
38
46
|
end
|
|
39
47
|
end
|
|
40
48
|
|
|
@@ -42,12 +50,18 @@ class MacAddr < BinData::Primitive
|
|
|
42
50
|
array :bytes, :type => :uint8, :initial_length => 6
|
|
43
51
|
|
|
44
52
|
def set(val)
|
|
45
|
-
|
|
46
|
-
|
|
53
|
+
unless val.nil?
|
|
54
|
+
ints = val.split(/:/).collect { |int| int.to_i(16) }
|
|
55
|
+
self.bytes = ints
|
|
56
|
+
end
|
|
47
57
|
end
|
|
48
58
|
|
|
49
59
|
def get
|
|
50
|
-
self.bytes.collect { |byte|
|
|
60
|
+
self.bytes.collect { |byte|
|
|
61
|
+
unless byte.nil?
|
|
62
|
+
byte.value.to_s(16).rjust(2,'0')
|
|
63
|
+
end
|
|
64
|
+
}.join(":")
|
|
51
65
|
end
|
|
52
66
|
end
|
|
53
67
|
|
|
@@ -85,11 +99,17 @@ class ACLIdASA < BinData::Primitive
|
|
|
85
99
|
array :bytes, :type => :uint8, :initial_length => 12
|
|
86
100
|
|
|
87
101
|
def set(val)
|
|
88
|
-
|
|
102
|
+
unless val.nil?
|
|
103
|
+
self.bytes = val.split("-").collect { |aclid| aclid.scan(/../).collect { |hex| hex.to_i(16)} }.flatten
|
|
104
|
+
end
|
|
89
105
|
end
|
|
90
106
|
|
|
91
107
|
def get
|
|
92
|
-
hexstring = self.bytes.collect { |byte|
|
|
108
|
+
hexstring = self.bytes.collect { |byte|
|
|
109
|
+
unless byte.nil?
|
|
110
|
+
byte.value.to_s(16).rjust(2,'0')
|
|
111
|
+
end
|
|
112
|
+
}.join
|
|
93
113
|
hexstring.scan(/......../).collect { |aclid| aclid }.join("-")
|
|
94
114
|
end
|
|
95
115
|
end
|
|
@@ -114,8 +134,10 @@ class Application_Id16 < BinData::Primitive
|
|
|
114
134
|
uint24 :selector_id
|
|
115
135
|
|
|
116
136
|
def set(val)
|
|
117
|
-
|
|
118
|
-
|
|
137
|
+
unless val.nil?
|
|
138
|
+
self.classification_id=val.to_i<<24
|
|
139
|
+
self.selector_id = val.to_i-((val.to_i>>24)<<24)
|
|
140
|
+
end
|
|
119
141
|
end
|
|
120
142
|
|
|
121
143
|
def get
|
|
@@ -129,8 +151,10 @@ class Application_Id24 < BinData::Primitive
|
|
|
129
151
|
uint16 :selector_id
|
|
130
152
|
|
|
131
153
|
def set(val)
|
|
132
|
-
|
|
133
|
-
|
|
154
|
+
unless val.nil?
|
|
155
|
+
self.classification_id=val.to_i<<16
|
|
156
|
+
self.selector_id = val.to_i-((val.to_i>>16)<<16)
|
|
157
|
+
end
|
|
134
158
|
end
|
|
135
159
|
|
|
136
160
|
def get
|
|
@@ -144,8 +168,10 @@ class Application_Id32 < BinData::Primitive
|
|
|
144
168
|
uint24 :selector_id
|
|
145
169
|
|
|
146
170
|
def set(val)
|
|
147
|
-
|
|
148
|
-
|
|
171
|
+
unless val.nil?
|
|
172
|
+
self.classification_id=val.to_i<<24
|
|
173
|
+
self.selector_id = val.to_i-((val.to_i>>24)<<24)
|
|
174
|
+
end
|
|
149
175
|
end
|
|
150
176
|
|
|
151
177
|
def get
|
|
@@ -159,8 +185,10 @@ class Application_Id40 < BinData::Primitive
|
|
|
159
185
|
uint32 :selector_id
|
|
160
186
|
|
|
161
187
|
def set(val)
|
|
162
|
-
|
|
163
|
-
|
|
188
|
+
unless val.nil?
|
|
189
|
+
self.classification_id=val.to_i<<32
|
|
190
|
+
self.selector_id = val.to_i-((val.to_i>>32)<<32)
|
|
191
|
+
end
|
|
164
192
|
end
|
|
165
193
|
|
|
166
194
|
def get
|
|
@@ -174,8 +202,10 @@ class Application_Id64 < BinData::Primitive
|
|
|
174
202
|
uint56 :selector_id
|
|
175
203
|
|
|
176
204
|
def set(val)
|
|
177
|
-
|
|
178
|
-
|
|
205
|
+
unless val.nil?
|
|
206
|
+
self.classification_id=val.to_i<<56
|
|
207
|
+
self.selector_id = val.to_i-((val.to_i>>56)<<56)
|
|
208
|
+
end
|
|
179
209
|
end
|
|
180
210
|
|
|
181
211
|
def get
|
|
@@ -189,8 +219,10 @@ class Application_Id72 < BinData::Primitive
|
|
|
189
219
|
uint64 :selector_id
|
|
190
220
|
|
|
191
221
|
def set(val)
|
|
192
|
-
|
|
193
|
-
|
|
222
|
+
unless val.nil?
|
|
223
|
+
self.classification_id=val.to_i<<64
|
|
224
|
+
self.selector_id = val.to_i-((val.to_i>>64)<<64)
|
|
225
|
+
end
|
|
194
226
|
end
|
|
195
227
|
|
|
196
228
|
def get
|
|
@@ -204,7 +236,9 @@ class OctetArray < BinData::Primitive
|
|
|
204
236
|
array :bytes, :type => :uint8, :initial_length => :initial_length
|
|
205
237
|
|
|
206
238
|
def set(val)
|
|
207
|
-
|
|
239
|
+
unless val.nil?
|
|
240
|
+
self.bytes = val.scan(/../).collect { |hex| hex.to_i(16)}
|
|
241
|
+
end
|
|
208
242
|
end
|
|
209
243
|
|
|
210
244
|
def get
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-netflow'
|
|
4
|
-
s.version = '3.8.
|
|
4
|
+
s.version = '3.8.3'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Reads Netflow v5 and Netflow v9 data"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-netflow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.8.
|
|
4
|
+
version: 3.8.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-11-
|
|
11
|
+
date: 2017-11-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: logstash-core-plugin-api
|