logstash-codec-netflow 3.9.0 → 3.9.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/CONTRIBUTORS +1 -0
- data/lib/logstash/codecs/netflow/netflow.yaml +12 -0
- data/logstash-codec-netflow.gemspec +1 -1
- data/spec/codecs/netflow9_test_unknown_tpl266_292_data.dat +0 -0
- data/spec/codecs/netflow_spec.rb +79 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 49ab4908487a49f83e5c84369cb2202d518a84d1
|
4
|
+
data.tar.gz: 18e6d9c9da6bba3b5d947109f48f27de0edc1372
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5052a5791332289eb82f759ca611d2d9484592317edbdecca32989c08b0388625774d2d44efddac0da65c1c8ad51e58a7e62ed70bf7bbfa0cf7fd963eb19ba71
|
7
|
+
data.tar.gz: 1271997cf15abdc05fdb4c5941d1759964e876b4879290496e2a96239b3cc3bd648fe1646b179c24a90d7ba83ca618bb3d416e573a1a490a1d287bdc7f905541
|
data/CHANGELOG.md
CHANGED
data/CONTRIBUTORS
CHANGED
@@ -244,12 +244,24 @@
|
|
244
244
|
148:
|
245
245
|
- :uint32
|
246
246
|
- :conn_id
|
247
|
+
150:
|
248
|
+
- :uint32
|
249
|
+
- :flowStartSeconds
|
250
|
+
151:
|
251
|
+
- :uint32
|
252
|
+
- :flowEndSeconds
|
247
253
|
152:
|
248
254
|
- 8
|
249
255
|
- :flow_start_msec
|
250
256
|
153:
|
251
257
|
- 8
|
252
258
|
- :flow_end_msec
|
259
|
+
154:
|
260
|
+
- :uint64
|
261
|
+
- :flowStartMicroseconds
|
262
|
+
155:
|
263
|
+
- :uint64
|
264
|
+
- :flowEndMicroseconds
|
253
265
|
176:
|
254
266
|
- :uint8
|
255
267
|
- :icmp_type
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-codec-netflow'
|
4
|
-
s.version = '3.9.
|
4
|
+
s.version = '3.9.1'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Reads Netflow v5 and Netflow v9 data"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
Binary file
|
data/spec/codecs/netflow_spec.rb
CHANGED
@@ -905,6 +905,85 @@ describe LogStash::Codecs::Netflow do
|
|
905
905
|
|
906
906
|
end
|
907
907
|
|
908
|
+
context "Netflow 9 IE150 IE151" do
|
909
|
+
let(:data) do
|
910
|
+
packets = []
|
911
|
+
packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_unknown_tpl266_292_data.dat"), :mode => "rb")
|
912
|
+
end
|
913
|
+
|
914
|
+
let(:json_events) do
|
915
|
+
events = []
|
916
|
+
events << <<-END
|
917
|
+
{
|
918
|
+
"@version": "1",
|
919
|
+
"netflow": {
|
920
|
+
"in_pkts": 1,
|
921
|
+
"ipv4_dst_addr": "192.168.0.2",
|
922
|
+
"src_tos": 0,
|
923
|
+
"flowset_id": 266,
|
924
|
+
"l4_src_port": 137,
|
925
|
+
"version": 9,
|
926
|
+
"flow_seq_num": 35088,
|
927
|
+
"ipv4_src_addr": "192.168.0.3",
|
928
|
+
"protocol": 17,
|
929
|
+
"in_bytes": 78,
|
930
|
+
"egressVRFID": 0,
|
931
|
+
"input_snmp": 13,
|
932
|
+
"flow_sampler_id": 1,
|
933
|
+
"ingressVRFID": 0,
|
934
|
+
"flowEndSeconds": 1512147866,
|
935
|
+
"l4_dst_port": 137,
|
936
|
+
"flowStartSeconds": 1512147866,
|
937
|
+
"direction": 0
|
938
|
+
},
|
939
|
+
"@timestamp": "2017-12-01T17:04:39.000Z"
|
940
|
+
}
|
941
|
+
END
|
942
|
+
|
943
|
+
events << <<-END
|
944
|
+
{
|
945
|
+
"@version": "1",
|
946
|
+
"netflow": {
|
947
|
+
"output_snmp": 13,
|
948
|
+
"in_pkts": 1,
|
949
|
+
"ipv4_dst_addr": "192.168.0.5",
|
950
|
+
"src_tos": 0,
|
951
|
+
"flowset_id": 292,
|
952
|
+
"l4_src_port": 58130,
|
953
|
+
"version": 9,
|
954
|
+
"flow_seq_num": 35088,
|
955
|
+
"ipv4_src_addr": "192.168.0.4",
|
956
|
+
"protocol": 17,
|
957
|
+
"in_bytes": 232,
|
958
|
+
"egressVRFID": 0,
|
959
|
+
"flow_sampler_id": 1,
|
960
|
+
"ingressVRFID": 0,
|
961
|
+
"flowEndSeconds": 1512147869,
|
962
|
+
"l4_dst_port": 6343,
|
963
|
+
"flowStartSeconds": 1512147869,
|
964
|
+
"direction": 1
|
965
|
+
},
|
966
|
+
"@timestamp": "2017-12-01T17:04:39.000Z"
|
967
|
+
}
|
968
|
+
END
|
969
|
+
events.map{|event| event.gsub(/\s+/, "")}
|
970
|
+
end
|
971
|
+
|
972
|
+
it "should decode raw data" do
|
973
|
+
expect(decode.size).to eq(2)
|
974
|
+
expect(decode[1].get("[netflow][flowStartSeconds]")).to eq(1512147869)
|
975
|
+
expect(decode[1].get("[netflow][flowEndSeconds]")).to eq(1512147869)
|
976
|
+
end
|
977
|
+
|
978
|
+
it "should serialize to json" do
|
979
|
+
expect(JSON.parse(decode[0].to_json)).to eq(JSON.parse(json_events[0]))
|
980
|
+
expect(JSON.parse(decode[1].to_json)).to eq(JSON.parse(json_events[1]))
|
981
|
+
end
|
982
|
+
|
983
|
+
end
|
984
|
+
|
985
|
+
|
986
|
+
|
908
987
|
context "Netflow 9 Ubiquiti Edgerouter with MPLS labels" do
|
909
988
|
let(:data) do
|
910
989
|
packets = []
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-codec-netflow
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.9.
|
4
|
+
version: 3.9.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-12-
|
11
|
+
date: 2017-12-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -144,6 +144,7 @@ files:
|
|
144
144
|
- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
|
145
145
|
- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
|
146
146
|
- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
|
147
|
+
- spec/codecs/netflow9_test_unknown_tpl266_292_data.dat
|
147
148
|
- spec/codecs/netflow9_test_valid01.dat
|
148
149
|
- spec/codecs/netflow_spec.rb
|
149
150
|
- spec/codecs/netflow_stress.py
|
@@ -239,6 +240,7 @@ test_files:
|
|
239
240
|
- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
|
240
241
|
- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
|
241
242
|
- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
|
243
|
+
- spec/codecs/netflow9_test_unknown_tpl266_292_data.dat
|
242
244
|
- spec/codecs/netflow9_test_valid01.dat
|
243
245
|
- spec/codecs/netflow_spec.rb
|
244
246
|
- spec/codecs/netflow_stress.py
|