logstash-codec-netflow 3.9.1 → 3.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/CONTRIBUTORS +1 -0
- data/docs/index.asciidoc +1 -0
- data/lib/logstash/codecs/netflow/ipfix.yaml +10 -0
- data/logstash-codec-netflow.gemspec +1 -1
- data/spec/codecs/ipfix_test_nokia_bras_data256.dat +0 -0
- data/spec/codecs/ipfix_test_nokia_bras_tpl.dat +0 -0
- data/spec/codecs/netflow_spec.rb +45 -0
- metadata +5 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 23f25a4dd41e18de926001edf51d595b28f32bba
|
|
4
|
+
data.tar.gz: a7844a2a74423c4ee1da1e0a3b94120d5cbd323a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c0ff89f1a8f9d9bc771dd80e724ee9f019ea97f3c13bb893226e599e69e82a26911e6a6fe213e0cab87bdc675aa84779bd894bfb678cd8236649d16cc091d297
|
|
7
|
+
data.tar.gz: 5f6826dcd84eb0fbba51b0ec6fb47ed83dc08b689b778c04b131f2877dd36baca8e16a71b59d89bf907e6d4ae88e64f7b569bcd81b0dc8fea07b89b978770f0e
|
data/CHANGELOG.md
CHANGED
data/CONTRIBUTORS
CHANGED
data/docs/index.asciidoc
CHANGED
|
@@ -49,6 +49,7 @@ The following Netflow/IPFIX exporters are known to work with the most recent ver
|
|
|
49
49
|
|Juniper MX80 | y | | | SW > 12.3R8
|
|
50
50
|
|Mikrotik | y | | y | http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow
|
|
51
51
|
|nProbe | y | y | y | L7 DPI fields now also supported
|
|
52
|
+
|Nokia BRAS | | | y |
|
|
52
53
|
|OpenBSD pflow | y | n | y | http://man.openbsd.org/OpenBSD-current/man4/pflow.4
|
|
53
54
|
|Softflowd | y | y | y | IPFIX supported in https://github.com/djmdjm/softflowd
|
|
54
55
|
|Streamcore Streamgroomer | | y | |
|
|
@@ -1245,6 +1245,16 @@
|
|
|
1245
1245
|
12244:
|
|
1246
1246
|
- :string
|
|
1247
1247
|
- :ciscoAppBusiness
|
|
1248
|
+
637:
|
|
1249
|
+
91:
|
|
1250
|
+
- :uint16
|
|
1251
|
+
- :natInsideSvcid
|
|
1252
|
+
92:
|
|
1253
|
+
- :uint16
|
|
1254
|
+
- :natOutsideSvcid
|
|
1255
|
+
93:
|
|
1256
|
+
- :string
|
|
1257
|
+
- :natSubString
|
|
1248
1258
|
5951:
|
|
1249
1259
|
128:
|
|
1250
1260
|
- :uint32
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-netflow'
|
|
4
|
-
s.version = '3.
|
|
4
|
+
s.version = '3.10.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Reads Netflow v5 and Netflow v9 data"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
Binary file
|
|
Binary file
|
data/spec/codecs/netflow_spec.rb
CHANGED
|
@@ -982,6 +982,51 @@ describe LogStash::Codecs::Netflow do
|
|
|
982
982
|
|
|
983
983
|
end
|
|
984
984
|
|
|
985
|
+
context "IPFIX Nokia BRAS" do
|
|
986
|
+
let(:data) do
|
|
987
|
+
packets = []
|
|
988
|
+
packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_nokia_bras_tpl.dat"), :mode => "rb")
|
|
989
|
+
packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_nokia_bras_data256.dat"), :mode => "rb")
|
|
990
|
+
end
|
|
991
|
+
|
|
992
|
+
let(:json_events) do
|
|
993
|
+
events = []
|
|
994
|
+
events << <<-END
|
|
995
|
+
{
|
|
996
|
+
"@version": "1",
|
|
997
|
+
"netflow": {
|
|
998
|
+
"destinationIPv4Address": "10.0.0.34",
|
|
999
|
+
"destinationTransportPort": 80,
|
|
1000
|
+
"protocolIdentifier": 6,
|
|
1001
|
+
"sourceIPv4Address": "10.0.1.228",
|
|
1002
|
+
"natSubString": "USER1@10.10.0.123",
|
|
1003
|
+
"sourceTransportPort": 5878,
|
|
1004
|
+
"version": 10,
|
|
1005
|
+
"flowId": 3389049088,
|
|
1006
|
+
"natOutsideSvcid": 0,
|
|
1007
|
+
"flowStartMilliseconds": "2017-12-14T07:23:45.148Z",
|
|
1008
|
+
"natInsideSvcid": 100
|
|
1009
|
+
},
|
|
1010
|
+
"@timestamp": "2017-12-14T07:23:45.000Z"
|
|
1011
|
+
}
|
|
1012
|
+
END
|
|
1013
|
+
|
|
1014
|
+
events.map{|event| event.gsub(/\s+/, "")}
|
|
1015
|
+
end
|
|
1016
|
+
|
|
1017
|
+
it "should decode raw data" do
|
|
1018
|
+
expect(decode.size).to eq(1)
|
|
1019
|
+
expect(decode[0].get("[netflow][natInsideSvcid]")).to eq(100)
|
|
1020
|
+
expect(decode[0].get("[netflow][natOutsideSvcid]")).to eq(0)
|
|
1021
|
+
expect(decode[0].get("[netflow][natSubString]")).to eq("USER1@10.10.0.123")
|
|
1022
|
+
end
|
|
1023
|
+
|
|
1024
|
+
it "should serialize to json" do
|
|
1025
|
+
expect(JSON.parse(decode[0].to_json)).to eq(JSON.parse(json_events[0]))
|
|
1026
|
+
end
|
|
1027
|
+
|
|
1028
|
+
end
|
|
1029
|
+
|
|
985
1030
|
|
|
986
1031
|
|
|
987
1032
|
context "Netflow 9 Ubiquiti Edgerouter with MPLS labels" do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-netflow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
@@ -87,6 +87,8 @@ files:
|
|
|
87
87
|
- spec/codecs/ipfix_test_mikrotik_tpl.dat
|
|
88
88
|
- spec/codecs/ipfix_test_netscaler_data.dat
|
|
89
89
|
- spec/codecs/ipfix_test_netscaler_tpl.dat
|
|
90
|
+
- spec/codecs/ipfix_test_nokia_bras_data256.dat
|
|
91
|
+
- spec/codecs/ipfix_test_nokia_bras_tpl.dat
|
|
90
92
|
- spec/codecs/ipfix_test_openbsd_pflow_data.dat
|
|
91
93
|
- spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
|
|
92
94
|
- spec/codecs/ipfix_test_viptela_data257.dat
|
|
@@ -183,6 +185,8 @@ test_files:
|
|
|
183
185
|
- spec/codecs/ipfix_test_mikrotik_tpl.dat
|
|
184
186
|
- spec/codecs/ipfix_test_netscaler_data.dat
|
|
185
187
|
- spec/codecs/ipfix_test_netscaler_tpl.dat
|
|
188
|
+
- spec/codecs/ipfix_test_nokia_bras_data256.dat
|
|
189
|
+
- spec/codecs/ipfix_test_nokia_bras_tpl.dat
|
|
186
190
|
- spec/codecs/ipfix_test_openbsd_pflow_data.dat
|
|
187
191
|
- spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
|
|
188
192
|
- spec/codecs/ipfix_test_viptela_data257.dat
|