logstash-codec-netflow 4.0.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/logstash/codecs/netflow.rb +4 -0
  4. data/lib/logstash/codecs/netflow/util.rb +2 -1
  5. data/logstash-codec-netflow.gemspec +1 -1
  6. data/spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat +0 -0
  7. data/spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat +0 -0
  8. data/spec/codecs/netflow_spec.rb +45 -0
  9. metadata +6 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4d93e056a9df39efb7dff2feb887a661a4231313
4
- data.tar.gz: f2e47894941ea4090de24a78028e4b6ec4efc3a6
3
+ metadata.gz: 02d79c8d4e3e6e62b887d17e9161f30bdce7b397
4
+ data.tar.gz: ea75c8b08e31ab585ef4c47f06aefff54e23c75f
5
5
  SHA512:
6
- metadata.gz: a5cdc4f265bb0e91fcd0db9ce19e3b678bc04cb640a094742ba45b38b881526a563ba51342a982d377103eb55a9ee89cc455d03481cf4e409a6065166d2a772c
7
- data.tar.gz: 64e22086639e4595a4b0a3fd988471d5c095b4370046df7d732d03531336bc47a60129c3a57fa267099660951e36f1b99603c04e1b02c431882086b0372b540d
6
+ metadata.gz: dc7647f8b95859bccc245a83d991f7d757b5a34a86e6c8b2c4d407d61994fafd322da4628a2a6108d283e226cfc9b1f5ff38626952177af255dc34717b52de8d
7
+ data.tar.gz: 9a2627caa77a373b0a5223df7e6c2bd1a1f19340a515f4488f5129f409484ed39360a219561b8a1afec36e13bc0f87a47013190ab92995caf5dd30d7f2d76761
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## 4.0.1
2
+
3
+ - Fixed IPFIX options template parsing for Juniper MX240 JunOS 15.1
4
+
1
5
  ## 4.0.0
2
6
 
3
7
  - Added support for RFC6759 decoding of application_id. **This is a breaking change to the way application_id is decoded. The format changes from e.g. 0:40567 to 0..12356..40567**
data/lib/logstash/codecs/netflow.rb CHANGED
@@ -102,6 +102,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
102
102
  end # def register
103
103
 
104
104
  def decode(payload, metadata = nil, &block)
105
+ # BinData::trace_reading do
105
106
  header = Header.read(payload)
106
107
 
107
108
  unless @versions.include?(header.version)
@@ -126,13 +127,16 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
126
127
  # end
127
128
  end
128
129
  elsif header.version == 10
130
+ # BinData::trace_reading do
129
131
  flowset = IpfixPDU.read(payload)
130
132
  flowset.records.each do |record|
131
133
  decode_ipfix(flowset, record).each { |event| yield(event) }
132
134
  end
135
+ # end
133
136
  else
134
137
  @logger.warn("Unsupported Netflow version v#{header.version}")
135
138
  end
139
+ # end
136
140
  rescue BinData::ValidityError, IOError => e
137
141
  @logger.warn("Invalid netflow packet received (#{e})")
138
142
  end
data/lib/logstash/codecs/netflow/util.rb CHANGED
@@ -443,7 +443,7 @@ end
443
443
 
444
444
  class IpfixOptionFlowset < BinData::Record
445
445
  endian :big
446
- array :templates, :read_until => lambda { flowset_length - 4 - array.num_bytes <= 2 } do
446
+ array :templates, :read_until => lambda { flowset_length - 4 } do
447
447
  uint16 :template_id
448
448
  uint16 :field_count
449
449
  uint16 :scope_count, :assert => lambda { scope_count > 0 }
@@ -459,6 +459,7 @@ class IpfixOptionFlowset < BinData::Record
459
459
  uint16 :field_length
460
460
  uint32 :enterprise_id, :onlyif => lambda { enterprise != 0 }
461
461
  end
462
+ string :padding, :read_length => lambda { flowset_length - 4 - 2 - 2 - 2 - scope_fields.num_bytes - option_fields.num_bytes }
462
463
  end
463
464
  end
464
465
 
data/logstash-codec-netflow.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-codec-netflow'
4
- s.version = '4.0.0'
4
+ s.version = '4.0.1'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Reads Netflow v5, Netflow v9 and IPFIX data"
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
data/spec/codecs/netflow_spec.rb CHANGED
@@ -1161,6 +1161,51 @@ describe LogStash::Codecs::Netflow do
1161
1161
 
1162
1162
  end
1163
1163
 
1164
+ context "IPFIX options template from Juniper MX240 JunOS 15.1 R6 S3" do
1165
+ let(:data) do
1166
+ packets = []
1167
+ packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat"), :mode => "rb")
1168
+ packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_juniper_mx240_junos151r6s3_data512.dat"), :mode => "rb")
1169
+ end
1170
+
1171
+ let(:json_events) do
1172
+ events = []
1173
+ events << <<-END
1174
+ {
1175
+ "@timestamp": "2018-06-01T15:11:53.000Z",
1176
+ "@version": "1",
1177
+ "netflow": {
1178
+ "exportProtocolVersion": 10,
1179
+ "exportingProcessId": 2,
1180
+ "flowActiveTimeout": 60,
1181
+ "exportTransportProtocol": 17,
1182
+ "flowIdleTimeout": 60,
1183
+ "exportedFlowRecordTotalCount": 76,
1184
+ "exportedMessageTotalCount": 76,
1185
+ "samplingInterval": 1000,
1186
+ "exporterIPv6Address": "::",
1187
+ "systemInitTimeMilliseconds": 1262761598000,
1188
+ "version": 10,
1189
+ "exporterIPv4Address": "10.0.0.1"
1190
+ }
1191
+ }
1192
+ END
1193
+
1194
+ events.map{|event| event.gsub(/\s+/, "")}
1195
+ end
1196
+
1197
+ it "should decode raw data" do
1198
+ expect(decode.size).to eq(1)
1199
+ expect(decode[0].get("[netflow][exporterIPv4Address]")).to eq("10.0.0.1")
1200
+ end
1201
+
1202
+ it "should serialize to json" do
1203
+ expect(JSON.parse(decode[0].to_json)).to eq(JSON.parse(json_events[0]))
1204
+ end
1205
+
1206
+ end
1207
+
1208
+
1164
1209
  context "IPFIX Nokia BRAS" do
1165
1210
  let(:data) do
1166
1211
  packets = []
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-codec-netflow
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0
4
+ version: 4.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-05-31 00:00:00.000000000 Z
11
+ date: 2018-06-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -85,6 +85,8 @@ files:
85
85
  - spec/codecs/ipfix_test_barracuda_extended_uniflow_data256.dat
86
86
  - spec/codecs/ipfix_test_barracuda_extended_uniflow_tpl256.dat
87
87
  - spec/codecs/ipfix_test_barracuda_tpl.dat
88
+ - spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat
89
+ - spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat
88
90
  - spec/codecs/ipfix_test_mikrotik_data258.dat
89
91
  - spec/codecs/ipfix_test_mikrotik_data259.dat
90
92
  - spec/codecs/ipfix_test_mikrotik_tpl.dat
@@ -203,6 +205,8 @@ test_files:
203
205
  - spec/codecs/ipfix_test_barracuda_extended_uniflow_data256.dat
204
206
  - spec/codecs/ipfix_test_barracuda_extended_uniflow_tpl256.dat
205
207
  - spec/codecs/ipfix_test_barracuda_tpl.dat
208
+ - spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat
209
+ - spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat
206
210
  - spec/codecs/ipfix_test_mikrotik_data258.dat
207
211
  - spec/codecs/ipfix_test_mikrotik_data259.dat
208
212
  - spec/codecs/ipfix_test_mikrotik_tpl.dat