logstash-codec-netflow 4.0.2 → 4.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/logstash/codecs/netflow.rb +1 -1
- data/logstash-codec-netflow.gemspec +1 -1
- data/spec/codecs/netflow9_test_h3c_netstream_varstring_data3281.dat +0 -0
- data/spec/codecs/netflow9_test_h3c_netstream_varstring_tpl3281.dat +0 -0
- data/spec/codecs/netflow_spec.rb +65 -0
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 07fee1cda04c3df1a3d1d2cb41fe75d6d4e10846
|
4
|
+
data.tar.gz: 2dffcb11a2b8655606f14ffdd1994fb743f9e6de
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f8aa23631113354571dd439f42fa626199a965c4b87d92a98dd7cb2c0e82c7bc86ea379bd5eaab1c1f4adecb6df53dcd2aa3c951d8499abd6b418354acbf0791
|
7
|
+
data.tar.gz: 7b2dcdd89fd40653fc543c12f0b40bf6119b3a219cbb650f879a0dcda8abac5096b6d3f24192e2b2ceb9836b7b6056562eae4a02e10becd5b3d5f320e5d78bc2
|
data/CHANGELOG.md
CHANGED
@@ -545,7 +545,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
545
545
|
when :skip
|
546
546
|
field += [nil, {:length => length.to_i}]
|
547
547
|
when :string
|
548
|
-
field
|
548
|
+
field = string_field(field, type, length.to_i)
|
549
549
|
end
|
550
550
|
|
551
551
|
@logger.debug? and @logger.debug("Field definition complete for template #{template_id}", :field => field)
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-codec-netflow'
|
4
|
-
s.version = '4.0
|
4
|
+
s.version = '4.1.0'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Reads Netflow v5, Netflow v9 and IPFIX data"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
Binary file
|
Binary file
|
data/spec/codecs/netflow_spec.rb
CHANGED
@@ -1156,6 +1156,71 @@ describe LogStash::Codecs::Netflow do
|
|
1156
1156
|
|
1157
1157
|
end
|
1158
1158
|
|
1159
|
+
context "Netflow 9 H3C Netstream with varstring" do
|
1160
|
+
let(:data) do
|
1161
|
+
packets = []
|
1162
|
+
packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_h3c_netstream_varstring_tpl3281.dat"), :mode => "rb")
|
1163
|
+
packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_h3c_netstream_varstring_data3281.dat"), :mode => "rb")
|
1164
|
+
end
|
1165
|
+
|
1166
|
+
let(:json_events) do
|
1167
|
+
events = []
|
1168
|
+
events << <<-END
|
1169
|
+
{
|
1170
|
+
"@version": "1",
|
1171
|
+
"@timestamp": "2018-07-18T01:35:35.000Z",
|
1172
|
+
"netflow": {
|
1173
|
+
"in_pkts": 9,
|
1174
|
+
"last_switched": "2018-07-18T01:35:03.999Z",
|
1175
|
+
"direction": 0,
|
1176
|
+
"first_switched": "2018-07-18T01:34:34.999Z",
|
1177
|
+
"ipv4_dst_addr": "20.20.255.255",
|
1178
|
+
"src_tos": 0,
|
1179
|
+
"ipv4_src_addr": "20.20.20.20",
|
1180
|
+
"output_snmp": 0,
|
1181
|
+
"protocol": 17,
|
1182
|
+
"l4_src_port": 137,
|
1183
|
+
"ipv4_next_hop": "0.0.0.0",
|
1184
|
+
"flowset_id": 3281,
|
1185
|
+
"l4_dst_port": 137,
|
1186
|
+
"input_snmp": 17,
|
1187
|
+
"ip_protocol_version": 4,
|
1188
|
+
"version": 9,
|
1189
|
+
"sampling_algorithm": 0,
|
1190
|
+
"forwarding_status": {
|
1191
|
+
"status": 0,
|
1192
|
+
"reason": 0
|
1193
|
+
},
|
1194
|
+
"tcp_flags": 0,
|
1195
|
+
"sampling_interval": 0,
|
1196
|
+
"flow_seq_num": 133,
|
1197
|
+
"dst_traffic_index": 4294967295,
|
1198
|
+
"src_mask": 32,
|
1199
|
+
"src_as": 0,
|
1200
|
+
"dst_as": 0,
|
1201
|
+
"dst_mask": 32,
|
1202
|
+
"VRFname": "",
|
1203
|
+
"in_bytes": 702,
|
1204
|
+
"src_traffic_index": 0
|
1205
|
+
}
|
1206
|
+
}
|
1207
|
+
END
|
1208
|
+
events.map{|event| event.gsub(/\s+/, "")}
|
1209
|
+
end
|
1210
|
+
|
1211
|
+
it "should decode raw data" do
|
1212
|
+
expect(decode.size).to eq(1)
|
1213
|
+
expect(decode[0].get("[netflow][VRFname]")).to eq("")
|
1214
|
+
expect(decode[0].get("[netflow][l4_src_port]")).to eq(137)
|
1215
|
+
end
|
1216
|
+
|
1217
|
+
it "should serialize to json" do
|
1218
|
+
expect(JSON.parse(decode[0].to_json)).to eq(JSON.parse(json_events[0]))
|
1219
|
+
end
|
1220
|
+
|
1221
|
+
end
|
1222
|
+
|
1223
|
+
|
1159
1224
|
context "Netflow 9 Fortigate FortiOS 54x appid" do
|
1160
1225
|
let(:data) do
|
1161
1226
|
packets = []
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-codec-netflow
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.0
|
4
|
+
version: 4.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-07-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -143,6 +143,8 @@ files:
|
|
143
143
|
- spec/codecs/netflow9_test_fortigate_fortios_542_appid_data258_262.dat
|
144
144
|
- spec/codecs/netflow9_test_fortigate_fortios_542_appid_tpl258-269.dat
|
145
145
|
- spec/codecs/netflow9_test_h3c_data3281.dat
|
146
|
+
- spec/codecs/netflow9_test_h3c_netstream_varstring_data3281.dat
|
147
|
+
- spec/codecs/netflow9_test_h3c_netstream_varstring_tpl3281.dat
|
146
148
|
- spec/codecs/netflow9_test_h3c_tpl3281.dat
|
147
149
|
- spec/codecs/netflow9_test_huawei_netstream_data.dat
|
148
150
|
- spec/codecs/netflow9_test_huawei_netstream_tpl.dat
|
@@ -265,6 +267,8 @@ test_files:
|
|
265
267
|
- spec/codecs/netflow9_test_fortigate_fortios_542_appid_data258_262.dat
|
266
268
|
- spec/codecs/netflow9_test_fortigate_fortios_542_appid_tpl258-269.dat
|
267
269
|
- spec/codecs/netflow9_test_h3c_data3281.dat
|
270
|
+
- spec/codecs/netflow9_test_h3c_netstream_varstring_data3281.dat
|
271
|
+
- spec/codecs/netflow9_test_h3c_netstream_varstring_tpl3281.dat
|
268
272
|
- spec/codecs/netflow9_test_h3c_tpl3281.dat
|
269
273
|
- spec/codecs/netflow9_test_huawei_netstream_data.dat
|
270
274
|
- spec/codecs/netflow9_test_huawei_netstream_tpl.dat
|