logstash-codec-netflow 4.1.1 → 4.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +18 -0
- data/CONTRIBUTORS +5 -1
- data/LICENSE +199 -10
- data/README.md +1 -1
- data/docs/index.asciidoc +2 -0
- data/lib/logstash/codecs/netflow.rb +11 -8
- data/lib/logstash/codecs/netflow/ipfix.yaml +201 -23
- data/lib/logstash/codecs/netflow/netflow.yaml +6 -0
- data/lib/logstash/codecs/netflow/util.rb +4 -4
- data/logstash-codec-netflow.gemspec +3 -1
- data/spec/codecs/benchmarks/IP6Addr.rb +19 -5
- data/spec/codecs/benchmarks/IPAddr.rb +2 -0
- data/spec/codecs/benchmarks/benchmark_fields.rb +65 -0
- data/spec/codecs/ipfix_test_ixia_tpldata256.dat +0 -0
- data/spec/codecs/ipfix_test_ixia_tpldata271.dat +0 -0
- data/spec/codecs/netflow9_test_cisco_aci_data256.dat +0 -0
- data/spec/codecs/netflow9_test_cisco_aci_tpl256-258.dat +0 -0
- data/spec/codecs/netflow_spec.rb +160 -84
- metadata +186 -163
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 0c4da0b3f6075dcfb7e72dae660095da07004349759ff6670ecd26b1bac9e17c
|
4
|
+
data.tar.gz: d5696be43eae0d11854fdf9748c7747d0a1538f6d25bc66404db214e37be4067
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4daad3432b5f881cab2c934bc1d67e2fdf35dca8d286e6ffe2eea365b0ae37bfbc6fd3a797ed47f800fded7fa09e61f9b5b2b0d5bd63b718e4a74aa2089e011d
|
7
|
+
data.tar.gz: c79d87b13f094bcc064555d17a776c9eb755a705f23a9232379ad39820429048c8d910e1d14fa7d355e01d06ea92421428fdbf9874d00dce725e5aa362829c47
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,21 @@
|
|
1
|
+
## 4.2.2
|
2
|
+
- Feat: leverage event_factory support [#195](https://github.com/logstash-plugins/logstash-codec-netflow/pull/195)
|
3
|
+
- Test: remove redundant asserts (to get the CI green)
|
4
|
+
|
5
|
+
## 4.2.1
|
6
|
+
|
7
|
+
- Fix sub-second timestamp math
|
8
|
+
|
9
|
+
## 4.2.0
|
10
|
+
|
11
|
+
- Added Cisco ACI to list of known working Netflow v9 exporters
|
12
|
+
- Added support for IXIA Packet Broker IPFIX
|
13
|
+
- Fixed issue with Procera float fields
|
14
|
+
|
15
|
+
## 4.1.2
|
16
|
+
|
17
|
+
- Fixed issue where TTL in template registry was not being respected.
|
18
|
+
|
1
19
|
## 4.1.1
|
2
20
|
|
3
21
|
- Reduced complexity of creating, persisting, loading an retrieving template caches.
|
data/CONTRIBUTORS
CHANGED
@@ -4,11 +4,13 @@ reports, or in general have helped logstash along its way.
|
|
4
4
|
Contributors:
|
5
5
|
* Aaron Mildenstein (untergeek)
|
6
6
|
* Adam Kaminski (thimslugga)
|
7
|
+
* Ana (janniten)
|
7
8
|
* Andrew Cholakian (andrewvc)
|
8
9
|
* Ayden Beeson (abeeson)
|
9
10
|
* Bjørn Ruberg (bruberg)
|
10
11
|
* Colin Surprenant (colinsurprenant)
|
11
12
|
* Daniel Nägele (analogbyte)
|
13
|
+
* Dan Hermann (danhermann)
|
12
14
|
* Diyaldine Maoulida
|
13
15
|
* Evgeniy Sudyr (ejectck)
|
14
16
|
* G.J. Moed (gjmoed)
|
@@ -16,6 +18,7 @@ Contributors:
|
|
16
18
|
* Jason Liu (JasonLZJ)
|
17
19
|
* James Park-Watt (jimmypw)
|
18
20
|
* Jason Keller (jasonkeller)
|
21
|
+
* Jayme Johnston
|
19
22
|
* Jeremy Foran (jeremyforan)
|
20
23
|
* Jordan Sissel (jordansissel)
|
21
24
|
* Jorrit Folmer (jorritfolmer)
|
@@ -27,6 +30,7 @@ Contributors:
|
|
27
30
|
* Paul Warren (pwarren)
|
28
31
|
* Pedro de Oliveira
|
29
32
|
* Philipp Kahr
|
33
|
+
* Philippe Veys
|
30
34
|
* Pier-Hugues Pellerin (ph)
|
31
35
|
* Pulkit Agrawal (propulkit)
|
32
36
|
* Raju Nair (rajutech76)
|
@@ -50,7 +54,7 @@ Contributors:
|
|
50
54
|
* zwirk
|
51
55
|
|
52
56
|
Maintainer:
|
53
|
-
*
|
57
|
+
* -
|
54
58
|
|
55
59
|
Note: If you've sent us patches, bug reports, or otherwise contributed to
|
56
60
|
Logstash, and you aren't on the list above and want to be, please let us know
|
data/LICENSE
CHANGED
@@ -1,13 +1,202 @@
|
|
1
|
-
Copyright (c) 2012-2018 Elasticsearch <http://www.elastic.co>
|
2
1
|
|
3
|
-
|
4
|
-
|
5
|
-
|
2
|
+
Apache License
|
3
|
+
Version 2.0, January 2004
|
4
|
+
http://www.apache.org/licenses/
|
6
5
|
|
7
|
-
|
6
|
+
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
8
7
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
8
|
+
1. Definitions.
|
9
|
+
|
10
|
+
"License" shall mean the terms and conditions for use, reproduction,
|
11
|
+
and distribution as defined by Sections 1 through 9 of this document.
|
12
|
+
|
13
|
+
"Licensor" shall mean the copyright owner or entity authorized by
|
14
|
+
the copyright owner that is granting the License.
|
15
|
+
|
16
|
+
"Legal Entity" shall mean the union of the acting entity and all
|
17
|
+
other entities that control, are controlled by, or are under common
|
18
|
+
control with that entity. For the purposes of this definition,
|
19
|
+
"control" means (i) the power, direct or indirect, to cause the
|
20
|
+
direction or management of such entity, whether by contract or
|
21
|
+
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
22
|
+
outstanding shares, or (iii) beneficial ownership of such entity.
|
23
|
+
|
24
|
+
"You" (or "Your") shall mean an individual or Legal Entity
|
25
|
+
exercising permissions granted by this License.
|
26
|
+
|
27
|
+
"Source" form shall mean the preferred form for making modifications,
|
28
|
+
including but not limited to software source code, documentation
|
29
|
+
source, and configuration files.
|
30
|
+
|
31
|
+
"Object" form shall mean any form resulting from mechanical
|
32
|
+
transformation or translation of a Source form, including but
|
33
|
+
not limited to compiled object code, generated documentation,
|
34
|
+
and conversions to other media types.
|
35
|
+
|
36
|
+
"Work" shall mean the work of authorship, whether in Source or
|
37
|
+
Object form, made available under the License, as indicated by a
|
38
|
+
copyright notice that is included in or attached to the work
|
39
|
+
(an example is provided in the Appendix below).
|
40
|
+
|
41
|
+
"Derivative Works" shall mean any work, whether in Source or Object
|
42
|
+
form, that is based on (or derived from) the Work and for which the
|
43
|
+
editorial revisions, annotations, elaborations, or other modifications
|
44
|
+
represent, as a whole, an original work of authorship. For the purposes
|
45
|
+
of this License, Derivative Works shall not include works that remain
|
46
|
+
separable from, or merely link (or bind by name) to the interfaces of,
|
47
|
+
the Work and Derivative Works thereof.
|
48
|
+
|
49
|
+
"Contribution" shall mean any work of authorship, including
|
50
|
+
the original version of the Work and any modifications or additions
|
51
|
+
to that Work or Derivative Works thereof, that is intentionally
|
52
|
+
submitted to Licensor for inclusion in the Work by the copyright owner
|
53
|
+
or by an individual or Legal Entity authorized to submit on behalf of
|
54
|
+
the copyright owner. For the purposes of this definition, "submitted"
|
55
|
+
means any form of electronic, verbal, or written communication sent
|
56
|
+
to the Licensor or its representatives, including but not limited to
|
57
|
+
communication on electronic mailing lists, source code control systems,
|
58
|
+
and issue tracking systems that are managed by, or on behalf of, the
|
59
|
+
Licensor for the purpose of discussing and improving the Work, but
|
60
|
+
excluding communication that is conspicuously marked or otherwise
|
61
|
+
designated in writing by the copyright owner as "Not a Contribution."
|
62
|
+
|
63
|
+
"Contributor" shall mean Licensor and any individual or Legal Entity
|
64
|
+
on behalf of whom a Contribution has been received by Licensor and
|
65
|
+
subsequently incorporated within the Work.
|
66
|
+
|
67
|
+
2. Grant of Copyright License. Subject to the terms and conditions of
|
68
|
+
this License, each Contributor hereby grants to You a perpetual,
|
69
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
70
|
+
copyright license to reproduce, prepare Derivative Works of,
|
71
|
+
publicly display, publicly perform, sublicense, and distribute the
|
72
|
+
Work and such Derivative Works in Source or Object form.
|
73
|
+
|
74
|
+
3. Grant of Patent License. Subject to the terms and conditions of
|
75
|
+
this License, each Contributor hereby grants to You a perpetual,
|
76
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
77
|
+
(except as stated in this section) patent license to make, have made,
|
78
|
+
use, offer to sell, sell, import, and otherwise transfer the Work,
|
79
|
+
where such license applies only to those patent claims licensable
|
80
|
+
by such Contributor that are necessarily infringed by their
|
81
|
+
Contribution(s) alone or by combination of their Contribution(s)
|
82
|
+
with the Work to which such Contribution(s) was submitted. If You
|
83
|
+
institute patent litigation against any entity (including a
|
84
|
+
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
85
|
+
or a Contribution incorporated within the Work constitutes direct
|
86
|
+
or contributory patent infringement, then any patent licenses
|
87
|
+
granted to You under this License for that Work shall terminate
|
88
|
+
as of the date such litigation is filed.
|
89
|
+
|
90
|
+
4. Redistribution. You may reproduce and distribute copies of the
|
91
|
+
Work or Derivative Works thereof in any medium, with or without
|
92
|
+
modifications, and in Source or Object form, provided that You
|
93
|
+
meet the following conditions:
|
94
|
+
|
95
|
+
(a) You must give any other recipients of the Work or
|
96
|
+
Derivative Works a copy of this License; and
|
97
|
+
|
98
|
+
(b) You must cause any modified files to carry prominent notices
|
99
|
+
stating that You changed the files; and
|
100
|
+
|
101
|
+
(c) You must retain, in the Source form of any Derivative Works
|
102
|
+
that You distribute, all copyright, patent, trademark, and
|
103
|
+
attribution notices from the Source form of the Work,
|
104
|
+
excluding those notices that do not pertain to any part of
|
105
|
+
the Derivative Works; and
|
106
|
+
|
107
|
+
(d) If the Work includes a "NOTICE" text file as part of its
|
108
|
+
distribution, then any Derivative Works that You distribute must
|
109
|
+
include a readable copy of the attribution notices contained
|
110
|
+
within such NOTICE file, excluding those notices that do not
|
111
|
+
pertain to any part of the Derivative Works, in at least one
|
112
|
+
of the following places: within a NOTICE text file distributed
|
113
|
+
as part of the Derivative Works; within the Source form or
|
114
|
+
documentation, if provided along with the Derivative Works; or,
|
115
|
+
within a display generated by the Derivative Works, if and
|
116
|
+
wherever such third-party notices normally appear. The contents
|
117
|
+
of the NOTICE file are for informational purposes only and
|
118
|
+
do not modify the License. You may add Your own attribution
|
119
|
+
notices within Derivative Works that You distribute, alongside
|
120
|
+
or as an addendum to the NOTICE text from the Work, provided
|
121
|
+
that such additional attribution notices cannot be construed
|
122
|
+
as modifying the License.
|
123
|
+
|
124
|
+
You may add Your own copyright statement to Your modifications and
|
125
|
+
may provide additional or different license terms and conditions
|
126
|
+
for use, reproduction, or distribution of Your modifications, or
|
127
|
+
for any such Derivative Works as a whole, provided Your use,
|
128
|
+
reproduction, and distribution of the Work otherwise complies with
|
129
|
+
the conditions stated in this License.
|
130
|
+
|
131
|
+
5. Submission of Contributions. Unless You explicitly state otherwise,
|
132
|
+
any Contribution intentionally submitted for inclusion in the Work
|
133
|
+
by You to the Licensor shall be under the terms and conditions of
|
134
|
+
this License, without any additional terms or conditions.
|
135
|
+
Notwithstanding the above, nothing herein shall supersede or modify
|
136
|
+
the terms of any separate license agreement you may have executed
|
137
|
+
with Licensor regarding such Contributions.
|
138
|
+
|
139
|
+
6. Trademarks. This License does not grant permission to use the trade
|
140
|
+
names, trademarks, service marks, or product names of the Licensor,
|
141
|
+
except as required for reasonable and customary use in describing the
|
142
|
+
origin of the Work and reproducing the content of the NOTICE file.
|
143
|
+
|
144
|
+
7. Disclaimer of Warranty. Unless required by applicable law or
|
145
|
+
agreed to in writing, Licensor provides the Work (and each
|
146
|
+
Contributor provides its Contributions) on an "AS IS" BASIS,
|
147
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
148
|
+
implied, including, without limitation, any warranties or conditions
|
149
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
150
|
+
PARTICULAR PURPOSE. You are solely responsible for determining the
|
151
|
+
appropriateness of using or redistributing the Work and assume any
|
152
|
+
risks associated with Your exercise of permissions under this License.
|
153
|
+
|
154
|
+
8. Limitation of Liability. In no event and under no legal theory,
|
155
|
+
whether in tort (including negligence), contract, or otherwise,
|
156
|
+
unless required by applicable law (such as deliberate and grossly
|
157
|
+
negligent acts) or agreed to in writing, shall any Contributor be
|
158
|
+
liable to You for damages, including any direct, indirect, special,
|
159
|
+
incidental, or consequential damages of any character arising as a
|
160
|
+
result of this License or out of the use or inability to use the
|
161
|
+
Work (including but not limited to damages for loss of goodwill,
|
162
|
+
work stoppage, computer failure or malfunction, or any and all
|
163
|
+
other commercial damages or losses), even if such Contributor
|
164
|
+
has been advised of the possibility of such damages.
|
165
|
+
|
166
|
+
9. Accepting Warranty or Additional Liability. While redistributing
|
167
|
+
the Work or Derivative Works thereof, You may choose to offer,
|
168
|
+
and charge a fee for, acceptance of support, warranty, indemnity,
|
169
|
+
or other liability obligations and/or rights consistent with this
|
170
|
+
License. However, in accepting such obligations, You may act only
|
171
|
+
on Your own behalf and on Your sole responsibility, not on behalf
|
172
|
+
of any other Contributor, and only if You agree to indemnify,
|
173
|
+
defend, and hold each Contributor harmless for any liability
|
174
|
+
incurred by, or claims asserted against, such Contributor by reason
|
175
|
+
of your accepting any such warranty or additional liability.
|
176
|
+
|
177
|
+
END OF TERMS AND CONDITIONS
|
178
|
+
|
179
|
+
APPENDIX: How to apply the Apache License to your work.
|
180
|
+
|
181
|
+
To apply the Apache License to your work, attach the following
|
182
|
+
boilerplate notice, with the fields enclosed by brackets "[]"
|
183
|
+
replaced with your own identifying information. (Don't include
|
184
|
+
the brackets!) The text should be enclosed in the appropriate
|
185
|
+
comment syntax for the file format. We also recommend that a
|
186
|
+
file or class name and description of purpose be included on the
|
187
|
+
same "printed page" as the copyright notice for easier
|
188
|
+
identification within third-party archives.
|
189
|
+
|
190
|
+
Copyright 2020 Elastic and contributors
|
191
|
+
|
192
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
193
|
+
you may not use this file except in compliance with the License.
|
194
|
+
You may obtain a copy of the License at
|
195
|
+
|
196
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
197
|
+
|
198
|
+
Unless required by applicable law or agreed to in writing, software
|
199
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
200
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
201
|
+
See the License for the specific language governing permissions and
|
202
|
+
limitations under the License.
|
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# Logstash Plugin
|
2
2
|
|
3
|
-
[![Travis Build Status](https://travis-ci.
|
3
|
+
[![Travis Build Status](https://travis-ci.com/logstash-plugins/logstash-codec-netflow.svg)](https://travis-ci.com/logstash-plugins/logstash-codec-netflow)
|
4
4
|
|
5
5
|
This is a plugin for [Logstash](https://github.com/elastic/logstash).
|
6
6
|
|
data/docs/index.asciidoc
CHANGED
@@ -36,6 +36,7 @@ The following Netflow/IPFIX exporters have been seen and tested with the most re
|
|
36
36
|
|===========================================================================================
|
37
37
|
|Netflow exporter | v5 | v9 | IPFIX | Remarks
|
38
38
|
|Barracuda Firewall | | | y | With support for Extended Uniflow
|
39
|
+
|Cisco ACI | | y | |
|
39
40
|
|Cisco ASA | | y | |
|
40
41
|
|Cisco ASR 1k | | | N | Fails because of duplicate fields
|
41
42
|
|Cisco ASR 9k | | y | |
|
@@ -47,6 +48,7 @@ The following Netflow/IPFIX exporters have been seen and tested with the most re
|
|
47
48
|
|Fortigate FortiOS | | y | |
|
48
49
|
|Huawei Netstream | | y | |
|
49
50
|
|ipt_NETFLOW | y | y | y |
|
51
|
+
|IXIA packet broker | | | y |
|
50
52
|
|Juniper MX | y | | y | SW > 12.3R8. Fails to decode IPFIX from Junos 16.1 due to duplicate field names which we currently don't support.
|
51
53
|
|Mikrotik | y | | y | http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow
|
52
54
|
|nProbe | y | y | y | L7 DPI fields now also supported
|
@@ -5,9 +5,12 @@ require "logstash/timestamp"
|
|
5
5
|
#require "logstash/json"
|
6
6
|
require "json"
|
7
7
|
|
8
|
-
|
8
|
+
require 'logstash/plugin_mixins/event_support/event_factory_adapter'
|
9
9
|
|
10
10
|
class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
11
|
+
|
12
|
+
include LogStash::PluginMixins::EventSupport::EventFactoryAdapter
|
13
|
+
|
11
14
|
config_name "netflow"
|
12
15
|
|
13
16
|
# Netflow v9/v10 template cache TTL (minutes)
|
@@ -136,7 +139,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
136
139
|
# convert these into absolute times
|
137
140
|
millis = flowset.uptime - v
|
138
141
|
seconds = flowset.unix_sec - (millis / 1000)
|
139
|
-
micros = (flowset.unix_nsec / 1000) - (millis % 1000)
|
142
|
+
micros = (flowset.unix_nsec / 1000) - ((millis % 1000) * 1000)
|
140
143
|
if micros < 0
|
141
144
|
seconds--
|
142
145
|
micros += 1000000
|
@@ -147,7 +150,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
147
150
|
end
|
148
151
|
end
|
149
152
|
|
150
|
-
|
153
|
+
event_factory.new_event(event)
|
151
154
|
rescue BinData::ValidityError, IOError => e
|
152
155
|
@logger.warn("Invalid netflow packet received (#{e})")
|
153
156
|
end
|
@@ -262,14 +265,14 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
262
265
|
millis = flowset.uptime - v
|
263
266
|
seconds = flowset.unix_sec - (millis / 1000)
|
264
267
|
# v9 did away with the nanosecs field
|
265
|
-
micros = 1000000 - (millis % 1000)
|
268
|
+
micros = 1000000 - ((millis % 1000) * 1000)
|
266
269
|
event[@target][k.to_s] = LogStash::Timestamp.at(seconds, micros).to_iso8601
|
267
270
|
else
|
268
271
|
event[@target][k.to_s] = v.snapshot
|
269
272
|
end
|
270
273
|
end
|
271
274
|
|
272
|
-
events <<
|
275
|
+
events << event_factory.new_event(event)
|
273
276
|
flowcounter += 1
|
274
277
|
end
|
275
278
|
else
|
@@ -355,7 +358,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
355
358
|
end
|
356
359
|
end
|
357
360
|
|
358
|
-
events <<
|
361
|
+
events << event_factory.new_event(event)
|
359
362
|
end
|
360
363
|
else
|
361
364
|
@logger.warn("Unsupported flowset id #{record.flowset_id}")
|
@@ -605,8 +608,8 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
|
|
605
608
|
catch(:invalid_template) do
|
606
609
|
yield(template) if block_given?
|
607
610
|
|
608
|
-
@bindata_spec_cache[key] = field_tuples
|
609
|
-
@bindata_struct_cache[key] = template
|
611
|
+
@bindata_spec_cache[key, @ttl] = field_tuples
|
612
|
+
@bindata_struct_cache[key, @ttl] = template
|
610
613
|
|
611
614
|
do_persist
|
612
615
|
|
@@ -2453,37 +2453,34 @@
|
|
2453
2453
|
6876:
|
2454
2454
|
880:
|
2455
2455
|
- :uint8
|
2456
|
-
- :
|
2456
|
+
- :vmwareTenantProtocol
|
2457
2457
|
881:
|
2458
|
-
- :
|
2459
|
-
- :
|
2458
|
+
- :ip4_addr
|
2459
|
+
- :vmwareTenantSourceIPv4
|
2460
2460
|
882:
|
2461
|
-
- :
|
2462
|
-
- :
|
2461
|
+
- :ip4_addr
|
2462
|
+
- :vmwareTenantDestIPv4
|
2463
2463
|
883:
|
2464
|
-
- :
|
2465
|
-
- :
|
2464
|
+
- :ip6_addr
|
2465
|
+
- :vmwareTenantSourceIPv6
|
2466
2466
|
884:
|
2467
|
-
- :
|
2468
|
-
- :
|
2467
|
+
- :ip6_addr
|
2468
|
+
- :vmwareTenantDestIPv6
|
2469
2469
|
886:
|
2470
2470
|
- :uint16
|
2471
|
-
- :
|
2471
|
+
- :vmwareTenantSourcePort
|
2472
2472
|
887:
|
2473
2473
|
- :uint16
|
2474
|
-
- :
|
2474
|
+
- :vmwareTenantDestPort
|
2475
2475
|
888:
|
2476
2476
|
- :uint16
|
2477
|
-
|
2478
|
-
- :vmwareEgressInterfaceTypeID
|
2477
|
+
- :vmwareEgressInterfaceAttr
|
2479
2478
|
889:
|
2480
2479
|
- :uint8
|
2481
|
-
|
2482
|
-
- :vmwareObservationDomainID
|
2480
|
+
- :vmwareVxlanExportRole
|
2483
2481
|
890:
|
2484
2482
|
- :uint16
|
2485
|
-
|
2486
|
-
- :vmwareIngressInterfaceTypeID
|
2483
|
+
- :vmwareIngressInterfaceAttr
|
2487
2484
|
29305:
|
2488
2485
|
1:
|
2489
2486
|
- :uint64
|
@@ -3634,8 +3631,7 @@
|
|
3634
3631
|
4321:
|
3635
3632
|
- :uint64
|
3636
3633
|
- :viptelaVPNId
|
3637
|
-
# List below taken from Procera PacketLogic product guide 15.1 - Not publicly available
|
3638
|
-
# Further updates / additional fields may be present with versions 16/17+
|
3634
|
+
# List below taken from Procera PacketLogic product guide 15.1 and 20.30 - Not publicly available
|
3639
3635
|
15397:
|
3640
3636
|
1:
|
3641
3637
|
- :string
|
@@ -3743,16 +3739,16 @@
|
|
3743
3739
|
- :string
|
3744
3740
|
- :proceraGgsn
|
3745
3741
|
38:
|
3746
|
-
- :
|
3742
|
+
- :float
|
3747
3743
|
- :proceraQoeIncomingInternal
|
3748
3744
|
39:
|
3749
|
-
- :
|
3745
|
+
- :float
|
3750
3746
|
- :proceraQoeIncomingExternal
|
3751
3747
|
40:
|
3752
|
-
- :
|
3748
|
+
- :float
|
3753
3749
|
- :proceraQoeOutgoingInternal
|
3754
3750
|
41:
|
3755
|
-
- :
|
3751
|
+
- :float
|
3756
3752
|
- :proceraQoeOutgoingExternal
|
3757
3753
|
42:
|
3758
3754
|
- :ip4_addr
|
@@ -3772,6 +3768,69 @@
|
|
3772
3768
|
47:
|
3773
3769
|
- :string
|
3774
3770
|
- :proceraTemplateName
|
3771
|
+
49:
|
3772
|
+
- :uint8
|
3773
|
+
- :proceraIncomingDscp
|
3774
|
+
50:
|
3775
|
+
- :uint8
|
3776
|
+
- :proceraOutgoingDscp
|
3777
|
+
51:
|
3778
|
+
- :uint16
|
3779
|
+
- :proceraIncomingDot1qVlanIdLevel1
|
3780
|
+
52:
|
3781
|
+
- :uint16
|
3782
|
+
- :proceraIncomingDot1qVlanIdLevel2
|
3783
|
+
53:
|
3784
|
+
- :uint16
|
3785
|
+
- :proceraIncomingDot1qVlanIdLevel3
|
3786
|
+
54:
|
3787
|
+
- :uint16
|
3788
|
+
- :proceraIncomingDot1qVlanIdLevel4
|
3789
|
+
55:
|
3790
|
+
- :uint16
|
3791
|
+
- :proceraOutgoingDot1qVlanIdLevel1
|
3792
|
+
56:
|
3793
|
+
- :uint16
|
3794
|
+
- :proceraOutgoingDot1qVlanIdLevel2
|
3795
|
+
57:
|
3796
|
+
- :uint16
|
3797
|
+
- :proceraOutgoingDot1qVlanIdLevel3
|
3798
|
+
58:
|
3799
|
+
- :uint16
|
3800
|
+
- :proceraOutgoingDot1qVlanIdLevel4
|
3801
|
+
59:
|
3802
|
+
- :int8
|
3803
|
+
- :proceraIncomingDot1qPriorityLevel1
|
3804
|
+
60:
|
3805
|
+
- :int8
|
3806
|
+
- :proceraIncomingDot1qPriorityLevel2
|
3807
|
+
61:
|
3808
|
+
- :int8
|
3809
|
+
- :proceraIncomingDot1qPriorityLevel3
|
3810
|
+
62:
|
3811
|
+
- :int8
|
3812
|
+
- :proceraIncomingDot1qPriorityLevel4
|
3813
|
+
63:
|
3814
|
+
- :int8
|
3815
|
+
- :proceraOutgoingDot1qPriorityLevel1
|
3816
|
+
64:
|
3817
|
+
- :int8
|
3818
|
+
- :proceraOutgoingDot1qPriorityLevel2
|
3819
|
+
65:
|
3820
|
+
- :int8
|
3821
|
+
- :proceraOutgoingDot1qPriorityLevel3
|
3822
|
+
66:
|
3823
|
+
- :int8
|
3824
|
+
- :proceraOutgoingDot1qPriorityLevel4
|
3825
|
+
67:
|
3826
|
+
- :int32
|
3827
|
+
- :proceraInternalJitter
|
3828
|
+
69:
|
3829
|
+
- :string
|
3830
|
+
- :proceraServiceObject
|
3831
|
+
70:
|
3832
|
+
- :string
|
3833
|
+
- :proceraRemoteGeoIP
|
3775
3834
|
10704:
|
3776
3835
|
1:
|
3777
3836
|
- :uint32
|
@@ -3846,3 +3905,122 @@
|
|
3846
3905
|
12:
|
3847
3906
|
- :uint32
|
3848
3907
|
- :AuditCounter
|
3908
|
+
# Ixia Communications (3054)
|
3909
|
+
3054:
|
3910
|
+
110:
|
3911
|
+
- :uint32
|
3912
|
+
- :ixiaL7AppId
|
3913
|
+
111:
|
3914
|
+
- :string
|
3915
|
+
- :ixiaL7AppName
|
3916
|
+
120:
|
3917
|
+
- :string
|
3918
|
+
- :ixiaSrcCountryCode
|
3919
|
+
121:
|
3920
|
+
- :string
|
3921
|
+
- :ixiaSrcCountryName
|
3922
|
+
122:
|
3923
|
+
- :string
|
3924
|
+
- :ixiaSrcRegionCode
|
3925
|
+
123:
|
3926
|
+
- :string
|
3927
|
+
- :ixiaSrcRegionName
|
3928
|
+
125:
|
3929
|
+
- :string
|
3930
|
+
- :ixiaSrcCityName
|
3931
|
+
126:
|
3932
|
+
- :float
|
3933
|
+
- :ixiaSrcLatitude
|
3934
|
+
127:
|
3935
|
+
- :float
|
3936
|
+
- :ixiaSrcLongitude
|
3937
|
+
140:
|
3938
|
+
- :string
|
3939
|
+
- :ixiaDstCountryCode
|
3940
|
+
141:
|
3941
|
+
- :string
|
3942
|
+
- :ixiaDstCountryName
|
3943
|
+
142:
|
3944
|
+
- :string
|
3945
|
+
- :ixiaDstRegionCode
|
3946
|
+
143:
|
3947
|
+
- :string
|
3948
|
+
- :ixiaDstRegionNode
|
3949
|
+
145:
|
3950
|
+
- :string
|
3951
|
+
- :ixiaDstCityName
|
3952
|
+
146:
|
3953
|
+
- :float
|
3954
|
+
- :ixiaDstLatitude
|
3955
|
+
147:
|
3956
|
+
- :float
|
3957
|
+
- :ixiaDstLongitude
|
3958
|
+
160:
|
3959
|
+
- :uint8
|
3960
|
+
- :ixiaDeviceId
|
3961
|
+
161:
|
3962
|
+
- :string
|
3963
|
+
- :ixiaDeviceName
|
3964
|
+
162:
|
3965
|
+
- :uint8
|
3966
|
+
- :ixiaBrowserId
|
3967
|
+
163:
|
3968
|
+
- :string
|
3969
|
+
- :ixiaBrowserName
|
3970
|
+
176:
|
3971
|
+
- :uint64
|
3972
|
+
- :ixiaRevOctetDeltaCount
|
3973
|
+
177:
|
3974
|
+
- :uint64
|
3975
|
+
- :ixiaRevPacketDeltaCount
|
3976
|
+
178:
|
3977
|
+
- :string
|
3978
|
+
- :ixiaEncryptType
|
3979
|
+
179:
|
3980
|
+
- :string
|
3981
|
+
- :ixiaEncryptCipher
|
3982
|
+
180:
|
3983
|
+
- :uint16
|
3984
|
+
- :ixiaEncryptKeyLength
|
3985
|
+
181:
|
3986
|
+
- :string
|
3987
|
+
- :ixiaImsiSubscriber
|
3988
|
+
182:
|
3989
|
+
- :string
|
3990
|
+
- :ixiaHttpUserAgent
|
3991
|
+
183:
|
3992
|
+
- :string
|
3993
|
+
- :ixiaHttpHostName
|
3994
|
+
184:
|
3995
|
+
- :string
|
3996
|
+
- :ixiaHttpUri
|
3997
|
+
185:
|
3998
|
+
- :string
|
3999
|
+
- :ixiaDnsRecordTxt
|
4000
|
+
186:
|
4001
|
+
- :string
|
4002
|
+
- :ixiaSrcAsName
|
4003
|
+
187:
|
4004
|
+
- :string
|
4005
|
+
- :ixiaDstAsName
|
4006
|
+
188:
|
4007
|
+
- :uint32
|
4008
|
+
- :ixiaLatency
|
4009
|
+
189:
|
4010
|
+
- :string
|
4011
|
+
- :ixiaDnsQuery
|
4012
|
+
190:
|
4013
|
+
- :string
|
4014
|
+
- :ixiaDnsAnswer
|
4015
|
+
191:
|
4016
|
+
- :string
|
4017
|
+
- :ixiaDnsClasses
|
4018
|
+
192:
|
4019
|
+
- :string
|
4020
|
+
- :ixiaThreatType
|
4021
|
+
193:
|
4022
|
+
- :ip4_addr
|
4023
|
+
- :ixiaThreatIPv4
|
4024
|
+
194:
|
4025
|
+
- :ip4_addr
|
4026
|
+
- :ixiaThreatIPv6
|