logstash-codec-netflow 4.1.2 → 4.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4c7ac0e49278603cd5a4f4ffc40824a17aa9db67
-  data.tar.gz: 5e9d278f6b727985bcc5e851e8f75fa26137a888
+  metadata.gz: f2e6d54d4cdca81ee9644aed1eeae50bb8a9d1ee
+  data.tar.gz: 6ba6e2b5d731d3307de736e8e56d010e27ad2fcc
 SHA512:
-  metadata.gz: 875b0d6ce0f50124fc0fe5e5c3d6f33ecf226e4b764f968ec2fbb6233d08c080a40fd779708364cbda1c5619dc1cf007d61f76d35b6be6eeb0ed435ca266c687
-  data.tar.gz: a9595b104f90d311745636dc2a26ab83ab72d9a35ec37b625aec4f47b35fd74c1b2b87bf84a4c21b086b92b3a217cc926248d9fd59e7ce46163fb96f5663a325
+  metadata.gz: e03f252f4070524376db990d4e5e511bb4eae836f205638f1a0de9a328355b52a571c0805a9a71e9e3eeb0facd840a03acceaf94572087f6dfe2c14ab988643b
+  data.tar.gz: 7d355546ea91c3daf872e45cc9a6f9f1e1e00c8b5e5d3a4f16c89ac835bb25d95872f48406d7a2141ef068b545e9b1950ca5b24d6b32c8d9211f512a4242ea63

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 4.2.0
+
+  - Added Cisco ACI to list of known working Netflow v9 exporters
+  - Added support for IXIA Packet Broker IPFIX
+  - Fixed issue with Procera float fields
+
 ## 4.1.2
 
   - Fixed issue where TTL in template registry was not being respected.

data/CONTRIBUTORS

@@ -4,6 +4,7 @@ reports, or in general have helped logstash along its way.
 Contributors:
 * Aaron Mildenstein (untergeek)
 * Adam Kaminski (thimslugga)
+* Ana (janniten)
 * Andrew Cholakian (andrewvc)
 * Ayden Beeson (abeeson)
 * Bjørn Ruberg (bruberg)
@@ -27,6 +28,7 @@ Contributors:
 * Paul Warren (pwarren)
 * Pedro de Oliveira
 * Philipp Kahr
+* Philippe Veys
 * Pier-Hugues Pellerin (ph)
 * Pulkit Agrawal (propulkit)
 * Raju Nair (rajutech76)

data/docs/index.asciidoc

@@ -36,6 +36,7 @@ The following Netflow/IPFIX exporters have been seen and tested with the most re
 |===========================================================================================
 |Netflow exporter         | v5 | v9 | IPFIX | Remarks
 |Barracuda Firewall       |    |    |   y   | With support for Extended Uniflow
+|Cisco ACI                |    | y  |       |
 |Cisco ASA                |    | y  |       |  
 |Cisco ASR 1k             |    |    |   N   | Fails because of duplicate fields
 |Cisco ASR 9k             |    | y  |       |  
@@ -47,6 +48,7 @@ The following Netflow/IPFIX exporters have been seen and tested with the most re
 |Fortigate FortiOS        |    | y  |       |
 |Huawei Netstream         |    | y  |       |
 |ipt_NETFLOW              |  y | y  |   y   |
+|IXIA packet broker       |    |    |   y   |
 |Juniper MX               |  y |    |   y   | SW > 12.3R8. Fails to decode IPFIX from Junos 16.1 due to duplicate field names which we currently don't support.
 |Mikrotik                 |  y |    |   y   | http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow
 |nProbe                   |  y | y  |   y   | L7 DPI fields now also supported

data/lib/logstash/codecs/netflow/ipfix.yaml

@@ -3743,16 +3743,16 @@
   - :string
   - :proceraGgsn
   38:
-  - :float32
+  - :float
   - :proceraQoeIncomingInternal
   39:
-  - :float32
+  - :float
   - :proceraQoeIncomingExternal
   40:
-  - :float32
+  - :float
   - :proceraQoeOutgoingInternal
   41:
-  - :float32
+  - :float
   - :proceraQoeOutgoingExternal
   42:
   - :ip4_addr
@@ -3846,3 +3846,122 @@
   12:
   - :uint32
   - :AuditCounter
+# Ixia Communications (3054)
+3054:
+  110:
+  - :uint32
+  - :ixiaL7AppId
+  111:
+  - :string
+  - :ixiaL7AppName
+  120:
+  - :string
+  - :ixiaSrcCountryCode
+  121:
+  - :string
+  - :ixiaSrcCountryName
+  122:
+  - :string
+  - :ixiaSrcRegionCode
+  123:
+  - :string
+  - :ixiaSrcRegionName
+  125:
+  - :string
+  - :ixiaSrcCityName
+  126:
+  - :float
+  - :ixiaSrcLatitude
+  127:
+  - :float
+  - :ixiaSrcLongitude
+  140:
+  - :string
+  - :ixiaDstCountryCode
+  141:
+  - :string
+  - :ixiaDstCountryName
+  142:
+  - :string
+  - :ixiaDstRegionCode
+  143:
+  - :string
+  - :ixiaDstRegionNode
+  145:
+  - :string
+  - :ixiaDstCityName
+  146:
+  - :float
+  - :ixiaDstLatitude
+  147:
+  - :float
+  - :ixiaDstLongitude
+  160:
+  - :uint8
+  - :ixiaDeviceId
+  161:
+  - :string
+  - :ixiaDeviceName
+  162:
+  - :uint8
+  - :ixiaBrowserId
+  163:
+  - :string
+  - :ixiaBrowserName
+  176:
+  - :uint64
+  - :ixiaRevOctetDeltaCount
+  177:
+  - :uint64
+  - :ixiaRevPacketDeltaCount
+  178:
+  - :string
+  - :ixiaEncryptType
+  179:
+  - :string
+  - :ixiaEncryptCipher
+  180:
+  - :uint16
+  - :ixiaEncryptKeyLength
+  181:
+  - :string
+  - :ixiaImsiSubscriber
+  182:
+  - :string
+  - :ixiaHttpUserAgent
+  183:
+  - :string
+  - :ixiaHttpHostName
+  184:
+  - :string
+  - :ixiaHttpUri
+  185:
+  - :string
+  - :ixiaDnsRecordTxt
+  186:
+  - :string
+  - :ixiaSrcAsName
+  187:
+  - :string
+  - :ixiaDstAsName
+  188:
+  - :uint32
+  - :ixiaLatency
+  189:
+  - :string
+  - :ixiaDnsQuery
+  190:
+  - :string
+  - :ixiaDnsAnswer
+  191:
+  - :string
+  - :ixiaDnsClasses
+  192:
+  - :string
+  - :ixiaThreatType
+  193:
+  - :ip4_addr
+  - :ixiaThreatIPv4
+  194:
+  - :ip4_addr
+  - :ixiaThreatIPv6

data/lib/logstash/codecs/netflow/util.rb

@@ -36,13 +36,13 @@ class IP6Addr < BinData::Primitive
   end
 
   def get
-    # There faster implementations, however they come with the 
+    # There are faster implementations, however they come with the 
     # loss of compressed IPv6 notation.
     # For benchmarks see spec/codecs/benchmarks/IP6Addr.rb
     unless self.storage.nil?
-      IPAddr.new_ntoh((0..7).map { |i|
-        (self.storage >> (112 - 16 * i)) & 0xffff
-      }.pack('n8')).to_s
+      b = "%032x" % self.storage
+      c = b[0..3] + ":" + b[4..7] + ":" + b[8..11] + ":" + b[12..15] + ":" + b[16..19] + ":" + b[20..23] + ":" + b[24..27] + ":" + b[28..31]
+      IPAddr.new(c).to_s
     end
   end
 end

data/logstash-codec-netflow.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-codec-netflow'
-  s.version         = '4.1.2'
+  s.version         = '4.2.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Reads Netflow v5, Netflow v9 and IPFIX data"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/codecs/benchmarks/IP6Addr.rb

@@ -1,16 +1,28 @@
 require 'benchmark'
 require 'ipaddr'
+require 'bindata'
 
 Benchmark.bm do |x|
   x.report {
-    # Implementation pre v3.11.0
+    # Implementation since v0.1
     ip = 85060308944708794891899627827609206785
     2000000.times do
-      IPAddr.new_ntoh([ip].pack('N')).to_s
+      IPAddr.new_ntoh((0..7).map { |i|
+        (ip >> (112 - 16 * i)) & 0xffff
+      }.pack('n8')).to_s
     end }
 
   x.report {
-    # Implementation as of v3.11.2
+    # Implementation since v4.2.0
+    ip = 85060308944708794891899627827609206785
+    2000000.times do
+      b = "%032x" % ip
+      c = b[0..3] + ":" + b[4..7] + ":" + b[8..11] + ":" + b[12..15] + ":" + b[16..19] + ":" + b[20..23] + ":" + b[24..27] + ":" + b[28..31]
+      IPAddr.new(c).to_s
+    end }
+
+  x.report {
+    # Alternative. Loses compressed IPv6 notation
     ip = 85060308944708794891899627827609206785
     2000000.times do
       b = "%032x" % ip
@@ -20,5 +32,7 @@ Benchmark.bm do |x|
 end
    
 #       user     system      total        real
-#  21.800000   0.000000  21.800000 ( 21.811893)
-#  11.760000   0.000000  11.760000 ( 11.768260)
+#  81.500000   0.000000  81.500000 ( 81.498991)
+#  78.210000   0.000000  78.210000 ( 78.252662)
+#  11.710000   0.010000  11.720000 ( 11.712025)
+

data/spec/codecs/benchmarks/IPAddr.rb

@@ -30,3 +30,5 @@ end
 #   4.410000   0.000000   4.410000 (  4.411973)
 #   6.450000   0.000000   6.450000 (  6.446321)
 
+
+

data/spec/codecs/benchmarks/benchmark_fields.rb

@@ -0,0 +1,65 @@
+require 'benchmark'
+require 'bindata'
+require '../../../lib/logstash/codecs/netflow/util.rb'
+
+Benchmark.bm(16) do |x|
+  x.report("IP4Addr") {
+    data = ["344c01f9"].pack("H*")
+    200000.times do
+      IP4Addr.read(data)
+    end }
+
+  x.report("IP6Addr") {
+    data = ["fe80000000000000e68d8cfffe20ede6"].pack("H*")
+    200000.times do
+      IP6Addr.read(data)
+    end }
+
+  x.report("IP6Addr_Test") {
+    data = ["fe80000000000000e68d8cfffe20ede6"].pack("H*")
+    200000.times do
+      IP6Addr_Test.read(data)
+    end }
+
+  x.report("MacAddr") {
+    data = ["005056c00001"].pack("H*")
+    200000.times do
+      MacAddr.read(data)
+    end }
+
+  x.report("ACLIdASA") {
+    data = ["433a1af1be9efe9600000000"].pack("H*")
+    200000.times do
+      ACLIdASA.read(data)
+    end }
+
+  x.report("Application_Id64") {
+    data = ["140000304400003dc8"].pack("H*")
+    200000.times do
+      Application_Id64.read(data)
+    end }
+
+  x.report("VarString") {
+    data = ["184c534e34344031302e3233312e3232332e31313300000000"].pack("H*")
+    200000.times do
+      VarString.read(data)
+    end }
+
+  x.report("VarString_Test") {
+    data = ["184c534e34344031302e3233312e3232332e31313300000000"].pack("H*")
+    200000.times do
+      VarString_Test.read(data)
+    end }
+
+end
+
+#                        user     system      total        real
+# IP4Addr           24.120000   0.000000  24.120000 ( 24.123782)
+# IP6Addr           37.940000   0.010000  37.950000 ( 37.950464)
+# MacAddr           25.270000   0.000000  25.270000 ( 25.282082)
+# ACLIdASA          24.870000   0.000000  24.870000 ( 24.882335)
+# Application_Id64  41.270000   0.000000  41.270000 ( 41.305001)
+# VarString         39.030000   0.000000  39.030000 ( 39.062235)
+
+
+

data/spec/codecs/netflow_spec.rb

@@ -98,7 +98,6 @@ describe LogStash::Codecs::Netflow do
         }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -187,7 +186,6 @@ describe LogStash::Codecs::Netflow do
         }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
 
     end
 
@@ -203,6 +201,8 @@ describe LogStash::Codecs::Netflow do
 
   end
 
+
+
   context "Netflow 9 macaddress" do
     let(:data) do
       data = []
@@ -231,7 +231,6 @@ describe LogStash::Codecs::Netflow do
         }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode the mac address" do
@@ -244,6 +243,54 @@ describe LogStash::Codecs::Netflow do
     end
   end
 
+  context "Netflow 9 Cisco ACI" do
+    let(:data) do
+      data = []
+      data << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_cisco_aci_tpl256-258.dat"), :mode => "rb")
+      data << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_cisco_aci_data256.dat"), :mode => "rb")
+    end
+
+    let(:json_events) do
+      events = []
+      events << <<-END
+      {
+        "@timestamp": "2018-10-15T11:29:00.000Z",
+        "netflow": {
+          "version": 9,
+          "l4_dst_port": 49411,
+          "flowset_id": 256,
+          "l4_src_port": 179,
+          "ipv4_dst_addr": "10.154.231.146",
+          "in_pkts": 2,
+          "first_switched": "2018-10-15T11:28:05.999Z",
+          "protocol": 6,
+          "last_switched": "2018-10-15T11:28:24.999Z",
+          "ip_protocol_version": 4,
+          "in_bytes": 99,
+          "flow_seq_num": 36,
+          "tcp_flags": 24,
+          "input_snmp": 369139712,
+          "ipv4_src_addr": "10.154.231.145",
+          "src_vlan": 0,
+          "direction": 0
+        },
+        "@version": "1"
+      }
+      END
+
+    end
+
+    it "should decode the mac address" do
+      expect(decode.size).to eq(3)
+      expect(decode[0].get("[netflow][ipv4_src_addr]")).to eq("10.154.231.145")
+    end
+
+    it "should serialize to json" do
+      expect(JSON.parse(decode[0].to_json)).to eq(JSON.parse(json_events[0]))
+    end
+  end
+
+
   context "Netflow 9 Cisco ASA" do
     let(:data) do
       packets = []
@@ -287,7 +334,6 @@ describe LogStash::Codecs::Netflow do
         }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -369,7 +415,6 @@ describe LogStash::Codecs::Netflow do
         }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     # These tests will start to fail whenever options template decoding is added.
@@ -423,7 +468,6 @@ describe LogStash::Codecs::Netflow do
          }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should serialize to json" do
@@ -618,7 +662,6 @@ describe LogStash::Codecs::Netflow do
         }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -724,7 +767,6 @@ describe LogStash::Codecs::Netflow do
           "@version": "1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -771,7 +813,6 @@ describe LogStash::Codecs::Netflow do
           "@version": "1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -829,7 +870,6 @@ describe LogStash::Codecs::Netflow do
           "@version": "1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -887,7 +927,6 @@ describe LogStash::Codecs::Netflow do
           "@version": "1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -945,7 +984,6 @@ describe LogStash::Codecs::Netflow do
       }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1009,7 +1047,6 @@ describe LogStash::Codecs::Netflow do
       }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1085,7 +1122,6 @@ describe LogStash::Codecs::Netflow do
         "@timestamp": "2017-12-01T17:04:39.000Z"
       }
       END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1141,7 +1177,6 @@ describe LogStash::Codecs::Netflow do
         "@version":"1"
       }
       END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1205,7 +1240,6 @@ describe LogStash::Codecs::Netflow do
         }
       }
       END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1264,7 +1298,6 @@ describe LogStash::Codecs::Netflow do
         "@version": "1"
       }
       END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1280,6 +1313,75 @@ describe LogStash::Codecs::Netflow do
 
   end
 
+
+  context "IPFIX from IXIA something something" do
+    let(:data) do
+      packets = []
+      packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_ixia_tpldata256.dat"), :mode => "rb")
+    end
+
+    let(:json_events) do
+      events = []
+      events << <<-END
+      {
+        "@timestamp": "2018-10-25T12:24:43.000Z",
+        "netflow": {
+          "icmpTypeCodeIPv4": 0,
+          "ixiaDstLongitude": 100.33540344238281,
+          "ixiaHttpUserAgent": "",
+          "ixiaDeviceName": "unknown",
+          "flowStartMilliseconds": "2018-10-25T12:24:19.881Z",
+          "destinationIPv4Address": "202.170.60.247",
+          "ixiaDeviceId": 0,
+          "ixiaL7AppName": "unknown",
+          "ixiaBrowserId": 0,
+          "ixiaDstLatitude": 5.411200046539307,
+          "sourceIPv4Address": "119.103.128.175",
+          "ixiaSrcAsName": "CHINANET-BACKBONE No.31,Jin-rong Street, CN",
+          "ixiaThreatIPv4": "0.0.0.0",
+          "ixiaHttpHostName": "",
+          "sourceTransportPort": 51695,
+          "tcpControlBits": 0,
+          "egressInterface": 1,
+          "flowEndReason": 1,
+          "ixiaSrcLongitude": 114.27339935302734,
+          "version": 10,
+          "packetDeltaCount": 4,
+          "destinationTransportPort": 36197,
+          "ixiaRevPacketDeltaCount": 0,
+          "reverseIcmpTypeCodeIPv4": 0,
+          "ixiaRevOctetDeltaCount": 0,
+          "ixiaThreatType": "",
+          "ixiaHttpUri": "",
+          "octetDeltaCount": 360,
+          "ixiaBrowserName": "-",
+          "protocolIdentifier": 17,
+          "bgpSourceAsNumber": 4134,
+          "bgpDestinationAsNumber": 24090,
+          "ixiaDstAsName": "UNISAINS-AS-AP Universiti Sains Malaysia (USM), MY",
+          "ixiaLatency": 0,
+          "ixiaSrcLatitude": 30.58009910583496,
+          "ixiaL7AppId": 0,
+          "ingressInterface": 1,
+          "flowEndMilliseconds": "2018-10-25T12:24:32.022Z"
+        },
+        "@version": "1"
+      }
+      END
+
+    end
+
+    it "should decode raw data" do
+      expect(decode.size).to eq(1)
+      expect(decode[0].get("[netflow][ixiaDstAsName]")).to eq("UNISAINS-AS-AP Universiti Sains Malaysia (USM), MY")
+    end
+
+    it "should serialize to json" do
+      expect(JSON.parse(decode[0].to_json)).to eq(JSON.parse(json_events[0]))
+    end
+
+  end
+
   context "IPFIX options template from Juniper MX240 JunOS 15.1 R6 S3" do
     let(:data) do
       packets = []
@@ -1310,7 +1412,6 @@ describe LogStash::Codecs::Netflow do
       }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1354,7 +1455,6 @@ describe LogStash::Codecs::Netflow do
         }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1412,7 +1512,6 @@ describe LogStash::Codecs::Netflow do
         }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1475,8 +1574,6 @@ describe LogStash::Codecs::Netflow do
       } 
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
-      events.map{|event| event.gsub(/NormalOperation/, "Normal Operation")}
     end
 
     it "should decode raw data" do
@@ -1540,7 +1637,6 @@ describe LogStash::Codecs::Netflow do
           "@version": "1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1588,7 +1684,6 @@ describe LogStash::Codecs::Netflow do
           "host": "172.16.32.201"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1658,7 +1753,6 @@ describe LogStash::Codecs::Netflow do
           "@version": "1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1837,7 +1931,6 @@ describe LogStash::Codecs::Netflow do
         }
       END
 
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -1912,7 +2005,6 @@ describe LogStash::Codecs::Netflow do
         "@version": "1"
       }
       END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2185,7 +2277,6 @@ describe LogStash::Codecs::Netflow do
         "@version": "1"
       }
       END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2223,7 +2314,6 @@ describe LogStash::Codecs::Netflow do
           "@version":"1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2274,7 +2364,6 @@ describe LogStash::Codecs::Netflow do
           "@version":"1"
         }
       END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2311,7 +2400,6 @@ describe LogStash::Codecs::Netflow do
           "@version": "1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2373,7 +2461,6 @@ describe LogStash::Codecs::Netflow do
           "@timestamp": "2018-01-29T03:02:20.000Z"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2423,7 +2510,6 @@ describe LogStash::Codecs::Netflow do
           "@timestamp": "2018-01-16T09:45:02.000Z"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2483,7 +2569,6 @@ describe LogStash::Codecs::Netflow do
           "@version": "1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2519,7 +2604,6 @@ describe LogStash::Codecs::Netflow do
           "@version": "1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2579,7 +2663,6 @@ describe LogStash::Codecs::Netflow do
           "@version": "1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2622,7 +2705,6 @@ describe LogStash::Codecs::Netflow do
           "@version": "1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2708,7 +2790,6 @@ describe LogStash::Codecs::Netflow do
           "@timestamp": "2017-11-13T14:39:31.000Z"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2762,7 +2843,6 @@ describe LogStash::Codecs::Netflow do
           "@timestamp": "2017-11-21T14:32:15.000Z"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2811,7 +2891,6 @@ describe LogStash::Codecs::Netflow do
           "@version": "1"
         }
         END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do
@@ -2927,7 +3006,6 @@ describe LogStash::Codecs::Netflow do
         "@version": "1"
       }
       END
-      events.map{|event| event.gsub(/\s+/, "")}
     end
 
     it "should decode raw data" do

metadata

@@ -1,107 +1,135 @@
 --- !ruby/object:Gem::Specification
 name: logstash-codec-netflow
 version: !ruby/object:Gem::Version
-  version: 4.1.2
+  version: 4.2.0
 platform: ruby
 authors:
 - Elastic
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-09-10 00:00:00.000000000 Z
+date: 2018-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: logstash-core-plugin-api
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '2.0'
-  type: :runtime
+  name: logstash-core-plugin-api
   prerelease: false
+  type: :runtime
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: bindata
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: 1.5.0
-  type: :runtime
+  name: bindata
   prerelease: false
+  type: :runtime
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: 1.5.0
 - !ruby/object:Gem::Dependency
-  name: logstash-devutils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: 1.0.0
-  type: :development
+  name: logstash-devutils
   prerelease: false
+  type: :development
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: 1.0.0
-description: This gem is a Logstash plugin required to be installed on top of the
-  Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
-  gem is not a stand-alone program
+description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
 email: info@elastic.co
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
+- CONTRIBUTORS
+- Gemfile
+- LICENSE
+- NOTICE.TXT
+- README.md
+- RFC_COMPLIANCE_IPFIX.md
+- RFC_COMPLIANCE_NETFLOW_v9.md
+- docs/index.asciidoc
+- lib/logstash/codecs/netflow.rb
 - lib/logstash/codecs/netflow/iana2yaml.rb
 - lib/logstash/codecs/netflow/ipfix.yaml
-- lib/logstash/codecs/netflow/util.rb
 - lib/logstash/codecs/netflow/netflow.yaml
-- lib/logstash/codecs/netflow.rb
+- lib/logstash/codecs/netflow/util.rb
+- logstash-codec-netflow.gemspec
+- spec/codecs/benchmarks/ACLidASA.rb
+- spec/codecs/benchmarks/IP6Addr.rb
+- spec/codecs/benchmarks/IPAddr.rb
+- spec/codecs/benchmarks/MacAddr.rb
+- spec/codecs/benchmarks/benchmark_fields.rb
+- spec/codecs/benchmarks/flowStartMilliseconds.rb
+- spec/codecs/benchmarks/ipfix_bench_sonicwall.py
+- spec/codecs/benchmarks/ipfix_bench_yaf.py
+- spec/codecs/benchmarks/netflow_bench_cisco_asa.py
+- spec/codecs/benchmarks/netflow_bench_cisco_asr.py
 - spec/codecs/ipfix.dat
+- spec/codecs/ipfix_stress.py
+- spec/codecs/ipfix_test_barracuda_data256.dat
+- spec/codecs/ipfix_test_barracuda_extended_uniflow_data256.dat
+- spec/codecs/ipfix_test_barracuda_extended_uniflow_tpl256.dat
+- spec/codecs/ipfix_test_barracuda_tpl.dat
+- spec/codecs/ipfix_test_ixia_tpldata256.dat
+- spec/codecs/ipfix_test_ixia_tpldata271.dat
+- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat
+- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat
+- spec/codecs/ipfix_test_mikrotik_data258.dat
+- spec/codecs/ipfix_test_mikrotik_data259.dat
+- spec/codecs/ipfix_test_mikrotik_tpl.dat
+- spec/codecs/ipfix_test_netscaler_data.dat
+- spec/codecs/ipfix_test_netscaler_tpl.dat
+- spec/codecs/ipfix_test_nokia_bras_data256.dat
+- spec/codecs/ipfix_test_nokia_bras_tpl.dat
 - spec/codecs/ipfix_test_openbsd_pflow_data.dat
 - spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
+- spec/codecs/ipfix_test_procera_data52935.dat
+- spec/codecs/ipfix_test_procera_tpl52935.dat
+- spec/codecs/ipfix_test_viptela_data257.dat
+- spec/codecs/ipfix_test_viptela_tpl257.dat
+- spec/codecs/ipfix_test_vmware_vds_data264.dat
+- spec/codecs/ipfix_test_vmware_vds_data266.dat
+- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
+- spec/codecs/ipfix_test_vmware_vds_tpl.dat
+- spec/codecs/ipfix_test_yaf_data45841.dat
+- spec/codecs/ipfix_test_yaf_data45873.dat
+- spec/codecs/ipfix_test_yaf_data53248.dat
+- spec/codecs/ipfix_test_yaf_tpl45841.dat
+- spec/codecs/ipfix_test_yaf_tpls_option_tpl.dat
 - spec/codecs/netflow5.dat
 - spec/codecs/netflow5_test_invalid01.dat
 - spec/codecs/netflow5_test_invalid02.dat
 - spec/codecs/netflow5_test_juniper_mx80.dat
 - spec/codecs/netflow5_test_microtik.dat
+- spec/codecs/netflow9_cisco_asr1001x_tpl259.dat
+- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
+- spec/codecs/netflow9_test_cisco_1941K9.dat
+- spec/codecs/netflow9_test_cisco_aci_data256.dat
+- spec/codecs/netflow9_test_cisco_aci_tpl256-258.dat
 - spec/codecs/netflow9_test_cisco_asa_1_data.dat
 - spec/codecs/netflow9_test_cisco_asa_1_tpl.dat
 - spec/codecs/netflow9_test_cisco_asa_2_data.dat
 - spec/codecs/netflow9_test_cisco_asa_2_tpl_26x.dat
 - spec/codecs/netflow9_test_cisco_asa_2_tpl_27x.dat
-- spec/codecs/netflow9_test_invalid01.dat
-- spec/codecs/netflow9_test_macaddr_data.dat
-- spec/codecs/netflow9_test_macaddr_tpl.dat
-- spec/codecs/netflow9_test_nprobe_data.dat
-- spec/codecs/netflow9_test_nprobe_tpl.dat
-- spec/codecs/netflow9_test_softflowd_tpl_data.dat
-- spec/codecs/netflow9_test_valid01.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
-- spec/codecs/ipfix_test_netscaler_data.dat
-- spec/codecs/ipfix_test_netscaler_tpl.dat
-- spec/codecs/ipfix_test_vmware_vds_data264.dat
-- spec/codecs/ipfix_test_vmware_vds_data266.dat
-- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
-- spec/codecs/ipfix_test_vmware_vds_tpl.dat
-- spec/codecs/ipfix_test_barracuda_data256.dat
-- spec/codecs/ipfix_test_barracuda_tpl.dat
-- spec/codecs/ipfix_test_mikrotik_data258.dat
-- spec/codecs/ipfix_test_mikrotik_data259.dat
-- spec/codecs/ipfix_test_mikrotik_tpl.dat
-- spec/codecs/ipfix_test_nokia_bras_tpl.dat
-- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
-- spec/codecs/netflow_spec.rb
 - spec/codecs/netflow9_test_cisco_asr9k_data256.dat
 - spec/codecs/netflow9_test_cisco_asr9k_data260.dat
 - spec/codecs/netflow9_test_cisco_asr9k_opttpl256.dat
@@ -112,76 +140,51 @@ files:
 - spec/codecs/netflow9_test_cisco_nbar_data262.dat
 - spec/codecs/netflow9_test_cisco_nbar_opttpl260.dat
 - spec/codecs/netflow9_test_cisco_nbar_tpl262.dat
-- spec/codecs/netflow9_test_unknown_tpl266_292_data.dat
+- spec/codecs/netflow9_test_cisco_wlc_8510_tpl_262.dat
 - spec/codecs/netflow9_test_cisco_wlc_data261.dat
 - spec/codecs/netflow9_test_cisco_wlc_tpl.dat
+- spec/codecs/netflow9_test_field_layer2segmentid_data.dat
+- spec/codecs/netflow9_test_field_layer2segmentid_tpl.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_data256.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_data257.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_tpl.dat
-- spec/codecs/netflow9_test_juniper_srx_tplopt.dat
-- spec/codecs/netflow9_test_nprobe_dpi.dat
-- spec/codecs/netflow9_test_streamcore_tpl_data256.dat
-- spec/codecs/netflow9_test_streamcore_tpl_data260.dat
-- spec/codecs/ipfix_test_yaf_data45841.dat
-- spec/codecs/ipfix_test_yaf_data45873.dat
-- spec/codecs/ipfix_test_yaf_data53248.dat
-- spec/codecs/ipfix_test_yaf_tpl45841.dat
-- spec/codecs/ipfix_test_yaf_tpls_option_tpl.dat
-- spec/codecs/netflow9_cisco_asr1001x_tpl259.dat
-- spec/codecs/netflow9_test_cisco_1941K9.dat
-- spec/codecs/netflow9_test_cisco_wlc_8510_tpl_262.dat
-- spec/codecs/netflow9_test_paloalto_panos_data.dat
-- spec/codecs/netflow9_test_paloalto_panos_tpl.dat
-- spec/codecs/netflow_stress.py
-- spec/codecs/ipfix_test_viptela_tpl257.dat
-- spec/codecs/ipfix_test_viptela_data257.dat
-- spec/codecs/ipfix_test_nokia_bras_data256.dat
-- spec/codecs/netflow9_test_field_layer2segmentid_data.dat
-- spec/codecs/ipfix_test_procera_tpl52935.dat
-- spec/codecs/ipfix_test_procera_data52935.dat
-- spec/codecs/ipfix_test_barracuda_extended_uniflow_tpl256.dat
-- spec/codecs/benchmarks/ACLidASA.rb
-- spec/codecs/benchmarks/MacAddr.rb
-- spec/codecs/benchmarks/flowStartMilliseconds.rb
-- spec/codecs/benchmarks/IPAddr.rb
-- spec/codecs/benchmarks/IP6Addr.rb
-- spec/codecs/benchmarks/netflow_bench_cisco_asa.py
-- spec/codecs/benchmarks/netflow_bench_cisco_asr.py
-- spec/codecs/benchmarks/ipfix_bench_sonicwall.py
-- spec/codecs/benchmarks/ipfix_bench_yaf.py
-- spec/codecs/ipfix_test_barracuda_extended_uniflow_data256.dat
+- spec/codecs/netflow9_test_fortigate_fortios_542_appid_data258_262.dat
+- spec/codecs/netflow9_test_fortigate_fortios_542_appid_tpl258-269.dat
+- spec/codecs/netflow9_test_h3c_data3281.dat
+- spec/codecs/netflow9_test_h3c_netstream_varstring_data3281.dat
+- spec/codecs/netflow9_test_h3c_netstream_varstring_tpl3281.dat
 - spec/codecs/netflow9_test_h3c_tpl3281.dat
-- spec/codecs/netflow9_test_field_layer2segmentid_tpl.dat
-- spec/codecs/netflow9_test_huawei_netstream_tpl.dat
 - spec/codecs/netflow9_test_huawei_netstream_data.dat
-- spec/codecs/ipfix_stress.py
+- spec/codecs/netflow9_test_huawei_netstream_tpl.dat
+- spec/codecs/netflow9_test_invalid01.dat
 - spec/codecs/netflow9_test_iptnetflow_reduced_size_encoding_tpldata260.dat
-- spec/codecs/netflow9_test_h3c_data3281.dat
-- spec/codecs/netflow9_test_fortigate_fortios_542_appid_data258_262.dat
-- spec/codecs/netflow9_test_fortigate_fortios_542_appid_tpl258-269.dat
-- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat
-- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat
+- spec/codecs/netflow9_test_juniper_srx_tplopt.dat
+- spec/codecs/netflow9_test_macaddr_data.dat
+- spec/codecs/netflow9_test_macaddr_tpl.dat
+- spec/codecs/netflow9_test_nprobe_data.dat
+- spec/codecs/netflow9_test_nprobe_dpi.dat
+- spec/codecs/netflow9_test_nprobe_tpl.dat
 - spec/codecs/netflow9_test_paloalto_81_data257_1flowset_in_large_zerofilled_packet.dat
 - spec/codecs/netflow9_test_paloalto_81_tpl256-263.dat
-- spec/codecs/netflow9_test_h3c_netstream_varstring_data3281.dat
-- spec/codecs/netflow9_test_h3c_netstream_varstring_tpl3281.dat
-- logstash-codec-netflow.gemspec
-- CHANGELOG.md
-- README.md
-- RFC_COMPLIANCE_IPFIX.md
-- RFC_COMPLIANCE_NETFLOW_v9.md
-- CONTRIBUTORS
-- Gemfile
-- LICENSE
-- NOTICE.TXT
-- docs/index.asciidoc
+- spec/codecs/netflow9_test_paloalto_panos_data.dat
+- spec/codecs/netflow9_test_paloalto_panos_tpl.dat
+- spec/codecs/netflow9_test_softflowd_tpl_data.dat
+- spec/codecs/netflow9_test_streamcore_tpl_data256.dat
+- spec/codecs/netflow9_test_streamcore_tpl_data260.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
+- spec/codecs/netflow9_test_unknown_tpl266_292_data.dat
+- spec/codecs/netflow9_test_valid01.dat
+- spec/codecs/netflow_spec.rb
+- spec/codecs/netflow_stress.py
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)
 metadata:
   logstash_plugin: 'true'
   logstash_group: codec
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -196,49 +199,69 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.0.14.1
-signing_key: 
+rubyforge_project:
+rubygems_version: 2.4.8
+signing_key:
 specification_version: 4
 summary: Reads Netflow v5, Netflow v9 and IPFIX data
 test_files:
+- spec/codecs/benchmarks/ACLidASA.rb
+- spec/codecs/benchmarks/IP6Addr.rb
+- spec/codecs/benchmarks/IPAddr.rb
+- spec/codecs/benchmarks/MacAddr.rb
+- spec/codecs/benchmarks/benchmark_fields.rb
+- spec/codecs/benchmarks/flowStartMilliseconds.rb
+- spec/codecs/benchmarks/ipfix_bench_sonicwall.py
+- spec/codecs/benchmarks/ipfix_bench_yaf.py
+- spec/codecs/benchmarks/netflow_bench_cisco_asa.py
+- spec/codecs/benchmarks/netflow_bench_cisco_asr.py
 - spec/codecs/ipfix.dat
+- spec/codecs/ipfix_stress.py
+- spec/codecs/ipfix_test_barracuda_data256.dat
+- spec/codecs/ipfix_test_barracuda_extended_uniflow_data256.dat
+- spec/codecs/ipfix_test_barracuda_extended_uniflow_tpl256.dat
+- spec/codecs/ipfix_test_barracuda_tpl.dat
+- spec/codecs/ipfix_test_ixia_tpldata256.dat
+- spec/codecs/ipfix_test_ixia_tpldata271.dat
+- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat
+- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat
+- spec/codecs/ipfix_test_mikrotik_data258.dat
+- spec/codecs/ipfix_test_mikrotik_data259.dat
+- spec/codecs/ipfix_test_mikrotik_tpl.dat
+- spec/codecs/ipfix_test_netscaler_data.dat
+- spec/codecs/ipfix_test_netscaler_tpl.dat
+- spec/codecs/ipfix_test_nokia_bras_data256.dat
+- spec/codecs/ipfix_test_nokia_bras_tpl.dat
 - spec/codecs/ipfix_test_openbsd_pflow_data.dat
 - spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
+- spec/codecs/ipfix_test_procera_data52935.dat
+- spec/codecs/ipfix_test_procera_tpl52935.dat
+- spec/codecs/ipfix_test_viptela_data257.dat
+- spec/codecs/ipfix_test_viptela_tpl257.dat
+- spec/codecs/ipfix_test_vmware_vds_data264.dat
+- spec/codecs/ipfix_test_vmware_vds_data266.dat
+- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
+- spec/codecs/ipfix_test_vmware_vds_tpl.dat
+- spec/codecs/ipfix_test_yaf_data45841.dat
+- spec/codecs/ipfix_test_yaf_data45873.dat
+- spec/codecs/ipfix_test_yaf_data53248.dat
+- spec/codecs/ipfix_test_yaf_tpl45841.dat
+- spec/codecs/ipfix_test_yaf_tpls_option_tpl.dat
 - spec/codecs/netflow5.dat
 - spec/codecs/netflow5_test_invalid01.dat
 - spec/codecs/netflow5_test_invalid02.dat
 - spec/codecs/netflow5_test_juniper_mx80.dat
 - spec/codecs/netflow5_test_microtik.dat
+- spec/codecs/netflow9_cisco_asr1001x_tpl259.dat
+- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
+- spec/codecs/netflow9_test_cisco_1941K9.dat
+- spec/codecs/netflow9_test_cisco_aci_data256.dat
+- spec/codecs/netflow9_test_cisco_aci_tpl256-258.dat
 - spec/codecs/netflow9_test_cisco_asa_1_data.dat
 - spec/codecs/netflow9_test_cisco_asa_1_tpl.dat
 - spec/codecs/netflow9_test_cisco_asa_2_data.dat
 - spec/codecs/netflow9_test_cisco_asa_2_tpl_26x.dat
 - spec/codecs/netflow9_test_cisco_asa_2_tpl_27x.dat
-- spec/codecs/netflow9_test_invalid01.dat
-- spec/codecs/netflow9_test_macaddr_data.dat
-- spec/codecs/netflow9_test_macaddr_tpl.dat
-- spec/codecs/netflow9_test_nprobe_data.dat
-- spec/codecs/netflow9_test_nprobe_tpl.dat
-- spec/codecs/netflow9_test_softflowd_tpl_data.dat
-- spec/codecs/netflow9_test_valid01.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
-- spec/codecs/ipfix_test_netscaler_data.dat
-- spec/codecs/ipfix_test_netscaler_tpl.dat
-- spec/codecs/ipfix_test_vmware_vds_data264.dat
-- spec/codecs/ipfix_test_vmware_vds_data266.dat
-- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
-- spec/codecs/ipfix_test_vmware_vds_tpl.dat
-- spec/codecs/ipfix_test_barracuda_data256.dat
-- spec/codecs/ipfix_test_barracuda_tpl.dat
-- spec/codecs/ipfix_test_mikrotik_data258.dat
-- spec/codecs/ipfix_test_mikrotik_data259.dat
-- spec/codecs/ipfix_test_mikrotik_tpl.dat
-- spec/codecs/ipfix_test_nokia_bras_tpl.dat
-- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
-- spec/codecs/netflow_spec.rb
 - spec/codecs/netflow9_test_cisco_asr9k_data256.dat
 - spec/codecs/netflow9_test_cisco_asr9k_data260.dat
 - spec/codecs/netflow9_test_cisco_asr9k_opttpl256.dat
@@ -249,56 +272,41 @@ test_files:
 - spec/codecs/netflow9_test_cisco_nbar_data262.dat
 - spec/codecs/netflow9_test_cisco_nbar_opttpl260.dat
 - spec/codecs/netflow9_test_cisco_nbar_tpl262.dat
-- spec/codecs/netflow9_test_unknown_tpl266_292_data.dat
+- spec/codecs/netflow9_test_cisco_wlc_8510_tpl_262.dat
 - spec/codecs/netflow9_test_cisco_wlc_data261.dat
 - spec/codecs/netflow9_test_cisco_wlc_tpl.dat
+- spec/codecs/netflow9_test_field_layer2segmentid_data.dat
+- spec/codecs/netflow9_test_field_layer2segmentid_tpl.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_data256.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_data257.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_tpl.dat
-- spec/codecs/netflow9_test_juniper_srx_tplopt.dat
-- spec/codecs/netflow9_test_nprobe_dpi.dat
-- spec/codecs/netflow9_test_streamcore_tpl_data256.dat
-- spec/codecs/netflow9_test_streamcore_tpl_data260.dat
-- spec/codecs/ipfix_test_yaf_data45841.dat
-- spec/codecs/ipfix_test_yaf_data45873.dat
-- spec/codecs/ipfix_test_yaf_data53248.dat
-- spec/codecs/ipfix_test_yaf_tpl45841.dat
-- spec/codecs/ipfix_test_yaf_tpls_option_tpl.dat
-- spec/codecs/netflow9_cisco_asr1001x_tpl259.dat
-- spec/codecs/netflow9_test_cisco_1941K9.dat
-- spec/codecs/netflow9_test_cisco_wlc_8510_tpl_262.dat
-- spec/codecs/netflow9_test_paloalto_panos_data.dat
-- spec/codecs/netflow9_test_paloalto_panos_tpl.dat
-- spec/codecs/netflow_stress.py
-- spec/codecs/ipfix_test_viptela_tpl257.dat
-- spec/codecs/ipfix_test_viptela_data257.dat
-- spec/codecs/ipfix_test_nokia_bras_data256.dat
-- spec/codecs/netflow9_test_field_layer2segmentid_data.dat
-- spec/codecs/ipfix_test_procera_tpl52935.dat
-- spec/codecs/ipfix_test_procera_data52935.dat
-- spec/codecs/ipfix_test_barracuda_extended_uniflow_tpl256.dat
-- spec/codecs/benchmarks/ACLidASA.rb
-- spec/codecs/benchmarks/MacAddr.rb
-- spec/codecs/benchmarks/flowStartMilliseconds.rb
-- spec/codecs/benchmarks/IPAddr.rb
-- spec/codecs/benchmarks/IP6Addr.rb
-- spec/codecs/benchmarks/netflow_bench_cisco_asa.py
-- spec/codecs/benchmarks/netflow_bench_cisco_asr.py
-- spec/codecs/benchmarks/ipfix_bench_sonicwall.py
-- spec/codecs/benchmarks/ipfix_bench_yaf.py
-- spec/codecs/ipfix_test_barracuda_extended_uniflow_data256.dat
+- spec/codecs/netflow9_test_fortigate_fortios_542_appid_data258_262.dat
+- spec/codecs/netflow9_test_fortigate_fortios_542_appid_tpl258-269.dat
+- spec/codecs/netflow9_test_h3c_data3281.dat
+- spec/codecs/netflow9_test_h3c_netstream_varstring_data3281.dat
+- spec/codecs/netflow9_test_h3c_netstream_varstring_tpl3281.dat
 - spec/codecs/netflow9_test_h3c_tpl3281.dat
-- spec/codecs/netflow9_test_field_layer2segmentid_tpl.dat
-- spec/codecs/netflow9_test_huawei_netstream_tpl.dat
 - spec/codecs/netflow9_test_huawei_netstream_data.dat
-- spec/codecs/ipfix_stress.py
+- spec/codecs/netflow9_test_huawei_netstream_tpl.dat
+- spec/codecs/netflow9_test_invalid01.dat
 - spec/codecs/netflow9_test_iptnetflow_reduced_size_encoding_tpldata260.dat
-- spec/codecs/netflow9_test_h3c_data3281.dat
-- spec/codecs/netflow9_test_fortigate_fortios_542_appid_data258_262.dat
-- spec/codecs/netflow9_test_fortigate_fortios_542_appid_tpl258-269.dat
-- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat
-- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat
+- spec/codecs/netflow9_test_juniper_srx_tplopt.dat
+- spec/codecs/netflow9_test_macaddr_data.dat
+- spec/codecs/netflow9_test_macaddr_tpl.dat
+- spec/codecs/netflow9_test_nprobe_data.dat
+- spec/codecs/netflow9_test_nprobe_dpi.dat
+- spec/codecs/netflow9_test_nprobe_tpl.dat
 - spec/codecs/netflow9_test_paloalto_81_data257_1flowset_in_large_zerofilled_packet.dat
 - spec/codecs/netflow9_test_paloalto_81_tpl256-263.dat
-- spec/codecs/netflow9_test_h3c_netstream_varstring_data3281.dat
-- spec/codecs/netflow9_test_h3c_netstream_varstring_tpl3281.dat
+- spec/codecs/netflow9_test_paloalto_panos_data.dat
+- spec/codecs/netflow9_test_paloalto_panos_tpl.dat
+- spec/codecs/netflow9_test_softflowd_tpl_data.dat
+- spec/codecs/netflow9_test_streamcore_tpl_data256.dat
+- spec/codecs/netflow9_test_streamcore_tpl_data260.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
+- spec/codecs/netflow9_test_unknown_tpl266_292_data.dat
+- spec/codecs/netflow9_test_valid01.dat
+- spec/codecs/netflow_spec.rb
+- spec/codecs/netflow_stress.py