logstash-codec-netflow 4.2.0 → 4.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f2e6d54d4cdca81ee9644aed1eeae50bb8a9d1ee
-  data.tar.gz: 6ba6e2b5d731d3307de736e8e56d010e27ad2fcc
+  metadata.gz: 5577f3642f1d4136ece8b15c15e94b26718005ce
+  data.tar.gz: 6c539f16ae819a589cbb3b5f16af2e26bce1f550
 SHA512:
-  metadata.gz: e03f252f4070524376db990d4e5e511bb4eae836f205638f1a0de9a328355b52a571c0805a9a71e9e3eeb0facd840a03acceaf94572087f6dfe2c14ab988643b
-  data.tar.gz: 7d355546ea91c3daf872e45cc9a6f9f1e1e00c8b5e5d3a4f16c89ac835bb25d95872f48406d7a2141ef068b545e9b1950ca5b24d6b32c8d9211f512a4242ea63
+  metadata.gz: bbe44345d69394da17702b4cb656f2775b960da03ed2f533e23018355e0f89d39b8b64e5de9f1751d21f85b587900a6f4a5e9dbbc370a705f64020b75e6d284d
+  data.tar.gz: 1c441347d6fffc53a28bd5461b003d7a8f6f1c850d53b591788e204c3b6ac1c59b089c3ef55d62499867c4b71b19f59f714c4c9caf65bc39597053423043bf77

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 4.2.1
+
+  - Fix sub-second timestamp math
+
 ## 4.2.0
 
   - Added Cisco ACI to list of known working Netflow v9 exporters

data/CONTRIBUTORS

@@ -10,6 +10,7 @@ Contributors:
 * Bjørn Ruberg (bruberg)
 * Colin Surprenant (colinsurprenant)
 * Daniel Nägele (analogbyte)
+* Dan Hermann (danhermann)
 * Diyaldine Maoulida
 * Evgeniy Sudyr (ejectck)
 * G.J. Moed (gjmoed)

data/lib/logstash/codecs/netflow.rb

@@ -136,7 +136,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
         # convert these into absolute times
         millis = flowset.uptime - v
         seconds = flowset.unix_sec - (millis / 1000)
-        micros = (flowset.unix_nsec / 1000) - (millis % 1000)
+        micros = (flowset.unix_nsec / 1000) - ((millis % 1000) * 1000)
         if micros < 0
           seconds--
           micros += 1000000
@@ -262,7 +262,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
             millis = flowset.uptime - v
             seconds = flowset.unix_sec - (millis / 1000)
             # v9 did away with the nanosecs field
-            micros = 1000000 - (millis % 1000)
+            micros = 1000000 - ((millis % 1000) * 1000)
             event[@target][k.to_s] = LogStash::Timestamp.at(seconds, micros).to_iso8601
           else
             event[@target][k.to_s] = v.snapshot

data/lib/logstash/codecs/netflow/ipfix.yaml

@@ -2453,37 +2453,34 @@
 6876:
   880:
   - :uint8
-  - :vmwareUnknown880
+  - :vmwareTenantProtocol
   881:
-  - :uint32
-  - :vmwareUnknown881
+  - :ip4_addr
+  - :vmwareTenantSourceIPv4
   882:
-  - :uint32
-  - :vmwareUnknown882
+  - :ip4_addr
+  - :vmwareTenantDestIPv4
   883:
-  - :string
-  - :vmwareUnknown883
+  - :ip6_addr
+  - :vmwareTenantSourceIPv6
   884:
-  - :string
-  - :vmwareUnknown884
+  - :ip6_addr
+  - :vmwareTenantDestIPv6
   886:
   - :uint16
-  - :vmwareUnknown886
+  - :vmwareTenantSourcePort
   887:
   - :uint16
-  - :vmwareUnknown887
+  - :vmwareTenantDestPort
   888:
   - :uint16
-  # source: https://github.com/logstash-plugins/logstash-codec-netflow/issues/28#issuecomment-371811848
-  - :vmwareEgressInterfaceTypeID
+  - :vmwareEgressInterfaceAttr
   889:
   - :uint8
-  # source: https://github.com/logstash-plugins/logstash-codec-netflow/issues/28#issuecomment-371811848
-  - :vmwareObservationDomainID
+  - :vmwareVxlanExportRole
   890:
   - :uint16
-  # source: https://github.com/logstash-plugins/logstash-codec-netflow/issues/28#issuecomment-371811848
-  - :vmwareIngressInterfaceTypeID
+  - :vmwareIngressInterfaceAttr
 29305:
   1:
   - :uint64

data/logstash-codec-netflow.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-codec-netflow'
-  s.version         = '4.2.0'
+  s.version         = '4.2.1'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Reads Netflow v5, Netflow v9 and IPFIX data"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/codecs/netflow_spec.rb

@@ -48,8 +48,8 @@ describe LogStash::Codecs::Netflow do
             "output_snmp": 0,
             "in_pkts": 5,
             "in_bytes": 230,
-            "first_switched": "2015-06-21T11:40:52.280Z",
-            "last_switched": "2015-05-02T18:38:08.279Z",
+            "first_switched": "2015-06-21T11:40:52.194Z",
+            "last_switched": "2015-05-02T18:38:08.476Z",
             "l4_src_port": 54435,
             "l4_dst_port": 22,
             "tcp_flags": 16,
@@ -82,8 +82,8 @@ describe LogStash::Codecs::Netflow do
             "output_snmp": 0,
             "in_pkts": 4,
             "in_bytes": 304,
-            "first_switched": "2015-06-21T11:40:52.280Z",
-            "last_switched": "2015-05-02T18:38:08.279Z",
+            "first_switched": "2015-06-21T11:40:52.194Z",
+            "last_switched": "2015-05-02T18:38:08.476Z",
             "l4_src_port": 22,
             "l4_dst_port": 54435,
             "tcp_flags": 24,
@@ -169,8 +169,8 @@ describe LogStash::Codecs::Netflow do
             "flowset_id":1024,
             "ipv4_src_addr": "172.16.32.100",
             "ipv4_dst_addr":"172.16.32.248",
-            "last_switched":"2015-10-08T19:03:47.999Z",
-            "first_switched":"2015-10-08T19:03:47.999Z",
+            "last_switched":"2015-10-08T19:03:47.141Z",
+            "first_switched":"2015-10-08T19:03:47.140Z",
             "in_bytes":76,
             "in_pkts":1,
             "input_snmp":0,
@@ -262,9 +262,9 @@ describe LogStash::Codecs::Netflow do
           "l4_src_port": 179,
           "ipv4_dst_addr": "10.154.231.146",
           "in_pkts": 2,
-          "first_switched": "2018-10-15T11:28:05.999Z",
+          "first_switched": "2018-10-15T11:28:05.019Z",
           "protocol": 6,
-          "last_switched": "2018-10-15T11:28:24.999Z",
+          "last_switched": "2018-10-15T11:28:24.066Z",
           "ip_protocol_version": 4,
           "in_bytes": 99,
           "flow_seq_num": 36,
@@ -368,8 +368,8 @@ describe LogStash::Codecs::Netflow do
             "flowset_id":1024,
             "ipv4_src_addr":"172.16.32.100",
             "ipv4_dst_addr":"172.16.32.248",
-            "last_switched":"2015-10-08T19:03:47.999Z",
-            "first_switched":"2015-10-08T19:03:47.999Z",
+            "last_switched":"2015-10-08T19:03:47.141Z",
+            "first_switched":"2015-10-08T19:03:47.140Z",
             "in_bytes":76,
             "in_pkts":1,
             "input_snmp":0,
@@ -408,8 +408,8 @@ describe LogStash::Codecs::Netflow do
             "ipv4_next_hop":"0.0.0.0",
             "src_as":0,
             "dst_as":0,
-            "last_switched":"2015-10-08T19:05:56.999Z",
-            "first_switched":"2015-10-08T19:05:56.999Z"
+            "last_switched":"2015-10-08T19:05:56.015Z",
+            "first_switched":"2015-10-08T19:05:56.010Z"
           },
           "@version":"1"
         }
@@ -829,7 +829,7 @@ describe LogStash::Codecs::Netflow do
 
   end
 
-  context "Netflow5 microtik" do
+  context "Netflow5 mikrotik" do
     let(:data) do
       packets = []
       packets << IO.read(File.join(File.dirname(__FILE__), "netflow5_test_microtik.dat"), :mode => "rb")
@@ -855,8 +855,8 @@ describe LogStash::Codecs::Netflow do
             "output_snmp": 46,
             "in_pkts": 13,
             "in_bytes": 11442,
-            "first_switched": "2016-07-21T13:51:42.514Z",
-            "last_switched": "2016-07-21T13:51:42.514Z",
+            "first_switched": "2016-07-21T13:51:42.254Z",
+            "last_switched": "2016-07-21T13:51:42.254Z",
             "l4_src_port": 80,
             "l4_dst_port": 51826,
             "tcp_flags": 82,
@@ -912,8 +912,8 @@ describe LogStash::Codecs::Netflow do
             "output_snmp": 536,
             "in_pkts": 2,
             "in_bytes": 104,
-            "first_switched": "2016-07-21T13:52:34.999Z",
-            "last_switched": "2016-07-21T13:52:34.999Z",
+            "first_switched": "2016-07-21T13:52:34.936Z",
+            "last_switched": "2016-07-21T13:52:34.936Z",
             "l4_src_port": 37387,
             "l4_dst_port": 80,
             "tcp_flags": 16,
@@ -956,7 +956,7 @@ describe LogStash::Codecs::Netflow do
       {
         "netflow": {
           "l4_src_port": 443,
-          "last_switched": "2018-02-18T05:46:54.999Z",
+          "last_switched": "2018-02-18T05:46:54.992Z",
           "ingressPhysicalInterface": 7,
           "in_bytes": 187,
           "tcpOptions": 2164260864,
@@ -972,7 +972,7 @@ describe LogStash::Codecs::Netflow do
           "flow_seq_num": 344481,
           "ipv4_next_hop": "10.232.5.1",
           "flowset_id": 260,
-          "first_switched": "2018-02-18T05:46:54.999Z",
+          "first_switched": "2018-02-18T05:46:54.800Z",
           "tcp_flags": 25,
           "ipv4_dst_addr": "10.233.150.21",
           "ipv4_src_addr": "2.17.140.47",
@@ -1014,7 +1014,7 @@ describe LogStash::Codecs::Netflow do
           "src_as": 0,
           "flowset_id": 3281,
           "l4_dst_port": 0,
-          "last_switched": "2018-05-21T09:25:04.999Z",
+          "last_switched": "2018-05-21T09:25:04.928Z",
           "dst_mask": 24,
           "tcp_flags": 0,
           "src_tos": 0,
@@ -1029,7 +1029,7 @@ describe LogStash::Codecs::Netflow do
           "src_traffic_index": 0,
           "in_bytes": 5092,
           "ipv4_src_addr": "10.22.166.36",
-          "first_switched": "2018-05-21T09:24:04.999Z",
+          "first_switched": "2018-05-21T09:24:04.922Z",
           "ipv4_dst_addr": "10.21.75.38",
           "ipv4_next_hop": "10.21.17.78",
           "forwarding_status": {
@@ -1206,9 +1206,9 @@ describe LogStash::Codecs::Netflow do
         "@timestamp": "2018-07-18T01:35:35.000Z",
         "netflow": {
           "in_pkts": 9,
-          "last_switched": "2018-07-18T01:35:03.999Z",
+          "last_switched": "2018-07-18T01:35:03.969Z",
           "direction": 0,
-          "first_switched": "2018-07-18T01:34:34.999Z",
+          "first_switched": "2018-07-18T01:34:34.274Z",
           "ipv4_dst_addr": "20.20.255.255",
           "src_tos": 0,
           "ipv4_src_addr": "20.20.20.20",
@@ -1275,7 +1275,7 @@ describe LogStash::Codecs::Netflow do
           "xlate_src_port": 45380,
           "in_pkts": 6,
           "ipv4_dst_addr": "182.50.136.239",
-          "first_switched": "2018-05-11T00:54:10.999Z",
+          "first_switched": "2018-05-11T00:54:10.580Z",
           "flowset_id": 262,
           "l4_src_port": 45380,
           "xlate_dst_port": 0,
@@ -1286,7 +1286,7 @@ describe LogStash::Codecs::Netflow do
           "in_bytes": 748,
           "protocol": 6,
           "flow_end_reason": 3,
-          "last_switched": "2018-05-11T00:54:10.999Z",
+          "last_switched": "2018-05-11T00:54:10.990Z",
           "input_snmp": 8,
           "out_pkts": 6,
           "out_bytes": 748,
@@ -1611,7 +1611,7 @@ describe LogStash::Codecs::Netflow do
             "ip_protocol_version": 4, 
             "ipv4_dst_addr": "10.2.0.95",
             "src_tos": 0, 
-            "first_switched": "2016-09-10T15:02:54.999Z", 
+            "first_switched": "2016-09-10T15:02:54.375Z", 
             "flowset_id": 1025, 
             "l4_src_port": 47690, 
             "out_dst_mac": "44:d9:e7:be:ef:8e", 
@@ -1626,7 +1626,7 @@ describe LogStash::Codecs::Netflow do
               "label": 0, 
               "ttl": 4
             }, 
-            "last_switched": "2016-09-10T15:23:45.999Z", 
+            "last_switched": "2016-09-10T15:23:45.363Z", 
             "input_snmp": 2, 
             "flows": 0, 
             "tcp_flags": 27, 
@@ -1735,7 +1735,7 @@ describe LogStash::Codecs::Netflow do
             "output_snmp": 3,
             "in_pkts": 3,
             "ipv4_dst_addr": "31.13.87.36",
-            "first_switched": "2017-07-25T04:44:29.999Z",
+            "first_switched": "2017-07-25T04:44:29.522Z",
             "flowset_id": 257,
             "l4_src_port": 61910,
             "version": 9,
@@ -1743,7 +1743,7 @@ describe LogStash::Codecs::Netflow do
             "ipv4_src_addr": "192.168.99.7",
             "in_bytes": 152,
             "protocol": 6,
-            "last_switched": "2017-07-25T04:44:38.999Z",
+            "last_switched": "2017-07-25T04:44:38.522Z",
             "input_snmp": 9,
             "out_pkts": 0,
             "out_bytes": 0,
@@ -1781,7 +1781,7 @@ describe LogStash::Codecs::Netflow do
         {
           "netflow": {
             "in_pkts": 3,
-            "first_switched": "2017-01-11T11:47:23.999Z",
+            "first_switched": "2017-01-11T11:47:23.867Z",
             "flowset_id": 256,
             "l4_src_port": 8080,
             "streamcore_id_rule_1": 1171,
@@ -1803,7 +1803,7 @@ describe LogStash::Codecs::Netflow do
             "flow_seq_num": 2143054578,
             "ipv4_src_addr": "100.78.40.201",
             "input_snmp": 1152,
-            "last_switched": "2017-01-11T11:47:29.999Z",
+            "last_switched": "2017-01-11T11:47:29.879Z",
             "streamcore_wan_rtt": 0,
             "streamcore_total_app_resp_time": 0
           },
@@ -1894,7 +1894,7 @@ describe LogStash::Codecs::Netflow do
           "netflow": {
             "streamcore_id_rule_10": 0,
             "in_pkts": 11,
-            "first_switched": "2017-01-11T11:22:44.999Z",
+            "first_switched": "2017-01-11T11:22:44.939Z",
             "flowset_id": 260,
             "l4_src_port": 53483,
             "streamcore_id_rule_1": 1171,
@@ -1921,7 +1921,7 @@ describe LogStash::Codecs::Netflow do
             "flow_seq_num": 2142545188,
             "ipv4_src_addr": "10.27.8.20",
             "input_snmp": 1148,
-            "last_switched": "2017-01-11T11:23:35.999Z",
+            "last_switched": "2017-01-11T11:23:35.954Z",
             "streamcore_url": "\/mux.json",
             "streamcore_wan_rtt": 0,
             "streamcore_total_app_resp_time": 19
@@ -2134,7 +2134,7 @@ describe LogStash::Codecs::Netflow do
           "destinationIPv4Address": "172.18.65.211",
           "destinationTransportPort": 5985,
           "tcpControlBits": 2,
-          "vmwareIngressInterfaceTypeID": 1,
+          "vmwareIngressInterfaceAttr": 1,
           "sourceIPv4Address": "172.18.65.21",
           "ingressInterface": 3,
           "ipClassOfService": 0,
@@ -2149,9 +2149,9 @@ describe LogStash::Codecs::Netflow do
           "sourceTransportPort": 61209,
           "flowEndMilliseconds": "2016-12-22T12:17:37.000Z",
           "maximumTTL": 128,
-          "vmwareEgressInterfaceTypeID": 2,
+          "vmwareEgressInterfaceAttr": 2,
           "flowStartMilliseconds": "2016-12-22T12:17:37.000Z",
-          "vmwareObservationDomainID": 0
+          "vmwareVxlanExportRole": 0
         },
         "@timestamp": "2016-12-22T12:17:52.000Z",
         "@version": "1"
@@ -2342,7 +2342,7 @@ describe LogStash::Codecs::Netflow do
              "dst_mask":32,
              "in_pkts":0,
              "ipv4_dst_addr":"239.255.255.250",
-             "first_switched":"2016-12-23T01:34:52.999Z",
+             "first_switched":"2016-12-23T01:34:52.569Z",
              "flowset_id":256,
              "l4_src_port":0,
              "src_mask":32,
@@ -2352,7 +2352,7 @@ describe LogStash::Codecs::Netflow do
              "in_bytes":0,
              "protocol":2,
              "input_snmp":2,
-             "last_switched":"2016-12-23T01:34:52.999Z",
+             "last_switched":"2016-12-23T01:34:52.569Z",
              "tcp_flags":0,
              "engine_id":1,
              "out_pkts":1,
@@ -2434,7 +2434,7 @@ describe LogStash::Codecs::Netflow do
               "status": 0
             },
             "in_pkts": 4,
-            "first_switched": "2018-01-29T02:56:52.999Z",
+            "first_switched": "2018-01-29T02:56:52.940Z",
             "flowset_id": 1315,
             "ipv4_next_hop": "10.108.252.41",
             "l4_src_port": 45587,
@@ -2541,7 +2541,7 @@ describe LogStash::Codecs::Netflow do
               "status": 1
             },
             "in_pkts": 2,
-            "first_switched": "2016-12-06T10:08:53.999Z",
+            "first_switched": "2016-12-06T10:08:53.377Z",
             "flowset_id": 260,
             "l4_src_port": 443,
             "in_bytes": 112,
@@ -2561,7 +2561,7 @@ describe LogStash::Codecs::Netflow do
             "ipv4_src_addr": "10.0.29.46",
             "egressVRFID": 1610612736,
             "input_snmp": 75,
-            "last_switched": "2016-12-06T10:08:54.999Z",
+            "last_switched": "2016-12-06T10:08:54.964Z",
             "flow_sampler_id": 1,
             "bgp_ipv4_next_hop": "10.0.14.27"
           },
@@ -2632,7 +2632,7 @@ describe LogStash::Codecs::Netflow do
             "dst_as": 0,
             "in_pkts": 36,
             "ipv4_src_prefix": "0.0.0.0",
-            "first_switched": "2017-02-14T11:10:20.999Z",
+            "first_switched": "2017-02-14T11:10:20.936Z",
             "flowset_id": 262,
             "l4_src_port": 45269,
             "ipv4_next_hop": "0.0.0.0",
@@ -2656,7 +2656,7 @@ describe LogStash::Codecs::Netflow do
             "ipv4_src_addr": "10.10.172.60",
             "in_src_mac": "00:18:19:9e:6c:01",
             "input_snmp": 1,
-            "last_switched": "2017-02-14T11:10:21.999Z",
+            "last_switched": "2017-02-14T11:10:21.008Z",
             "flow_sampler_id": 0
           },
           "@timestamp": "2017-02-14T11:10:36.000Z",

metadata

@@ -1,135 +1,107 @@
 --- !ruby/object:Gem::Specification
 name: logstash-codec-netflow
 version: !ruby/object:Gem::Version
-  version: 4.2.0
+  version: 4.2.1
 platform: ruby
 authors:
 - Elastic
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-28 00:00:00.000000000 Z
+date: 2018-12-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
+  name: logstash-core-plugin-api
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '2.0'
-  name: logstash-core-plugin-api
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
+  name: bindata
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: 1.5.0
-  name: bindata
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: 1.5.0
 - !ruby/object:Gem::Dependency
+  name: logstash-devutils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: 1.0.0
-  name: logstash-devutils
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: 1.0.0
-description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
+description: This gem is a Logstash plugin required to be installed on top of the
+  Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
+  gem is not a stand-alone program
 email: info@elastic.co
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- CHANGELOG.md
-- CONTRIBUTORS
-- Gemfile
-- LICENSE
-- NOTICE.TXT
-- README.md
-- RFC_COMPLIANCE_IPFIX.md
-- RFC_COMPLIANCE_NETFLOW_v9.md
-- docs/index.asciidoc
-- lib/logstash/codecs/netflow.rb
 - lib/logstash/codecs/netflow/iana2yaml.rb
-- lib/logstash/codecs/netflow/ipfix.yaml
 - lib/logstash/codecs/netflow/netflow.yaml
 - lib/logstash/codecs/netflow/util.rb
-- logstash-codec-netflow.gemspec
-- spec/codecs/benchmarks/ACLidASA.rb
-- spec/codecs/benchmarks/IP6Addr.rb
-- spec/codecs/benchmarks/IPAddr.rb
-- spec/codecs/benchmarks/MacAddr.rb
-- spec/codecs/benchmarks/benchmark_fields.rb
-- spec/codecs/benchmarks/flowStartMilliseconds.rb
-- spec/codecs/benchmarks/ipfix_bench_sonicwall.py
-- spec/codecs/benchmarks/ipfix_bench_yaf.py
-- spec/codecs/benchmarks/netflow_bench_cisco_asa.py
-- spec/codecs/benchmarks/netflow_bench_cisco_asr.py
+- lib/logstash/codecs/netflow/ipfix.yaml
+- lib/logstash/codecs/netflow.rb
 - spec/codecs/ipfix.dat
-- spec/codecs/ipfix_stress.py
-- spec/codecs/ipfix_test_barracuda_data256.dat
-- spec/codecs/ipfix_test_barracuda_extended_uniflow_data256.dat
-- spec/codecs/ipfix_test_barracuda_extended_uniflow_tpl256.dat
-- spec/codecs/ipfix_test_barracuda_tpl.dat
-- spec/codecs/ipfix_test_ixia_tpldata256.dat
-- spec/codecs/ipfix_test_ixia_tpldata271.dat
-- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat
-- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat
-- spec/codecs/ipfix_test_mikrotik_data258.dat
-- spec/codecs/ipfix_test_mikrotik_data259.dat
-- spec/codecs/ipfix_test_mikrotik_tpl.dat
-- spec/codecs/ipfix_test_netscaler_data.dat
-- spec/codecs/ipfix_test_netscaler_tpl.dat
-- spec/codecs/ipfix_test_nokia_bras_data256.dat
-- spec/codecs/ipfix_test_nokia_bras_tpl.dat
 - spec/codecs/ipfix_test_openbsd_pflow_data.dat
 - spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
-- spec/codecs/ipfix_test_procera_data52935.dat
-- spec/codecs/ipfix_test_procera_tpl52935.dat
-- spec/codecs/ipfix_test_viptela_data257.dat
-- spec/codecs/ipfix_test_viptela_tpl257.dat
-- spec/codecs/ipfix_test_vmware_vds_data264.dat
-- spec/codecs/ipfix_test_vmware_vds_data266.dat
-- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
-- spec/codecs/ipfix_test_vmware_vds_tpl.dat
-- spec/codecs/ipfix_test_yaf_data45841.dat
-- spec/codecs/ipfix_test_yaf_data45873.dat
-- spec/codecs/ipfix_test_yaf_data53248.dat
-- spec/codecs/ipfix_test_yaf_tpl45841.dat
-- spec/codecs/ipfix_test_yaf_tpls_option_tpl.dat
 - spec/codecs/netflow5.dat
 - spec/codecs/netflow5_test_invalid01.dat
 - spec/codecs/netflow5_test_invalid02.dat
 - spec/codecs/netflow5_test_juniper_mx80.dat
 - spec/codecs/netflow5_test_microtik.dat
-- spec/codecs/netflow9_cisco_asr1001x_tpl259.dat
-- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
-- spec/codecs/netflow9_test_cisco_1941K9.dat
-- spec/codecs/netflow9_test_cisco_aci_data256.dat
-- spec/codecs/netflow9_test_cisco_aci_tpl256-258.dat
 - spec/codecs/netflow9_test_cisco_asa_1_data.dat
 - spec/codecs/netflow9_test_cisco_asa_1_tpl.dat
 - spec/codecs/netflow9_test_cisco_asa_2_data.dat
 - spec/codecs/netflow9_test_cisco_asa_2_tpl_26x.dat
 - spec/codecs/netflow9_test_cisco_asa_2_tpl_27x.dat
+- spec/codecs/netflow9_test_invalid01.dat
+- spec/codecs/netflow9_test_macaddr_data.dat
+- spec/codecs/netflow9_test_macaddr_tpl.dat
+- spec/codecs/netflow9_test_nprobe_data.dat
+- spec/codecs/netflow9_test_nprobe_tpl.dat
+- spec/codecs/netflow9_test_softflowd_tpl_data.dat
+- spec/codecs/netflow9_test_valid01.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
+- spec/codecs/ipfix_test_netscaler_data.dat
+- spec/codecs/ipfix_test_netscaler_tpl.dat
+- spec/codecs/ipfix_test_vmware_vds_data264.dat
+- spec/codecs/ipfix_test_vmware_vds_data266.dat
+- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
+- spec/codecs/ipfix_test_vmware_vds_tpl.dat
+- spec/codecs/ipfix_test_barracuda_data256.dat
+- spec/codecs/ipfix_test_barracuda_tpl.dat
+- spec/codecs/ipfix_test_mikrotik_data258.dat
+- spec/codecs/ipfix_test_mikrotik_data259.dat
+- spec/codecs/ipfix_test_mikrotik_tpl.dat
+- spec/codecs/ipfix_test_nokia_bras_tpl.dat
+- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
+- spec/codecs/netflow_spec.rb
 - spec/codecs/netflow9_test_cisco_asr9k_data256.dat
 - spec/codecs/netflow9_test_cisco_asr9k_data260.dat
 - spec/codecs/netflow9_test_cisco_asr9k_opttpl256.dat
@@ -140,51 +112,81 @@ files:
 - spec/codecs/netflow9_test_cisco_nbar_data262.dat
 - spec/codecs/netflow9_test_cisco_nbar_opttpl260.dat
 - spec/codecs/netflow9_test_cisco_nbar_tpl262.dat
-- spec/codecs/netflow9_test_cisco_wlc_8510_tpl_262.dat
+- spec/codecs/netflow9_test_unknown_tpl266_292_data.dat
 - spec/codecs/netflow9_test_cisco_wlc_data261.dat
 - spec/codecs/netflow9_test_cisco_wlc_tpl.dat
-- spec/codecs/netflow9_test_field_layer2segmentid_data.dat
-- spec/codecs/netflow9_test_field_layer2segmentid_tpl.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_data256.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_data257.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_tpl.dat
-- spec/codecs/netflow9_test_fortigate_fortios_542_appid_data258_262.dat
-- spec/codecs/netflow9_test_fortigate_fortios_542_appid_tpl258-269.dat
-- spec/codecs/netflow9_test_h3c_data3281.dat
-- spec/codecs/netflow9_test_h3c_netstream_varstring_data3281.dat
-- spec/codecs/netflow9_test_h3c_netstream_varstring_tpl3281.dat
-- spec/codecs/netflow9_test_h3c_tpl3281.dat
-- spec/codecs/netflow9_test_huawei_netstream_data.dat
-- spec/codecs/netflow9_test_huawei_netstream_tpl.dat
-- spec/codecs/netflow9_test_invalid01.dat
-- spec/codecs/netflow9_test_iptnetflow_reduced_size_encoding_tpldata260.dat
 - spec/codecs/netflow9_test_juniper_srx_tplopt.dat
-- spec/codecs/netflow9_test_macaddr_data.dat
-- spec/codecs/netflow9_test_macaddr_tpl.dat
-- spec/codecs/netflow9_test_nprobe_data.dat
 - spec/codecs/netflow9_test_nprobe_dpi.dat
-- spec/codecs/netflow9_test_nprobe_tpl.dat
-- spec/codecs/netflow9_test_paloalto_81_data257_1flowset_in_large_zerofilled_packet.dat
-- spec/codecs/netflow9_test_paloalto_81_tpl256-263.dat
-- spec/codecs/netflow9_test_paloalto_panos_data.dat
-- spec/codecs/netflow9_test_paloalto_panos_tpl.dat
-- spec/codecs/netflow9_test_softflowd_tpl_data.dat
 - spec/codecs/netflow9_test_streamcore_tpl_data256.dat
 - spec/codecs/netflow9_test_streamcore_tpl_data260.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
-- spec/codecs/netflow9_test_unknown_tpl266_292_data.dat
-- spec/codecs/netflow9_test_valid01.dat
-- spec/codecs/netflow_spec.rb
+- spec/codecs/ipfix_test_yaf_data45841.dat
+- spec/codecs/ipfix_test_yaf_data45873.dat
+- spec/codecs/ipfix_test_yaf_data53248.dat
+- spec/codecs/ipfix_test_yaf_tpl45841.dat
+- spec/codecs/ipfix_test_yaf_tpls_option_tpl.dat
+- spec/codecs/netflow9_cisco_asr1001x_tpl259.dat
+- spec/codecs/netflow9_test_cisco_1941K9.dat
+- spec/codecs/netflow9_test_cisco_wlc_8510_tpl_262.dat
+- spec/codecs/netflow9_test_paloalto_panos_data.dat
+- spec/codecs/netflow9_test_paloalto_panos_tpl.dat
 - spec/codecs/netflow_stress.py
+- spec/codecs/ipfix_test_viptela_tpl257.dat
+- spec/codecs/ipfix_test_viptela_data257.dat
+- spec/codecs/ipfix_test_nokia_bras_data256.dat
+- spec/codecs/netflow9_test_field_layer2segmentid_data.dat
+- spec/codecs/ipfix_test_procera_tpl52935.dat
+- spec/codecs/ipfix_test_procera_data52935.dat
+- spec/codecs/ipfix_test_barracuda_extended_uniflow_tpl256.dat
+- spec/codecs/benchmarks/ACLidASA.rb
+- spec/codecs/benchmarks/MacAddr.rb
+- spec/codecs/benchmarks/IPAddr.rb
+- spec/codecs/benchmarks/netflow_bench_cisco_asa.py
+- spec/codecs/benchmarks/ipfix_bench_sonicwall.py
+- spec/codecs/benchmarks/ipfix_bench_yaf.py
+- spec/codecs/benchmarks/netflow_bench_cisco_asr.py
+- spec/codecs/benchmarks/flowStartMilliseconds.rb
+- spec/codecs/benchmarks/IP6Addr.rb
+- spec/codecs/benchmarks/benchmark_fields.rb
+- spec/codecs/ipfix_test_barracuda_extended_uniflow_data256.dat
+- spec/codecs/netflow9_test_h3c_tpl3281.dat
+- spec/codecs/netflow9_test_field_layer2segmentid_tpl.dat
+- spec/codecs/netflow9_test_huawei_netstream_tpl.dat
+- spec/codecs/netflow9_test_huawei_netstream_data.dat
+- spec/codecs/ipfix_stress.py
+- spec/codecs/netflow9_test_iptnetflow_reduced_size_encoding_tpldata260.dat
+- spec/codecs/netflow9_test_h3c_data3281.dat
+- spec/codecs/netflow9_test_fortigate_fortios_542_appid_data258_262.dat
+- spec/codecs/netflow9_test_fortigate_fortios_542_appid_tpl258-269.dat
+- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat
+- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat
+- spec/codecs/netflow9_test_paloalto_81_data257_1flowset_in_large_zerofilled_packet.dat
+- spec/codecs/netflow9_test_paloalto_81_tpl256-263.dat
+- spec/codecs/netflow9_test_h3c_netstream_varstring_data3281.dat
+- spec/codecs/netflow9_test_h3c_netstream_varstring_tpl3281.dat
+- spec/codecs/ipfix_test_ixia_tpldata256.dat
+- spec/codecs/ipfix_test_ixia_tpldata271.dat
+- spec/codecs/netflow9_test_cisco_aci_data256.dat
+- spec/codecs/netflow9_test_cisco_aci_tpl256-258.dat
+- logstash-codec-netflow.gemspec
+- CHANGELOG.md
+- README.md
+- RFC_COMPLIANCE_IPFIX.md
+- RFC_COMPLIANCE_NETFLOW_v9.md
+- CONTRIBUTORS
+- Gemfile
+- LICENSE
+- NOTICE.TXT
+- docs/index.asciidoc
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)
 metadata:
   logstash_plugin: 'true'
   logstash_group: codec
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -199,69 +201,49 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.4.8
-signing_key:
+rubyforge_project: 
+rubygems_version: 2.0.14.1
+signing_key: 
 specification_version: 4
 summary: Reads Netflow v5, Netflow v9 and IPFIX data
 test_files:
-- spec/codecs/benchmarks/ACLidASA.rb
-- spec/codecs/benchmarks/IP6Addr.rb
-- spec/codecs/benchmarks/IPAddr.rb
-- spec/codecs/benchmarks/MacAddr.rb
-- spec/codecs/benchmarks/benchmark_fields.rb
-- spec/codecs/benchmarks/flowStartMilliseconds.rb
-- spec/codecs/benchmarks/ipfix_bench_sonicwall.py
-- spec/codecs/benchmarks/ipfix_bench_yaf.py
-- spec/codecs/benchmarks/netflow_bench_cisco_asa.py
-- spec/codecs/benchmarks/netflow_bench_cisco_asr.py
 - spec/codecs/ipfix.dat
-- spec/codecs/ipfix_stress.py
-- spec/codecs/ipfix_test_barracuda_data256.dat
-- spec/codecs/ipfix_test_barracuda_extended_uniflow_data256.dat
-- spec/codecs/ipfix_test_barracuda_extended_uniflow_tpl256.dat
-- spec/codecs/ipfix_test_barracuda_tpl.dat
-- spec/codecs/ipfix_test_ixia_tpldata256.dat
-- spec/codecs/ipfix_test_ixia_tpldata271.dat
-- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat
-- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat
-- spec/codecs/ipfix_test_mikrotik_data258.dat
-- spec/codecs/ipfix_test_mikrotik_data259.dat
-- spec/codecs/ipfix_test_mikrotik_tpl.dat
-- spec/codecs/ipfix_test_netscaler_data.dat
-- spec/codecs/ipfix_test_netscaler_tpl.dat
-- spec/codecs/ipfix_test_nokia_bras_data256.dat
-- spec/codecs/ipfix_test_nokia_bras_tpl.dat
 - spec/codecs/ipfix_test_openbsd_pflow_data.dat
 - spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
-- spec/codecs/ipfix_test_procera_data52935.dat
-- spec/codecs/ipfix_test_procera_tpl52935.dat
-- spec/codecs/ipfix_test_viptela_data257.dat
-- spec/codecs/ipfix_test_viptela_tpl257.dat
-- spec/codecs/ipfix_test_vmware_vds_data264.dat
-- spec/codecs/ipfix_test_vmware_vds_data266.dat
-- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
-- spec/codecs/ipfix_test_vmware_vds_tpl.dat
-- spec/codecs/ipfix_test_yaf_data45841.dat
-- spec/codecs/ipfix_test_yaf_data45873.dat
-- spec/codecs/ipfix_test_yaf_data53248.dat
-- spec/codecs/ipfix_test_yaf_tpl45841.dat
-- spec/codecs/ipfix_test_yaf_tpls_option_tpl.dat
 - spec/codecs/netflow5.dat
 - spec/codecs/netflow5_test_invalid01.dat
 - spec/codecs/netflow5_test_invalid02.dat
 - spec/codecs/netflow5_test_juniper_mx80.dat
 - spec/codecs/netflow5_test_microtik.dat
-- spec/codecs/netflow9_cisco_asr1001x_tpl259.dat
-- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
-- spec/codecs/netflow9_test_cisco_1941K9.dat
-- spec/codecs/netflow9_test_cisco_aci_data256.dat
-- spec/codecs/netflow9_test_cisco_aci_tpl256-258.dat
 - spec/codecs/netflow9_test_cisco_asa_1_data.dat
 - spec/codecs/netflow9_test_cisco_asa_1_tpl.dat
 - spec/codecs/netflow9_test_cisco_asa_2_data.dat
 - spec/codecs/netflow9_test_cisco_asa_2_tpl_26x.dat
 - spec/codecs/netflow9_test_cisco_asa_2_tpl_27x.dat
+- spec/codecs/netflow9_test_invalid01.dat
+- spec/codecs/netflow9_test_macaddr_data.dat
+- spec/codecs/netflow9_test_macaddr_tpl.dat
+- spec/codecs/netflow9_test_nprobe_data.dat
+- spec/codecs/netflow9_test_nprobe_tpl.dat
+- spec/codecs/netflow9_test_softflowd_tpl_data.dat
+- spec/codecs/netflow9_test_valid01.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
+- spec/codecs/ipfix_test_netscaler_data.dat
+- spec/codecs/ipfix_test_netscaler_tpl.dat
+- spec/codecs/ipfix_test_vmware_vds_data264.dat
+- spec/codecs/ipfix_test_vmware_vds_data266.dat
+- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
+- spec/codecs/ipfix_test_vmware_vds_tpl.dat
+- spec/codecs/ipfix_test_barracuda_data256.dat
+- spec/codecs/ipfix_test_barracuda_tpl.dat
+- spec/codecs/ipfix_test_mikrotik_data258.dat
+- spec/codecs/ipfix_test_mikrotik_data259.dat
+- spec/codecs/ipfix_test_mikrotik_tpl.dat
+- spec/codecs/ipfix_test_nokia_bras_tpl.dat
+- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
+- spec/codecs/netflow_spec.rb
 - spec/codecs/netflow9_test_cisco_asr9k_data256.dat
 - spec/codecs/netflow9_test_cisco_asr9k_data260.dat
 - spec/codecs/netflow9_test_cisco_asr9k_opttpl256.dat
@@ -272,41 +254,61 @@ test_files:
 - spec/codecs/netflow9_test_cisco_nbar_data262.dat
 - spec/codecs/netflow9_test_cisco_nbar_opttpl260.dat
 - spec/codecs/netflow9_test_cisco_nbar_tpl262.dat
-- spec/codecs/netflow9_test_cisco_wlc_8510_tpl_262.dat
+- spec/codecs/netflow9_test_unknown_tpl266_292_data.dat
 - spec/codecs/netflow9_test_cisco_wlc_data261.dat
 - spec/codecs/netflow9_test_cisco_wlc_tpl.dat
-- spec/codecs/netflow9_test_field_layer2segmentid_data.dat
-- spec/codecs/netflow9_test_field_layer2segmentid_tpl.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_data256.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_data257.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_tpl.dat
-- spec/codecs/netflow9_test_fortigate_fortios_542_appid_data258_262.dat
-- spec/codecs/netflow9_test_fortigate_fortios_542_appid_tpl258-269.dat
-- spec/codecs/netflow9_test_h3c_data3281.dat
-- spec/codecs/netflow9_test_h3c_netstream_varstring_data3281.dat
-- spec/codecs/netflow9_test_h3c_netstream_varstring_tpl3281.dat
-- spec/codecs/netflow9_test_h3c_tpl3281.dat
-- spec/codecs/netflow9_test_huawei_netstream_data.dat
-- spec/codecs/netflow9_test_huawei_netstream_tpl.dat
-- spec/codecs/netflow9_test_invalid01.dat
-- spec/codecs/netflow9_test_iptnetflow_reduced_size_encoding_tpldata260.dat
 - spec/codecs/netflow9_test_juniper_srx_tplopt.dat
-- spec/codecs/netflow9_test_macaddr_data.dat
-- spec/codecs/netflow9_test_macaddr_tpl.dat
-- spec/codecs/netflow9_test_nprobe_data.dat
 - spec/codecs/netflow9_test_nprobe_dpi.dat
-- spec/codecs/netflow9_test_nprobe_tpl.dat
-- spec/codecs/netflow9_test_paloalto_81_data257_1flowset_in_large_zerofilled_packet.dat
-- spec/codecs/netflow9_test_paloalto_81_tpl256-263.dat
-- spec/codecs/netflow9_test_paloalto_panos_data.dat
-- spec/codecs/netflow9_test_paloalto_panos_tpl.dat
-- spec/codecs/netflow9_test_softflowd_tpl_data.dat
 - spec/codecs/netflow9_test_streamcore_tpl_data256.dat
 - spec/codecs/netflow9_test_streamcore_tpl_data260.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
-- spec/codecs/netflow9_test_unknown_tpl266_292_data.dat
-- spec/codecs/netflow9_test_valid01.dat
-- spec/codecs/netflow_spec.rb
+- spec/codecs/ipfix_test_yaf_data45841.dat
+- spec/codecs/ipfix_test_yaf_data45873.dat
+- spec/codecs/ipfix_test_yaf_data53248.dat
+- spec/codecs/ipfix_test_yaf_tpl45841.dat
+- spec/codecs/ipfix_test_yaf_tpls_option_tpl.dat
+- spec/codecs/netflow9_cisco_asr1001x_tpl259.dat
+- spec/codecs/netflow9_test_cisco_1941K9.dat
+- spec/codecs/netflow9_test_cisco_wlc_8510_tpl_262.dat
+- spec/codecs/netflow9_test_paloalto_panos_data.dat
+- spec/codecs/netflow9_test_paloalto_panos_tpl.dat
 - spec/codecs/netflow_stress.py
+- spec/codecs/ipfix_test_viptela_tpl257.dat
+- spec/codecs/ipfix_test_viptela_data257.dat
+- spec/codecs/ipfix_test_nokia_bras_data256.dat
+- spec/codecs/netflow9_test_field_layer2segmentid_data.dat
+- spec/codecs/ipfix_test_procera_tpl52935.dat
+- spec/codecs/ipfix_test_procera_data52935.dat
+- spec/codecs/ipfix_test_barracuda_extended_uniflow_tpl256.dat
+- spec/codecs/benchmarks/ACLidASA.rb
+- spec/codecs/benchmarks/MacAddr.rb
+- spec/codecs/benchmarks/IPAddr.rb
+- spec/codecs/benchmarks/netflow_bench_cisco_asa.py
+- spec/codecs/benchmarks/ipfix_bench_sonicwall.py
+- spec/codecs/benchmarks/ipfix_bench_yaf.py
+- spec/codecs/benchmarks/netflow_bench_cisco_asr.py
+- spec/codecs/benchmarks/flowStartMilliseconds.rb
+- spec/codecs/benchmarks/IP6Addr.rb
+- spec/codecs/benchmarks/benchmark_fields.rb
+- spec/codecs/ipfix_test_barracuda_extended_uniflow_data256.dat
+- spec/codecs/netflow9_test_h3c_tpl3281.dat
+- spec/codecs/netflow9_test_field_layer2segmentid_tpl.dat
+- spec/codecs/netflow9_test_huawei_netstream_tpl.dat
+- spec/codecs/netflow9_test_huawei_netstream_data.dat
+- spec/codecs/ipfix_stress.py
+- spec/codecs/netflow9_test_iptnetflow_reduced_size_encoding_tpldata260.dat
+- spec/codecs/netflow9_test_h3c_data3281.dat
+- spec/codecs/netflow9_test_fortigate_fortios_542_appid_data258_262.dat
+- spec/codecs/netflow9_test_fortigate_fortios_542_appid_tpl258-269.dat
+- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat
+- spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat
+- spec/codecs/netflow9_test_paloalto_81_data257_1flowset_in_large_zerofilled_packet.dat
+- spec/codecs/netflow9_test_paloalto_81_tpl256-263.dat
+- spec/codecs/netflow9_test_h3c_netstream_varstring_data3281.dat
+- spec/codecs/netflow9_test_h3c_netstream_varstring_tpl3281.dat
+- spec/codecs/ipfix_test_ixia_tpldata256.dat
+- spec/codecs/ipfix_test_ixia_tpldata271.dat
+- spec/codecs/netflow9_test_cisco_aci_data256.dat
+- spec/codecs/netflow9_test_cisco_aci_tpl256-258.dat