logstash-codec-netflow 3.9.1 → 3.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 49ab4908487a49f83e5c84369cb2202d518a84d1
-  data.tar.gz: 18e6d9c9da6bba3b5d947109f48f27de0edc1372
+  metadata.gz: 23f25a4dd41e18de926001edf51d595b28f32bba
+  data.tar.gz: a7844a2a74423c4ee1da1e0a3b94120d5cbd323a
 SHA512:
-  metadata.gz: 5052a5791332289eb82f759ca611d2d9484592317edbdecca32989c08b0388625774d2d44efddac0da65c1c8ad51e58a7e62ed70bf7bbfa0cf7fd963eb19ba71
-  data.tar.gz: 1271997cf15abdc05fdb4c5941d1759964e876b4879290496e2a96239b3cc3bd648fe1646b179c24a90d7ba83ca618bb3d416e573a1a490a1d287bdc7f905541
+  metadata.gz: c0ff89f1a8f9d9bc771dd80e724ee9f019ea97f3c13bb893226e599e69e82a26911e6a6fe213e0cab87bdc675aa84779bd894bfb678cd8236649d16cc091d297
+  data.tar.gz: 5f6826dcd84eb0fbba51b0ec6fb47ed83dc08b689b778c04b131f2877dd36baca8e16a71b59d89bf907e6d4ae88e64f7b569bcd81b0dc8fea07b89b978770f0e

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 3.10.0
+
+  - Added support for Nokia BRAS
+
 ## 3.9.1
 
   - Added Netflow v9 IE150 IE151, IE154, IE155

data/CONTRIBUTORS

@@ -27,6 +27,7 @@ Contributors:
 * Raju Nair (rajutech76)
 * Richard Pijnenburg (electrical)
 * Salvador Ferrer (salva-ferrer)
+* Vishal Solanki
 * Will Rigby (wrigby)
 * Yehonatan Devorkin (Devorkin)
 * Rojuinex

data/docs/index.asciidoc

@@ -49,6 +49,7 @@ The following Netflow/IPFIX exporters are known to work with the most recent ver
 |Juniper MX80             |  y |    |       | SW > 12.3R8
 |Mikrotik                 |  y |    |   y   | http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow
 |nProbe                   |  y | y  |   y   | L7 DPI fields now also supported
+|Nokia BRAS               |    |    |   y   |
 |OpenBSD pflow            |  y | n  |   y   | http://man.openbsd.org/OpenBSD-current/man4/pflow.4
 |Softflowd                |  y | y  |   y   | IPFIX supported in https://github.com/djmdjm/softflowd
 |Streamcore Streamgroomer |    | y  |       |

data/lib/logstash/codecs/netflow/ipfix.yaml

@@ -1245,6 +1245,16 @@
   12244:
   - :string
   - :ciscoAppBusiness
+637:
+  91:
+  - :uint16
+  - :natInsideSvcid
+  92:
+  - :uint16
+  - :natOutsideSvcid
+  93:
+  - :string
+  - :natSubString
 5951:
   128:
   - :uint32

data/logstash-codec-netflow.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-codec-netflow'
-  s.version         = '3.9.1'
+  s.version         = '3.10.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Reads Netflow v5 and Netflow v9 data"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/codecs/netflow_spec.rb

@@ -982,6 +982,51 @@ describe LogStash::Codecs::Netflow do
 
   end
 
+  context "IPFIX Nokia BRAS" do
+    let(:data) do
+      packets = []
+      packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_nokia_bras_tpl.dat"), :mode => "rb")
+      packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_nokia_bras_data256.dat"), :mode => "rb")
+    end
+
+    let(:json_events) do
+      events = []
+      events << <<-END
+        {
+          "@version": "1",
+          "netflow": {
+            "destinationIPv4Address": "10.0.0.34",
+            "destinationTransportPort": 80,
+            "protocolIdentifier": 6,
+            "sourceIPv4Address": "10.0.1.228",
+            "natSubString": "USER1@10.10.0.123",
+            "sourceTransportPort": 5878,
+            "version": 10,
+            "flowId": 3389049088,
+            "natOutsideSvcid": 0,
+            "flowStartMilliseconds": "2017-12-14T07:23:45.148Z",
+            "natInsideSvcid": 100
+          },
+          "@timestamp": "2017-12-14T07:23:45.000Z"
+        }
+      END
+
+      events.map{|event| event.gsub(/\s+/, "")}
+    end
+
+    it "should decode raw data" do
+      expect(decode.size).to eq(1)
+      expect(decode[0].get("[netflow][natInsideSvcid]")).to eq(100)
+      expect(decode[0].get("[netflow][natOutsideSvcid]")).to eq(0)
+      expect(decode[0].get("[netflow][natSubString]")).to eq("USER1@10.10.0.123")
+    end
+
+    it "should serialize to json" do
+      expect(JSON.parse(decode[0].to_json)).to eq(JSON.parse(json_events[0]))
+    end
+
+  end
+
 
 
   context "Netflow 9 Ubiquiti Edgerouter with MPLS labels" do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: logstash-codec-netflow
 version: !ruby/object:Gem::Version
-  version: 3.9.1
+  version: 3.10.0
 platform: ruby
 authors:
 - Elastic
@@ -87,6 +87,8 @@ files:
 - spec/codecs/ipfix_test_mikrotik_tpl.dat
 - spec/codecs/ipfix_test_netscaler_data.dat
 - spec/codecs/ipfix_test_netscaler_tpl.dat
+- spec/codecs/ipfix_test_nokia_bras_data256.dat
+- spec/codecs/ipfix_test_nokia_bras_tpl.dat
 - spec/codecs/ipfix_test_openbsd_pflow_data.dat
 - spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
 - spec/codecs/ipfix_test_viptela_data257.dat
@@ -183,6 +185,8 @@ test_files:
 - spec/codecs/ipfix_test_mikrotik_tpl.dat
 - spec/codecs/ipfix_test_netscaler_data.dat
 - spec/codecs/ipfix_test_netscaler_tpl.dat
+- spec/codecs/ipfix_test_nokia_bras_data256.dat
+- spec/codecs/ipfix_test_nokia_bras_tpl.dat
 - spec/codecs/ipfix_test_openbsd_pflow_data.dat
 - spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
 - spec/codecs/ipfix_test_viptela_data257.dat