logstash-codec-netflow 3.13.2 → 3.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 61a6a609ac21eea9fe737abde8454c7288fdfec0
-  data.tar.gz: 3a97c065f1e635f6abdf2a6f0bf762a762087611
+  metadata.gz: 9a3d7bde831ad7a858dfaee72f97e65588d514bf
+  data.tar.gz: f2b1f7093f7e00bc86a43cee0c3fd3e336ee8449
 SHA512:
-  metadata.gz: c107a8ba2c0db201d5e63fccd7924f4f9eb316c5a040d9922d1d867155df8ae5895d533f211efc3695f59aa52da710b402dc9dfade1f577869394fb22b7b4b8b
-  data.tar.gz: 093bc44df4aafc12e16882ee11359a378c2f8926152015736a1ffef902ea767832dc3187e685b58151d575755042e78630c644073dcd66688a6ab017b7e8dc64
+  metadata.gz: 04f34a68824c326d561af68823f99beaf60dae93e44534c7852f9d154c28726b4aaf46350ca5a4f1d72558233ff262f13bd5d85b492a7f78cbc73cf6ab0a26a5
+  data.tar.gz: b8a9e029d2e24a01c99c9ede0d8b41e6abe7915aaeab8a0b2b0e1e648a1b18022be5a1c8735019e669d9bbd43766adbbd3c5eb554d2f5c71fb9c87a615cac9ba

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 3.14.0
+
+  - Added support for Netflow 9 from H3C devices
+
 ## 3.13.2
 
   - Fixes incorrect definitions of IE 231 and IE 232

data/lib/logstash/codecs/netflow/ipfix.yaml

@@ -1,5 +1,8 @@
 ---
 0:
+  0:
+  - 1
+  - :field0_reserved
   1:
   - :uint64
   - :octetDeltaCount

data/lib/logstash/codecs/netflow/netflow.yaml

@@ -1,4 +1,7 @@
 ---
+0:
+- 1
+- :field0_reserved
 1:
 - 4
 - :in_bytes
@@ -223,6 +226,12 @@
 89:
 - :forwarding_status
 - :forwarding_status
+92:
+- :uint32
+- :src_traffic_index
+93:
+- :uint32
+- :dst_traffic_index
 94:
 - :string
 - :application_description

data/logstash-codec-netflow.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-codec-netflow'
-  s.version         = '3.13.2'
+  s.version         = '3.14.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Reads Netflow v5, Netflow v9 and IPFIX data"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/codecs/netflow_spec.rb

@@ -960,6 +960,72 @@ describe LogStash::Codecs::Netflow do
 
   end
 
+  context "Netflow 9 H3C" do
+    let(:data) do
+      packets = []
+      packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_h3c_tpl3281.dat"), :mode => "rb")
+      packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_h3c_data3281.dat"), :mode => "rb")
+    end
+
+    let(:json_events) do
+      events = []
+      events << <<-END
+      {
+        "netflow": {
+          "in_pkts": 9,
+          "src_as": 0,
+          "flowset_id": 3281,
+          "l4_dst_port": 0,
+          "last_switched": "2018-05-21T09:25:04.999Z",
+          "dst_mask": 24,
+          "tcp_flags": 0,
+          "src_tos": 0,
+          "dst_as": 0,
+          "input_snmp": 2662,
+          "direction": 0,
+          "version": 9,
+          "src_mask": 24,
+          "sampling_algorithm": 0,
+          "sampling_interval": 0,
+          "flow_seq_num": 60342277,
+          "src_traffic_index": 0,
+          "in_bytes": 5092,
+          "ipv4_src_addr": "10.22.166.36",
+          "first_switched": "2018-05-21T09:24:04.999Z",
+          "ipv4_dst_addr": "10.21.75.38",
+          "ipv4_next_hop": "10.21.17.78",
+          "forwarding_status": {
+            "status": 0,
+            "reason": 0
+          },
+          "l4_src_port": 0,
+          "protocol": 6,
+          "output_snmp": 1743,
+          "dst_traffic_index": 4294967295,
+          "ip_protocol_version": 4,
+          "field0_reserved": 0
+        },
+        "@version": "1",
+        "@timestamp": "2018-05-21T09:25:04.000Z"
+      }
+      END
+
+      events.map{|event| event.gsub(/\s+/, "")}
+    end
+
+    it "should decode raw data" do
+      expect(decode.size).to eq(16)
+      expect(decode[11].get("[netflow][dst_traffic_index]")).to eq(4294967295)
+      expect(decode[11].get("[netflow][src_traffic_index]")).to eq(0)
+    end
+
+    it "should serialize to json" do
+      expect(JSON.parse(decode[15].to_json)).to eq(JSON.parse(json_events[0]))
+    end
+
+  end
+
+
 
   context "Netflow 9 IE150 IE151" do
     let(:data) do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-codec-netflow
 version: !ruby/object:Gem::Version
-  version: 3.13.2
+  version: 3.14.0
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-05-04 00:00:00.000000000 Z
+date: 2018-05-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -138,6 +138,8 @@ files:
 - spec/codecs/netflow9_test_fortigate_fortios_521_data256.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_data257.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_tpl.dat
+- spec/codecs/netflow9_test_h3c_data3281.dat
+- spec/codecs/netflow9_test_h3c_tpl3281.dat
 - spec/codecs/netflow9_test_huawei_netstream_data.dat
 - spec/codecs/netflow9_test_huawei_netstream_tpl.dat
 - spec/codecs/netflow9_test_invalid01.dat
@@ -252,6 +254,8 @@ test_files:
 - spec/codecs/netflow9_test_fortigate_fortios_521_data256.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_data257.dat
 - spec/codecs/netflow9_test_fortigate_fortios_521_tpl.dat
+- spec/codecs/netflow9_test_h3c_data3281.dat
+- spec/codecs/netflow9_test_h3c_tpl3281.dat
 - spec/codecs/netflow9_test_huawei_netstream_data.dat
 - spec/codecs/netflow9_test_huawei_netstream_tpl.dat
 - spec/codecs/netflow9_test_invalid01.dat