logstash-codec-netflow 3.13.2 → 3.14.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/logstash/codecs/netflow/ipfix.yaml +3 -0
- data/lib/logstash/codecs/netflow/netflow.yaml +9 -0
- data/logstash-codec-netflow.gemspec +1 -1
- data/spec/codecs/netflow9_test_h3c_data3281.dat +0 -0
- data/spec/codecs/netflow9_test_h3c_tpl3281.dat +0 -0
- data/spec/codecs/netflow_spec.rb +66 -0
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9a3d7bde831ad7a858dfaee72f97e65588d514bf
|
4
|
+
data.tar.gz: f2b1f7093f7e00bc86a43cee0c3fd3e336ee8449
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 04f34a68824c326d561af68823f99beaf60dae93e44534c7852f9d154c28726b4aaf46350ca5a4f1d72558233ff262f13bd5d85b492a7f78cbc73cf6ab0a26a5
|
7
|
+
data.tar.gz: b8a9e029d2e24a01c99c9ede0d8b41e6abe7915aaeab8a0b2b0e1e648a1b18022be5a1c8735019e669d9bbd43766adbbd3c5eb554d2f5c71fb9c87a615cac9ba
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,7 @@
|
|
1
1
|
---
|
2
|
+
0:
|
3
|
+
- 1
|
4
|
+
- :field0_reserved
|
2
5
|
1:
|
3
6
|
- 4
|
4
7
|
- :in_bytes
|
@@ -223,6 +226,12 @@
|
|
223
226
|
89:
|
224
227
|
- :forwarding_status
|
225
228
|
- :forwarding_status
|
229
|
+
92:
|
230
|
+
- :uint32
|
231
|
+
- :src_traffic_index
|
232
|
+
93:
|
233
|
+
- :uint32
|
234
|
+
- :dst_traffic_index
|
226
235
|
94:
|
227
236
|
- :string
|
228
237
|
- :application_description
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-codec-netflow'
|
4
|
-
s.version = '3.
|
4
|
+
s.version = '3.14.0'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Reads Netflow v5, Netflow v9 and IPFIX data"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
Binary file
|
Binary file
|
data/spec/codecs/netflow_spec.rb
CHANGED
@@ -960,6 +960,72 @@ describe LogStash::Codecs::Netflow do
|
|
960
960
|
|
961
961
|
end
|
962
962
|
|
963
|
+
context "Netflow 9 H3C" do
|
964
|
+
let(:data) do
|
965
|
+
packets = []
|
966
|
+
packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_h3c_tpl3281.dat"), :mode => "rb")
|
967
|
+
packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_h3c_data3281.dat"), :mode => "rb")
|
968
|
+
end
|
969
|
+
|
970
|
+
let(:json_events) do
|
971
|
+
events = []
|
972
|
+
events << <<-END
|
973
|
+
{
|
974
|
+
"netflow": {
|
975
|
+
"in_pkts": 9,
|
976
|
+
"src_as": 0,
|
977
|
+
"flowset_id": 3281,
|
978
|
+
"l4_dst_port": 0,
|
979
|
+
"last_switched": "2018-05-21T09:25:04.999Z",
|
980
|
+
"dst_mask": 24,
|
981
|
+
"tcp_flags": 0,
|
982
|
+
"src_tos": 0,
|
983
|
+
"dst_as": 0,
|
984
|
+
"input_snmp": 2662,
|
985
|
+
"direction": 0,
|
986
|
+
"version": 9,
|
987
|
+
"src_mask": 24,
|
988
|
+
"sampling_algorithm": 0,
|
989
|
+
"sampling_interval": 0,
|
990
|
+
"flow_seq_num": 60342277,
|
991
|
+
"src_traffic_index": 0,
|
992
|
+
"in_bytes": 5092,
|
993
|
+
"ipv4_src_addr": "10.22.166.36",
|
994
|
+
"first_switched": "2018-05-21T09:24:04.999Z",
|
995
|
+
"ipv4_dst_addr": "10.21.75.38",
|
996
|
+
"ipv4_next_hop": "10.21.17.78",
|
997
|
+
"forwarding_status": {
|
998
|
+
"status": 0,
|
999
|
+
"reason": 0
|
1000
|
+
},
|
1001
|
+
"l4_src_port": 0,
|
1002
|
+
"protocol": 6,
|
1003
|
+
"output_snmp": 1743,
|
1004
|
+
"dst_traffic_index": 4294967295,
|
1005
|
+
"ip_protocol_version": 4,
|
1006
|
+
"field0_reserved": 0
|
1007
|
+
},
|
1008
|
+
"@version": "1",
|
1009
|
+
"@timestamp": "2018-05-21T09:25:04.000Z"
|
1010
|
+
}
|
1011
|
+
END
|
1012
|
+
|
1013
|
+
events.map{|event| event.gsub(/\s+/, "")}
|
1014
|
+
end
|
1015
|
+
|
1016
|
+
it "should decode raw data" do
|
1017
|
+
expect(decode.size).to eq(16)
|
1018
|
+
expect(decode[11].get("[netflow][dst_traffic_index]")).to eq(4294967295)
|
1019
|
+
expect(decode[11].get("[netflow][src_traffic_index]")).to eq(0)
|
1020
|
+
end
|
1021
|
+
|
1022
|
+
it "should serialize to json" do
|
1023
|
+
expect(JSON.parse(decode[15].to_json)).to eq(JSON.parse(json_events[0]))
|
1024
|
+
end
|
1025
|
+
|
1026
|
+
end
|
1027
|
+
|
1028
|
+
|
963
1029
|
|
964
1030
|
context "Netflow 9 IE150 IE151" do
|
965
1031
|
let(:data) do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-codec-netflow
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.14.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-05-
|
11
|
+
date: 2018-05-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -138,6 +138,8 @@ files:
|
|
138
138
|
- spec/codecs/netflow9_test_fortigate_fortios_521_data256.dat
|
139
139
|
- spec/codecs/netflow9_test_fortigate_fortios_521_data257.dat
|
140
140
|
- spec/codecs/netflow9_test_fortigate_fortios_521_tpl.dat
|
141
|
+
- spec/codecs/netflow9_test_h3c_data3281.dat
|
142
|
+
- spec/codecs/netflow9_test_h3c_tpl3281.dat
|
141
143
|
- spec/codecs/netflow9_test_huawei_netstream_data.dat
|
142
144
|
- spec/codecs/netflow9_test_huawei_netstream_tpl.dat
|
143
145
|
- spec/codecs/netflow9_test_invalid01.dat
|
@@ -252,6 +254,8 @@ test_files:
|
|
252
254
|
- spec/codecs/netflow9_test_fortigate_fortios_521_data256.dat
|
253
255
|
- spec/codecs/netflow9_test_fortigate_fortios_521_data257.dat
|
254
256
|
- spec/codecs/netflow9_test_fortigate_fortios_521_tpl.dat
|
257
|
+
- spec/codecs/netflow9_test_h3c_data3281.dat
|
258
|
+
- spec/codecs/netflow9_test_h3c_tpl3281.dat
|
255
259
|
- spec/codecs/netflow9_test_huawei_netstream_data.dat
|
256
260
|
- spec/codecs/netflow9_test_huawei_netstream_tpl.dat
|
257
261
|
- spec/codecs/netflow9_test_invalid01.dat
|