RubyGems - logstash-codec-netflow - Versions diffs - 3.2.1 → 3.2.2 - Mend

logstash-codec-netflow 3.2.1 → 3.2.2

Files changed (11) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/CONTRIBUTORS +1 -0
data/lib/logstash/codecs/netflow/ipfix.yaml +31 -0
data/logstash-codec-netflow.gemspec +1 -1
data/spec/codecs/ipfix_test_vmware_vds_data264.dat +0 -0
data/spec/codecs/ipfix_test_vmware_vds_data266.dat +0 -0
data/spec/codecs/ipfix_test_vmware_vds_data266_267.dat +0 -0
data/spec/codecs/ipfix_test_vmware_vds_tpl.dat +0 -0
data/spec/codecs/netflow_spec.rb +184 -0
metadata +10 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8eed13d17d78bcdbbb2788a458fb2d6109e3dfce
-  data.tar.gz: 3886e83de50aded411f7d5ee26832f56998fbd8b
+  metadata.gz: 05a98ccdb2cc8a75bdda0d5186e17385e4fbb3f2
+  data.tar.gz: e78c49964d3d50a6904895ec9329da7607dcfc81
 SHA512:
-  metadata.gz: 15b4bacc7bb1d6263cb9ec4f67ea360b5c0686503ace7442a75b8da99090865cf2e6753cf43a465132b5b42b010afede5607e67ae19f7a78e07c67fd62735d07
-  data.tar.gz: 7442867f8718b82330cb1a7c8592ea3c1367e14f1f12966a4db788a751d5a802638706a5c20ce7ccb8cd5e937cf65b210b90fae2c4dde0a5a089430608e17f83
+  metadata.gz: 84be91763bb7159eefb3f924176955deca396b95fbe09a189c1554d892bac06f34591b2147d91302964b29e69441753139e0f859bbc7741b99ec51ba38f0e642
+  data.tar.gz: a2530632510c75b0aa30a153f1f3f199a9c178777e376d2a9dcaf602140de9d866e94775b230e9955c6cbb0921e97aa6da9187d909830a85906b1f82b76b6531

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+## 3.2.2
+  - Added support for VMware VDS IPFIX although field definitions are unknown
 ## 3.2.1
   - Fix/Refactor IPFIX microsecond/nanosecond interpretation (NTP Timestamp based)

data/CONTRIBUTORS CHANGED Viewed

@@ -23,6 +23,7 @@ Contributors:
 * hhindlem
 * niempy
 * jstopinsek
+* sliddjur
 Maintainer:
 * Jorrit Folmer (jorritfolmer)

data/lib/logstash/codecs/netflow/ipfix.yaml CHANGED Viewed

@@ -1866,6 +1866,37 @@
   465:
   - :uint32
   - :netscalerUnknown465
+6876:
+  880:
+  - :uint8
+  - :vmwareUnknown880
+  881:
+  - :uint32
+  - :vmwareUnknown881
+  882:
+  - :uint32
+  - :vmwareUnknown882
+  883:
+  - :string
+  - :vmwareUnknown883
+  884:
+  - :string
+  - :vmwareUnknown884
+  886:
+  - :uint16
+  - :vmwareUnknown886
+  887:
+  - :uint16
+  - :vmwareUnknown887
+  888:
+  - :uint16
+  - :vmwareUnknown888
+  889:
+  - :uint8
+  - :vmwareUnknown889
+  890:
+  - :uint16
+  - :vmwareUnknown890
 29305:
   1:
   - :uint64

data/logstash-codec-netflow.gemspec CHANGED Viewed

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-codec-netflow'
-  s.version         = '3.2.1'
+  s.version         = '3.2.2'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "The netflow codec is for decoding Netflow v5/v9/v10 (IPFIX) flows."
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/codecs/ipfix_test_vmware_vds_data264.dat ADDED Viewed

Binary file

data/spec/codecs/ipfix_test_vmware_vds_data266.dat ADDED Viewed

Binary file

data/spec/codecs/ipfix_test_vmware_vds_data266_267.dat ADDED Viewed

Binary file

data/spec/codecs/ipfix_test_vmware_vds_tpl.dat ADDED Viewed

Binary file

data/spec/codecs/netflow_spec.rb CHANGED Viewed

@@ -1062,6 +1062,188 @@ describe LogStash::Codecs::Netflow do
       expect(JSON.parse(decode[2].to_json)).to eq(JSON.parse(json_events[0]))
     end
   end
+  context "IPFIX VMware virtual distributed switch" do
+    let(:data) do
+      packets = []
+      packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_vmware_vds_tpl.dat"), :mode => "rb")
+      packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_vmware_vds_data264.dat"), :mode => "rb")
+      packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_vmware_vds_data266.dat"), :mode => "rb")
+      packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_vmware_vds_data266_267.dat"), :mode => "rb")
+    end
+    let(:json_events) do
+      events = []
+      events << <<-END
+      {
+        "netflow": {
+          "destinationIPv4Address": "172.18.65.211",
+          "destinationTransportPort": 5985,
+          "tcpControlBits": 2,
+          "vmwareUnknown890": 1,
+          "sourceIPv4Address": "172.18.65.21",
+          "ingressInterface": 3,
+          "ipClassOfService": 0,
+          "version": 10,
+          "packetDeltaCount": 2,
+          "flowEndReason": 1,
+          "protocolIdentifier": 6,
+          "flowDirection": 1,
+          "layer2SegmentId": 0,
+          "egressInterface": 11,
+          "octetDeltaCount": 100,
+          "sourceTransportPort": 61209,
+          "flowEndMilliseconds": "2016-12-22T12:17:37.000Z",
+          "maximumTTL": 128,
+          "vmwareUnknown888": 2,
+          "flowStartMilliseconds": "2016-12-22T12:17:37.000Z",
+          "vmwareUnknown889": 0
+        },
+        "@timestamp": "2016-12-22T12:17:52.000Z",
+        "@version": "1"
+      }
+      END
+      events << <<-END
+      {
+        "netflow": {
+          "destinationIPv4Address": "172.18.65.255",
+          "destinationTransportPort": 138,
+          "tcpControlBits": 0,
+          "vmwareUnknown890": 1,
+          "sourceIPv4Address": "172.18.65.91",
+          "ingressInterface": 2,
+          "ipClassOfService": 0,
+          "version": 10,
+          "packetDeltaCount": 1,
+          "flowEndReason": 1,
+          "protocolIdentifier": 17,
+          "flowDirection": 1,
+          "layer2SegmentId": 0,
+          "egressInterface": 10,
+          "octetDeltaCount": 229,
+          "sourceTransportPort": 138,
+          "flowEndMilliseconds": "2016-12-22T12:17:42.000Z",
+          "maximumTTL": 128,
+          "vmwareUnknown888": 2,
+          "flowStartMilliseconds": "2016-12-22T12:17:42.000Z",
+          "vmwareUnknown889": 0
+        },
+        "@timestamp": "2016-12-22T12:17:56.000Z",
+        "@version": "1"
+      }
+      END
+      events << <<-END
+      {
+        "netflow": {
+          "destinationIPv4Address": "172.18.65.255",
+          "destinationTransportPort": 138,
+          "tcpControlBits": 0,
+          "vmwareUnknown890": 1,
+          "sourceIPv4Address": "172.18.65.91",
+          "ingressInterface": 3,
+          "ipClassOfService": 0,
+          "version": 10,
+          "packetDeltaCount": 1,
+          "flowEndReason": 1,
+          "protocolIdentifier": 17,
+          "flowDirection": 1,
+          "layer2SegmentId": 0,
+          "egressInterface": 11,
+          "octetDeltaCount": 229,
+          "sourceTransportPort": 138,
+          "flowEndMilliseconds": "2016-12-22T12:17:42.000Z",
+          "maximumTTL": 128,
+          "vmwareUnknown888": 2,
+          "flowStartMilliseconds": "2016-12-22T12:17:42.000Z",
+          "vmwareUnknown889": 0
+        },
+        "@timestamp": "2016-12-22T12:17:56.000Z",
+        "@version": "1"
+      }
+      END
+      events << <<-END
+      {
+        "netflow": {
+          "destinationIPv4Address": "224.0.0.252",
+          "destinationTransportPort": 5355,
+          "tcpControlBits": 0,
+          "vmwareUnknown890": 1,
+          "sourceIPv4Address": "172.18.65.21",
+          "ingressInterface": 3,
+          "ipClassOfService": 0,
+          "version": 10,
+          "packetDeltaCount": 2,
+          "flowEndReason": 1,
+          "protocolIdentifier": 17,
+          "flowDirection": 1,
+          "layer2SegmentId": 0,
+          "egressInterface": 11,
+          "octetDeltaCount": 104,
+          "sourceTransportPort": 61329,
+          "flowEndMilliseconds": "2016-12-22T12:25:49.000Z",
+          "maximumTTL": 1,
+          "vmwareUnknown888": 2,
+          "flowStartMilliseconds": "2016-12-22T12:25:49.000Z",
+          "vmwareUnknown889": 0
+        },
+        "@timestamp": "2016-12-22T12:26:04.000Z",
+        "@version": "1"
+      }
+      END
+      events << <<-END
+      {
+        "netflow": {
+          "destinationTransportPort": 5355,
+          "tcpControlBits": 0,
+          "vmwareUnknown890": 1,
+          "ingressInterface": 3,
+          "ipClassOfService": 0,
+          "version": 10,
+          "packetDeltaCount": 2,
+          "flowEndReason": 1,
+          "sourceIPv6Address": "fe80::5187:5cd8:d750:cdc9",
+          "protocolIdentifier": 17,
+          "flowDirection": 1,
+          "layer2SegmentId": 0,
+          "egressInterface": 11,
+          "octetDeltaCount": 144,
+          "destinationIPv6Address": "ff02::1:3",
+          "sourceTransportPort": 61329,
+          "flowEndMilliseconds": "2016-12-22T12:25:49.000Z",
+          "maximumTTL": 1,
+          "vmwareUnknown888": 2,
+          "flowStartMilliseconds": "2016-12-22T12:25:49.000Z",
+          "vmwareUnknown889": 0
+        },
+        "@timestamp": "2016-12-22T12:26:04.000Z",
+        "@version": "1"
+      }
+      END
+      events.map{|event| event.gsub(/\s+/, "")}
+    end
+    it "should decode raw data" do
+      expect(decode.size).to eq(5)
+      expect(decode[4].get("[netflow][sourceIPv6Address]")).to eq("fe80::5187:5cd8:d750:cdc9")
+      expect(decode[4].get("[netflow][destinationIPv6Address]")).to eq("ff02::1:3")
+      expect(decode[4].get("[netflow][octetDeltaCount]")).to eq(144)
+      expect(decode[4].get("[netflow][destinationTransportPort]")).to eq(5355)
+    end
+    it "should serialize to json" do
+      expect(JSON.parse(decode[0].to_json)).to eq(JSON.parse(json_events[0]))
+      expect(JSON.parse(decode[1].to_json)).to eq(JSON.parse(json_events[1]))
+      expect(JSON.parse(decode[2].to_json)).to eq(JSON.parse(json_events[2]))
+      expect(JSON.parse(decode[3].to_json)).to eq(JSON.parse(json_events[3]))
+      expect(JSON.parse(decode[4].to_json)).to eq(JSON.parse(json_events[4]))
+    end
+  end
 end
 describe LogStash::Codecs::Netflow, 'missing templates, no template caching configured' do
@@ -1270,4 +1452,6 @@ describe LogStash::Codecs::Netflow, 'configured with include_flowset_id for ipfi
     expect(decode[1].get("[netflow][flowset_id]")).to eq(257)
     expect(decode[2].get("[netflow][flowset_id]")).to eq(258)
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-codec-netflow
 version: !ruby/object:Gem::Version
-  version: 3.2.1
+  version: 3.2.2
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-12-21 00:00:00.000000000 Z
+date: 2016-12-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -81,6 +81,10 @@ files:
 - spec/codecs/ipfix_test_netscaler_tpl.dat
 - spec/codecs/ipfix_test_openbsd_pflow_data.dat
 - spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
+- spec/codecs/ipfix_test_vmware_vds_data264.dat
+- spec/codecs/ipfix_test_vmware_vds_data266.dat
+- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
+- spec/codecs/ipfix_test_vmware_vds_tpl.dat
 - spec/codecs/netflow5.dat
 - spec/codecs/netflow5_test_invalid01.dat
 - spec/codecs/netflow5_test_invalid02.dat
@@ -134,6 +138,10 @@ test_files:
 - spec/codecs/ipfix_test_netscaler_tpl.dat
 - spec/codecs/ipfix_test_openbsd_pflow_data.dat
 - spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
+- spec/codecs/ipfix_test_vmware_vds_data264.dat
+- spec/codecs/ipfix_test_vmware_vds_data266.dat
+- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
+- spec/codecs/ipfix_test_vmware_vds_tpl.dat
 - spec/codecs/netflow5.dat
 - spec/codecs/netflow5_test_invalid01.dat
 - spec/codecs/netflow5_test_invalid02.dat