logstash-codec-netflow 3.4.1 → 3.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e24cdd7142f243456a0979b80fee32122326f8a8
-  data.tar.gz: 7957b0685a192b19c5c47e642fe0afdb8d53b25a
+  metadata.gz: 32f71436a65fa46010df46996c298d6ee3fd69c3
+  data.tar.gz: 3546a333cad653c94bc66a9eadc7a0b84169b2cf
 SHA512:
-  metadata.gz: 95744daec1b4bdab27fc5632735d4c7d09f2de41826dedf7ba52e2f8e6f0a298cb1e952a5e9e9009268f2862e87fb9d47ce1a2edb6856edbd4aa769f3c9cbb87
-  data.tar.gz: 572be553da4d2a93619df3f146c274d8b7babc85292b31ea676321c0e8320e420f5fad27010b826564a1b835f9537975af341f17fd29452da479016fc29cdf11
+  metadata.gz: 829dadfc0855a0185db386d859a81d151639b51ffd663ceb51bc6126ab870b0bf8a8f49fbd600f2dda17bb290a17ab469e98ae28e7039807a41b0dac4cc3c2e4
+  data.tar.gz: ef4c100952e730e612fb20c08dd624ad498e20f4de7b8e04602d93c2b162e844767d903c4554811db9e237d31512415bc19496a242cbeb1733834718d26239fc

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 3.5.0
+
+  - Added support for Cisco WLC (Netflow v9)
+
+## 3.4.0
+
+  - Added support for Cisco NBAR (Netflow v9)
+
 ## 3.3.0
 
   - Added support for Cisco ASR 9000 (Netflow v9)

data/CONTRIBUTORS

@@ -20,6 +20,7 @@ Contributors:
 * Richard Pijnenburg (electrical)
 * Salvador Ferrer (salva-ferrer)
 * Will Rigby (wrigby)
+* Yehonatan Devorkin (Devorkin)
 * Rojuinex
 * debadair
 * hkshirish

data/lib/logstash/codecs/netflow/netflow.yaml

@@ -232,9 +232,15 @@
 96:
 - :string
 - :application_name
+98:
+- :uint8
+- :postIpDiffServCodePoint
 136:
 - :uint8
 - :flow_end_reason
+147:
+- :string
+- :wlanSSID
 148:
 - :uint32
 - :conn_id
@@ -325,6 +331,15 @@
 362:
 - :uint16
 - :postNATPortBlockEnd
+365:
+- :mac_addr
+- :staMacAddress
+366:
+- :ip4_addr
+- :staIPv4Address
+367:
+- :mac_addr
+- :wtpMacAddress
 8192:
 - :uint32
 - :streamcore_wan_rtt

data/logstash-codec-netflow.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-codec-netflow'
-  s.version         = '3.4.1'
+  s.version         = '3.5.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "The netflow codec is for decoding Netflow v5/v9/v10 (IPFIX) flows."
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/codecs/netflow_spec.rb

@@ -1698,6 +1698,51 @@ describe LogStash::Codecs::Netflow do
     end
   end
 
+  context "Netflow 9 Cisco WLC" do
+    let(:data) do
+      packets = []
+      packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_cisco_wlc_tpl.dat"), :mode => "rb")
+      packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_cisco_wlc_data261.dat"), :mode => "rb")
+    end
+
+    let(:json_events) do
+      events = []
+      events << <<-END
+        {
+          "netflow": {
+            "ip_dscp": 0,
+            "in_pkts": 53362,
+            "wtpMacAddress": "00:f6:63:cc:80:60",
+            "staMacAddress": "34:02:86:75:c0:51",
+            "flowset_id": 261,
+            "version": 9,
+            "application_id": "13:431",
+            "flow_seq_num": 78,
+            "in_bytes": 80973880,
+            "postIpDiffServCodePoint": 0,
+            "wlanSSID": "Test-env",
+            "staIPv4Address": "192.168.20.121",
+            "direction": 1
+          },
+          "@timestamp": "2017-06-22T06:31:14.000Z",
+          "@version": "1"
+        }
+        END
+      events.map{|event| event.gsub(/\s+/, "")}
+    end
+
+    it "should decode raw data" do
+      expect(decode.size).to eq(19)
+      expect(decode[18].get("[netflow][application_id]")).to eq("13:431")
+    end
+
+    it "should serialize to json" do
+      expect(JSON.parse(decode[18].to_json)).to eq(JSON.parse(json_events[0]))
+    end
+  end
+
+
+
 end
 
 describe LogStash::Codecs::Netflow, 'missing templates, no template caching configured' do

metadata

@@ -1,102 +1,109 @@
 --- !ruby/object:Gem::Specification
 name: logstash-codec-netflow
 version: !ruby/object:Gem::Version
-  version: 3.4.1
+  version: 3.5.0
 platform: ruby
 authors:
 - Elastic
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
 date: 2017-06-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
+  name: logstash-core-plugin-api
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '1.60'
-    - - "<="
+    - - <=
       - !ruby/object:Gem::Version
         version: '2.99'
-  name: logstash-core-plugin-api
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '1.60'
-    - - "<="
+    - - <=
       - !ruby/object:Gem::Version
         version: '2.99'
 - !ruby/object:Gem::Dependency
+  name: bindata
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: 1.5.0
-  name: bindata
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: 1.5.0
 - !ruby/object:Gem::Dependency
+  name: logstash-devutils
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: 1.0.0
-  name: logstash-devutils
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: 1.0.0
-description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
+description: This gem is a Logstash plugin required to be installed on top of the
+  Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
+  gem is not a stand-alone program
 email: info@elastic.co
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- CHANGELOG.md
-- CONTRIBUTORS
-- Gemfile
-- LICENSE
-- NOTICE.TXT
-- README.md
-- docs/index.asciidoc
-- lib/logstash/codecs/netflow.rb
 - lib/logstash/codecs/netflow/iana2yaml.rb
 - lib/logstash/codecs/netflow/ipfix.yaml
-- lib/logstash/codecs/netflow/netflow.yaml
 - lib/logstash/codecs/netflow/util.rb
-- logstash-codec-netflow.gemspec
+- lib/logstash/codecs/netflow/netflow.yaml
+- lib/logstash/codecs/netflow.rb
 - spec/codecs/ipfix.dat
-- spec/codecs/ipfix_test_netscaler_data.dat
-- spec/codecs/ipfix_test_netscaler_tpl.dat
 - spec/codecs/ipfix_test_openbsd_pflow_data.dat
 - spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
-- spec/codecs/ipfix_test_vmware_vds_data264.dat
-- spec/codecs/ipfix_test_vmware_vds_data266.dat
-- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
-- spec/codecs/ipfix_test_vmware_vds_tpl.dat
 - spec/codecs/netflow5.dat
 - spec/codecs/netflow5_test_invalid01.dat
 - spec/codecs/netflow5_test_invalid02.dat
 - spec/codecs/netflow5_test_juniper_mx80.dat
 - spec/codecs/netflow5_test_microtik.dat
-- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
 - spec/codecs/netflow9_test_cisco_asa_1_data.dat
 - spec/codecs/netflow9_test_cisco_asa_1_tpl.dat
 - spec/codecs/netflow9_test_cisco_asa_2_data.dat
 - spec/codecs/netflow9_test_cisco_asa_2_tpl_26x.dat
 - spec/codecs/netflow9_test_cisco_asa_2_tpl_27x.dat
+- spec/codecs/netflow9_test_invalid01.dat
+- spec/codecs/netflow9_test_macaddr_data.dat
+- spec/codecs/netflow9_test_macaddr_tpl.dat
+- spec/codecs/netflow9_test_nprobe_data.dat
+- spec/codecs/netflow9_test_nprobe_tpl.dat
+- spec/codecs/netflow9_test_softflowd_tpl_data.dat
+- spec/codecs/netflow9_test_valid01.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
+- spec/codecs/ipfix_test_netscaler_data.dat
+- spec/codecs/ipfix_test_netscaler_tpl.dat
+- spec/codecs/ipfix_test_vmware_vds_data264.dat
+- spec/codecs/ipfix_test_vmware_vds_data266.dat
+- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
+- spec/codecs/ipfix_test_vmware_vds_tpl.dat
+- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
+- spec/codecs/netflow9_test_juniper_srx_tplopt.dat
+- spec/codecs/netflow9_test_streamcore_tpl_data256.dat
+- spec/codecs/netflow9_test_streamcore_tpl_data260.dat
 - spec/codecs/netflow9_test_cisco_asr9k_data256.dat
 - spec/codecs/netflow9_test_cisco_asr9k_data260.dat
 - spec/codecs/netflow9_test_cisco_asr9k_opttpl256.dat
@@ -107,67 +114,77 @@ files:
 - spec/codecs/netflow9_test_cisco_nbar_data262.dat
 - spec/codecs/netflow9_test_cisco_nbar_opttpl260.dat
 - spec/codecs/netflow9_test_cisco_nbar_tpl262.dat
-- spec/codecs/netflow9_test_invalid01.dat
-- spec/codecs/netflow9_test_juniper_srx_tplopt.dat
-- spec/codecs/netflow9_test_macaddr_data.dat
-- spec/codecs/netflow9_test_macaddr_tpl.dat
-- spec/codecs/netflow9_test_nprobe_data.dat
-- spec/codecs/netflow9_test_nprobe_tpl.dat
-- spec/codecs/netflow9_test_softflowd_tpl_data.dat
-- spec/codecs/netflow9_test_streamcore_tpl_data256.dat
-- spec/codecs/netflow9_test_streamcore_tpl_data260.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
-- spec/codecs/netflow9_test_valid01.dat
+- spec/codecs/netflow9_test_cisco_wlc_tpl.dat
+- spec/codecs/netflow9_test_cisco_wlc_data261.dat
 - spec/codecs/netflow_spec.rb
+- logstash-codec-netflow.gemspec
+- CHANGELOG.md
+- README.md
+- CONTRIBUTORS
+- Gemfile
+- LICENSE
+- NOTICE.TXT
+- docs/index.asciidoc
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)
 metadata:
   logstash_plugin: 'true'
   logstash_group: codec
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.4.8
-signing_key:
+rubyforge_project: 
+rubygems_version: 2.0.14
+signing_key: 
 specification_version: 4
 summary: The netflow codec is for decoding Netflow v5/v9/v10 (IPFIX) flows.
 test_files:
 - spec/codecs/ipfix.dat
-- spec/codecs/ipfix_test_netscaler_data.dat
-- spec/codecs/ipfix_test_netscaler_tpl.dat
 - spec/codecs/ipfix_test_openbsd_pflow_data.dat
 - spec/codecs/ipfix_test_openbsd_pflow_tpl.dat
-- spec/codecs/ipfix_test_vmware_vds_data264.dat
-- spec/codecs/ipfix_test_vmware_vds_data266.dat
-- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
-- spec/codecs/ipfix_test_vmware_vds_tpl.dat
 - spec/codecs/netflow5.dat
 - spec/codecs/netflow5_test_invalid01.dat
 - spec/codecs/netflow5_test_invalid02.dat
 - spec/codecs/netflow5_test_juniper_mx80.dat
 - spec/codecs/netflow5_test_microtik.dat
-- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
 - spec/codecs/netflow9_test_cisco_asa_1_data.dat
 - spec/codecs/netflow9_test_cisco_asa_1_tpl.dat
 - spec/codecs/netflow9_test_cisco_asa_2_data.dat
 - spec/codecs/netflow9_test_cisco_asa_2_tpl_26x.dat
 - spec/codecs/netflow9_test_cisco_asa_2_tpl_27x.dat
+- spec/codecs/netflow9_test_invalid01.dat
+- spec/codecs/netflow9_test_macaddr_data.dat
+- spec/codecs/netflow9_test_macaddr_tpl.dat
+- spec/codecs/netflow9_test_nprobe_data.dat
+- spec/codecs/netflow9_test_nprobe_tpl.dat
+- spec/codecs/netflow9_test_softflowd_tpl_data.dat
+- spec/codecs/netflow9_test_valid01.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
+- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
+- spec/codecs/ipfix_test_netscaler_data.dat
+- spec/codecs/ipfix_test_netscaler_tpl.dat
+- spec/codecs/ipfix_test_vmware_vds_data264.dat
+- spec/codecs/ipfix_test_vmware_vds_data266.dat
+- spec/codecs/ipfix_test_vmware_vds_data266_267.dat
+- spec/codecs/ipfix_test_vmware_vds_tpl.dat
+- spec/codecs/netflow9_test_0length_fields_tpl_data.dat
+- spec/codecs/netflow9_test_juniper_srx_tplopt.dat
+- spec/codecs/netflow9_test_streamcore_tpl_data256.dat
+- spec/codecs/netflow9_test_streamcore_tpl_data260.dat
 - spec/codecs/netflow9_test_cisco_asr9k_data256.dat
 - spec/codecs/netflow9_test_cisco_asr9k_data260.dat
 - spec/codecs/netflow9_test_cisco_asr9k_opttpl256.dat
@@ -178,17 +195,6 @@ test_files:
 - spec/codecs/netflow9_test_cisco_nbar_data262.dat
 - spec/codecs/netflow9_test_cisco_nbar_opttpl260.dat
 - spec/codecs/netflow9_test_cisco_nbar_tpl262.dat
-- spec/codecs/netflow9_test_invalid01.dat
-- spec/codecs/netflow9_test_juniper_srx_tplopt.dat
-- spec/codecs/netflow9_test_macaddr_data.dat
-- spec/codecs/netflow9_test_macaddr_tpl.dat
-- spec/codecs/netflow9_test_nprobe_data.dat
-- spec/codecs/netflow9_test_nprobe_tpl.dat
-- spec/codecs/netflow9_test_softflowd_tpl_data.dat
-- spec/codecs/netflow9_test_streamcore_tpl_data256.dat
-- spec/codecs/netflow9_test_streamcore_tpl_data260.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
-- spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
-- spec/codecs/netflow9_test_valid01.dat
+- spec/codecs/netflow9_test_cisco_wlc_tpl.dat
+- spec/codecs/netflow9_test_cisco_wlc_data261.dat
 - spec/codecs/netflow_spec.rb