logstash-codec-netflow 3.9.0 → 3.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 92cb1dff0db3b3d3895ec7113d8bb4435eea7569
-  data.tar.gz: 49ac590c5ce5a8709456a877b87c7098d9f751ff
+  metadata.gz: 49ab4908487a49f83e5c84369cb2202d518a84d1
+  data.tar.gz: 18e6d9c9da6bba3b5d947109f48f27de0edc1372
 SHA512:
-  metadata.gz: fcbefcbcea05d524abd7e80f35b53036f1995609f595b2920445505f35848974d295008c7d0a261f1a2e702762fa5a912598be1c71da19b0dbe9f22fe7e695b4
-  data.tar.gz: df7b3492b75c5b6a78b58bbdd1e3e26ad25f406ab9916b612f0c21a2f780ef198e491531a7ad7235747fa716fce023a1832c6d6e8b65fc7ffe60ac10b9d2dd29
+  metadata.gz: 5052a5791332289eb82f759ca611d2d9484592317edbdecca32989c08b0388625774d2d44efddac0da65c1c8ad51e58a7e62ed70bf7bbfa0cf7fd963eb19ba71
+  data.tar.gz: 1271997cf15abdc05fdb4c5941d1759964e876b4879290496e2a96239b3cc3bd648fe1646b179c24a90d7ba83ca618bb3d416e573a1a490a1d287bdc7f905541

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 3.9.1
+
+  - Added Netflow v9 IE150 IE151, IE154, IE155
+
 ## 3.9.0
 
   - Added vIPtela support

data/CONTRIBUTORS

@@ -37,6 +37,7 @@ Contributors:
 * niempy
 * jstopinsek
 * sliddjur
+* szhong12
 
 Maintainer:
 * Jorrit Folmer (jorritfolmer)

data/lib/logstash/codecs/netflow/netflow.yaml

@@ -244,12 +244,24 @@
 148:
 - :uint32
 - :conn_id
+150:
+- :uint32
+- :flowStartSeconds
+151:
+- :uint32
+- :flowEndSeconds
 152:
 - 8
 - :flow_start_msec
 153:
 - 8
 - :flow_end_msec
+154:
+- :uint64
+- :flowStartMicroseconds
+155:
+- :uint64
+- :flowEndMicroseconds
 176:
 - :uint8
 - :icmp_type

data/logstash-codec-netflow.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-codec-netflow'
-  s.version         = '3.9.0'
+  s.version         = '3.9.1'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Reads Netflow v5 and Netflow v9 data"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/codecs/netflow_spec.rb

@@ -905,6 +905,85 @@ describe LogStash::Codecs::Netflow do
 
   end
 
+  context "Netflow 9 IE150 IE151" do
+    let(:data) do
+      packets = []
+      packets << IO.read(File.join(File.dirname(__FILE__), "netflow9_test_unknown_tpl266_292_data.dat"), :mode => "rb")
+    end
+
+    let(:json_events) do
+      events = []
+      events << <<-END
+      {
+        "@version": "1",
+        "netflow": {
+          "in_pkts": 1,
+          "ipv4_dst_addr": "192.168.0.2",
+          "src_tos": 0,
+          "flowset_id": 266,
+          "l4_src_port": 137,
+          "version": 9,
+          "flow_seq_num": 35088,
+          "ipv4_src_addr": "192.168.0.3",
+          "protocol": 17,
+          "in_bytes": 78,
+          "egressVRFID": 0,
+          "input_snmp": 13,
+          "flow_sampler_id": 1,
+          "ingressVRFID": 0,
+          "flowEndSeconds": 1512147866,
+          "l4_dst_port": 137,
+          "flowStartSeconds": 1512147866,
+          "direction": 0
+        },
+        "@timestamp": "2017-12-01T17:04:39.000Z"
+      }
+      END
+
+      events << <<-END
+      {
+        "@version": "1",
+        "netflow": {
+          "output_snmp": 13,
+          "in_pkts": 1,
+          "ipv4_dst_addr": "192.168.0.5",
+          "src_tos": 0,
+          "flowset_id": 292,
+          "l4_src_port": 58130,
+          "version": 9,
+          "flow_seq_num": 35088,
+          "ipv4_src_addr": "192.168.0.4",
+          "protocol": 17,
+          "in_bytes": 232,
+          "egressVRFID": 0,
+          "flow_sampler_id": 1,
+          "ingressVRFID": 0,
+          "flowEndSeconds": 1512147869,
+          "l4_dst_port": 6343,
+          "flowStartSeconds": 1512147869,
+          "direction": 1
+        },
+        "@timestamp": "2017-12-01T17:04:39.000Z"
+      }
+      END
+      events.map{|event| event.gsub(/\s+/, "")}
+    end
+
+    it "should decode raw data" do
+      expect(decode.size).to eq(2)
+      expect(decode[1].get("[netflow][flowStartSeconds]")).to eq(1512147869)
+      expect(decode[1].get("[netflow][flowEndSeconds]")).to eq(1512147869)
+    end
+
+    it "should serialize to json" do
+      expect(JSON.parse(decode[0].to_json)).to eq(JSON.parse(json_events[0]))
+      expect(JSON.parse(decode[1].to_json)).to eq(JSON.parse(json_events[1]))
+    end
+
+  end
+
+
+
   context "Netflow 9 Ubiquiti Edgerouter with MPLS labels" do
     let(:data) do
       packets = []

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-codec-netflow
 version: !ruby/object:Gem::Version
-  version: 3.9.0
+  version: 3.9.1
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-12-03 00:00:00.000000000 Z
+date: 2017-12-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -144,6 +144,7 @@ files:
 - spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
 - spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
 - spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
+- spec/codecs/netflow9_test_unknown_tpl266_292_data.dat
 - spec/codecs/netflow9_test_valid01.dat
 - spec/codecs/netflow_spec.rb
 - spec/codecs/netflow_stress.py
@@ -239,6 +240,7 @@ test_files:
 - spec/codecs/netflow9_test_ubnt_edgerouter_data1024.dat
 - spec/codecs/netflow9_test_ubnt_edgerouter_data1025.dat
 - spec/codecs/netflow9_test_ubnt_edgerouter_tpl.dat
+- spec/codecs/netflow9_test_unknown_tpl266_292_data.dat
 - spec/codecs/netflow9_test_valid01.dat
 - spec/codecs/netflow_spec.rb
 - spec/codecs/netflow_stress.py