logstash-codec-netflow 4.0.0 → 4.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/logstash/codecs/netflow.rb +4 -0
  4. data/lib/logstash/codecs/netflow/util.rb +2 -1
  5. data/logstash-codec-netflow.gemspec +1 -1
  6. data/spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat +0 -0
  7. data/spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat +0 -0
  8. data/spec/codecs/netflow_spec.rb +45 -0
  9. metadata +6 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4d93e056a9df39efb7dff2feb887a661a4231313
4
- data.tar.gz: f2e47894941ea4090de24a78028e4b6ec4efc3a6
3
+ metadata.gz: 02d79c8d4e3e6e62b887d17e9161f30bdce7b397
4
+ data.tar.gz: ea75c8b08e31ab585ef4c47f06aefff54e23c75f
5
5
  SHA512:
6
- metadata.gz: a5cdc4f265bb0e91fcd0db9ce19e3b678bc04cb640a094742ba45b38b881526a563ba51342a982d377103eb55a9ee89cc455d03481cf4e409a6065166d2a772c
7
- data.tar.gz: 64e22086639e4595a4b0a3fd988471d5c095b4370046df7d732d03531336bc47a60129c3a57fa267099660951e36f1b99603c04e1b02c431882086b0372b540d
6
+ metadata.gz: dc7647f8b95859bccc245a83d991f7d757b5a34a86e6c8b2c4d407d61994fafd322da4628a2a6108d283e226cfc9b1f5ff38626952177af255dc34717b52de8d
7
+ data.tar.gz: 9a2627caa77a373b0a5223df7e6c2bd1a1f19340a515f4488f5129f409484ed39360a219561b8a1afec36e13bc0f87a47013190ab92995caf5dd30d7f2d76761
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## 4.0.1
2
+
3
+ - Fixed IPFIX options template parsing for Juniper MX240 JunOS 15.1
4
+
1
5
  ## 4.0.0
2
6
 
3
7
  - Added support for RFC6759 decoding of application_id. **This is a breaking change to the way application_id is decoded. The format changes from e.g. 0:40567 to 0..12356..40567**
data/lib/logstash/codecs/netflow.rb CHANGED
@@ -102,6 +102,7 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
102
102
  end # def register
103
103
 
104
104
  def decode(payload, metadata = nil, &block)
105
+ # BinData::trace_reading do
105
106
  header = Header.read(payload)
106
107
 
107
108
  unless @versions.include?(header.version)
@@ -126,13 +127,16 @@ class LogStash::Codecs::Netflow < LogStash::Codecs::Base
126
127
  # end
127
128
  end
128
129
  elsif header.version == 10
130
+ # BinData::trace_reading do
129
131
  flowset = IpfixPDU.read(payload)
130
132
  flowset.records.each do |record|
131
133
  decode_ipfix(flowset, record).each { |event| yield(event) }
132
134
  end
135
+ # end
133
136
  else
134
137
  @logger.warn("Unsupported Netflow version v#{header.version}")
135
138
  end
139
+ # end
136
140
  rescue BinData::ValidityError, IOError => e
137
141
  @logger.warn("Invalid netflow packet received (#{e})")
138
142
  end
data/lib/logstash/codecs/netflow/util.rb CHANGED
@@ -443,7 +443,7 @@ end
443
443
 
444
444
  class IpfixOptionFlowset < BinData::Record
445
445
  endian :big
446
- array :templates, :read_until => lambda { flowset_length - 4 - array.num_bytes <= 2 } do
446
+ array :templates, :read_until => lambda { flowset_length - 4 } do
447
447
  uint16 :template_id
448
448
  uint16 :field_count
449
449
  uint16 :scope_count, :assert => lambda { scope_count > 0 }
@@ -459,6 +459,7 @@ class IpfixOptionFlowset < BinData::Record
459
459
  uint16 :field_length
460
460
  uint32 :enterprise_id, :onlyif => lambda { enterprise != 0 }
461
461
  end
462
+ string :padding, :read_length => lambda { flowset_length - 4 - 2 - 2 - 2 - scope_fields.num_bytes - option_fields.num_bytes }
462
463
  end
463
464
  end
464
465
 
data/logstash-codec-netflow.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-codec-netflow'
4
- s.version = '4.0.0'
4
+ s.version = '4.0.1'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Reads Netflow v5, Netflow v9 and IPFIX data"
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
data/spec/codecs/netflow_spec.rb CHANGED
@@ -1161,6 +1161,51 @@ describe LogStash::Codecs::Netflow do
1161
1161
 
1162
1162
  end
1163
1163
 
1164
+ context "IPFIX options template from Juniper MX240 JunOS 15.1 R6 S3" do
1165
+ let(:data) do
1166
+ packets = []
1167
+ packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat"), :mode => "rb")
1168
+ packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_juniper_mx240_junos151r6s3_data512.dat"), :mode => "rb")
1169
+ end
1170
+
1171
+ let(:json_events) do
1172
+ events = []
1173
+ events << <<-END
1174
+ {
1175
+ "@timestamp": "2018-06-01T15:11:53.000Z",
1176
+ "@version": "1",
1177
+ "netflow": {
1178
+ "exportProtocolVersion": 10,
1179
+ "exportingProcessId": 2,
1180
+ "flowActiveTimeout": 60,
1181
+ "exportTransportProtocol": 17,
1182
+ "flowIdleTimeout": 60,
1183
+ "exportedFlowRecordTotalCount": 76,
1184
+ "exportedMessageTotalCount": 76,
1185
+ "samplingInterval": 1000,
1186
+ "exporterIPv6Address": "::",
1187
+ "systemInitTimeMilliseconds": 1262761598000,
1188
+ "version": 10,
1189
+ "exporterIPv4Address": "10.0.0.1"
1190
+ }
1191
+ }
1192
+ END
1193
+
1194
+ events.map{|event| event.gsub(/\s+/, "")}
1195
+ end
1196
+
1197
+ it "should decode raw data" do
1198
+ expect(decode.size).to eq(1)
1199
+ expect(decode[0].get("[netflow][exporterIPv4Address]")).to eq("10.0.0.1")
1200
+ end
1201
+
1202
+ it "should serialize to json" do
1203
+ expect(JSON.parse(decode[0].to_json)).to eq(JSON.parse(json_events[0]))
1204
+ end
1205
+
1206
+ end
1207
+
1208
+
1164
1209
  context "IPFIX Nokia BRAS" do
1165
1210
  let(:data) do
1166
1211
  packets = []
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-codec-netflow
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0
4
+ version: 4.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-05-31 00:00:00.000000000 Z
11
+ date: 2018-06-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -85,6 +85,8 @@ files:
85
85
  - spec/codecs/ipfix_test_barracuda_extended_uniflow_data256.dat
86
86
  - spec/codecs/ipfix_test_barracuda_extended_uniflow_tpl256.dat
87
87
  - spec/codecs/ipfix_test_barracuda_tpl.dat
88
+ - spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat
89
+ - spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat
88
90
  - spec/codecs/ipfix_test_mikrotik_data258.dat
89
91
  - spec/codecs/ipfix_test_mikrotik_data259.dat
90
92
  - spec/codecs/ipfix_test_mikrotik_tpl.dat
@@ -203,6 +205,8 @@ test_files:
203
205
  - spec/codecs/ipfix_test_barracuda_extended_uniflow_data256.dat
204
206
  - spec/codecs/ipfix_test_barracuda_extended_uniflow_tpl256.dat
205
207
  - spec/codecs/ipfix_test_barracuda_tpl.dat
208
+ - spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_data512.dat
209
+ - spec/codecs/ipfix_test_juniper_mx240_junos151r6s3_opttpl512.dat
206
210
  - spec/codecs/ipfix_test_mikrotik_data258.dat
207
211
  - spec/codecs/ipfix_test_mikrotik_data259.dat
208
212
  - spec/codecs/ipfix_test_mikrotik_tpl.dat