Added vIPtela support

logstash-plugins · Dec 3, 2017 · bb64b90 · bb64b90
1 parent 9edcec9
commit bb64b90
Show file tree

Hide file tree

Showing 8 changed files with 70 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## 3.9.0
+
+  - Added vIPtela support
+  - Added fields for Cisco ASR1k
+
 ## 3.8.3
 
   - Fixed a race condition that could cause some errors when running in a multithreaded input

diff --git a/CONTRIBUTORS b/CONTRIBUTORS
@@ -20,6 +20,7 @@ Contributors:
 * Marian Craciunescu (marian-craciunescu)
 * Matt Dainty (bodgit)
 * Paul Warren (pwarren)
+* Pedro de Oliveira
 * Philipp Kahr
 * Pier-Hugues Pellerin (ph)
 * Pulkit Agrawal (propulkit)

diff --git a/docs/index.asciidoc b/docs/index.asciidoc
@@ -37,9 +37,10 @@ The following Netflow/IPFIX exporters are known to work with the most recent ver
 |Netflow exporter         | v5 | v9 | IPFIX | Remarks
 |Barracuda Firewall       |    |    |   y   |
 |Cisco ASA                |    | y  |       |  
-|Cisco ASR                |    | y  |       |  
+|Cisco ASR 1k             |    |    |   n   | Fails because of duplicate fields
+|Cisco ASR 9k             |    | y  |       |  
 |Cisco IOS 12.x           |    | y  |       |  
-|Cisco ISR w/ HSL         |    | n  |       | https://github.com/logstash-plugins/logstash-codec-netflow/issues/93
+|Cisco ISR w/ HSL         |    | n  |       | Fails because of duplicate fields, see: https://github.com/logstash-plugins/logstash-codec-netflow/issues/93
 |Cisco WLC                |    | y  |       |
 |Citrix Netscaler         |    |    |   y   | Still some unknown fields, labeled netscalerUnknown<id>
 |fprobe                   |  y |    |       |
@@ -55,6 +56,7 @@ The following Netflow/IPFIX exporters are known to work with the most recent ver
 |Ubiquiti Edgerouter X    |    | y  |       | With MPLS labels
 |VMware VDS               |    |    |   y   | Still some unknown fields
 |YAF                      |    |    |   y   | With silk and applabel, but no DPI plugin support
+|vIPtela                  |    |    |   y   |
 |===========================================================================================
 
 ==== Usage

diff --git a/lib/logstash/codecs/netflow/ipfix.yaml b/lib/logstash/codecs/netflow/ipfix.yaml
@@ -3598,3 +3598,7 @@
   433:
   - :uint64
   - :reverseIgnoredLayer2FrameTotalCount
+41916:
+  4321:
+  - :uint64
+  - :viptelaVPNId
diff --git a/logstash-codec-netflow.gemspec b/logstash-codec-netflow.gemspec
@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-codec-netflow'
-  s.version         = '3.8.3'
+  s.version         = '3.9.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Reads Netflow v5 and Netflow v9 data"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

diff --git a/spec/codecs/ipfix_test_viptela_data257.dat b/spec/codecs/ipfix_test_viptela_data257.dat
diff --git a/spec/codecs/ipfix_test_viptela_tpl257.dat b/spec/codecs/ipfix_test_viptela_tpl257.dat
diff --git a/spec/codecs/netflow_spec.rb b/spec/codecs/netflow_spec.rb
@@ -2020,6 +2020,61 @@
     end
   end
 
+  context "IPFIX vIPtela with VPN id" do
+    let(:data) do
+      packets = []
+      packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_viptela_tpl257.dat"), :mode => "rb")
+      packets << IO.read(File.join(File.dirname(__FILE__), "ipfix_test_viptela_data257.dat"), :mode => "rb")
+    end
+
+    let(:json_events) do
+      events = []
+      events << <<-END
+        {
+          "@version": "1",
+          "netflow": {
+            "destinationTransportPort": 443,
+            "icmpTypeCodeIPv4": 0,
+            "sourceIPv4Address": "10.113.7.54",
+            "ipClassOfService": 48,
+            "ipPrecedence": 1,
+            "maximumIpTotalLength": 277,
+            "egressInterface": 3,
+            "octetDeltaCount": 775,
+            "ipNextHopIPv4Address": "10.0.0.1",
+            "sourceTransportPort": 41717,
+            "viptelaVPNId": 100,
+            "destinationIPv4Address": "172.16.21.27",
+            "octetTotalCount": 775,
+            "minimumIpTotalLength": 70,
+            "ipDiffServCodePoint": 12,
+            "tcpControlBits": 16,
+            "ingressInterface": 11,
+            "version": 10,
+            "packetDeltaCount": 8,
+            "flowEndReason": 3,
+            "protocolIdentifier": 6,
+            "flowEndSeconds": "2017-11-21T14:32:15.000Z",
+            "flowStartSeconds": "2017-11-21T14:32:15.000Z",
+            "packetTotalCount": 8
+          },
+          "@timestamp": "2017-11-21T14:32:15.000Z"
+        }
+        END
+      events.map{|event| event.gsub(/\s+/, "")}
+    end
+
+    it "should decode raw data" do
+      expect(decode.size).to eq(1)
+      expect(decode[0].get("[netflow][viptelaVPNId]")).to eq(100)
+    end
+
+    it "should serialize to json" do
+      expect(JSON.parse(decode[0].to_json)).to eq(JSON.parse(json_events[0]))
+    end
+  end
+
+
 
   context "IPFIX Barracuda firewall" do
     let(:data) do
-Original file line number
+Diff line change
@@ Expand Up / @@ -3598,3 +3598,7 @@ @@
 :
       - :uint64
       - :reverseIgnoredLayer2FrameTotalCount
+:
+:
+      - :uint64
+      - :viptelaVPNId