fix(inputs.netflow): Handle PEN messages correctly (#13320)
This commit is contained in:
Sven Rebhan
GitHub
parent
225a82ca6b
commit
60ee14d50b
|
|
@ -2,6 +2,7 @@ package netflow
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"strconv"
|
||||
|
|
@ -530,6 +531,7 @@ type netflowDecoder struct {
|
|||
templates map[string]*netflow.BasicTemplateSystem
|
||||
mappingsV9 map[uint16]fieldMapping
|
||||
mappingsIPFIX map[uint16]fieldMapping
|
||||
mappingsPEN map[string]fieldMapping
|
||||
|
||||
sync.Mutex
|
||||
}
|
||||
|
|
@ -552,7 +554,12 @@ func (d *netflowDecoder) Decode(srcIP net.IP, payload []byte) ([]telegraf.Metric
|
|||
buf := bytes.NewBuffer(payload)
|
||||
packet, err := netflow.DecodeMessage(buf, templates)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
var terr *netflow.ErrorTemplateNotFound
|
||||
if errors.As(err, &terr) {
|
||||
d.Log.Warnf("%v; skipping packet", err)
|
||||
return nil, nil
|
||||
}
|
||||
return nil, fmt.Errorf("decoding message failed: %w", err)
|
||||
}
|
||||
|
||||
// Extract metrics
|
||||
|
|
@ -571,7 +578,13 @@ func (d *netflowDecoder) Decode(srcIP net.IP, payload []byte) ([]telegraf.Metric
|
|||
}
|
||||
fields := make(map[string]interface{})
|
||||
for _, value := range record.Values {
|
||||
for _, field := range d.decodeValueV9(value) {
|
||||
var extracted []telegraf.Field
|
||||
if value.PenProvided {
|
||||
extracted = d.decodeValuePEN(value)
|
||||
} else {
|
||||
extracted = d.decodeValueV9(value)
|
||||
}
|
||||
for _, field := range extracted {
|
||||
fields[field.Key] = field.Value
|
||||
}
|
||||
}
|
||||
|
|
@ -594,7 +607,13 @@ func (d *netflowDecoder) Decode(srcIP net.IP, payload []byte) ([]telegraf.Metric
|
|||
fields := make(map[string]interface{})
|
||||
t := time.Now()
|
||||
for _, value := range record.Values {
|
||||
for _, field := range d.decodeValueIPFIX(value) {
|
||||
var extracted []telegraf.Field
|
||||
if value.PenProvided {
|
||||
extracted = d.decodeValuePEN(value)
|
||||
} else {
|
||||
extracted = d.decodeValueIPFIX(value)
|
||||
}
|
||||
for _, field := range extracted {
|
||||
fields[field.Key] = field.Value
|
||||
}
|
||||
}
|
||||
|
|
@ -620,6 +639,7 @@ func (d *netflowDecoder) Init() error {
|
|||
d.templates = make(map[string]*netflow.BasicTemplateSystem)
|
||||
d.mappingsV9 = make(map[uint16]fieldMapping)
|
||||
d.mappingsIPFIX = make(map[uint16]fieldMapping)
|
||||
d.mappingsPEN = make(map[string]fieldMapping)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
@ -707,3 +727,24 @@ func (d *netflowDecoder) decodeValueIPFIX(field netflow.DataField) []telegraf.Fi
|
|||
name := "type_" + strconv.FormatUint(uint64(field.Type), 10)
|
||||
return []telegraf.Field{{Key: name, Value: decodeHex(raw)}}
|
||||
}
|
||||
|
||||
func (d *netflowDecoder) decodeValuePEN(field netflow.DataField) []telegraf.Field {
|
||||
raw := field.Value.([]byte)
|
||||
|
||||
var prefix string
|
||||
elementID := field.Type
|
||||
if field.Type&0x4000 != 0 {
|
||||
prefix = "rev_"
|
||||
elementID = field.Type & (0x4000 ^ 0xffff)
|
||||
}
|
||||
|
||||
key := fmt.Sprintf("%d.%d", field.Pen, elementID)
|
||||
if m, found := d.mappingsPEN[key]; found {
|
||||
return []telegraf.Field{{Key: m.name, Value: m.decoder(raw)}}
|
||||
}
|
||||
|
||||
// Return the raw data if no mapping was found
|
||||
d.Log.Debugf("unknown PEN data field %v", field)
|
||||
name := fmt.Sprintf("type_%d_%s%d", field.Pen, prefix, elementID)
|
||||
return []telegraf.Field{{Key: name, Value: decodeHex(raw)}}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package netflow
|
||||
|
||||
import (
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
|
|
@ -11,12 +12,13 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/influxdata/telegraf"
|
||||
"github.com/influxdata/telegraf/config"
|
||||
"github.com/influxdata/telegraf/plugins/inputs"
|
||||
"github.com/influxdata/telegraf/plugins/parsers/influx"
|
||||
"github.com/influxdata/telegraf/testutil"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestInit(t *testing.T) {
|
||||
|
|
@ -114,6 +116,48 @@ func TestInit(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestMissingTemplate(t *testing.T) {
|
||||
raw := "000a00bc646b84c000000000000000e7010500ac000000000001dbe100000000"
|
||||
raw += "0000038a060018bdeac0a802c8000000000001bb6810f9f90000000000000000"
|
||||
raw += "000157b8c40155f28a00005056b3e365005056b3a7f804646b8471646b84e600"
|
||||
raw += "00018843fd5cf60000018843ff232e000000000000000e00000000000007bc00"
|
||||
raw += "000005000009560000000300dc00000000000000000000000000000e3130342e"
|
||||
raw += "31362e3234392e3234390e3130342e31362e3234392e323439000000"
|
||||
msg, err := hex.DecodeString(raw)
|
||||
require.NoError(t, err)
|
||||
|
||||
var acc testutil.Accumulator
|
||||
var logger testutil.CaptureLogger
|
||||
plugin := &NetFlow{
|
||||
ServiceAddress: "udp://127.0.0.1:0",
|
||||
Log: &logger,
|
||||
}
|
||||
require.NoError(t, plugin.Init())
|
||||
require.NoError(t, plugin.Start(&acc))
|
||||
defer plugin.Stop()
|
||||
|
||||
// Create a client without TLS
|
||||
addr := plugin.conn.LocalAddr()
|
||||
client, err := createClient(plugin.ServiceAddress, addr)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Write the message
|
||||
_, err = client.Write(msg)
|
||||
require.NoErrorf(t, err, "writing message failed: %v", err)
|
||||
require.NoError(t, client.Close())
|
||||
|
||||
// We expect a warning here
|
||||
require.Eventually(t, func() bool {
|
||||
return len(logger.Warnings()) > 0
|
||||
}, 3*time.Second, 100*time.Millisecond, "did not receive expected warnings")
|
||||
|
||||
var found bool
|
||||
for _, w := range logger.Warnings() {
|
||||
found = found || strings.Contains(w, "No info template 261 found for and domain id 231; skipping packet")
|
||||
}
|
||||
require.True(t, found, "warning not found")
|
||||
}
|
||||
|
||||
func TestCases(t *testing.T) {
|
||||
// Get all directories in testdata
|
||||
folders, err := os.ReadDir("testcases")
|
||||
|
|
|
|||
|
|
@ -1,29 +1,29 @@
|
|||
netflow,source=127.0.0.1,version=IPFIX protocol="tcp",vlan_src=0u,src_tos="0x00",flow_end_ms=1666345513807u,src="192.168.119.100",dst="44.233.90.52",src_port=51008u,total_bytes_exported=0u,flow_end_reason="end of flow",flow_start_ms=1666345513807u,in_total_bytes=52u,in_total_packets=1u,dst_port=443u
|
||||
netflow,source=127.0.0.1,version=IPFIX src_tos="0x00",src_port=54330u,rev_total_bytes_exported=0u,last_switched=9u,vlan_src=0u,flow_start_ms=1666345513807u,in_total_packets=1u,flow_end_reason="end of flow",flow_end_ms=1666345513816u,in_total_bytes=40u,dst_port=443u,src="192.168.119.100",dst="104.17.240.92",total_bytes_exported=0u,protocol="tcp"
|
||||
netflow,source=127.0.0.1,version=IPFIX flow_start_ms=1666345513807u,flow_end_ms=1666345513977u,src="192.168.119.100",dst_port=443u,total_bytes_exported=0u,last_switched=170u,src_tos="0x00",in_total_bytes=40u,dst="44.233.90.52",src_port=51024u,protocol="tcp",flow_end_reason="end of flow",in_total_packets=1u,rev_total_bytes_exported=0u,vlan_src=0u
|
||||
netflow,source=127.0.0.1,version=IPFIX src_port=58246u,total_bytes_exported=1u,flow_start_ms=1666345513806u,flow_end_ms=1666345513806u,in_total_bytes=156u,src="192.168.119.100",rev_total_bytes_exported=0u,last_switched=0u,flow_end_reason="forced end",dst="192.168.119.17",dst_port=53u,protocol="udp",in_total_packets=2u,vlan_src=0u,src_tos="0x00"
|
||||
netflow,source=127.0.0.1,version=IPFIX protocol="udp",vlan_src=0u,src_port=58879u,dst_port=53u,flow_end_ms=1666345513832u,src_tos="0x00",src="192.168.119.100",total_bytes_exported=1u,rev_total_bytes_exported=0u,flow_end_reason="forced end",last_switched=33u,in_total_bytes=221u,in_total_packets=2u,flow_start_ms=1666345513799u,dst="192.168.119.17"
|
||||
netflow,source=127.0.0.1,version=IPFIX in_total_packets=2u,dst="192.168.119.17",last_switched=0u,in_total_bytes=522u,flow_end_reason="forced end",flow_start_ms=1666345514150u,src_tos="0x00",flow_end_ms=1666345514167u,src="192.168.119.100",src_port=56439u,dst_port=53u,total_bytes_exported=1u,rev_total_bytes_exported=0u,protocol="udp",vlan_src=0u
|
||||
netflow,source=127.0.0.1,version=IPFIX in_total_packets=68u,last_switched=18u,in_total_bytes=70228u,dst="34.149.140.181",src_tos="0x00",flow_start_ms=1666345513832u,rev_total_bytes_exported=0u,protocol="udp",vlan_src=0u,total_bytes_exported=0u,src="192.168.119.100",src_port=57795u,dst_port=443u,flow_end_reason="forced end",flow_end_ms=1666345514328u
|
||||
netflow,source=127.0.0.1,version=IPFIX in_total_packets=4u,src="192.168.119.100",dst="239.255.255.250",src_port=57622u,protocol="udp",vlan_src=0u,src_tos="0x00",flow_start_ms=1666345512753u,flow_end_ms=1666345515756u,in_total_bytes=784u,dst_port=1900u,total_bytes_exported=1u,flow_end_reason="forced end"
|
||||
netflow,source=127.0.0.1,version=IPFIX flow_start_ms=1666345512531u,in_total_bytes=92215u,src="192.168.119.100",rev_total_bytes_exported=0u,flow_end_reason="forced end",vlan_src=0u,src_tos="0x00",flow_end_ms=1666345519408u,in_total_packets=102u,dst="216.58.212.132",src_port=54458u,dst_port=443u,last_switched=17u,total_bytes_exported=0u,protocol="udp"
|
||||
netflow,source=127.0.0.1,version=IPFIX dst="13.32.99.76",flow_start_ms=1666345519932u,src="192.168.119.100",vlan_src=0u,flow_end_ms=1666345519942u,flow_end_reason="forced end",dst_port=443u,rev_total_bytes_exported=0u,protocol="tcp",last_switched=10u,in_total_packets=1u,src_port=60758u,src_tos="0x00",in_total_bytes=52u,total_bytes_exported=0u
|
||||
netflow,source=127.0.0.1,version=IPFIX flow_start_ms=1666345519932u,total_bytes_exported=0u,protocol="tcp",last_switched=10u,vlan_src=0u,src_port=58432u,src_tos="0x00",flow_end_ms=1666345519942u,in_total_bytes=40u,in_total_packets=1u,rev_total_bytes_exported=0u,flow_end_reason="forced end",src="192.168.119.100",dst="104.17.146.91",dst_port=443u
|
||||
netflow,source=127.0.0.1,version=IPFIX dst_port=53u,rev_total_bytes_exported=0u,src_tos="0x00",in_total_bytes=284u,dst="192.168.119.17",last_switched=0u,src_port=36397u,total_bytes_exported=1u,protocol="udp",flow_start_ms=1666345521006u,in_total_packets=2u,flow_end_reason="forced end",vlan_src=0u,flow_end_ms=1666345521006u,src="192.168.119.100"
|
||||
netflow,source=127.0.0.1,version=IPFIX in_total_packets=2u,dst_port=53u,flow_start_ms=1666345520998u,flow_end_ms=1666345521019u,rev_total_bytes_exported=0u,last_switched=0u,src="192.168.119.100",dst="192.168.119.17",src_port=39786u,flow_end_reason="forced end",vlan_src=0u,src_tos="0x00",in_total_bytes=193u,total_bytes_exported=1u,protocol="udp"
|
||||
netflow,source=127.0.0.1,version=IPFIX protocol="tcp",src_tos="0x00",flow_start_ms=1666345521006u,flow_end_ms=1666345521032u,rev_total_bytes_exported=0u,total_bytes_exported=0u,vlan_src=0u,in_total_packets=4u,src="192.168.119.100",src_port=52370u,dst_port=443u,flow_end_reason="forced end",last_switched=9u,in_total_bytes=653u,dst="185.199.109.154"
|
||||
netflow,source=127.0.0.1,version=IPFIX dst="192.168.119.17",dst_port=53u,vlan_src=0u,flow_start_ms=1666345521742u,in_total_packets=2u,flow_end_reason="forced end",last_switched=0u,flow_end_ms=1666345521742u,src_port=44461u,total_bytes_exported=1u,rev_total_bytes_exported=0u,src="192.168.119.100",protocol="udp",src_tos="0x00",in_total_bytes=326u
|
||||
netflow,source=127.0.0.1,version=IPFIX total_bytes_exported=0u,protocol="tcp",last_switched=9u,vlan_src=0u,flow_end_ms=1666345521771u,in_total_packets=4u,flow_end_reason="forced end",src_port=52376u,rev_total_bytes_exported=0u,in_total_bytes=653u,src="192.168.119.100",dst_port=443u,src_tos="0x00",flow_start_ms=1666345521742u,dst="185.199.109.154"
|
||||
netflow,source=127.0.0.1,version=IPFIX src="192.168.119.100",rev_total_bytes_exported=0u,last_switched=0u,in_total_bytes=334u,vlan_src=0u,src_tos="0x00",in_total_packets=2u,dst="192.168.119.17",src_port=51858u,total_bytes_exported=1u,flow_end_reason="forced end",flow_start_ms=1666345521780u,flow_end_ms=1666345521780u,dst_port=53u,protocol="udp"
|
||||
netflow,source=127.0.0.1,version=IPFIX flow_end_reason="forced end",src_tos="0x00",in_total_bytes=344u,rev_total_bytes_exported=0u,last_switched=13u,dst_port=53u,vlan_src=0u,flow_start_ms=1666345521780u,flow_end_ms=1666345521794u,src_port=34970u,total_bytes_exported=1u,protocol="udp",in_total_packets=2u,src="192.168.119.100",dst="192.168.119.17"
|
||||
netflow,source=127.0.0.1,version=IPFIX dst="192.168.119.17",total_bytes_exported=1u,dst_port=53u,rev_total_bytes_exported=0u,flow_start_ms=1666345521813u,src_port=52794u,protocol="udp",flow_end_reason="forced end",vlan_src=0u,flow_end_ms=1666345521836u,in_total_bytes=290u,last_switched=23u,src_tos="0x00",in_total_packets=2u,src="192.168.119.100"
|
||||
netflow,source=127.0.0.1,version=IPFIX in_total_bytes=318u,total_bytes_exported=1u,vlan_src=0u,src_tos="0x00",dst_port=53u,protocol="udp",flow_end_reason="forced end",flow_start_ms=1666345522036u,in_total_packets=2u,flow_end_ms=1666345522050u,src="192.168.119.100",dst="192.168.119.17",src_port=43629u,rev_total_bytes_exported=0u,last_switched=11u
|
||||
netflow,source=127.0.0.1,version=IPFIX in_total_packets=2u,flow_end_reason="forced end",vlan_src=0u,flow_end_ms=1666345522240u,dst="192.168.119.17",src="192.168.119.100",total_bytes_exported=1u,rev_total_bytes_exported=0u,protocol="udp",last_switched=0u,src_tos="0x00",in_total_bytes=279u,src_port=48781u,dst_port=53u,flow_start_ms=1666345522229u
|
||||
netflow,source=127.0.0.1,version=IPFIX src_tos="0x00",flow_start_ms=1666345522279u,dst="192.168.119.17",dst_port=53u,total_bytes_exported=1u,rev_total_bytes_exported=0u,last_switched=0u,in_total_bytes=201u,src_port=43078u,flow_end_reason="forced end",vlan_src=0u,flow_end_ms=1666345522291u,in_total_packets=2u,src="192.168.119.100",protocol="udp"
|
||||
netflow,source=127.0.0.1,version=IPFIX flow_start_ms=1666345521806u,in_total_bytes=19213u,src="192.168.119.100",src_tos="0x00",vlan_src=0u,flow_end_ms=1666345525312u,in_total_packets=98u,src_port=49880u,protocol="tcp",dst_port=443u,total_bytes_exported=0u,rev_total_bytes_exported=0u,last_switched=8u,dst="185.199.111.133",flow_end_reason="forced end"
|
||||
netflow,source=127.0.0.1,version=IPFIX src="192.168.119.100",src_tos="0x00",flow_start_ms=1666345522240u,flow_end_ms=1666345525417u,vlan_src=0u,total_bytes_exported=0u,protocol="tcp",flow_end_reason="forced end",in_total_packets=15u,dst="140.82.113.21",dst_port=443u,rev_total_bytes_exported=0u,last_switched=102u,in_total_bytes=5660u,src_port=43438u
|
||||
netflow,source=127.0.0.1,version=IPFIX rev_total_bytes_exported=0u,protocol="tcp",last_switched=9u,flow_start_ms=1666345522291u,in_total_bytes=9678u,dst="140.82.121.6",src_tos="0x00",total_bytes_exported=0u,vlan_src=0u,in_total_packets=50u,src="192.168.119.100",dst_port=443u,flow_end_ms=1666345525576u,src_port=59884u,flow_end_reason="forced end"
|
||||
netflow,source=127.0.0.1,version=IPFIX rev_total_bytes_exported=0u,flow_end_reason="forced end",flow_end_ms=1666345525645u,in_total_bytes=3896u,in_total_packets=9u,last_switched=0u,src_tos="0x00",protocol="tcp",vlan_src=0u,src="140.82.113.25",dst="192.168.119.100",total_bytes_exported=0u,flow_start_ms=1666345518733u,src_port=443u,dst_port=49448u
|
||||
netflow,source=127.0.0.1,version=IPFIX src="192.168.119.100",dst="142.250.186.170",rev_total_bytes_exported=0u,in_total_packets=21u,dst_port=443u,protocol="udp",last_switched=18u,vlan_src=0u,flow_start_ms=1666345514168u,flow_end_ms=1666345525871u,in_total_bytes=5520u,total_bytes_exported=0u,flow_end_reason="forced end",src_port=58246u,src_tos="0x00"
|
||||
netflow,source=127.0.0.1,version=IPFIX flow_end_ms=1666345525880u,dst_port=443u,rev_total_bytes_exported=0u,flow_end_reason="forced end",src_tos="0x00",dst="140.82.121.3",src_port=37792u,vlan_src=0u,in_total_packets=212u,total_bytes_exported=0u,protocol="tcp",flow_start_ms=1666345521019u,in_total_bytes=254425u,src="192.168.119.100",last_switched=9u
|
||||
netflow,source=127.0.0.1,version=IPFIX src="192.168.119.100",total_bytes_exported=1u,flow_end_reason="forced end",vlan_src=0u,flow_end_ms=1666345527739u,in_total_packets=2u,rev_total_bytes_exported=0u,last_switched=0u,flow_start_ms=1666345527739u,dst="192.168.119.17",protocol="udp",in_total_bytes=164u,dst_port=53u,src_port=50077u,src_tos="0x00"
|
||||
netflow,source=127.0.0.1,version=IPFIX protocol="tcp",dst_port=443u,in_total_bytes=52u,src_tos="0x00",dst="44.233.90.52",src_port=51008u,flow_end_reason="end of flow",in_total_packets=1u,src="192.168.119.100",type_6871_40="0x0000",flow_start_ms=1666345513807u,vlan_src=0u,flow_end_ms=1666345513807u 1684917213504248417
|
||||
netflow,source=127.0.0.1,version=IPFIX type_29305_5="0x00",in_total_bytes=80u,type_29305_86="0x00000001",in_total_packets=2u,type_29305_85="0x00000028",flow_end_reason="end of flow",vlan_src=0u,src="192.168.119.100",flow_end_ms=1666345513816u,dst_port=443u,protocol="tcp",type_6871_21="0x00000009",dst="104.17.240.92",type_29305_58="0x0000",type_6871_40="0x0000",type_6871_rev_40="0x0000",flow_start_ms=1666345513807u,src_port=54330u,src_tos="0x00" 1684917213504502791
|
||||
netflow,source=127.0.0.1,version=IPFIX src="192.168.119.100",dst="44.233.90.52",type_6871_rev_40="0x0000",dst_port=443u,type_6871_21="0x000000aa",type_6871_40="0x0000",flow_end_reason="end of flow",flow_end_ms=1666345513977u,type_29305_85="0x00000028",type_29305_5="0x00",vlan_src=0u,flow_start_ms=1666345513807u,src_tos="0x00",protocol="tcp",src_port=51024u,type_29305_86="0x00000001",in_total_bytes=52u,in_total_packets=1u,type_29305_58="0x0000" 1684917213504688593
|
||||
netflow,source=127.0.0.1,version=IPFIX flow_end_reason="forced end",src_port=58246u,src="192.168.119.100",flow_end_ms=1666345513806u,dst_port=53u,flow_start_ms=1666345513806u,in_total_packets=2u,src_tos="0x00",type_29305_58="0x0000",in_total_bytes=140u,type_6871_21="0x00000000",protocol="udp",type_6871_rev_40="0x0000",vlan_src=0u,type_6871_40="0x0001",type_29305_5="0x00",type_29305_85="0x0000009c",type_29305_86="0x00000002",dst="192.168.119.17" 1684917213504857795
|
||||
netflow,source=127.0.0.1,version=IPFIX type_29305_86="0x00000002",type_29305_58="0x0000",protocol="udp",type_29305_85="0x000000dd",dst="192.168.119.17",in_total_packets=2u,type_6871_rev_40="0x0000",flow_end_ms=1666345513832u,src="192.168.119.100",src_port=58879u,type_6871_21="0x00000021",vlan_src=0u,flow_end_reason="forced end",type_6871_40="0x0001",flow_start_ms=1666345513799u,type_29305_5="0x00",dst_port=53u,src_tos="0x00",in_total_bytes=112u 1684917213505013747
|
||||
netflow,source=127.0.0.1,version=IPFIX protocol="udp",type_6871_rev_40="0x0000",vlan_src=0u,type_6871_40="0x0001",type_29305_58="0x0000",type_29305_5="0x00",dst="192.168.119.17",type_29305_86="0x00000002",src="192.168.119.100",flow_end_ms=1666345514167u,type_29305_85="0x0000020a",dst_port=53u,flow_end_reason="forced end",type_6871_21="0x00000000",src_tos="0x00",src_port=56439u,flow_start_ms=1666345514150u,in_total_packets=2u,in_total_bytes=154u 1684917213505160049
|
||||
netflow,source=127.0.0.1,version=IPFIX type_6871_rev_40="0x0000",type_29305_85="0x00011254",dst_port=443u,type_29305_86="0x00000044",flow_start_ms=1666345513832u,src="192.168.119.100",in_total_bytes=5853u,protocol="udp",flow_end_reason="forced end",vlan_src=0u,in_total_packets=43u,type_29305_58="0x0000",type_6871_40="0x0000",flow_end_ms=1666345514328u,src_tos="0x00",src_port=57795u,dst="34.149.140.181",type_29305_5="0x00",type_6871_21="0x00000012" 1684917213505306401
|
||||
netflow,source=127.0.0.1,version=IPFIX src_tos="0x00",flow_start_ms=1666345512753u,dst="239.255.255.250",src="192.168.119.100",type_6871_40="0x0001",dst_port=1900u,protocol="udp",vlan_src=0u,src_port=57622u,flow_end_ms=1666345515756u,flow_end_reason="forced end",in_total_bytes=784u,in_total_packets=4u 1684917213505453773
|
||||
netflow,source=127.0.0.1,version=IPFIX protocol="udp",type_29305_5="0x00",flow_start_ms=1666345512531u,type_6871_21="0x00000011",type_29305_86="0x00000066",type_29305_58="0x0000",flow_end_ms=1666345519408u,dst="216.58.212.132",flow_end_reason="forced end",in_total_bytes=6105u,type_6871_rev_40="0x0000",in_total_packets=60u,vlan_src=0u,src_tos="0x00",dst_port=443u,src_port=54458u,type_6871_40="0x0000",type_29305_85="0x00016837",src="192.168.119.100" 1684917213505487043
|
||||
netflow,source=127.0.0.1,version=IPFIX type_6871_rev_40="0x0000",type_29305_86="0x00000001",flow_start_ms=1666345519932u,src_tos="0x00",in_total_bytes=52u,flow_end_ms=1666345519942u,type_29305_58="0x0000",type_6871_21="0x0000000a",in_total_packets=1u,dst="13.32.99.76",src="192.168.119.100",vlan_src=0u,protocol="tcp",src_port=60758u,type_6871_40="0x0000",type_29305_5="0x00",dst_port=443u,flow_end_reason="forced end",type_29305_85="0x00000034" 1684917213505641375
|
||||
netflow,source=127.0.0.1,version=IPFIX type_29305_58="0x0000",protocol="tcp",type_6871_21="0x0000000a",src="192.168.119.100",src_tos="0x00",in_total_packets=1u,type_6871_40="0x0000",flow_end_ms=1666345519942u,type_6871_rev_40="0x0000",flow_start_ms=1666345519932u,type_29305_86="0x00000001",in_total_bytes=40u,dst_port=443u,vlan_src=0u,type_29305_5="0x00",type_29305_85="0x00000028",flow_end_reason="forced end",dst="104.17.146.91",src_port=58432u 1684917213505792347
|
||||
netflow,source=127.0.0.1,version=IPFIX type_6871_rev_40="0x0000",src_port=36397u,flow_start_ms=1666345521006u,type_29305_5="0x00",src_tos="0x00",in_total_bytes=138u,type_29305_85="0x0000011c",type_6871_21="0x00000000",type_6871_40="0x0001",vlan_src=0u,protocol="udp",dst_port=53u,src="192.168.119.100",type_29305_58="0x0000",in_total_packets=2u,type_29305_86="0x00000002",flow_end_ms=1666345521006u,dst="192.168.119.17",flow_end_reason="forced end" 1684917213505948399
|
||||
netflow,source=127.0.0.1,version=IPFIX type_29305_58="0x0000",src="192.168.119.100",type_29305_86="0x00000002",flow_end_reason="forced end",in_total_packets=2u,type_6871_21="0x00000000",flow_start_ms=1666345520998u,type_6871_40="0x0001",vlan_src=0u,protocol="udp",type_6871_rev_40="0x0000",src_port=39786u,type_29305_85="0x000000c1",in_total_bytes=112u,dst_port=53u,dst="192.168.119.17",src_tos="0x00",type_29305_5="0x00",flow_end_ms=1666345521019u 1684917213506093831
|
||||
netflow,source=127.0.0.1,version=IPFIX dst_port=443u,type_6871_21="0x00000009",flow_start_ms=1666345521006u,vlan_src=0u,type_29305_58="0x0000",src_tos="0x00",src="192.168.119.100",type_6871_40="0x0000",flow_end_ms=1666345521032u,src_port=52370u,type_29305_85="0x0000028d",in_total_bytes=860u,type_6871_rev_40="0x0000",type_29305_5="0x00",flow_end_reason="forced end",type_29305_86="0x00000004",in_total_packets=5u,protocol="tcp",dst="185.199.109.154" 1684917213506254733
|
||||
netflow,source=127.0.0.1,version=IPFIX flow_end_ms=1666345521742u,vlan_src=0u,type_6871_40="0x0001",in_total_packets=2u,type_29305_58="0x0000",src_tos="0x00",src_port=44461u,dst="192.168.119.17",type_29305_5="0x00",type_29305_86="0x00000002",type_6871_21="0x00000000",type_29305_85="0x00000146",flow_start_ms=1666345521742u,in_total_bytes=150u,type_6871_rev_40="0x0000",src="192.168.119.100",protocol="udp",dst_port=53u,flow_end_reason="forced end" 1684917213506407245
|
||||
netflow,source=127.0.0.1,version=IPFIX src="192.168.119.100",in_total_packets=5u,protocol="tcp",flow_end_reason="forced end",flow_start_ms=1666345521742u,type_6871_21="0x00000009",vlan_src=0u,dst="185.199.109.154",type_6871_40="0x0000",type_29305_58="0x0000",type_29305_85="0x0000028d",dst_port=443u,type_29305_5="0x00",flow_end_ms=1666345521771u,in_total_bytes=860u,src_port=52376u,type_29305_86="0x00000004",src_tos="0x00",type_6871_rev_40="0x0000" 1684917213506554437
|
||||
netflow,source=127.0.0.1,version=IPFIX type_6871_21="0x00000000",vlan_src=0u,src_tos="0x00",flow_end_reason="forced end",flow_start_ms=1666345521780u,flow_end_ms=1666345521780u,type_6871_40="0x0001",src="192.168.119.100",type_29305_86="0x00000002",protocol="udp",dst_port=53u,type_29305_5="0x00",dst="192.168.119.17",type_29305_58="0x0000",in_total_packets=2u,in_total_bytes=158u,src_port=51858u,type_6871_rev_40="0x0000",type_29305_85="0x0000014e" 1684917213506702419
|
||||
netflow,source=127.0.0.1,version=IPFIX type_29305_5="0x00",vlan_src=0u,in_total_bytes=150u,flow_start_ms=1666345521780u,protocol="udp",in_total_packets=2u,dst_port=53u,dst="192.168.119.17",src="192.168.119.100",type_29305_86="0x00000002",src_port=34970u,flow_end_reason="forced end",type_6871_40="0x0001",type_29305_58="0x0000",type_29305_85="0x00000158",type_6871_rev_40="0x0000",src_tos="0x00",flow_end_ms=1666345521794u,type_6871_21="0x0000000d" 1684917213506851241
|
||||
netflow,source=127.0.0.1,version=IPFIX type_29305_58="0x0000",vlan_src=0u,type_29305_5="0x00",dst_port=53u,flow_end_ms=1666345521836u,src_port=52794u,type_6871_40="0x0001",flow_start_ms=1666345521813u,type_6871_rev_40="0x0000",in_total_bytes=144u,in_total_packets=2u,type_6871_21="0x00000017",protocol="udp",flow_end_reason="forced end",src_tos="0x00",type_29305_86="0x00000002",type_29305_85="0x00000122",dst="192.168.119.17",src="192.168.119.100" 1684917213507002733
|
||||
netflow,source=127.0.0.1,version=IPFIX in_total_bytes=142u,in_total_packets=2u,src_port=43629u,src_tos="0x00",dst="192.168.119.17",type_6871_rev_40="0x0000",vlan_src=0u,protocol="udp",type_6871_40="0x0001",type_29305_58="0x0000",dst_port=53u,flow_end_ms=1666345522050u,type_6871_21="0x0000000b",type_29305_5="0x00",src="192.168.119.100",type_29305_86="0x00000002",flow_end_reason="forced end",flow_start_ms=1666345522036u,type_29305_85="0x0000013e" 1684917213507151155
|
||||
netflow,source=127.0.0.1,version=IPFIX src_port=48781u,dst_port=53u,protocol="udp",dst="192.168.119.17",type_29305_85="0x00000117",type_29305_5="0x00",src="192.168.119.100",type_6871_40="0x0001",flow_start_ms=1666345522229u,type_6871_21="0x00000000",type_29305_86="0x00000002",type_6871_rev_40="0x0000",flow_end_reason="forced end",vlan_src=0u,src_tos="0x00",in_total_bytes=132u,flow_end_ms=1666345522240u,in_total_packets=2u,type_29305_58="0x0000" 1684917213507318937
|
||||
netflow,source=127.0.0.1,version=IPFIX src_tos="0x00",type_29305_58="0x0000",in_total_bytes=120u,src_port=43078u,flow_start_ms=1666345522279u,vlan_src=0u,flow_end_ms=1666345522291u,type_29305_5="0x00",type_6871_rev_40="0x0000",dst_port=53u,type_29305_85="0x000000c9",type_6871_21="0x00000000",in_total_packets=2u,type_29305_86="0x00000002",type_6871_40="0x0001",src="192.168.119.100",protocol="udp",flow_end_reason="forced end",dst="192.168.119.17" 1684917213507703742
|
||||
netflow,source=127.0.0.1,version=IPFIX type_29305_58="0x0000",type_29305_86="0x00000062",dst="185.199.111.133",type_6871_rev_40="0x0000",dst_port=443u,flow_start_ms=1666345521806u,vlan_src=0u,type_6871_40="0x0000",type_29305_5="0x00",type_29305_85="0x00004b0d",in_total_bytes=11855u,src_tos="0x00",type_6871_21="0x00000008",in_total_packets=80u,flow_end_ms=1666345525312u,src="192.168.119.100",src_port=49880u,flow_end_reason="forced end",protocol="tcp" 1684917213507860084
|
||||
netflow,source=127.0.0.1,version=IPFIX type_6871_21="0x00000066",type_29305_58="0x0000",type_29305_5="0x00",type_6871_rev_40="0x0000",type_29305_85="0x0000161c",src_tos="0x00",in_total_packets=16u,flow_end_reason="forced end",dst_port=443u,type_29305_86="0x0000000f",flow_end_ms=1666345525417u,src_port=43438u,protocol="tcp",type_6871_40="0x0000",src="192.168.119.100",flow_start_ms=1666345522240u,in_total_bytes=4552u,dst="140.82.113.21",vlan_src=0u 1684917213508012376
|
||||
netflow,source=127.0.0.1,version=IPFIX vlan_src=0u,protocol="tcp",src_tos="0x00",flow_start_ms=1666345522291u,flow_end_ms=1666345525576u,src="192.168.119.100",type_29305_86="0x00000032",in_total_packets=63u,src_port=59884u,dst_port=443u,type_29305_85="0x000025ce",type_29305_58="0x0000",type_29305_5="0x00",dst="140.82.121.6",type_6871_40="0x0000",type_6871_21="0x00000009",in_total_bytes=58028u,flow_end_reason="forced end",type_6871_rev_40="0x0000" 1684917213508167138
|
||||
netflow,source=127.0.0.1,version=IPFIX type_29305_86="0x00000009",flow_end_ms=1666345525645u,protocol="tcp",src_port=443u,type_29305_85="0x00000f38",type_29305_5="0x00",flow_end_reason="forced end",dst_port=49448u,dst="192.168.119.100",in_total_packets=7u,type_6871_rev_40="0x0000",src="140.82.113.25",src_tos="0x00",flow_start_ms=1666345518733u,vlan_src=0u,in_total_bytes=659u,type_6871_21="0x00000000",type_29305_58="0x0000",type_6871_40="0x0000" 1684917213508315850
|
||||
netflow,source=127.0.0.1,version=IPFIX vlan_src=0u,type_29305_85="0x00001590",src="192.168.119.100",protocol="udp",dst_port=443u,type_29305_58="0x0000",type_29305_86="0x00000015",flow_start_ms=1666345514168u,src_tos="0x00",type_6871_rev_40="0x0000",dst="142.250.186.170",in_total_packets=17u,src_port=58246u,type_6871_21="0x00000012",flow_end_ms=1666345525871u,flow_end_reason="forced end",type_29305_5="0x00",type_6871_40="0x0000",in_total_bytes=3248u 1684917213508463452
|
||||
netflow,source=127.0.0.1,version=IPFIX dst="140.82.121.3",flow_start_ms=1666345521019u,type_29305_86="0x000000d4",type_6871_40="0x0000",type_29305_85="0x0003e1d9",in_total_packets=125u,protocol="tcp",flow_end_reason="forced end",in_total_bytes=16640u,type_29305_58="0x0000",flow_end_ms=1666345525880u,type_6871_21="0x00000009",type_29305_5="0x00",dst_port=443u,src_tos="0x00",type_6871_rev_40="0x0000",vlan_src=0u,src="192.168.119.100",src_port=37792u 1684917213508608204
|
||||
netflow,source=127.0.0.1,version=IPFIX type_6871_40="0x0001",src="192.168.119.100",vlan_src=0u,type_6871_rev_40="0x0000",type_29305_58="0x0000",src_port=50077u,flow_end_ms=1666345527739u,type_29305_5="0x00",flow_start_ms=1666345527739u,in_total_packets=2u,src_tos="0x00",flow_end_reason="forced end",type_6871_21="0x00000000",type_29305_86="0x00000002",dst_port=53u,in_total_bytes=120u,type_29305_85="0x000000a4",protocol="udp",dst="192.168.119.17" 1684917213508754156
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
netflow,source=127.0.0.1,version=IPFIX ip_version="IPv4",dst_port=44400u,dst_tos="0x00",flow_end_ms=1684767922502u,type_35632_127="0x00000000",flow_start=1684767922u,src="192.168.2.203",flow_end=1684767922u,type_35632_493="0x0000",first_switched=22474460u,type_35632_188="",protocol="udp",in_src_mac="00:50:56:b3:86:e7",type_35632_128="0x00000000",in_snmp=0u,src_mask=0u,out_snmp=0u,type_35632_124="0x00000000",type_35632_494="0x00",in_bytes=122u,type_35632_110="0x00000000",out_dst_mac="00:50:56:b3:a7:f8",type_35632_490="",dst_mask=0u,type_35632_495="0x0000",last_switched=22474460u,in_packets=1u,type_35632_123="0x00000000",dst="189.127.188.175",src_tos="0x00",type_35632_118="0x0025",type_35632_125="0x00000000",next_hop="0.0.0.0",src_port=51413u,tcp_flags="........",flow_start_ms=1684767922502u,type_35632_489="",type_35632_109="0x00000000" 1684848566299341667
|
||||
netflow,source=127.0.0.1,version=IPFIX src_mask=0u,out_snmp=0u,type_35632_188="",type_35632_118="0x0025",type_35632_109="0x00000000",type_35632_124="0x00000000",in_packets=1u,dst="177.234.165.79",dst_port=47707u,type_35632_125="0x00000000",tcp_flags="........",flow_end=1684767922u,type_35632_128="0x00000000",protocol="udp",type_35632_490="",dst_mask=0u,last_switched=22474460u,flow_end_ms=1684767922502u,type_35632_489="",in_bytes=86u,type_35632_123="0x00000000",next_hop="0.0.0.0",ip_version="IPv4",src_port=51413u,dst_tos="0x00",type_35632_494="0x00",src="192.168.2.203",type_35632_127="0x00000000",flow_start_ms=1684767922502u,type_35632_493="0x0000",in_src_mac="00:50:56:b3:86:e7",flow_start=1684767922u,first_switched=22474460u,out_dst_mac="00:50:56:b3:a7:f8",src_tos="0x00",type_35632_110="0x00000000",type_35632_495="0x0000",in_snmp=0u 1684848566299737019
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,2 @@
|
|||
[[inputs.netflow]]
|
||||
service_address = "udp://127.0.0.1:0"
|
||||
|
|
@ -118,6 +118,9 @@ func decodeBool(b []byte) interface{} {
|
|||
}
|
||||
|
||||
func decodeHex(b []byte) interface{} {
|
||||
if len(b) == 0 {
|
||||
return ""
|
||||
}
|
||||
return "0x" + hex.EncodeToString(b)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue