Skip to content

Commit

Permalink
Fix: Infoblox DDI format improvement
Browse files Browse the repository at this point in the history
  • Loading branch information
@vg-svitla
vg-svitla committed Nov 29, 2024
1 parent 23a8b32 commit 78a9339
Show file tree
Hide file tree
Showing 19 changed files with 710 additions and 7 deletions.
35 changes: 35 additions & 0 deletions Infoblox/ddi/_meta/fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,38 @@ infoblox.ddi.category:
description: The logging category of this event.
name: infoblox.ddi.category
type: keyword

infoblox.dhcp.circuit_id:
description: The circuit ID.
name: infoblox.dhcp.circuit_id
type: keyword

infoblox.dhcp.interface_ip:
description: The IP address of the interface.
name: infoblox.dhcp.interface_ip
type: ip

infoblox.dhcp.lease_message:
description: The lease message.
name: infoblox.dhcp.lease_message
type: keyword

infoblox.dhcp.lease_time:
description: The lease time.
name: infoblox.dhcp.lease_time
type: keyword

infoblox.dhcp.request_message:
description: The request message.
name: infoblox.dhcp.request_message
type: keyword

infoblox.dhcp.router_ip:
description: The IP address of the router.
name: infoblox.dhcp.router_ip
type: ip

infoblox.dhcp.trans_id:
description: The transaction ID.
name: infoblox.dhcp.trans_id
type: keyword
120 changes: 113 additions & 7 deletions Infoblox/ddi/ingest/parser.yml
View file

Large diffs are not rendered by default.

32 changes: 32 additions & 0 deletions Infoblox/ddi/tests/query_log_dhcp_1.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"input": {
"message": "Option 82: received a REQUEST DHCP packet from relay-agent eth2 with a circuit-id of \"1a:02:30:00:00:00:00:76:00:00:00:00:00:00:2a:f0\", a remote-id of \"0a:44:70:46\" for 192.168.1.222 (00:50:56:ae:b3:44) lease time is undefined seconds. (NEW)"
},
"expected": {
"message": "Option 82: received a REQUEST DHCP packet from relay-agent eth2 with a circuit-id of \"1a:02:30:00:00:00:00:76:00:00:00:00:00:00:2a:f0\", a remote-id of \"0a:44:70:46\" for 192.168.1.222 (00:50:56:ae:b3:44) lease time is undefined seconds. (NEW)",
"event": {
"action": "REQUEST DHCP"
},
"dns": {
"header_flags": [],
"type": "query"
},
"infoblox": {
"dhcp": {
"circuit_id": "1a:02:30:00:00:00:00:76:00:00:00:00:00:00:2a:f0",
"lease_message": "NEW",
"lease_time": "undefined"
}
},
"related": {
"ip": [
"192.168.1.222"
]
},
"source": {
"address": "192.168.1.222",
"ip": "192.168.1.222",
"mac": "00:50:56:ae:b3:44"
}
}
}
32 changes: 32 additions & 0 deletions Infoblox/ddi/tests/query_log_dhcp_2.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"input": {
"message": "Option 82: received a REQUEST DHCP packet from relay-agent 192.168.1.53 with a circuit-id of \"1a:02:30:00:00:00:00:76:00:00:00:00:00:00:2a:f0\", a remote-id of \"0a:44:70:46\" for 192.168.1.53 (00:50:56:ae:b3:44) lease time is undefined seconds. (NEW)"
},
"expected": {
"message": "Option 82: received a REQUEST DHCP packet from relay-agent 192.168.1.53 with a circuit-id of \"1a:02:30:00:00:00:00:76:00:00:00:00:00:00:2a:f0\", a remote-id of \"0a:44:70:46\" for 192.168.1.53 (00:50:56:ae:b3:44) lease time is undefined seconds. (NEW)",
"event": {
"action": "REQUEST DHCP"
},
"dns": {
"header_flags": [],
"type": "query"
},
"infoblox": {
"dhcp": {
"circuit_id": "1a:02:30:00:00:00:00:76:00:00:00:00:00:00:2a:f0",
"lease_message": "NEW",
"lease_time": "undefined"
}
},
"related": {
"ip": [
"192.168.1.53"
]
},
"source": {
"address": "192.168.1.53",
"ip": "192.168.1.53",
"mac": "00:50:56:ae:b3:44"
}
}
}
31 changes: 31 additions & 0 deletions Infoblox/ddi/tests/query_log_dhcp_3.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
{
"input": {
"message": "DHCPREQUEST for 192.168.1.107 from e8:c8:29:5c:c8:99 via 192.168.1.107 TransID 80b994d6"
},
"expected": {
"message": "DHCPREQUEST for 192.168.1.107 from e8:c8:29:5c:c8:99 via 192.168.1.107 TransID 80b994d6",
"event": {
"action": "DHCPREQUEST"
},
"dns": {
"header_flags": [],
"type": "query"
},
"infoblox": {
"dhcp": {
"interface_ip": "192.168.1.107",
"trans_id": "80b994d6"
}
},
"related": {
"ip": [
"192.168.1.107"
]
},
"source": {
"address": "192.168.1.107",
"ip": "192.168.1.107",
"mac": "e8:c8:29:5c:c8:99"
}
}
}
38 changes: 38 additions & 0 deletions Infoblox/ddi/tests/query_log_dhcp_4.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
"input": {
"message": "DHCPREQUEST for 192.168.1.208 from 00:50:56:ae:17:c6 (VDPSCE080019) via eth2 TransID 823c1fa3 uid 01:00:50:56:ae:17:c6 (RENEW)"
},
"expected": {
"message": "DHCPREQUEST for 192.168.1.208 from 00:50:56:ae:17:c6 (VDPSCE080019) via eth2 TransID 823c1fa3 uid 01:00:50:56:ae:17:c6 (RENEW)",
"event": {
"action": "DHCPREQUEST"
},
"dns": {
"header_flags": [],
"type": "query"
},
"infoblox": {
"dhcp": {
"lease_message": "RENEW",
"trans_id": "823c1fa3"
}
},
"observer": {
"ingress": {
"interface": {
"name": "eth2"
}
}
},
"related": {
"ip": [
"192.168.1.208"
]
},
"source": {
"address": "192.168.1.208",
"ip": "192.168.1.208",
"mac": "00:50:56:ae:17:c6"
}
}
}
33 changes: 33 additions & 0 deletions Infoblox/ddi/tests/query_log_dhcp_5.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{
"input": {
"message": "DHCPREQUEST for 192.168.1.95 (192.168.1.95) from d8:94:03:ec:da:d1 via 192.168.1.95 TransID ac1b72c4: lease 192.168.1.95 unavailable."
},
"expected": {
"message": "DHCPREQUEST for 192.168.1.95 (192.168.1.95) from d8:94:03:ec:da:d1 via 192.168.1.95 TransID ac1b72c4: lease 192.168.1.95 unavailable.",
"event": {
"action": "DHCPREQUEST"
},
"dns": {
"header_flags": [],
"type": "query"
},
"infoblox": {
"dhcp": {
"interface_ip": "192.168.1.95",
"request_message": "lease 192.168.1.95 unavailable.",
"router_ip": "192.168.1.95",
"trans_id": "ac1b72c4"
}
},
"related": {
"ip": [
"192.168.1.95"
]
},
"source": {
"address": "192.168.1.95",
"ip": "192.168.1.95",
"mac": "d8:94:03:ec:da:d1"
}
}
}
32 changes: 32 additions & 0 deletions Infoblox/ddi/tests/query_log_dhcp_6.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"input": {
"message": "DHCPREQUEST for 192.168.1.159 from c8:09:a8:f8:cd:e8 via 192.168.1.159 TransID e711c0c1: ignored (unknown subnet)."
},
"expected": {
"message": "DHCPREQUEST for 192.168.1.159 from c8:09:a8:f8:cd:e8 via 192.168.1.159 TransID e711c0c1: ignored (unknown subnet).",
"event": {
"action": "DHCPREQUEST"
},
"dns": {
"header_flags": [],
"type": "query"
},
"infoblox": {
"dhcp": {
"interface_ip": "192.168.1.159",
"request_message": "ignored (unknown subnet).",
"trans_id": "e711c0c1"
}
},
"related": {
"ip": [
"192.168.1.159"
]
},
"source": {
"address": "192.168.1.159",
"ip": "192.168.1.159",
"mac": "c8:09:a8:f8:cd:e8"
}
}
}
32 changes: 32 additions & 0 deletions Infoblox/ddi/tests/query_log_dhcp_7.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"input": {
"message": "DHCPACK on 192.168.1.138 to 08:71:90:8d:0b:5d (P70955) via eth2 relay 192.168.1.138 lease-duration 172800"
},
"expected": {
"message": "DHCPACK on 192.168.1.138 to 08:71:90:8d:0b:5d (P70955) via eth2 relay 192.168.1.138 lease-duration 172800",
"event": {
"action": "DHCPACK"
},
"dns": {
"header_flags": [],
"type": "query"
},
"observer": {
"ingress": {
"interface": {
"name": "eth2"
}
}
},
"related": {
"ip": [
"192.168.1.138"
]
},
"source": {
"address": "192.168.1.138",
"ip": "192.168.1.138",
"mac": "08:71:90:8d:0b:5d"
}
}
}
27 changes: 27 additions & 0 deletions Infoblox/ddi/tests/query_log_dhcp_8.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{
"input": {
"message": "r-l-e:192.168.1.113,Fixed,P76984,c4:d0:e3:b4:08:4d,1732119022,1732291822,,$"
},
"expected": {
"message": "r-l-e:192.168.1.113,Fixed,P76984,c4:d0:e3:b4:08:4d,1732119022,1732291822,,$",
"dns": {
"header_flags": [],
"type": "query"
},
"infoblox": {
"ddi": {
"category": "Fixed"
}
},
"related": {
"ip": [
"192.168.1.113"
]
},
"source": {
"address": "192.168.1.113",
"ip": "192.168.1.113",
"mac": "c4:d0:e3:b4:08:4d"
}
}
}
36 changes: 36 additions & 0 deletions Infoblox/ddi/tests/query_log_dns_1.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"input": {
"message": "FORMERR resolving 'test.testing.io/AAAA/IN': 192.168.1.136#53"
},
"expected": {
"message": "FORMERR resolving 'test.testing.io/AAAA/IN': 192.168.1.136#53",
"event": {
"action": "FORMERR"
},
"dns": {
"header_flags": [],
"question": {
"class": "IN",
"name": "test.testing.io",
"registered_domain": "testing.io",
"subdomain": "test",
"top_level_domain": "io",
"type": "AAAA"
},
"type": "query"
},
"related": {
"hosts": [
"test.testing.io"
],
"ip": [
"192.168.1.136"
]
},
"source": {
"address": "192.168.1.136",
"ip": "192.168.1.136",
"port": 53
}
}
}
33 changes: 33 additions & 0 deletions Infoblox/ddi/tests/query_log_dns_2.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{
"input": {
"message": "client 192.168.1.1#1130: UDP: query: test.io IN A response: NXDOMAIN +"
},
"expected": {
"message": "client 192.168.1.1#1130: UDP: query: test.io IN A response: NXDOMAIN +",
"dns": {
"header_flags": [],
"question": {
"class": "IN",
"name": "test.io",
"registered_domain": "test.io",
"top_level_domain": "io",
"type": "A"
},
"response_code": "NXDOMAIN",
"type": "query"
},
"related": {
"hosts": [
"test.io"
],
"ip": [
"192.168.1.1"
]
},
"source": {
"address": "192.168.1.1",
"ip": "192.168.1.1",
"port": 1130
}
}
}
Loading

0 comments on commit 78a9339

Please sign in to comment.