Release 0.9.8

This commit is contained in:
Stefan Reimer 2019-08-06 23:20:11 +00:00
parent 2066e2ba11
commit f0fd0c1e07
2 changed files with 24 additions and 16 deletions

View File

@ -1,8 +1,9 @@
# Changelog # Changelog
## 0.9.7 ## 0.9.8
- Fix for ALB AccessLog parser to handle spaces in request_url - Fix for ALB AccessLog parser to handle spaces in request_url
- Improved VPC FlowLog metadata augmentation - Improved VPC FlowLog metadata augmentation
- better error handling for VPC FlowLog parsing
## 0.9.6 ## 0.9.6
- Augment VPC FlowLogs with ENI metadata incl. global cache - Augment VPC FlowLogs with ENI metadata incl. global cache

View File

@ -17,7 +17,7 @@ import boto3
__author__ = "Stefan Reimer" __author__ = "Stefan Reimer"
__author_email__ = "stefan@zero-downtime.net" __author_email__ = "stefan@zero-downtime.net"
__version__ = "0.9.7" __version__ = "0.9.8"
# IAM Alias lookup cache # IAM Alias lookup cache
account_aliases = {} account_aliases = {}
@ -120,11 +120,18 @@ def add_flow_metadata(flow):
# Lookup table by IP to classify traffic # Lookup table by IP to classify traffic
ips[interface['PrivateIpAddress']] = interface ips[interface['PrivateIpAddress']] = interface
except(KeyError, IndexError):
logger.warning("Error trying to get metadata for ENIs, disabling ENHANCE_FLOWLOG")
ENHANCE_FLOWLOG = False
return flow
try:
eni = enis[flow['interface-id']] eni = enis[flow['interface-id']]
metadata = {'eni.az': eni['AvailabilityZone'], metadata = {'eni.az': eni['AvailabilityZone'],
'eni.sg': eni['Groups'][0]['GroupName'],
'eni.subnet': eni['SubnetId']} 'eni.subnet': eni['SubnetId']}
remote_ip = None
if len(eni['Groups']):
metadata['eni.sg'] = eni['Groups'][0]['GroupName']
# Add PublicIP if attached # Add PublicIP if attached
if 'Association' in eni and 'PublicIp' in eni['Association']: if 'Association' in eni and 'PublicIp' in eni['Association']:
@ -140,6 +147,7 @@ def add_flow_metadata(flow):
# Try to classify traffic: # Try to classify traffic:
# Free,Regional,Out # Free,Regional,Out
if remote_ip:
if remote_ip in ips: if remote_ip in ips:
if ips[remote_ip]['AvailabilityZone'] == eni['AvailabilityZone'] and ips[remote_ip]['VpcId'] == eni['VpcId']: if ips[remote_ip]['AvailabilityZone'] == eni['AvailabilityZone'] and ips[remote_ip]['VpcId'] == eni['VpcId']:
metadata['traffic_class'] = 'Free' metadata['traffic_class'] = 'Free'
@ -154,9 +162,8 @@ def add_flow_metadata(flow):
flow.update(metadata) flow.update(metadata)
except(KeyError, IndexError): except(KeyError, IndexError) as e:
logger.warning("Could not get additional data for ENI {}".format(flow['interface-id'])) logger.warning("Could not get additional data for ENI {} ({})".format(flow['interface-id'], e))
ENHANCE_FLOWLOG = False
pass pass
return flow return flow