Release 0.9.8
This commit is contained in:
parent
2066e2ba11
commit
f0fd0c1e07
@ -1,8 +1,9 @@
|
||||
# Changelog
|
||||
|
||||
## 0.9.7
|
||||
## 0.9.8
|
||||
- Fix for ALB AccessLog parser to handle spaces in request_url
|
||||
- Improved VPC FlowLog metadata augmentation
|
||||
- better error handling for VPC FlowLog parsing
|
||||
|
||||
## 0.9.6
|
||||
- Augment VPC FlowLogs with ENI metadata incl. global cache
|
||||
|
17
index.py
17
index.py
@ -17,7 +17,7 @@ import boto3
|
||||
|
||||
__author__ = "Stefan Reimer"
|
||||
__author_email__ = "stefan@zero-downtime.net"
|
||||
__version__ = "0.9.7"
|
||||
__version__ = "0.9.8"
|
||||
|
||||
# IAM Alias lookup cache
|
||||
account_aliases = {}
|
||||
@ -120,11 +120,18 @@ def add_flow_metadata(flow):
|
||||
|
||||
# Lookup table by IP to classify traffic
|
||||
ips[interface['PrivateIpAddress']] = interface
|
||||
except(KeyError, IndexError):
|
||||
logger.warning("Error trying to get metadata for ENIs, disabling ENHANCE_FLOWLOG")
|
||||
ENHANCE_FLOWLOG = False
|
||||
return flow
|
||||
|
||||
try:
|
||||
eni = enis[flow['interface-id']]
|
||||
metadata = {'eni.az': eni['AvailabilityZone'],
|
||||
'eni.sg': eni['Groups'][0]['GroupName'],
|
||||
'eni.subnet': eni['SubnetId']}
|
||||
remote_ip = None
|
||||
if len(eni['Groups']):
|
||||
metadata['eni.sg'] = eni['Groups'][0]['GroupName']
|
||||
|
||||
# Add PublicIP if attached
|
||||
if 'Association' in eni and 'PublicIp' in eni['Association']:
|
||||
@ -140,6 +147,7 @@ def add_flow_metadata(flow):
|
||||
|
||||
# Try to classify traffic:
|
||||
# Free,Regional,Out
|
||||
if remote_ip:
|
||||
if remote_ip in ips:
|
||||
if ips[remote_ip]['AvailabilityZone'] == eni['AvailabilityZone'] and ips[remote_ip]['VpcId'] == eni['VpcId']:
|
||||
metadata['traffic_class'] = 'Free'
|
||||
@ -154,9 +162,8 @@ def add_flow_metadata(flow):
|
||||
|
||||
flow.update(metadata)
|
||||
|
||||
except(KeyError, IndexError):
|
||||
logger.warning("Could not get additional data for ENI {}".format(flow['interface-id']))
|
||||
ENHANCE_FLOWLOG = False
|
||||
except(KeyError, IndexError) as e:
|
||||
logger.warning("Could not get additional data for ENI {} ({})".format(flow['interface-id'], e))
|
||||
pass
|
||||
|
||||
return flow
|
||||
|
Loading…
Reference in New Issue
Block a user