From 7940824350933e07938f1b1ffcc1506a46cc8554 Mon Sep 17 00:00:00 2001
From: Vadim Semenov <vadim.semenov06@gmail.com>
Date: Fri, 27 Dec 2024 12:21:56 +0000
Subject: [PATCH] local_ip_address is added from TLV22 Extended IS reachability

---
 README.md                         | 19 ++++++++++---------
 logstash/index_template/create.py |  2 +-
 logstash/pipeline/logstash.conf   | 16 ++++++++--------
 3 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index 2f43789..ddc20eb 100644
--- a/README.md
+++ b/README.md
@@ -18,14 +18,14 @@ Watcher stores topology events/state to show historical network state, whereas T
 ![](./docs/functional-watcher-role.png)
 
 ### Supported IS-IS TLV 
-| TLV name                         | TLV |
-|----------------------------------|-----|
-| IS Reachability                  | 2   |
-| Extended IS Reachability   (new) | 22  |
-| IPv4 Internal Reachability (old) | 128 |
-| IPv4 External Reachability (old) | 130 |
-| Extended IPv4 Reachability (new) | 135 |
-| IPv6 Reachability                | 236 |  
+| TLV name                         | TLV | subTLV    |
+|----------------------------------|-----|-----------|
+| IS Reachability                  | 2   |           |
+| Extended IS Reachability   (new) | 22  | 6,8,12,13 |
+| IPv4 Internal Reachability (old) | 128 |           |
+| IPv4 External Reachability (old) | 130 |           |
+| Extended IPv4 Reachability (new) | 135 |           |
+| IPv6 Reachability                | 236 |           |
 
 ### Network architecture  
 Number of watchers is equal to the number of IS-IS areas and each Watcher is placed in individual network namespace. IS-IS LSDB sits in watcher's namespace and doesn't interact with other Watchers keeping it isolated.  
@@ -266,7 +266,8 @@ Make sure that:
 * `01Jan2023_00h00m00s_7_hosts` - name of graph in Topolograph dashboard
 * `49.0002` - area number
 * `12345` - AS number
-*Summary: `0200.1001.0003` detected that `0200.1001.0002` host went down at `2023-01-01T00:00:00Z` in IS-IS level 1 in area 49.0002 in AS 12345*
+* `10.1.23.3` - Local IP address of detected node `0200.1001.0003` (available in 2.0.15)
+*Summary: `0200.1001.0003` on the interface with `10.1.23.3` IP address detected that `0200.1001.0002` host went down at `2023-01-01T00:00:00Z` in IS-IS level 1 in area 49.0002 in AS 12345*
 
 ##### Logs sample 2  
 ```
diff --git a/logstash/index_template/create.py b/logstash/index_template/create.py
index fc63cb1..9572f29 100644
--- a/logstash/index_template/create.py
+++ b/logstash/index_template/create.py
@@ -12,7 +12,7 @@
     headers = {'Content-Type':'application/json'}
 
     indexTempateNameToSettings = {} 
-    indexTempateNameToSettings['isis-watcher-updown-events'] = {'index_patterns': ['isis-watcher-updown-events*'], 'template': {'mappings': {'dynamic': False, 'properties': {"@timestamp": {"type": "date"},"watcher_time": { "type": "date", "format": "date_optional_time"},"watcher_time_iso8601": { "type": "date", "format": "date_optional_time"},"watcher_name": {"type": "keyword"},"level_number": {"type": "keyword"},"event_name": {"type": "keyword"},"event_object": {"type": "keyword"},"old_cost": {"type": "integer"},"new_cost": {"type": "integer"},"event_detected_by": {"type": "keyword"},"graph_time": {"type": "keyword"},"asn": {"type": "keyword"},"area_num": {"type": "keyword"}}}}, '_meta': {'description': 'IS-IS index template for Watcher logs'}, 'allow_auto_create': True}
+    indexTempateNameToSettings['isis-watcher-updown-events'] = {'index_patterns': ['isis-watcher-updown-events*'], 'template': {'mappings': {'dynamic': False, 'properties': {"@timestamp": {"type": "date"},"watcher_time": { "type": "date", "format": "date_optional_time"},"watcher_time_iso8601": { "type": "date", "format": "date_optional_time"},"watcher_name": {"type": "keyword"},"level_number": {"type": "keyword"},"event_name": {"type": "keyword"},"event_object": {"type": "keyword"},"old_cost": {"type": "integer"},"new_cost": {"type": "integer"},"event_detected_by": {"type": "keyword"},"graph_time": {"type": "keyword"},"asn": {"type": "keyword"},"area_num": {"type": "keyword"},"local_ip_address": {"type": "keyword"}}}}, '_meta': {'description': 'IS-IS index template for Watcher logs'}, 'allow_auto_create': True}
     indexTempateNameToSettings['isis-watcher-costs-changes'] = {'index_patterns': ['isis-watcher-costs-changes*'], 'template': {'mappings': {'dynamic': False, 'properties': {"@timestamp": {"type": "date"},"watcher_time": { "type": "date", "format": "date_optional_time"},"watcher_time_iso8601": { "type": "date", "format": "date_optional_time"},"watcher_name": {"type": "keyword"},"level_number": {"type": "keyword"},"event_name": {"type": "keyword"},"event_object": {"type": "keyword"},"old_cost": {"type": "integer"},"new_cost": {"type": "integer"},"event_detected_by": {"type": "keyword"},"subnet_type": {"type": "keyword"},"graph_time": {"type": "keyword"},"asn": {"type": "keyword"},"area_num": {"type": "keyword"},"int_ext_subtype": {"type": "integer"}}}}, '_meta': {'description': 'IS-IS index template for Watcher costs changes logs'}, 'allow_auto_create': True}
 
     for indexTemplateName, indexTemplateSettings in indexTempateNameToSettings.items():
diff --git a/logstash/pipeline/logstash.conf b/logstash/pipeline/logstash.conf
index 233feba..d85625d 100644
--- a/logstash/pipeline/logstash.conf
+++ b/logstash/pipeline/logstash.conf
@@ -7,10 +7,10 @@ input {
 filter {
     if "changed" in [message] {
         if "metric" in [message] {
-            # 2024-10-08T22:55:32Z,watcher1,1,metric,0200.1001.0004,changed,old_cost:5,new_cost:-1,0200.1001.0005,10Oct2024_00h00m00s_7_hosts,49.0002,12345
+            # 2024-10-08T22:55:32Z,watcher1,1,metric,0200.1001.0003,changed,old_cost:5,new_cost:-1,0200.1001.0002,10Oct2024_00h00m00s_7_hosts,49.0002,12345,10.1.23.2
 
             dissect { 
-                    mapping => { "message" => "%{watcher_time},%{watcher_name},%{level_number},%{event_name},%{event_object},%{event_status},old_cost:%{old_cost},new_cost:%{new_cost},%{event_detected_by},%{graph_time},%{area_num},%{asn}"}  
+                    mapping => { "message" => "%{watcher_time},%{watcher_name},%{level_number},%{event_name},%{event_object},%{event_status},old_cost:%{old_cost},new_cost:%{new_cost},%{event_detected_by},%{graph_time},%{area_num},%{asn},%{local_ip_address}"}  
             }
             if "-1" == [new_cost] {
                 mutate {
@@ -21,8 +21,8 @@ filter {
                         "[@metadata][zabbix_host]" => "isis_neighbor_up_down" 
                         "[@metadata][z_object_item_name]" => "isis_neighbor_up_down"
 
-                        "[@metadata][z_item_value]" => "IS-IS L%{level_number} down between %{event_object}-%{event_detected_by}, cost:%{new_cost}, detected by:%{event_detected_by}"
-                        "[@metadata][webhook_item_value]" => "IS-IS L%{level_number} down between %{event_object}-%{event_detected_by}, cost:%{new_cost}, detected by:%{event_detected_by}" }}
+                        "[@metadata][z_item_value]" => "IS-IS L%{level_number} down between %{event_object}-%{event_detected_by}, cost:%{new_cost}, detected by:%{event_detected_by}, local ip address:%{local_ip_address}"
+                        "[@metadata][webhook_item_value]" => "IS-IS L%{level_number} down between %{event_object}-%{event_detected_by}, cost:%{new_cost}, detected by:%{event_detected_by}, local ip address:%{local_ip_address}" }}
             } else if "-1" == [old_cost] {
                 mutate {
                     add_field => {
@@ -32,8 +32,8 @@ filter {
                         "[@metadata][zabbix_host]" => "isis_neighbor_up_down" 
                         "[@metadata][z_object_item_name]" => "isis_neighbor_up_down"
 
-                        "[@metadata][z_item_value]" => "IS-IS L%{level_number} up between %{event_object}-%{event_detected_by}, cost:%{new_cost}, detected by:%{event_detected_by}"
-                        "[@metadata][webhook_item_value]" => "IS-IS L%{level_number} up between %{event_object}-%{event_detected_by}, cost:%{new_cost}, detected by:%{event_detected_by}" }}
+                        "[@metadata][z_item_value]" => "IS-IS L%{level_number} up between %{event_object}-%{event_detected_by}, cost:%{new_cost}, detected by:%{event_detected_by}, local ip address:%{local_ip_address}"
+                        "[@metadata][webhook_item_value]" => "IS-IS L%{level_number} up between %{event_object}-%{event_detected_by}, cost:%{new_cost}, detected by:%{event_detected_by}, local ip address:%{local_ip_address}" }}
             } else {
                 mutate {
                     add_field => {
@@ -41,8 +41,8 @@ filter {
                         "[@metadata][mongo_id]" => "output_mongo_cost"
                         "[@metadata][mongo_collection_name]" => "cost_change"
                         "[@metadata][zabbix_host]" => "isis_link_cost_change" 
-                        "[@metadata][z_item_value]" => "IS-IS L%{level_number} link cost changed between:%{event_object}-%{event_detected_by}, old:%{old_cost}, new:%{new_cost}, detected by:%{event_detected_by}"
-                        "[@metadata][webhook_item_value]" => "IS-IS L%{level_number} link cost changed between:%{event_object}-%{event_detected_by}, old:%{old_cost}, new:%{new_cost}, detected by:%{event_detected_by}" } }
+                        "[@metadata][z_item_value]" => "IS-IS L%{level_number} link cost changed between:%{event_object}-%{event_detected_by}, old:%{old_cost}, new:%{new_cost}, detected by:%{event_detected_by}, local ip address:%{local_ip_address}"
+                        "[@metadata][webhook_item_value]" => "IS-IS L%{level_number} link cost changed between:%{event_object}-%{event_detected_by}, old:%{old_cost}, new:%{new_cost}, detected by:%{event_detected_by}, local ip address:%{local_ip_address}" } }
             }
         }
         else if "network" in [message] {