feat: add vpc support

Kavindu-Dodan · web-flow · commit f8e189d75429 · 2025-08-06T08:24:47.000-07:00
diff --git a/README.md b/README.md
@@ -20,9 +20,10 @@ Check `config.sample.yaml` for reference.
 
 Given below are supported input types,
 
-- LOGS : ECS (Elastic Common Schema) formated logs based on zap.
+- LOGS : ECS (Elastic Common Schema) formated logs based on zap
 - METRICS: Generate metrics similar to a CloudWatch metrics entry
 - ALB : Generate AWS ALB formatted log with some random content
+- VPC: Generate AWS VPC formatted logs with randomized content
 
 Other input configuration,
 
diff --git a/config.sample.yaml b/config.sample.yaml
@@ -1,6 +1,6 @@
 input:
   # Input type.
-  # Supports - LOGS, METRICS, ALB
+  # Supports - LOGS, METRICS, ALB, VPC
   type: LOGS
   # Delay between a data point.
   # Defaults to 5s
diff --git a/generators/elb.go b/generators/elb.go
@@ -2,17 +2,11 @@ package generators
 
 import (
 	"fmt"
-	"math/rand"
-	"time"
 )
 
 type ALBGen struct {
 }
 
-func NewALBGen() *ALBGen {
-	return &ALBGen{}
-}
-
 func (a *ALBGen) Get() ([]byte, error) {
 	customizer := albCustomizer{
 		logType:        randomALBType(),
@@ -90,27 +84,3 @@ func buildALBLogLine(input albCustomizer) string {
 
 	return logLine
 }
-
-// randomizers
-
-func iso8601Now() string {
-	return time.Now().UTC().Format("2006-01-02T15:04:05.000000Z")
-}
-
-func randomALBType() string {
-	types := []string{"http", "https", "h2"}
-	return types[rand.Intn(len(types))]
-}
-
-func randomIP() string {
-	return fmt.Sprintf("%d.%d.%d.%d",
-		rand.Intn(256),
-		rand.Intn(256),
-		rand.Intn(256),
-		rand.Intn(256),
-	)
-}
-
-func randomPort() int {
-	return rand.Intn(65535-1024) + 1024
-}
diff --git a/generators/elb_test.go b/generators/elb_test.go
@@ -1,8 +1,10 @@
 package generators
 
 import (
-	"github.com/stretchr/testify/require"
+	"strings"
 	"testing"
+
+	"github.com/stretchr/testify/require"
 )
 
 // refer http example of https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-log-entry-format
@@ -25,6 +27,6 @@ func Test_buildALB(t *testing.T) {
 			requestID:      "TID_1234abcd5678ef90",
 		})
 
-		require.Equal(t, upstreamALBHTTP, line)
+		require.Equal(t, upstreamALBHTTP, strings.TrimSpace(line))
 	})
 }
diff --git a/generators/generator.go b/generators/generator.go
@@ -12,6 +12,7 @@ const (
 	logs    = "LOGS"
 	metrics = "METRICS"
 	alb     = "ALB"
+	vpc     = "VPC"
 )
 
 type input interface {
@@ -25,7 +26,9 @@ func GeneratorFor(config *conf.Config) (*Generator, error) {
 	case metrics:
 		return newGenerator(NewMetricGenerator()), nil
 	case alb:
-		return newGenerator(NewALBGen()), nil
+		return newGenerator(&ALBGen{}), nil
+	case vpc:
+		return newGenerator(&VPCGen{}), nil
 	}
 
 	return nil, fmt.Errorf("unknown generator type: %s", config.Input.Type)
diff --git a/generators/utils.go b/generators/utils.go
@@ -0,0 +1,49 @@
+package generators
+
+import (
+	"fmt"
+	"math/rand"
+	"time"
+)
+
+// randomizers
+
+func iso8601Now() string {
+	return time.Now().UTC().Format("2006-01-02T15:04:05.000000Z")
+}
+
+func unixSeconds() int64 {
+	return time.Now().Unix()
+}
+
+func randomALBType() string {
+	types := []string{"http", "https", "h2"}
+	return types[rand.Intn(len(types))]
+}
+
+func randomVPCAction() string {
+	types := []string{"ACCEPT", "REJECT"}
+	return types[rand.Intn(len(types))]
+}
+
+func randomIP() string {
+	return fmt.Sprintf("%d.%d.%d.%d",
+		rand.Intn(256),
+		rand.Intn(256),
+		rand.Intn(256),
+		rand.Intn(256),
+	)
+}
+
+func randomPort() int {
+	return rand.Intn(65535-1024) + 1024
+}
+
+func randomAWSAccountID() string {
+	// Generate a 12-digit number, ensuring the first digit is not 0
+	accountID := rand.Intn(9) + 1
+	for i := 1; i < 12; i++ {
+		accountID = accountID*10 + rand.Intn(10)
+	}
+	return fmt.Sprintf("%012d", accountID)
+}
diff --git a/generators/vpc.go b/generators/vpc.go
@@ -0,0 +1,67 @@
+package generators
+
+import (
+	"fmt"
+	"math/rand/v2"
+)
+
+type VPCGen struct {
+}
+
+func (V VPCGen) Get() ([]byte, error) {
+	customizer := vpcCustomizer{
+		Version:     2,
+		AccountID:   randomAWSAccountID(),
+		InterfaceID: "eni-123456789123",
+		SrcAddr:     randomIP(),
+		DstAddr:     randomIP(),
+		SrcPort:     randomPort(),
+		DstPort:     randomPort(),
+		Protocol:    6, // TCP
+		Packets:     rand.IntN(100) + 1,
+		Bytes:       rand.IntN(1000) + 1,
+		Start:       unixSeconds(),
+		End:         unixSeconds(),
+		Action:      randomVPCAction(),
+		LogStatus:   "ok",
+	}
+
+	return []byte(buildVPCLogLine(customizer)), nil
+}
+
+type vpcCustomizer struct {
+	Version     int
+	AccountID   string
+	InterfaceID string
+	SrcAddr     string
+	DstAddr     string
+	SrcPort     int
+	DstPort     int
+	Protocol    int
+	Packets     int
+	Bytes       int
+	Start       int64
+	End         int64
+	Action      string
+	LogStatus   string
+}
+
+func buildVPCLogLine(vpcCustomizer vpcCustomizer) string {
+	return fmt.Sprintf(
+		"%d %s %s %s %s %d %d %d %d %d %d %d %s %s\n",
+		vpcCustomizer.Version,
+		vpcCustomizer.AccountID,
+		vpcCustomizer.InterfaceID,
+		vpcCustomizer.SrcAddr,
+		vpcCustomizer.DstAddr,
+		vpcCustomizer.SrcPort,
+		vpcCustomizer.DstPort,
+		vpcCustomizer.Protocol,
+		vpcCustomizer.Packets,
+		vpcCustomizer.Bytes,
+		vpcCustomizer.Start,
+		vpcCustomizer.End,
+		vpcCustomizer.Action,
+		vpcCustomizer.LogStatus,
+	)
+}
diff --git a/generators/vpc_test.go b/generators/vpc_test.go
@@ -0,0 +1,55 @@
+package generators
+
+import (
+	"github.com/stretchr/testify/require"
+	"strings"
+	"testing"
+)
+
+// refer example of https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#flow-log-example-accepted-rejected
+const acceptedVPC = "2 123456789010 eni-1235b8ca123456789 172.31.16.139 172.31.16.21 20641 22 6 20 4249 1418530010 1418530070 ACCEPT OK"
+const rejectedVPC = "2 123456789010 eni-1235b8ca123456789 172.31.9.69 172.31.9.12 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK"
+
+func Test_buildVPC(t *testing.T) {
+	t.Run("Validate AWS documented VPC - Accepted", func(t *testing.T) {
+		line := buildVPCLogLine(vpcCustomizer{
+			Version:     2,
+			AccountID:   "123456789010",
+			InterfaceID: "eni-1235b8ca123456789",
+			SrcAddr:     "172.31.16.139",
+			DstAddr:     "172.31.16.21",
+			SrcPort:     20641,
+			DstPort:     22,
+			Protocol:    6,
+			Packets:     20,
+			Bytes:       4249,
+			Start:       1418530010,
+			End:         1418530070,
+			Action:      "ACCEPT",
+			LogStatus:   "OK",
+		})
+
+		require.Equal(t, acceptedVPC, strings.TrimSpace(line))
+	})
+
+	t.Run("Validate AWS documented VPC - Accepted", func(t *testing.T) {
+		line := buildVPCLogLine(vpcCustomizer{
+			Version:     2,
+			AccountID:   "123456789010",
+			InterfaceID: "eni-1235b8ca123456789",
+			SrcAddr:     "172.31.9.69",
+			DstAddr:     "172.31.9.12",
+			SrcPort:     49761,
+			DstPort:     3389,
+			Protocol:    6,
+			Packets:     20,
+			Bytes:       4249,
+			Start:       1418530010,
+			End:         1418530070,
+			Action:      "REJECT",
+			LogStatus:   "OK",
+		})
+
+		require.Equal(t, rejectedVPC, strings.TrimSpace(line))
+	})
+}
diff --git a/out b/out
@@ -0,0 +1,10 @@
+2 866154009731 eni-123456789123 122.147.55.223 161.213.213.198 10837 11867 6 82 423 1754493585 1754493585 ACCEPT ok2 406296230703 eni-123456789123 171.29.102.171 173.1.244.58 49802 63307 6 11 348 1754493587 1754493587 REJECT ok2 688844753206 eni-123456789123 125.233.181.242 106.25.106.53 9858 59728 6 97 102 1754493589 1754493589 ACCEPT ok2 650351127900 eni-123456789123 95.242.245.50 158.141.47.124 26851 31833 6 81 757 1754493591 1754493591 ACCEPT ok2 579358143784 eni-123456789123 119.182.190.54 123.147.204.38 18875 3941 6 82 781 1754493593 1754493593 REJECT ok2 806390614281 eni-123456789123 73.153.212.98 26.103.36.146 43760 24727 6 50 759 1754493607 1754493607 REJECT ok
+2 169850649817 eni-123456789123 202.206.90.205 146.125.211.239 8157 22081 6 39 488 1754493609 1754493609 REJECT ok
+2 322917440216 eni-123456789123 207.212.232.147 204.2.167.206 20731 22807 6 39 174 1754493611 1754493611 REJECT ok
+2 150662564985 eni-123456789123 14.120.225.220 193.206.191.127 5040 54311 6 73 754 1754493613 1754493613 REJECT ok
+2 485182205743 eni-123456789123 99.133.215.126 54.84.219.179 56885 57832 6 96 851 1754493615 1754493615 REJECT ok
+2 690116715612 eni-123456789123 231.179.233.87 53.66.245.131 54146 21419 6 44 14 1754493617 1754493617 REJECT ok
+2 947001158844 eni-123456789123 227.167.221.168 36.123.9.125 27192 64697 6 63 137 1754493619 1754493619 REJECT ok
+2 281855856164 eni-123456789123 184.61.26.194 233.50.143.110 50643 46412 6 52 976 1754493621 1754493621 ACCEPT ok
+2 572450921823 eni-123456789123 124.112.132.101 42.213.105.229 8314 53925 6 18 803 1754493623 1754493623 ACCEPT ok
+2 313589345846 eni-123456789123 59.51.238.79 171.158.169.10 38274 42245 6 28 917 1754493625 1754493625 ACCEPT ok
