logstash-codec-cloudtrail 3.0.4 → 3.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/logstash/codecs/cloudtrail.rb +12 -0
- data/logstash-codec-cloudtrail.gemspec +1 -1
- data/spec/codecs/cloudtrail_spec.rb +36 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8facb9d38254e7833e0404a8bbe793caba2270a1b619b967fb38de5e293e4006
|
|
4
|
+
data.tar.gz: 2ae2347e0661a502c6502a28871e2f57eaba1053f67afbcf313b390ebe2ad4d9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 722f690e8dbb517177bfe682147bf4506db942191919e6f2ed4fd9b994bcce7e4cdc5d9424ca885e96f203c6ad832f7d3c9ed7c2219fdcbcc39b53c1fa035894
|
|
7
|
+
data.tar.gz: 938ed97d6ceff25a073547230daa40ae00fd440371ed09bd3760cc7b76e77277e135da81485622a2dcb13273ba3233306eb19a91cfb98eae15b6cf6b820ffc66
|
data/CHANGELOG.md
CHANGED
|
@@ -28,8 +28,20 @@ class LogStash::Codecs::CloudTrail < LogStash::Codecs::Base
|
|
|
28
28
|
end
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
+
substitute_invalid_ip_address(event)
|
|
32
|
+
|
|
31
33
|
yield LogStash::Event.new(event)
|
|
32
34
|
end
|
|
33
35
|
end # def decode
|
|
34
36
|
|
|
37
|
+
# Workaround for https://github.com/logstash-plugins/logstash-codec-cloudtrail/issues/20
|
|
38
|
+
# API calls from support will fill the sourceIpAddress with a hostname string instead of an ip
|
|
39
|
+
# address.
|
|
40
|
+
def substitute_invalid_ip_address(event)
|
|
41
|
+
source_ip_address = event["sourceIpAddress"]
|
|
42
|
+
if source_ip_address && source_ip_address !~ Resolv::IPv4::Regex && source_ip_address !~ Resolv::IPv6::Regex
|
|
43
|
+
event["sourceHost"] = event.delete("sourceIpAddress")
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
35
47
|
end # class LogStash::Codecs::CloudTrail
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-cloudtrail'
|
|
4
|
-
s.version = '3.0.
|
|
4
|
+
s.version = '3.0.5'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Process AWS CloudTrail formatted messages"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -1,9 +1,21 @@
|
|
|
1
1
|
require "logstash/devutils/rspec/spec_helper"
|
|
2
2
|
require "logstash/plugin"
|
|
3
3
|
require "logstash/codecs/cloudtrail"
|
|
4
|
+
require 'resolv'
|
|
4
5
|
|
|
5
6
|
describe LogStash::Codecs::CloudTrail do
|
|
6
7
|
|
|
8
|
+
shared_examples_for "it handles valid ip addresses" do
|
|
9
|
+
it 'should pass through valid ip addresses' do
|
|
10
|
+
ip_addresses.each do |valid_ip_address|
|
|
11
|
+
subject.decode("{\"Records\":[{\"sourceIpAddress\":\"#{valid_ip_address}\"}]}") do |event|
|
|
12
|
+
expect(event.get("sourceIpAddress")).to eq(valid_ip_address)
|
|
13
|
+
expect(event.get("sourceHost")).to be_nil
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
7
19
|
describe '#decode' do
|
|
8
20
|
it 'accepts data without a Records property' do
|
|
9
21
|
expect { |b|
|
|
@@ -16,5 +28,29 @@ describe LogStash::Codecs::CloudTrail do
|
|
|
16
28
|
subject.decode('{"Records":[{"requestParameters":null}]}', &b)
|
|
17
29
|
}.to yield_control
|
|
18
30
|
end
|
|
31
|
+
|
|
32
|
+
context 'with ipv4 sourceIpAddress values' do
|
|
33
|
+
let(:ip_addresses) { ["127.0.0.1", "8.8.8.8", "10.10.10.10", "100.100.100.100", "1.12.123.234"] }
|
|
34
|
+
it_behaves_like 'it handles valid ip addresses'
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
context 'with ipv6 sourceIpAddress values' do
|
|
38
|
+
let(:ip_addresses) { ["2001:0db8:85a3:0000:0000:8a2e:0370:7334", "2001:db8:85a3::8a2e:370:7334", "::1", "::"] }
|
|
39
|
+
it_behaves_like 'it handles valid ip addresses'
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
it 'accepts records with an invalid sourceIpAddress' do
|
|
43
|
+
subject.decode('{"Records":[{"sourceIpAddress":"www.elastic.co"}]}') do |event|
|
|
44
|
+
expect(event.get("sourceIpAddress")).to be_nil
|
|
45
|
+
expect(event.get("sourceHost")).to eq("www.elastic.co")
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
it 'accepts records with a no sourceIpAddress' do
|
|
50
|
+
subject.decode('{"Records":[{"sourceIpAddress":null}]}') do |event|
|
|
51
|
+
expect(event.get("sourceIpAddress")).to be_nil
|
|
52
|
+
expect(event.get("sourceHost")).to be_nil
|
|
53
|
+
end
|
|
54
|
+
end
|
|
19
55
|
end
|
|
20
56
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-cloudtrail
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-06-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|