logstash-codec-cloudtrail 3.0.4 → 3.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/logstash/codecs/cloudtrail.rb +12 -0
- data/logstash-codec-cloudtrail.gemspec +1 -1
- data/spec/codecs/cloudtrail_spec.rb +36 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8facb9d38254e7833e0404a8bbe793caba2270a1b619b967fb38de5e293e4006
|
|
4
|
+
data.tar.gz: 2ae2347e0661a502c6502a28871e2f57eaba1053f67afbcf313b390ebe2ad4d9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 722f690e8dbb517177bfe682147bf4506db942191919e6f2ed4fd9b994bcce7e4cdc5d9424ca885e96f203c6ad832f7d3c9ed7c2219fdcbcc39b53c1fa035894
|
|
7
|
+
data.tar.gz: 938ed97d6ceff25a073547230daa40ae00fd440371ed09bd3760cc7b76e77277e135da81485622a2dcb13273ba3233306eb19a91cfb98eae15b6cf6b820ffc66
|
data/CHANGELOG.md
CHANGED
|
@@ -28,8 +28,20 @@ class LogStash::Codecs::CloudTrail < LogStash::Codecs::Base
|
|
|
28
28
|
end
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
+
substitute_invalid_ip_address(event)
|
|
32
|
+
|
|
31
33
|
yield LogStash::Event.new(event)
|
|
32
34
|
end
|
|
33
35
|
end # def decode
|
|
34
36
|
|
|
37
|
+
# Workaround for https://github.com/logstash-plugins/logstash-codec-cloudtrail/issues/20
|
|
38
|
+
# API calls from support will fill the sourceIpAddress with a hostname string instead of an ip
|
|
39
|
+
# address.
|
|
40
|
+
def substitute_invalid_ip_address(event)
|
|
41
|
+
source_ip_address = event["sourceIpAddress"]
|
|
42
|
+
if source_ip_address && source_ip_address !~ Resolv::IPv4::Regex && source_ip_address !~ Resolv::IPv6::Regex
|
|
43
|
+
event["sourceHost"] = event.delete("sourceIpAddress")
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
35
47
|
end # class LogStash::Codecs::CloudTrail
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-cloudtrail'
|
|
4
|
-
s.version = '3.0.
|
|
4
|
+
s.version = '3.0.5'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Process AWS CloudTrail formatted messages"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -1,9 +1,21 @@
|
|
|
1
1
|
require "logstash/devutils/rspec/spec_helper"
|
|
2
2
|
require "logstash/plugin"
|
|
3
3
|
require "logstash/codecs/cloudtrail"
|
|
4
|
+
require 'resolv'
|
|
4
5
|
|
|
5
6
|
describe LogStash::Codecs::CloudTrail do
|
|
6
7
|
|
|
8
|
+
shared_examples_for "it handles valid ip addresses" do
|
|
9
|
+
it 'should pass through valid ip addresses' do
|
|
10
|
+
ip_addresses.each do |valid_ip_address|
|
|
11
|
+
subject.decode("{\"Records\":[{\"sourceIpAddress\":\"#{valid_ip_address}\"}]}") do |event|
|
|
12
|
+
expect(event.get("sourceIpAddress")).to eq(valid_ip_address)
|
|
13
|
+
expect(event.get("sourceHost")).to be_nil
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
7
19
|
describe '#decode' do
|
|
8
20
|
it 'accepts data without a Records property' do
|
|
9
21
|
expect { |b|
|
|
@@ -16,5 +28,29 @@ describe LogStash::Codecs::CloudTrail do
|
|
|
16
28
|
subject.decode('{"Records":[{"requestParameters":null}]}', &b)
|
|
17
29
|
}.to yield_control
|
|
18
30
|
end
|
|
31
|
+
|
|
32
|
+
context 'with ipv4 sourceIpAddress values' do
|
|
33
|
+
let(:ip_addresses) { ["127.0.0.1", "8.8.8.8", "10.10.10.10", "100.100.100.100", "1.12.123.234"] }
|
|
34
|
+
it_behaves_like 'it handles valid ip addresses'
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
context 'with ipv6 sourceIpAddress values' do
|
|
38
|
+
let(:ip_addresses) { ["2001:0db8:85a3:0000:0000:8a2e:0370:7334", "2001:db8:85a3::8a2e:370:7334", "::1", "::"] }
|
|
39
|
+
it_behaves_like 'it handles valid ip addresses'
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
it 'accepts records with an invalid sourceIpAddress' do
|
|
43
|
+
subject.decode('{"Records":[{"sourceIpAddress":"www.elastic.co"}]}') do |event|
|
|
44
|
+
expect(event.get("sourceIpAddress")).to be_nil
|
|
45
|
+
expect(event.get("sourceHost")).to eq("www.elastic.co")
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
it 'accepts records with a no sourceIpAddress' do
|
|
50
|
+
subject.decode('{"Records":[{"sourceIpAddress":null}]}') do |event|
|
|
51
|
+
expect(event.get("sourceIpAddress")).to be_nil
|
|
52
|
+
expect(event.get("sourceHost")).to be_nil
|
|
53
|
+
end
|
|
54
|
+
end
|
|
19
55
|
end
|
|
20
56
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-cloudtrail
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-06-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|