logstash-codec-nmap 0.0.10 → 0.0.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +2 -0
- data/lib/logstash/codecs/nmap.rb +14 -2
- data/logstash-codec-nmap.gemspec +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ebf05a1ad0bf425d2a15b825abf327e0a1a77647
|
|
4
|
+
data.tar.gz: 45f9bd20918f3650de8ba7b6f3cd443bc7bf32ab
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c4a1b180f4390fc46f9e8b16d67df42c8ec0bb38297701a03c8ca3ca5fc434eb36f535286f7c4b77e269631d5a64dded66bec6f618ecc5a205ac7a3ce56f7e2d
|
|
7
|
+
data.tar.gz: 7d87b7c877292beffc5aa60f649a96dcaee8302ed0a22c01d7aaeb539b598c0934e2e258361d9d981c48d10f6e2cf85c1caf214914cf1fec797c18bc0a5d5a36
|
data/CHANGELOG.md
CHANGED
data/lib/logstash/codecs/nmap.rb
CHANGED
|
@@ -3,7 +3,10 @@ require "logstash/codecs/base"
|
|
|
3
3
|
require "nmap/xml"
|
|
4
4
|
require 'securerandom'
|
|
5
5
|
|
|
6
|
-
# This codec
|
|
6
|
+
# This codec is used to parse https://nmap.org/[namp] output data which is serialized in XML format. Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing.
|
|
7
|
+
# For more information on nmap, see https://nmap.org/.
|
|
8
|
+
#
|
|
9
|
+
# This codec can only be used for decoding data.
|
|
7
10
|
#
|
|
8
11
|
# Event types are listed below
|
|
9
12
|
#
|
|
@@ -41,11 +44,20 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
|
41
44
|
# This really needs to be put into ruby-nmap
|
|
42
45
|
scan_host_stats = Hash[xml.instance_variable_get(:@doc).xpath('/nmaprun[@scanner="nmap"]/runstats/hosts').first.attributes.map {|k,v| [k,v.value.to_i]}]
|
|
43
46
|
|
|
47
|
+
finished_info = Hash[xml.instance_variable_get(:@doc).xpath('/nmaprun[@scanner="nmap"]/runstats/finished').first.attributes.map {|k,v| [k,v.value] }]
|
|
48
|
+
finished_info["elapsed"] = finished_info["elapsed"].to_f
|
|
49
|
+
finished_info["time"] = timeify(Time.at(finished_info["time"].to_i))
|
|
50
|
+
|
|
51
|
+
run_stats = hashify_struct(xml.run_stats.first)
|
|
52
|
+
run_stats["finished"] = finished_info
|
|
53
|
+
|
|
44
54
|
if @emit_scan_metadata
|
|
45
55
|
yield LogStash::Event.new(base.merge({
|
|
46
56
|
'type' => 'nmap_scan_metadata',
|
|
47
57
|
'host_stats' => scan_host_stats,
|
|
48
|
-
'run_stats' =>
|
|
58
|
+
'run_stats' => run_stats,
|
|
59
|
+
'start_time' => timeify(xml.scanner.start_time),
|
|
60
|
+
'end_time' => run_stats["finished"]["time"]
|
|
49
61
|
}))
|
|
50
62
|
end
|
|
51
63
|
|
data/logstash-codec-nmap.gemspec
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-nmap'
|
|
4
|
-
s.version = '0.0.
|
|
4
|
+
s.version = '0.0.11'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "This codec may be used to decode Nmap XML"
|
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|