logstash-codec-nmap 0.0.11 → 0.0.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/logstash/codecs/nmap.rb +14 -3
- data/logstash-codec-nmap.gemspec +2 -2
- data/spec/codecs/nmap_spec.rb +9 -0
- metadata +21 -27
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c4283b1e2e5d98d0059a583a7ce15da6556c3863
|
4
|
+
data.tar.gz: ae28a0e2d6175d454aaf4b0d865d262599479359
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 50a779318b18519ec4d2260635420e05678318b859be479e0f3b1b0d8993dcce69aa193299fd7a01f442f881eb6c8c7961576f7bcd5dee346713d9f67f817bda
|
7
|
+
data.tar.gz: f30d57dc4a61e340c24262842bdc424baefc84e4f54badb87089a68aa1c02eda626b62ff727b8a75ba93bdb432fe5c77a4a13835ba92fb495ad245f225069dcd
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
# 0.0.15
|
2
|
+
- Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash
|
3
|
+
# 0.0.14
|
4
|
+
- New dependency requirements for logstash-core for the 5.0 release
|
5
|
+
## 0.0.13
|
6
|
+
- Actually include 'times' element
|
7
|
+
## 0.0.12
|
8
|
+
- Improve mapping examples
|
9
|
+
- Fix IDs for nmap_scan_metadata
|
1
10
|
## 0.0.11
|
2
11
|
- Add start/end times for nmap_scan_metadata documents
|
3
12
|
## 0.0.10
|
data/lib/logstash/codecs/nmap.rb
CHANGED
@@ -53,11 +53,12 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
53
53
|
|
54
54
|
if @emit_scan_metadata
|
55
55
|
yield LogStash::Event.new(base.merge({
|
56
|
+
'id' => scan_id,
|
56
57
|
'type' => 'nmap_scan_metadata',
|
57
58
|
'host_stats' => scan_host_stats,
|
58
|
-
'run_stats' => run_stats,
|
59
59
|
'start_time' => timeify(xml.scanner.start_time),
|
60
|
-
'end_time' => run_stats["finished"]["time"]
|
60
|
+
'end_time' => run_stats["finished"]["time"],
|
61
|
+
'run_stats' => hashify_run_stats(xml.run_stats.first)
|
61
62
|
}))
|
62
63
|
end
|
63
64
|
|
@@ -122,6 +123,10 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
122
123
|
h['start_time'] = timeify(host.start_time, scan_start)
|
123
124
|
h['end_time'] = timeify(host.end_time, scan_start)
|
124
125
|
|
126
|
+
# Needs to be pached in ruby-nmap
|
127
|
+
times = host.instance_variable_get(:@node).xpath("times").first
|
128
|
+
h['times'] = Hash[times.first.map {|k,v| [k,v.to_i]}] if times
|
129
|
+
|
125
130
|
# These two are actually different.
|
126
131
|
# Address may contain a MAC, addresses will not AFAICT
|
127
132
|
h['addresses'] = hashify_structs(host.addresses)
|
@@ -139,6 +144,12 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
139
144
|
h
|
140
145
|
end
|
141
146
|
|
147
|
+
def hashify_run_stats(run_stats)
|
148
|
+
h = hashify_struct(run_stats)
|
149
|
+
h["elapsed"] = h["elapsed"].to_f
|
150
|
+
h
|
151
|
+
end
|
152
|
+
|
142
153
|
def hashify_status(status)
|
143
154
|
return unless status
|
144
155
|
|
@@ -246,7 +257,7 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
246
257
|
end
|
247
258
|
|
248
259
|
def hashify_struct(struct)
|
249
|
-
Hash[struct.each_pair.map {|k,v| [k, de_keyword(v)]}]
|
260
|
+
Hash[struct.each_pair.map {|k,v| [de_keyword(k), de_keyword(v)]}]
|
250
261
|
end
|
251
262
|
|
252
263
|
def de_keyword(value)
|
data/logstash-codec-nmap.gemspec
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-codec-nmap'
|
4
|
-
s.version = '0.0.
|
4
|
+
s.version = '0.0.15'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "This codec may be used to decode Nmap XML"
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
|
|
20
20
|
s.metadata = { "logstash_plugin" => "true", "logstash_group" => "codec" }
|
21
21
|
|
22
22
|
# Gem dependencies
|
23
|
-
s.add_runtime_dependency "logstash-core", "
|
23
|
+
s.add_runtime_dependency "logstash-core-plugin-api", "~> 1.0"
|
24
24
|
s.add_runtime_dependency 'ruby-nmap'
|
25
25
|
|
26
26
|
s.add_development_dependency 'logstash-devutils'
|
data/spec/codecs/nmap_spec.rb
CHANGED
@@ -27,6 +27,15 @@ describe LogStash::Codecs::Nmap do
|
|
27
27
|
expect(event).to be_a(LogStash::Event)
|
28
28
|
end
|
29
29
|
end
|
30
|
+
|
31
|
+
let(:ids) { subject.map {|e| e["id"] } }
|
32
|
+
it "should add a unique id field to all events" do
|
33
|
+
expect(ids).to eql(ids.uniq)
|
34
|
+
end
|
35
|
+
|
36
|
+
it "should not have any null id fields" do
|
37
|
+
expect(ids.include?(nil)).to be_falsey
|
38
|
+
end
|
30
39
|
end
|
31
40
|
|
32
41
|
describe "parsing traceroutes" do
|
metadata
CHANGED
@@ -1,63 +1,57 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-codec-nmap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.15
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-03-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name: logstash-core
|
15
|
-
version_requirements: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - '>='
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: 2.0.0
|
20
|
-
- - <
|
21
|
-
- !ruby/object:Gem::Version
|
22
|
-
version: 3.0.0
|
23
14
|
requirement: !ruby/object:Gem::Requirement
|
24
15
|
requirements:
|
25
|
-
- -
|
26
|
-
- !ruby/object:Gem::Version
|
27
|
-
version: 2.0.0
|
28
|
-
- - <
|
16
|
+
- - "~>"
|
29
17
|
- !ruby/object:Gem::Version
|
30
|
-
version:
|
18
|
+
version: '1.0'
|
19
|
+
name: logstash-core-plugin-api
|
31
20
|
prerelease: false
|
32
21
|
type: :runtime
|
33
|
-
- !ruby/object:Gem::Dependency
|
34
|
-
name: ruby-nmap
|
35
22
|
version_requirements: !ruby/object:Gem::Requirement
|
36
23
|
requirements:
|
37
|
-
- -
|
24
|
+
- - "~>"
|
38
25
|
- !ruby/object:Gem::Version
|
39
|
-
version: '0'
|
26
|
+
version: '1.0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
40
28
|
requirement: !ruby/object:Gem::Requirement
|
41
29
|
requirements:
|
42
|
-
- -
|
30
|
+
- - ">="
|
43
31
|
- !ruby/object:Gem::Version
|
44
32
|
version: '0'
|
33
|
+
name: ruby-nmap
|
45
34
|
prerelease: false
|
46
35
|
type: :runtime
|
47
|
-
- !ruby/object:Gem::Dependency
|
48
|
-
name: logstash-devutils
|
49
36
|
version_requirements: !ruby/object:Gem::Requirement
|
50
37
|
requirements:
|
51
|
-
- -
|
38
|
+
- - ">="
|
52
39
|
- !ruby/object:Gem::Version
|
53
40
|
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
54
42
|
requirement: !ruby/object:Gem::Requirement
|
55
43
|
requirements:
|
56
|
-
- -
|
44
|
+
- - ">="
|
57
45
|
- !ruby/object:Gem::Version
|
58
46
|
version: '0'
|
47
|
+
name: logstash-devutils
|
59
48
|
prerelease: false
|
60
49
|
type: :development
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
61
55
|
description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
|
62
56
|
email: info@elastic.co
|
63
57
|
executables: []
|
@@ -94,12 +88,12 @@ require_paths:
|
|
94
88
|
- lib
|
95
89
|
required_ruby_version: !ruby/object:Gem::Requirement
|
96
90
|
requirements:
|
97
|
-
- -
|
91
|
+
- - ">="
|
98
92
|
- !ruby/object:Gem::Version
|
99
93
|
version: '0'
|
100
94
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
101
95
|
requirements:
|
102
|
-
- -
|
96
|
+
- - ">="
|
103
97
|
- !ruby/object:Gem::Version
|
104
98
|
version: '0'
|
105
99
|
requirements: []
|