logstash-codec-nmap 0.0.18 → 0.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +10 -1
- data/docs/index.asciidoc +81 -0
- data/logstash-codec-nmap.gemspec +2 -2
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 65b8ca71640b64d9e2177098e2b16c3258710d97
|
|
4
|
+
data.tar.gz: dc21a7499b75a6f3403811b729f026336679d8d4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3a499c610e4da6ebbf9833b60850b0f31ff21e8340ebd3f2fb880ccb4b6789be20ddf8bbc5bda036ec4fc8038523e134f2b48044c5d3a0dcd96d7377d25681a3
|
|
7
|
+
data.tar.gz: 4b060e3cc6765df6c697788b9d88f17b53de27c07d6027e0714bb711bc4d216815610b28516d1631d1efed593cd6072e3adb4491cf281ba67d099593cb137fd8
|
data/Gemfile
CHANGED
|
@@ -1,2 +1,11 @@
|
|
|
1
1
|
source 'https://rubygems.org'
|
|
2
|
-
|
|
2
|
+
|
|
3
|
+
gemspec
|
|
4
|
+
|
|
5
|
+
logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
|
|
6
|
+
use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
|
|
7
|
+
|
|
8
|
+
if Dir.exist?(logstash_path) && use_logstash_source
|
|
9
|
+
gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
|
|
10
|
+
gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
|
|
11
|
+
end
|
data/docs/index.asciidoc
ADDED
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
:plugin: nmap
|
|
2
|
+
:type: codec
|
|
3
|
+
|
|
4
|
+
///////////////////////////////////////////
|
|
5
|
+
START - GENERATED VARIABLES, DO NOT EDIT!
|
|
6
|
+
///////////////////////////////////////////
|
|
7
|
+
:version: %VERSION%
|
|
8
|
+
:release_date: %RELEASE_DATE%
|
|
9
|
+
:changelog_url: %CHANGELOG_URL%
|
|
10
|
+
:include_path: ../../../../logstash/docs/include
|
|
11
|
+
///////////////////////////////////////////
|
|
12
|
+
END - GENERATED VARIABLES, DO NOT EDIT!
|
|
13
|
+
///////////////////////////////////////////
|
|
14
|
+
|
|
15
|
+
[id="plugins-{type}-{plugin}"]
|
|
16
|
+
|
|
17
|
+
=== Nmap codec plugin
|
|
18
|
+
|
|
19
|
+
include::{include_path}/plugin_header.asciidoc[]
|
|
20
|
+
|
|
21
|
+
==== Description
|
|
22
|
+
|
|
23
|
+
This codec is used to parse https://nmap.org/[namp] output data which is serialized in XML format. Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing.
|
|
24
|
+
For more information on nmap, see https://nmap.org/.
|
|
25
|
+
|
|
26
|
+
This codec can only be used for decoding data.
|
|
27
|
+
|
|
28
|
+
Event types are listed below
|
|
29
|
+
|
|
30
|
+
`nmap_scan_metadata`: An object containing top level information about the scan, including how many hosts were up, and how many were down. Useful for the case where you need to check if a DNS based hostname does not resolve, where both those numbers will be zero.
|
|
31
|
+
`nmap_host`: One event is created per host. The full data covering an individual host, including open ports and traceroute information as a nested structure.
|
|
32
|
+
`nmap_port`: One event is created per host/port. This duplicates data already in `nmap_host`: This was put in for the case where you want to model ports as separate documents in Elasticsearch (which Kibana prefers).
|
|
33
|
+
`nmap_traceroute_link`: One of these is output per traceroute 'connection', with a `from` and a `to` object describing each hop. Note that traceroute hop data is not always correct due to the fact that each tracing ICMP packet may take a different route. Also very useful for Kibana visualizations.
|
|
34
|
+
|
|
35
|
+
[id="plugins-{type}s-{plugin}-options"]
|
|
36
|
+
==== Nmap Codec Configuration Options
|
|
37
|
+
|
|
38
|
+
[cols="<,<,<",options="header",]
|
|
39
|
+
|=======================================================================
|
|
40
|
+
|Setting |Input type|Required
|
|
41
|
+
| <<plugins-{type}s-{plugin}-emit_hosts>> |<<boolean,boolean>>|No
|
|
42
|
+
| <<plugins-{type}s-{plugin}-emit_ports>> |<<boolean,boolean>>|No
|
|
43
|
+
| <<plugins-{type}s-{plugin}-emit_scan_metadata>> |<<boolean,boolean>>|No
|
|
44
|
+
| <<plugins-{type}s-{plugin}-emit_traceroute_links>> |<<boolean,boolean>>|No
|
|
45
|
+
|=======================================================================
|
|
46
|
+
|
|
47
|
+
|
|
48
|
+
|
|
49
|
+
[id="plugins-{type}s-{plugin}-emit_hosts"]
|
|
50
|
+
===== `emit_hosts`
|
|
51
|
+
|
|
52
|
+
* Value type is <<boolean,boolean>>
|
|
53
|
+
* Default value is `true`
|
|
54
|
+
|
|
55
|
+
Emit all host data as a nested document (including ports + traceroutes) with the type 'nmap_fullscan'
|
|
56
|
+
|
|
57
|
+
[id="plugins-{type}s-{plugin}-emit_ports"]
|
|
58
|
+
===== `emit_ports`
|
|
59
|
+
|
|
60
|
+
* Value type is <<boolean,boolean>>
|
|
61
|
+
* Default value is `true`
|
|
62
|
+
|
|
63
|
+
Emit each port as a separate document with type 'nmap_port'
|
|
64
|
+
|
|
65
|
+
[id="plugins-{type}s-{plugin}-emit_scan_metadata"]
|
|
66
|
+
===== `emit_scan_metadata`
|
|
67
|
+
|
|
68
|
+
* Value type is <<boolean,boolean>>
|
|
69
|
+
* Default value is `true`
|
|
70
|
+
|
|
71
|
+
Emit scan metadata
|
|
72
|
+
|
|
73
|
+
[id="plugins-{type}s-{plugin}-emit_traceroute_links"]
|
|
74
|
+
===== `emit_traceroute_links`
|
|
75
|
+
|
|
76
|
+
* Value type is <<boolean,boolean>>
|
|
77
|
+
* Default value is `true`
|
|
78
|
+
|
|
79
|
+
Emit each hop_tuple of the traceroute with type 'nmap_traceroute_link'
|
|
80
|
+
|
|
81
|
+
|
data/logstash-codec-nmap.gemspec
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-nmap'
|
|
4
|
-
s.version = '0.0.
|
|
4
|
+
s.version = '0.0.19'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "This codec may be used to decode Nmap XML"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
|
|
|
11
11
|
s.require_paths = ["lib"]
|
|
12
12
|
|
|
13
13
|
# Files
|
|
14
|
-
s.files = Dir[
|
|
14
|
+
s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
|
|
15
15
|
|
|
16
16
|
# Tests
|
|
17
17
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-nmap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.19
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-06-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -69,6 +69,7 @@ files:
|
|
|
69
69
|
- LICENSE
|
|
70
70
|
- NOTICE.TXT
|
|
71
71
|
- README.md
|
|
72
|
+
- docs/index.asciidoc
|
|
72
73
|
- lib/logstash/codecs/nmap.rb
|
|
73
74
|
- logstash-codec-nmap.gemspec
|
|
74
75
|
- spec/codecs/nmap_spec.rb
|