logstash-codec-nmap 0.0.18 → 0.0.19
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +10 -1
- data/docs/index.asciidoc +81 -0
- data/logstash-codec-nmap.gemspec +2 -2
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 65b8ca71640b64d9e2177098e2b16c3258710d97
|
4
|
+
data.tar.gz: dc21a7499b75a6f3403811b729f026336679d8d4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3a499c610e4da6ebbf9833b60850b0f31ff21e8340ebd3f2fb880ccb4b6789be20ddf8bbc5bda036ec4fc8038523e134f2b48044c5d3a0dcd96d7377d25681a3
|
7
|
+
data.tar.gz: 4b060e3cc6765df6c697788b9d88f17b53de27c07d6027e0714bb711bc4d216815610b28516d1631d1efed593cd6072e3adb4491cf281ba67d099593cb137fd8
|
data/Gemfile
CHANGED
@@ -1,2 +1,11 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
|
-
|
2
|
+
|
3
|
+
gemspec
|
4
|
+
|
5
|
+
logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
|
6
|
+
use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
|
7
|
+
|
8
|
+
if Dir.exist?(logstash_path) && use_logstash_source
|
9
|
+
gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
|
10
|
+
gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
|
11
|
+
end
|
data/docs/index.asciidoc
ADDED
@@ -0,0 +1,81 @@
|
|
1
|
+
:plugin: nmap
|
2
|
+
:type: codec
|
3
|
+
|
4
|
+
///////////////////////////////////////////
|
5
|
+
START - GENERATED VARIABLES, DO NOT EDIT!
|
6
|
+
///////////////////////////////////////////
|
7
|
+
:version: %VERSION%
|
8
|
+
:release_date: %RELEASE_DATE%
|
9
|
+
:changelog_url: %CHANGELOG_URL%
|
10
|
+
:include_path: ../../../../logstash/docs/include
|
11
|
+
///////////////////////////////////////////
|
12
|
+
END - GENERATED VARIABLES, DO NOT EDIT!
|
13
|
+
///////////////////////////////////////////
|
14
|
+
|
15
|
+
[id="plugins-{type}-{plugin}"]
|
16
|
+
|
17
|
+
=== Nmap codec plugin
|
18
|
+
|
19
|
+
include::{include_path}/plugin_header.asciidoc[]
|
20
|
+
|
21
|
+
==== Description
|
22
|
+
|
23
|
+
This codec is used to parse https://nmap.org/[namp] output data which is serialized in XML format. Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing.
|
24
|
+
For more information on nmap, see https://nmap.org/.
|
25
|
+
|
26
|
+
This codec can only be used for decoding data.
|
27
|
+
|
28
|
+
Event types are listed below
|
29
|
+
|
30
|
+
`nmap_scan_metadata`: An object containing top level information about the scan, including how many hosts were up, and how many were down. Useful for the case where you need to check if a DNS based hostname does not resolve, where both those numbers will be zero.
|
31
|
+
`nmap_host`: One event is created per host. The full data covering an individual host, including open ports and traceroute information as a nested structure.
|
32
|
+
`nmap_port`: One event is created per host/port. This duplicates data already in `nmap_host`: This was put in for the case where you want to model ports as separate documents in Elasticsearch (which Kibana prefers).
|
33
|
+
`nmap_traceroute_link`: One of these is output per traceroute 'connection', with a `from` and a `to` object describing each hop. Note that traceroute hop data is not always correct due to the fact that each tracing ICMP packet may take a different route. Also very useful for Kibana visualizations.
|
34
|
+
|
35
|
+
[id="plugins-{type}s-{plugin}-options"]
|
36
|
+
==== Nmap Codec Configuration Options
|
37
|
+
|
38
|
+
[cols="<,<,<",options="header",]
|
39
|
+
|=======================================================================
|
40
|
+
|Setting |Input type|Required
|
41
|
+
| <<plugins-{type}s-{plugin}-emit_hosts>> |<<boolean,boolean>>|No
|
42
|
+
| <<plugins-{type}s-{plugin}-emit_ports>> |<<boolean,boolean>>|No
|
43
|
+
| <<plugins-{type}s-{plugin}-emit_scan_metadata>> |<<boolean,boolean>>|No
|
44
|
+
| <<plugins-{type}s-{plugin}-emit_traceroute_links>> |<<boolean,boolean>>|No
|
45
|
+
|=======================================================================
|
46
|
+
|
47
|
+
|
48
|
+
|
49
|
+
[id="plugins-{type}s-{plugin}-emit_hosts"]
|
50
|
+
===== `emit_hosts`
|
51
|
+
|
52
|
+
* Value type is <<boolean,boolean>>
|
53
|
+
* Default value is `true`
|
54
|
+
|
55
|
+
Emit all host data as a nested document (including ports + traceroutes) with the type 'nmap_fullscan'
|
56
|
+
|
57
|
+
[id="plugins-{type}s-{plugin}-emit_ports"]
|
58
|
+
===== `emit_ports`
|
59
|
+
|
60
|
+
* Value type is <<boolean,boolean>>
|
61
|
+
* Default value is `true`
|
62
|
+
|
63
|
+
Emit each port as a separate document with type 'nmap_port'
|
64
|
+
|
65
|
+
[id="plugins-{type}s-{plugin}-emit_scan_metadata"]
|
66
|
+
===== `emit_scan_metadata`
|
67
|
+
|
68
|
+
* Value type is <<boolean,boolean>>
|
69
|
+
* Default value is `true`
|
70
|
+
|
71
|
+
Emit scan metadata
|
72
|
+
|
73
|
+
[id="plugins-{type}s-{plugin}-emit_traceroute_links"]
|
74
|
+
===== `emit_traceroute_links`
|
75
|
+
|
76
|
+
* Value type is <<boolean,boolean>>
|
77
|
+
* Default value is `true`
|
78
|
+
|
79
|
+
Emit each hop_tuple of the traceroute with type 'nmap_traceroute_link'
|
80
|
+
|
81
|
+
|
data/logstash-codec-nmap.gemspec
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-codec-nmap'
|
4
|
-
s.version = '0.0.
|
4
|
+
s.version = '0.0.19'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "This codec may be used to decode Nmap XML"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
|
|
11
11
|
s.require_paths = ["lib"]
|
12
12
|
|
13
13
|
# Files
|
14
|
-
s.files = Dir[
|
14
|
+
s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
|
15
15
|
|
16
16
|
# Tests
|
17
17
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-codec-nmap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.19
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-06-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -69,6 +69,7 @@ files:
|
|
69
69
|
- LICENSE
|
70
70
|
- NOTICE.TXT
|
71
71
|
- README.md
|
72
|
+
- docs/index.asciidoc
|
72
73
|
- lib/logstash/codecs/nmap.rb
|
73
74
|
- logstash-codec-nmap.gemspec
|
74
75
|
- spec/codecs/nmap_spec.rb
|