logstash-filter-accesswatch 0.2.2 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/logstash/filters/accesswatch.rb +38 -38
- data/logstash-filter-accesswatch.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cedc5dc69f6d2193285d7e153ef22ce7f3cb8c3aff03bbb5079f37c08d016b71
|
|
4
|
+
data.tar.gz: ee8a7a72f282a9de6ad1a141749f42c7fe9c25c80109e0c052440b08f89d0e32
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f5f0d92cf045ff741810168fafd6753077e47d3ce5399a986fd46521625338b94ddc123109d7377df208beb0377e115de29008ce609307c31f0f6beebe73b8c2
|
|
7
|
+
data.tar.gz: 962d33aab0a947a1f6a1b08a9489f8d7324d17cd595d7c3b809c572210a989415d6c01c1e41596696c9233e69abad4d947aec43a505693abaa754bb7efcdb289
|
|
@@ -39,8 +39,12 @@ class LogStash::Filters::Accesswatch < LogStash::Filters::Base
|
|
|
39
39
|
# The destination field for reputation data
|
|
40
40
|
config :reputation_destination, :validate => :string
|
|
41
41
|
|
|
42
|
+
# The destination field for identity data
|
|
43
|
+
config :identity_destination, :validate => :string
|
|
44
|
+
|
|
42
45
|
@@address_keys = ["value", "hostname", "country_code", "flags"]
|
|
43
46
|
@@robot_keys = ["id", "name", "url"]
|
|
47
|
+
@@identity_keys = ["type"]
|
|
44
48
|
|
|
45
49
|
public
|
|
46
50
|
def register
|
|
@@ -49,17 +53,13 @@ class LogStash::Filters::Accesswatch < LogStash::Filters::Base
|
|
|
49
53
|
end
|
|
50
54
|
end
|
|
51
55
|
|
|
52
|
-
def
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
else
|
|
58
|
-
@logger.error("Access Watch (#{data["code"]}): #{data["message"]}")
|
|
59
|
-
{:status => :error,
|
|
60
|
-
:code => data["code"],
|
|
61
|
-
:message => data["message"]}
|
|
56
|
+
def submit(&block)
|
|
57
|
+
http_response = block.call
|
|
58
|
+
data = JSON.parse(http_response.body)
|
|
59
|
+
if http_response.code != 200
|
|
60
|
+
raise "Access Watch (#{data["code"]}): #{data["message"]}"
|
|
62
61
|
end
|
|
62
|
+
data
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
def url(path)
|
|
@@ -67,21 +67,23 @@ class LogStash::Filters::Accesswatch < LogStash::Filters::Base
|
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
def get_json(path)
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
70
|
+
self.submit {
|
|
71
|
+
self.client.get(self.url(path),
|
|
72
|
+
headers: {"Api-Key" => @api_key,
|
|
73
|
+
"Accept" => "application/json",
|
|
74
|
+
"User-Agent" => "Access Watch Logstash Plugin/0.2.0"})
|
|
75
|
+
}
|
|
75
76
|
end
|
|
76
77
|
|
|
77
78
|
def post_json(path, data)
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
79
|
+
self.submit {
|
|
80
|
+
self.client.post(self.url(path),
|
|
81
|
+
headers: {"Api-Key" => @api_key,
|
|
82
|
+
"Accept" => "application/json",
|
|
83
|
+
"Content-Type" => "application/json",
|
|
84
|
+
"User-Agent" => "Access Watch Logstash Plugin/0.2.0"},
|
|
85
|
+
body: JSON.generate(data))
|
|
86
|
+
}
|
|
85
87
|
end
|
|
86
88
|
|
|
87
89
|
def with_cache(id, &block)
|
|
@@ -123,26 +125,24 @@ class LogStash::Filters::Accesswatch < LogStash::Filters::Base
|
|
|
123
125
|
|
|
124
126
|
public
|
|
125
127
|
def filter(event)
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
data = response[:data]
|
|
128
|
+
begin
|
|
129
|
+
ip = event.get(@ip_source)
|
|
130
|
+
user_agent = event.get(@user_agent_source)
|
|
131
|
+
if @ip_source and @user_agent_source
|
|
132
|
+
data = self.fetch_identity(ip, user_agent)
|
|
132
133
|
self.augment(event, @address_destination, data["address"], @@address_keys)
|
|
133
134
|
self.augment(event, @robot_destination, data["robot"], @@robot_keys)
|
|
134
135
|
self.augment(event, @reputation_destination, data["reputation"])
|
|
136
|
+
self.augment(event, @identity_destination, data, @@identity_keys)
|
|
137
|
+
elsif @ip_source
|
|
138
|
+
data = self.fetch_address(ip)
|
|
139
|
+
self.augment(event, @address_destination, data, @@address_keys)
|
|
140
|
+
else
|
|
141
|
+
data = self.fetch_user_agent(user_agent)
|
|
142
|
+
self.augment(event, @user_agent_destination, data)
|
|
135
143
|
end
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
if response[:status] == :success
|
|
139
|
-
self.augment(event, @address_destination, response[:data], @@address_keys)
|
|
140
|
-
end
|
|
141
|
-
else
|
|
142
|
-
response = self.fetch_user_agent(user_agent)
|
|
143
|
-
if response[:status] == :success
|
|
144
|
-
self.augment(event, @user_agent_destination, response[:data])
|
|
145
|
-
end
|
|
144
|
+
rescue => e
|
|
145
|
+
@logger.error("Error augmenting the data.", error: e)
|
|
146
146
|
end
|
|
147
147
|
filter_matched(event)
|
|
148
148
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# coding: utf-8
|
|
2
2
|
Gem::Specification.new do |s|
|
|
3
3
|
s.name = 'logstash-filter-accesswatch'
|
|
4
|
-
s.version = '0.2.
|
|
4
|
+
s.version = '0.2.3'
|
|
5
5
|
s.licenses = ['Apache-2.0']
|
|
6
6
|
s.summary = 'The Logstash filter plugin for Access Watch (http://access.watch).'
|
|
7
7
|
s.description = 'The Access Watch filter adds information about robots visiting your website based on data from our robot database.'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-accesswatch
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Benoît Fleury
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-07-
|
|
11
|
+
date: 2017-07-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|