logstash-filter-accesswatch 0.2.2 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/logstash/filters/accesswatch.rb +38 -38
- data/logstash-filter-accesswatch.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cedc5dc69f6d2193285d7e153ef22ce7f3cb8c3aff03bbb5079f37c08d016b71
|
|
4
|
+
data.tar.gz: ee8a7a72f282a9de6ad1a141749f42c7fe9c25c80109e0c052440b08f89d0e32
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f5f0d92cf045ff741810168fafd6753077e47d3ce5399a986fd46521625338b94ddc123109d7377df208beb0377e115de29008ce609307c31f0f6beebe73b8c2
|
|
7
|
+
data.tar.gz: 962d33aab0a947a1f6a1b08a9489f8d7324d17cd595d7c3b809c572210a989415d6c01c1e41596696c9233e69abad4d947aec43a505693abaa754bb7efcdb289
|
|
@@ -39,8 +39,12 @@ class LogStash::Filters::Accesswatch < LogStash::Filters::Base
|
|
|
39
39
|
# The destination field for reputation data
|
|
40
40
|
config :reputation_destination, :validate => :string
|
|
41
41
|
|
|
42
|
+
# The destination field for identity data
|
|
43
|
+
config :identity_destination, :validate => :string
|
|
44
|
+
|
|
42
45
|
@@address_keys = ["value", "hostname", "country_code", "flags"]
|
|
43
46
|
@@robot_keys = ["id", "name", "url"]
|
|
47
|
+
@@identity_keys = ["type"]
|
|
44
48
|
|
|
45
49
|
public
|
|
46
50
|
def register
|
|
@@ -49,17 +53,13 @@ class LogStash::Filters::Accesswatch < LogStash::Filters::Base
|
|
|
49
53
|
end
|
|
50
54
|
end
|
|
51
55
|
|
|
52
|
-
def
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
else
|
|
58
|
-
@logger.error("Access Watch (#{data["code"]}): #{data["message"]}")
|
|
59
|
-
{:status => :error,
|
|
60
|
-
:code => data["code"],
|
|
61
|
-
:message => data["message"]}
|
|
56
|
+
def submit(&block)
|
|
57
|
+
http_response = block.call
|
|
58
|
+
data = JSON.parse(http_response.body)
|
|
59
|
+
if http_response.code != 200
|
|
60
|
+
raise "Access Watch (#{data["code"]}): #{data["message"]}"
|
|
62
61
|
end
|
|
62
|
+
data
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
def url(path)
|
|
@@ -67,21 +67,23 @@ class LogStash::Filters::Accesswatch < LogStash::Filters::Base
|
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
def get_json(path)
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
70
|
+
self.submit {
|
|
71
|
+
self.client.get(self.url(path),
|
|
72
|
+
headers: {"Api-Key" => @api_key,
|
|
73
|
+
"Accept" => "application/json",
|
|
74
|
+
"User-Agent" => "Access Watch Logstash Plugin/0.2.0"})
|
|
75
|
+
}
|
|
75
76
|
end
|
|
76
77
|
|
|
77
78
|
def post_json(path, data)
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
79
|
+
self.submit {
|
|
80
|
+
self.client.post(self.url(path),
|
|
81
|
+
headers: {"Api-Key" => @api_key,
|
|
82
|
+
"Accept" => "application/json",
|
|
83
|
+
"Content-Type" => "application/json",
|
|
84
|
+
"User-Agent" => "Access Watch Logstash Plugin/0.2.0"},
|
|
85
|
+
body: JSON.generate(data))
|
|
86
|
+
}
|
|
85
87
|
end
|
|
86
88
|
|
|
87
89
|
def with_cache(id, &block)
|
|
@@ -123,26 +125,24 @@ class LogStash::Filters::Accesswatch < LogStash::Filters::Base
|
|
|
123
125
|
|
|
124
126
|
public
|
|
125
127
|
def filter(event)
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
data = response[:data]
|
|
128
|
+
begin
|
|
129
|
+
ip = event.get(@ip_source)
|
|
130
|
+
user_agent = event.get(@user_agent_source)
|
|
131
|
+
if @ip_source and @user_agent_source
|
|
132
|
+
data = self.fetch_identity(ip, user_agent)
|
|
132
133
|
self.augment(event, @address_destination, data["address"], @@address_keys)
|
|
133
134
|
self.augment(event, @robot_destination, data["robot"], @@robot_keys)
|
|
134
135
|
self.augment(event, @reputation_destination, data["reputation"])
|
|
136
|
+
self.augment(event, @identity_destination, data, @@identity_keys)
|
|
137
|
+
elsif @ip_source
|
|
138
|
+
data = self.fetch_address(ip)
|
|
139
|
+
self.augment(event, @address_destination, data, @@address_keys)
|
|
140
|
+
else
|
|
141
|
+
data = self.fetch_user_agent(user_agent)
|
|
142
|
+
self.augment(event, @user_agent_destination, data)
|
|
135
143
|
end
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
if response[:status] == :success
|
|
139
|
-
self.augment(event, @address_destination, response[:data], @@address_keys)
|
|
140
|
-
end
|
|
141
|
-
else
|
|
142
|
-
response = self.fetch_user_agent(user_agent)
|
|
143
|
-
if response[:status] == :success
|
|
144
|
-
self.augment(event, @user_agent_destination, response[:data])
|
|
145
|
-
end
|
|
144
|
+
rescue => e
|
|
145
|
+
@logger.error("Error augmenting the data.", error: e)
|
|
146
146
|
end
|
|
147
147
|
filter_matched(event)
|
|
148
148
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# coding: utf-8
|
|
2
2
|
Gem::Specification.new do |s|
|
|
3
3
|
s.name = 'logstash-filter-accesswatch'
|
|
4
|
-
s.version = '0.2.
|
|
4
|
+
s.version = '0.2.3'
|
|
5
5
|
s.licenses = ['Apache-2.0']
|
|
6
6
|
s.summary = 'The Logstash filter plugin for Access Watch (http://access.watch).'
|
|
7
7
|
s.description = 'The Access Watch filter adds information about robots visiting your website based on data from our robot database.'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-accesswatch
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Benoît Fleury
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-07-
|
|
11
|
+
date: 2017-07-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|