logstash-filter-accesswatch 0.2.2 → 0.2.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 91290d2f1fbd7c8f4f52499b87d9aa9dda4f6e473904c1ab5e305742648d8e30
4
- data.tar.gz: e6aad19608b4f00dc30abd124e0804073fe92798cabdc6676e49ba9c58c7025c
3
+ metadata.gz: cedc5dc69f6d2193285d7e153ef22ce7f3cb8c3aff03bbb5079f37c08d016b71
4
+ data.tar.gz: ee8a7a72f282a9de6ad1a141749f42c7fe9c25c80109e0c052440b08f89d0e32
5
5
  SHA512:
6
- metadata.gz: 2c2c9e00fb7719212fa59c8a0e6944914156fc2db616c304350a591a0f7f0ef9f4d76d45161f4a07b88c4faedcec1a4eea3ef99047a1f382e2c833efd35b4681
7
- data.tar.gz: 84e8bdb3ad11aa79423598f943ce7bded37a75ce75c87aa2509b7174cb2f81836d55d2b35410a85810723aeacccce4114af10ad22d32444903126cd12634d255
6
+ metadata.gz: f5f0d92cf045ff741810168fafd6753077e47d3ce5399a986fd46521625338b94ddc123109d7377df208beb0377e115de29008ce609307c31f0f6beebe73b8c2
7
+ data.tar.gz: 962d33aab0a947a1f6a1b08a9489f8d7324d17cd595d7c3b809c572210a989415d6c01c1e41596696c9233e69abad4d947aec43a505693abaa754bb7efcdb289
@@ -39,8 +39,12 @@ class LogStash::Filters::Accesswatch < LogStash::Filters::Base
39
39
  # The destination field for reputation data
40
40
  config :reputation_destination, :validate => :string
41
41
 
42
+ # The destination field for identity data
43
+ config :identity_destination, :validate => :string
44
+
42
45
  @@address_keys = ["value", "hostname", "country_code", "flags"]
43
46
  @@robot_keys = ["id", "name", "url"]
47
+ @@identity_keys = ["type"]
44
48
 
45
49
  public
46
50
  def register
@@ -49,17 +53,13 @@ class LogStash::Filters::Accesswatch < LogStash::Filters::Base
49
53
  end
50
54
  end
51
55
 
52
- def handle_response(response)
53
- data = JSON.parse(response.body)
54
- if response.code == 200
55
- {:status => :success,
56
- :data => data}
57
- else
58
- @logger.error("Access Watch (#{data["code"]}): #{data["message"]}")
59
- {:status => :error,
60
- :code => data["code"],
61
- :message => data["message"]}
56
+ def submit(&block)
57
+ http_response = block.call
58
+ data = JSON.parse(http_response.body)
59
+ if http_response.code != 200
60
+ raise "Access Watch (#{data["code"]}): #{data["message"]}"
62
61
  end
62
+ data
63
63
  end
64
64
 
65
65
  def url(path)
@@ -67,21 +67,23 @@ class LogStash::Filters::Accesswatch < LogStash::Filters::Base
67
67
  end
68
68
 
69
69
  def get_json(path)
70
- response = self.client.get(self.url(path),
71
- headers: {"Api-Key" => @api_key,
72
- "Accept" => "application/json",
73
- "User-Agent" => "Access Watch Logstash Plugin/0.2.0"})
74
- self.handle_response(response)
70
+ self.submit {
71
+ self.client.get(self.url(path),
72
+ headers: {"Api-Key" => @api_key,
73
+ "Accept" => "application/json",
74
+ "User-Agent" => "Access Watch Logstash Plugin/0.2.0"})
75
+ }
75
76
  end
76
77
 
77
78
  def post_json(path, data)
78
- response = self.client.post(self.url(path),
79
- headers: {"Api-Key" => @api_key,
80
- "Accept" => "application/json",
81
- "Content-Type" => "application/json",
82
- "User-Agent" => "Access Watch Logstash Plugin/0.2.0"},
83
- body: JSON.generate(data))
84
- self.handle_response(response)
79
+ self.submit {
80
+ self.client.post(self.url(path),
81
+ headers: {"Api-Key" => @api_key,
82
+ "Accept" => "application/json",
83
+ "Content-Type" => "application/json",
84
+ "User-Agent" => "Access Watch Logstash Plugin/0.2.0"},
85
+ body: JSON.generate(data))
86
+ }
85
87
  end
86
88
 
87
89
  def with_cache(id, &block)
@@ -123,26 +125,24 @@ class LogStash::Filters::Accesswatch < LogStash::Filters::Base
123
125
 
124
126
  public
125
127
  def filter(event)
126
- ip = event.get(@ip_source)
127
- user_agent = event.get(@user_agent_source)
128
- if @ip_source and @user_agent_source
129
- response = self.fetch_identity(ip, user_agent)
130
- if response[:status] == :success
131
- data = response[:data]
128
+ begin
129
+ ip = event.get(@ip_source)
130
+ user_agent = event.get(@user_agent_source)
131
+ if @ip_source and @user_agent_source
132
+ data = self.fetch_identity(ip, user_agent)
132
133
  self.augment(event, @address_destination, data["address"], @@address_keys)
133
134
  self.augment(event, @robot_destination, data["robot"], @@robot_keys)
134
135
  self.augment(event, @reputation_destination, data["reputation"])
136
+ self.augment(event, @identity_destination, data, @@identity_keys)
137
+ elsif @ip_source
138
+ data = self.fetch_address(ip)
139
+ self.augment(event, @address_destination, data, @@address_keys)
140
+ else
141
+ data = self.fetch_user_agent(user_agent)
142
+ self.augment(event, @user_agent_destination, data)
135
143
  end
136
- elsif @ip_source
137
- response = self.fetch_address(ip)
138
- if response[:status] == :success
139
- self.augment(event, @address_destination, response[:data], @@address_keys)
140
- end
141
- else
142
- response = self.fetch_user_agent(user_agent)
143
- if response[:status] == :success
144
- self.augment(event, @user_agent_destination, response[:data])
145
- end
144
+ rescue => e
145
+ @logger.error("Error augmenting the data.", error: e)
146
146
  end
147
147
  filter_matched(event)
148
148
  end
@@ -1,7 +1,7 @@
1
1
  # coding: utf-8
2
2
  Gem::Specification.new do |s|
3
3
  s.name = 'logstash-filter-accesswatch'
4
- s.version = '0.2.2'
4
+ s.version = '0.2.3'
5
5
  s.licenses = ['Apache-2.0']
6
6
  s.summary = 'The Logstash filter plugin for Access Watch (http://access.watch).'
7
7
  s.description = 'The Access Watch filter adds information about robots visiting your website based on data from our robot database.'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-accesswatch
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benoît Fleury
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-07-19 00:00:00.000000000 Z
11
+ date: 2017-07-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement