logstash-filter-cidr 3.0.1-java → 3.1.1-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/CONTRIBUTORS +1 -0
- data/docs/index.asciidoc +38 -4
- data/lib/logstash/filters/cidr.rb +112 -9
- data/logstash-filter-cidr.gemspec +1 -1
- data/spec/files/network +2 -0
- data/spec/files/network-comma +1 -0
- data/spec/filters/cidr_spec.rb +56 -3
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 16d1dadb28a2ff882cdcc397343743086bcd7fcd
|
4
|
+
data.tar.gz: 8d4890ac0bdf992a1932249e5e1dc039f10f7292
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 537f8f95bf8caf7c3f4467eed40ffc4bfbe66c3b095140ea6a71d4b2ffe31ac875357a257fdc339ca83e9026fcc784de13e96b1b6a1f3f5d7c802a4ab0345d5d
|
7
|
+
data.tar.gz: b9e297c2810303ee4daad4da798b8fe71000510acc768f4bc38e0f30760e6b6fb10fba14205a9c70c134819f7f581c1ffc1ecc88609c5ad70451aa5690429ffa
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,11 @@
|
|
1
|
+
## 3.1.1
|
2
|
+
- Fix some documentation issues
|
3
|
+
|
4
|
+
## 3.1.0
|
5
|
+
- feature: New options 'network_path', 'separator', and
|
6
|
+
'refresh_interval' used for optionally storing the list
|
7
|
+
of networks in an auto-reloaded file.
|
8
|
+
|
1
9
|
## 3.0.0
|
2
10
|
- breaking: Updated plugin to use new Java Event APIs
|
3
11
|
|
data/CONTRIBUTORS
CHANGED
@@ -11,6 +11,7 @@ Contributors:
|
|
11
11
|
* Pier-Hugues Pellerin (ph)
|
12
12
|
* Richard Pijnenburg (electrical)
|
13
13
|
* Suyog Rao (suyograo)
|
14
|
+
* Victor Renan Covalski Junes (VictorCovalski)
|
14
15
|
|
15
16
|
Note: If you've sent us patches, bug reports, or otherwise contributed to
|
16
17
|
Logstash, and you aren't on the list above and want to be, please let us know
|
data/docs/index.asciidoc
CHANGED
@@ -12,7 +12,7 @@ START - GENERATED VARIABLES, DO NOT EDIT!
|
|
12
12
|
END - GENERATED VARIABLES, DO NOT EDIT!
|
13
13
|
///////////////////////////////////////////
|
14
14
|
|
15
|
-
[id="plugins-{type}-{plugin}"]
|
15
|
+
[id="plugins-{type}s-{plugin}"]
|
16
16
|
|
17
17
|
=== Cidr filter plugin
|
18
18
|
|
@@ -35,6 +35,9 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
35
35
|
|Setting |Input type|Required
|
36
36
|
| <<plugins-{type}s-{plugin}-address>> |<<array,array>>|No
|
37
37
|
| <<plugins-{type}s-{plugin}-network>> |<<array,array>>|No
|
38
|
+
| <<plugins-{type}s-{plugin}-network_path>> |a valid filesystem path|No
|
39
|
+
| <<plugins-{type}s-{plugin}-refresh_interval>>| <<number,number>>|No
|
40
|
+
| <<plugins-{type}s-{plugin}-separator>> |<<string,string>>|No
|
38
41
|
|=======================================================================
|
39
42
|
|
40
43
|
Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
|
@@ -43,7 +46,7 @@ filter plugins.
|
|
43
46
|
|
44
47
|
|
45
48
|
[id="plugins-{type}s-{plugin}-address"]
|
46
|
-
===== `address`
|
49
|
+
===== `address`
|
47
50
|
|
48
51
|
* Value type is <<array,array>>
|
49
52
|
* Default value is `[]`
|
@@ -59,7 +62,7 @@ The IP address(es) to check with. Example:
|
|
59
62
|
}
|
60
63
|
|
61
64
|
[id="plugins-{type}s-{plugin}-network"]
|
62
|
-
===== `network`
|
65
|
+
===== `network`
|
63
66
|
|
64
67
|
* Value type is <<array,array>>
|
65
68
|
* Default value is `[]`
|
@@ -75,6 +78,37 @@ The IP network(s) to check against. Example:
|
|
75
78
|
}
|
76
79
|
|
77
80
|
|
81
|
+
[id="plugins-{type}s-{plugin}-network_path"]
|
82
|
+
===== `network_path`
|
83
|
+
|
84
|
+
* Value type is <<path,path>>
|
85
|
+
* There is no default value for this setting.
|
86
|
+
|
87
|
+
The full path of the external file containing the networks the filter should check with.
|
88
|
+
Networks are separated by a separator character defined in `separator`.
|
89
|
+
[source,ruby]
|
90
|
+
192.168.1.0/24
|
91
|
+
192.167.0.0/16
|
92
|
+
NOTE: It is an error to specify both `network` and `network_path`.
|
93
|
+
|
94
|
+
[id="plugins-{type}s-{plugin}-refresh_interval"]
|
95
|
+
===== `refresh_interval`
|
96
|
+
|
97
|
+
* Value type is <<number,number>>
|
98
|
+
* Default value is `600`
|
99
|
+
|
100
|
+
When using an external file, this setting will indicate how frequently
|
101
|
+
(in seconds) Logstash will check the file for updates.
|
102
|
+
|
103
|
+
|
104
|
+
[id="plugins-{type}s-{plugin}-separator"]
|
105
|
+
===== `separator`
|
106
|
+
|
107
|
+
* Value type is <<string,string>>
|
108
|
+
* Default value is `\n`
|
109
|
+
|
110
|
+
Separator character used for parsing networks from the external file
|
111
|
+
specified by `network_path`. Defaults to newline `\n` character.
|
78
112
|
|
79
113
|
[id="plugins-{type}s-{plugin}-common-options"]
|
80
|
-
include::{include_path}/{type}.asciidoc[]
|
114
|
+
include::{include_path}/{type}.asciidoc[]
|
@@ -3,11 +3,11 @@ require "logstash/filters/base"
|
|
3
3
|
require "logstash/namespace"
|
4
4
|
require "ipaddr"
|
5
5
|
|
6
|
-
|
7
6
|
# The CIDR filter is for checking IP addresses in events against a list of
|
8
7
|
# network blocks that might contain it. Multiple addresses can be checked
|
9
8
|
# against multiple networks, any match succeeds. Upon success additional tags
|
10
9
|
# and/or fields can be added to the event.
|
10
|
+
java_import 'java.util.concurrent.locks.ReentrantReadWriteLock'
|
11
11
|
|
12
12
|
class LogStash::Filters::CIDR < LogStash::Filters::Base
|
13
13
|
|
@@ -35,11 +35,90 @@ class LogStash::Filters::CIDR < LogStash::Filters::Base
|
|
35
35
|
# }
|
36
36
|
config :network, :validate => :array, :default => []
|
37
37
|
|
38
|
+
# The full path of the external file containing the IP network(s) to check against. Example:
|
39
|
+
# [source,ruby]
|
40
|
+
# filter {
|
41
|
+
# %PLUGIN% {
|
42
|
+
# add_tag => [ "linklocal" ]
|
43
|
+
# address => [ "%{clientip}" ]
|
44
|
+
# network_path => "/etc/logstash/networks"
|
45
|
+
# }
|
46
|
+
# }
|
47
|
+
# NOTE: it is an error to specify both 'network' and 'network_path'.
|
48
|
+
config :network_path, :validate => :path
|
49
|
+
|
50
|
+
# When using a network list from a file, this setting will indicate
|
51
|
+
# how frequently (in seconds) Logstash will check the file for
|
52
|
+
# updates.
|
53
|
+
config :refresh_interval, :validate => :number, :default => 600
|
54
|
+
|
55
|
+
# The separator character used in the encoding of the external file
|
56
|
+
# pointed by network_path.
|
57
|
+
config :separator, :validate => :string, :default => "\n"
|
58
|
+
|
38
59
|
public
|
39
60
|
def register
|
40
|
-
|
61
|
+
rw_lock = java.util.concurrent.locks.ReentrantReadWriteLock.new
|
62
|
+
@read_lock = rw_lock.readLock
|
63
|
+
@write_lock = rw_lock.writeLock
|
64
|
+
|
65
|
+
if @network_path && !@network.empty? #checks if both network and network path are defined in configuration options
|
66
|
+
raise LogStash::ConfigurationError, I18n.t(
|
67
|
+
"logstash.agent.configuration.invalid_plugin_register",
|
68
|
+
:plugin => "filter",
|
69
|
+
:type => "cidr",
|
70
|
+
:error => "The configuration options 'network' and 'network_path' are mutually exclusive"
|
71
|
+
)
|
72
|
+
end
|
73
|
+
|
74
|
+
if @network_path
|
75
|
+
@next_refresh = Time.now + @refresh_interval
|
76
|
+
lock_for_write { load_file }
|
77
|
+
end
|
41
78
|
end # def register
|
42
79
|
|
80
|
+
def lock_for_write
|
81
|
+
@write_lock.lock
|
82
|
+
begin
|
83
|
+
yield
|
84
|
+
ensure
|
85
|
+
@write_lock.unlock
|
86
|
+
end
|
87
|
+
end # def lock_for_write
|
88
|
+
|
89
|
+
def lock_for_read #ensuring only one thread updates the network block list
|
90
|
+
@read_lock.lock
|
91
|
+
begin
|
92
|
+
yield
|
93
|
+
ensure
|
94
|
+
@read_lock.unlock
|
95
|
+
end
|
96
|
+
end #def lock_for_read
|
97
|
+
|
98
|
+
def needs_refresh?
|
99
|
+
@next_refresh < Time.now
|
100
|
+
end # def needs_refresh
|
101
|
+
|
102
|
+
def load_file
|
103
|
+
begin
|
104
|
+
temporary = File.open(@network_path, "r") {|file| file.read.split(@separator)}
|
105
|
+
if !temporary.empty? #ensuring the file was parsed correctly
|
106
|
+
@network_list = temporary
|
107
|
+
end
|
108
|
+
rescue
|
109
|
+
if @network_list #if the list was parsed successfully before
|
110
|
+
@logger.error("Error while opening/parsing the file")
|
111
|
+
else
|
112
|
+
raise LogStash::ConfigurationError, I18n.t(
|
113
|
+
"logstash.agent.configuration.invalid_plugin_register",
|
114
|
+
:plugin => "filter",
|
115
|
+
:type => "cidr",
|
116
|
+
:error => "The file containing the network list is invalid, please check the separator character or permissions for the file."
|
117
|
+
)
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end #def load_file
|
121
|
+
|
43
122
|
public
|
44
123
|
def filter(event)
|
45
124
|
address = @address.collect do |a|
|
@@ -52,16 +131,40 @@ class LogStash::Filters::CIDR < LogStash::Filters::Base
|
|
52
131
|
end
|
53
132
|
address.compact!
|
54
133
|
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
134
|
+
if @network_path #in case we are getting networks from an external file
|
135
|
+
if needs_refresh?
|
136
|
+
lock_for_write do
|
137
|
+
if needs_refresh?
|
138
|
+
load_file
|
139
|
+
@next_refresh = Time.now() + @refresh_interval
|
140
|
+
end
|
141
|
+
end #end lock
|
142
|
+
end #end refresh from file
|
143
|
+
|
144
|
+
network = @network_list.collect do |n|
|
145
|
+
begin
|
146
|
+
lock_for_read do
|
147
|
+
IPAddr.new(n)
|
148
|
+
end
|
149
|
+
rescue ArgumentError => e
|
150
|
+
@logger.warn("Invalid IP network, skipping", :network => n, :event => event)
|
151
|
+
nil
|
152
|
+
end
|
153
|
+
end
|
154
|
+
|
155
|
+
else #networks come from array in config file
|
156
|
+
|
157
|
+
network = @network.collect do |n|
|
158
|
+
begin
|
159
|
+
IPAddr.new(event.sprintf(n))
|
160
|
+
rescue ArgumentError => e
|
161
|
+
@logger.warn("Invalid IP network, skipping", :network => n, :event => event)
|
162
|
+
nil
|
163
|
+
end
|
61
164
|
end
|
62
165
|
end
|
63
|
-
network.compact!
|
64
166
|
|
167
|
+
network.compact! #clean nulls
|
65
168
|
# Try every combination of address and network, first match wins
|
66
169
|
address.product(network).each do |a, n|
|
67
170
|
@logger.debug("Checking IP inclusion", :address => a, :network => n)
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-filter-cidr'
|
4
|
-
s.version = '3.
|
4
|
+
s.version = '3.1.1'
|
5
5
|
s.platform = 'java'
|
6
6
|
s.licenses = ['Apache License (2.0)']
|
7
7
|
s.summary = "The CIDR filter is for checking IP addresses in events against a list of network blocks that might contain it."
|
data/spec/files/network
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
192.168.0.0/16,10.1.1.0/24
|
data/spec/filters/cidr_spec.rb
CHANGED
@@ -3,6 +3,8 @@ require "logstash/filters/cidr"
|
|
3
3
|
|
4
4
|
describe LogStash::Filters::CIDR do
|
5
5
|
|
6
|
+
let(:config) { Hash.new }
|
7
|
+
subject { described_class.new(config) }
|
6
8
|
# IPV4
|
7
9
|
describe "IPV4 match test" do
|
8
10
|
config <<-CONFIG
|
@@ -16,7 +18,7 @@ describe LogStash::Filters::CIDR do
|
|
16
18
|
CONFIG
|
17
19
|
|
18
20
|
sample("clientip" => "192.168.0.30") do
|
19
|
-
insist { subject.get("tags") }.include?("matched")
|
21
|
+
insist { subject.get("tags") }.include?("matched")
|
20
22
|
end
|
21
23
|
end
|
22
24
|
|
@@ -32,7 +34,7 @@ describe LogStash::Filters::CIDR do
|
|
32
34
|
CONFIG
|
33
35
|
|
34
36
|
sample("clientip" => "123.52.122.33") do
|
35
|
-
|
37
|
+
insist { subject.get("tags") }.nil?
|
36
38
|
end
|
37
39
|
end
|
38
40
|
|
@@ -99,8 +101,59 @@ describe LogStash::Filters::CIDR do
|
|
99
101
|
CONFIG
|
100
102
|
|
101
103
|
sample("clientip" => "fd82:0:0:0:0:0:0:1") do
|
102
|
-
|
104
|
+
insist { subject.get("tags") }.nil?
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
describe "Load network list from a file" do
|
109
|
+
|
110
|
+
let(:network_path) {File.join(File.dirname(__FILE__), "..", "files", "network")}
|
111
|
+
let(:config) do
|
112
|
+
"filter { cidr { network_path => \"#{network_path}\" address => \"%{clientip}\" add_tag => \[\"matched\"] }}"
|
113
|
+
end
|
114
|
+
|
115
|
+
sample("clientip" => "192.168.1.1") do
|
116
|
+
insist { subject.get("tags") }.include?("matched")
|
117
|
+
end
|
118
|
+
|
119
|
+
sample("clientip" => "200.17.160.201") do
|
120
|
+
insist { subject.get("tags") }.include?("matched")
|
121
|
+
end
|
122
|
+
|
123
|
+
sample("clientip" => "10.1.2.1") do
|
124
|
+
insist { subject.get("tags").nil? }
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
128
|
+
describe "Try different separator character" do
|
129
|
+
|
130
|
+
let(:network_path) {File.join(File.dirname(__FILE__), "..", "files", "network-comma")}
|
131
|
+
let(:config) do
|
132
|
+
"filter { cidr { network_path => \"#{network_path}\" address => \"%{clientip}\" add_tag => \[\"matched\"] separator => \",\" }}"
|
133
|
+
end
|
134
|
+
|
135
|
+
sample("clientip" => "192.168.1.25") do
|
136
|
+
insist { subject.get("tags").include?("matched")}
|
103
137
|
end
|
138
|
+
|
139
|
+
sample("clientip" => "192.167.1.1") do
|
140
|
+
insist { subject.get("tags").nil? }
|
141
|
+
end
|
142
|
+
|
104
143
|
end
|
105
144
|
|
145
|
+
describe "general configuration" do
|
146
|
+
let(:network_path) {File.join(File.dirname(__FILE__), "..", "files", "network")}
|
147
|
+
let(:config) do
|
148
|
+
{
|
149
|
+
"clientip" => "192.168.1.1",
|
150
|
+
"network" => ["192.168.1.0/24"],
|
151
|
+
"network_path" => network_path,
|
152
|
+
"add_tag" => ["matched"]
|
153
|
+
}
|
154
|
+
end
|
155
|
+
it "raises an exception if both 'network' and 'network_path' are set" do
|
156
|
+
expect { subject.register }.to raise_error(LogStash::ConfigurationError)
|
157
|
+
end
|
158
|
+
end
|
106
159
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-filter-cidr
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.1.1
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-08-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -59,6 +59,8 @@ files:
|
|
59
59
|
- docs/index.asciidoc
|
60
60
|
- lib/logstash/filters/cidr.rb
|
61
61
|
- logstash-filter-cidr.gemspec
|
62
|
+
- spec/files/network
|
63
|
+
- spec/files/network-comma
|
62
64
|
- spec/filters/cidr_spec.rb
|
63
65
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
64
66
|
licenses:
|
@@ -87,4 +89,6 @@ signing_key:
|
|
87
89
|
specification_version: 4
|
88
90
|
summary: The CIDR filter is for checking IP addresses in events against a list of network blocks that might contain it.
|
89
91
|
test_files:
|
92
|
+
- spec/files/network
|
93
|
+
- spec/files/network-comma
|
90
94
|
- spec/filters/cidr_spec.rb
|