logstash-filter-cidrtagmap 2.1.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/logstash/filters/cidrtagmap.rb +3 -3
- data/logstash-filter-cidrtagmap.gemspec +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 33b9265423d1404259c0f09c39b60037d9320a0f
|
|
4
|
+
data.tar.gz: 68e7a6a92a928855534f2b4415d27090505519dc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 919b0c6f601a7e815a0a7534b9acd84b0ed3b92c1715c67dba0344e2978dfb1f092be1a6d2229a86784ddcdfb2bce6ca3d686325c566c22a19bf2c8142eaeff5
|
|
7
|
+
data.tar.gz: 4b5789a1add66f0eaa07e3cd2d955528c506719eb8ec0939ac4cc89b2e18825862c37121f71f759cab4062978b37378a592083113f09bb8444e5c13d2d727d76
|
data/README.md
CHANGED
|
@@ -33,7 +33,7 @@ You must specify a map source. Currently there are two forms of this: file based
|
|
|
33
33
|
* mapfilepath points to an external / stand alone text file consisting of lines of the form:
|
|
34
34
|
|
|
35
35
|
```
|
|
36
|
-
<network>/<mask>,<tag>
|
|
36
|
+
<network>/<mask>,<tag>[,<tag>...]
|
|
37
37
|
```
|
|
38
38
|
|
|
39
39
|
The filter can be made to re-load its in-memory representation of the contents of the
|
|
@@ -51,7 +51,7 @@ touch <mapfilepath>.RELOAD
|
|
|
51
51
|
|
|
52
52
|
|
|
53
53
|
In redis then you should define two items:
|
|
54
|
-
* redisnamespace.cidrmap = a hash with cidr => tag kv pairs
|
|
54
|
+
* redisnamespace.cidrmap = a hash with cidr => tag kv pairs. The value can be a comma separated list of tags.
|
|
55
55
|
* redisnamespace.reloadmap = 1|0 - tell filter to reload map
|
|
56
56
|
|
|
57
57
|
|
|
@@ -61,7 +61,7 @@ Other configuration:
|
|
|
61
61
|
* ipfieldlist (required) is a list of event fields that will be eligible for mapping. Everything that matches
|
|
62
62
|
will be put in a structure subtending an item called cidrtagmap, so
|
|
63
63
|
from the above example a match of the [netflow][dst_address] field would add
|
|
64
|
-
cidrtagmap.netflow.dst_address.
|
|
64
|
+
cidrtagmap.netflow.dst_address.tags. A pair to this field will be cidrtagmap.netflow.dst_address.match
|
|
65
65
|
which indicates which rule was matched for the mapping.
|
|
66
66
|
|
|
67
67
|
* asnmapfilepath (optional) points to a copy of this file: ftp://ftp.arin.net/info/asn.txt
|
|
@@ -8,9 +8,9 @@ class MapEntry
|
|
|
8
8
|
attr_reader :range,:tag
|
|
9
9
|
def initialize(spec = "")
|
|
10
10
|
begin
|
|
11
|
-
parts = spec.split(',')
|
|
11
|
+
parts = spec.split(',',2)
|
|
12
12
|
@range = IPAddr.new(parts[0])
|
|
13
|
-
@tag = parts[1]
|
|
13
|
+
@tag = parts[1].split(',')
|
|
14
14
|
return self
|
|
15
15
|
rescue
|
|
16
16
|
@logger.warn("cidrtagmap: error parsing map entry #{spec}")
|
|
@@ -176,7 +176,7 @@ class LogStash::Filters::CIDRTagMap < LogStash::Filters::Base
|
|
|
176
176
|
mapping = mapForIp(ipvalue)
|
|
177
177
|
if mapping
|
|
178
178
|
@logger.debug("cidrtagmap: I mapped IP address #{ipvalue} to #{mapping.tag} via range #{mapping.range.to_s}")
|
|
179
|
-
event.set("[cidrtagmap]#{fieldname}[
|
|
179
|
+
event.set("[cidrtagmap]#{fieldname}[tags]",mapping.tag)
|
|
180
180
|
event.set("[cidrtagmap]#{fieldname}[match]",mapping.range.to_s)
|
|
181
181
|
filter_matched(event)
|
|
182
182
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-filter-cidrtagmap'
|
|
3
|
-
s.version = '2.
|
|
3
|
+
s.version = '2.2.0'
|
|
4
4
|
s.licenses = ['Apache-2.0']
|
|
5
5
|
s.summary = "Filter adds tags to events in logstash based on a table of cidr->name mappings and optionally adds asn name fields"
|
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program. Filter adds tags to events in logstash based on a table of cidr->name mappings and optionally adds asn name fields"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-cidrtagmap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- svdasein
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-10-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: logstash-core-plugin-api
|
|
@@ -100,3 +100,4 @@ summary: Filter adds tags to events in logstash based on a table of cidr->name m
|
|
|
100
100
|
test_files:
|
|
101
101
|
- spec/filters/example_spec.rb
|
|
102
102
|
- spec/spec_helper.rb
|
|
103
|
+
has_rdoc:
|