logstash-filter-cidrtagmap 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 46643c17c700e7a7d0df67803c025b0cfd5eaddc
4
- data.tar.gz: 9bf4896f9bb7c02e28ea37100932a5c53367a5f5
3
+ metadata.gz: 33b9265423d1404259c0f09c39b60037d9320a0f
4
+ data.tar.gz: 68e7a6a92a928855534f2b4415d27090505519dc
5
5
  SHA512:
6
- metadata.gz: 352ede9a9fd1a2044ec928d612c917b56bbafee51cb62b693b9d62aa52c41a050fe2c3fb05376d1530507a3d367077f5ccf203c80ebe5c5a43cfba498b7cd2b2
7
- data.tar.gz: d30675b270005ca35b78620117db7958733297319d3da9ee392f548ecf24e674054691838ed80b3c5d83013baf4a5f25cd51743240eeaf8e31f71769eb8e312a
6
+ metadata.gz: 919b0c6f601a7e815a0a7534b9acd84b0ed3b92c1715c67dba0344e2978dfb1f092be1a6d2229a86784ddcdfb2bce6ca3d686325c566c22a19bf2c8142eaeff5
7
+ data.tar.gz: 4b5789a1add66f0eaa07e3cd2d955528c506719eb8ec0939ac4cc89b2e18825862c37121f71f759cab4062978b37378a592083113f09bb8444e5c13d2d727d76
data/README.md CHANGED
@@ -33,7 +33,7 @@ You must specify a map source. Currently there are two forms of this: file based
33
33
  * mapfilepath points to an external / stand alone text file consisting of lines of the form:
34
34
 
35
35
  ```
36
- <network>/<mask>,<tag>
36
+ <network>/<mask>,<tag>[,<tag>...]
37
37
  ```
38
38
 
39
39
  The filter can be made to re-load its in-memory representation of the contents of the
@@ -51,7 +51,7 @@ touch <mapfilepath>.RELOAD
51
51
 
52
52
 
53
53
  In redis then you should define two items:
54
- * redisnamespace.cidrmap = a hash with cidr => tag kv pairs
54
+ * redisnamespace.cidrmap = a hash with cidr => tag kv pairs. The value can be a comma separated list of tags.
55
55
  * redisnamespace.reloadmap = 1|0 - tell filter to reload map
56
56
 
57
57
 
@@ -61,7 +61,7 @@ Other configuration:
61
61
  * ipfieldlist (required) is a list of event fields that will be eligible for mapping. Everything that matches
62
62
  will be put in a structure subtending an item called cidrtagmap, so
63
63
  from the above example a match of the [netflow][dst_address] field would add
64
- cidrtagmap.netflow.dst_address.tag. A pair to this field will be cidrtagmap.netflow.dst_address.match
64
+ cidrtagmap.netflow.dst_address.tags. A pair to this field will be cidrtagmap.netflow.dst_address.match
65
65
  which indicates which rule was matched for the mapping.
66
66
 
67
67
  * asnmapfilepath (optional) points to a copy of this file: ftp://ftp.arin.net/info/asn.txt
@@ -8,9 +8,9 @@ class MapEntry
8
8
  attr_reader :range,:tag
9
9
  def initialize(spec = "")
10
10
  begin
11
- parts = spec.split(',')
11
+ parts = spec.split(',',2)
12
12
  @range = IPAddr.new(parts[0])
13
- @tag = parts[1]
13
+ @tag = parts[1].split(',')
14
14
  return self
15
15
  rescue
16
16
  @logger.warn("cidrtagmap: error parsing map entry #{spec}")
@@ -176,7 +176,7 @@ class LogStash::Filters::CIDRTagMap < LogStash::Filters::Base
176
176
  mapping = mapForIp(ipvalue)
177
177
  if mapping
178
178
  @logger.debug("cidrtagmap: I mapped IP address #{ipvalue} to #{mapping.tag} via range #{mapping.range.to_s}")
179
- event.set("[cidrtagmap]#{fieldname}[tag]",mapping.tag)
179
+ event.set("[cidrtagmap]#{fieldname}[tags]",mapping.tag)
180
180
  event.set("[cidrtagmap]#{fieldname}[match]",mapping.range.to_s)
181
181
  filter_matched(event)
182
182
  end
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-filter-cidrtagmap'
3
- s.version = '2.1.0'
3
+ s.version = '2.2.0'
4
4
  s.licenses = ['Apache-2.0']
5
5
  s.summary = "Filter adds tags to events in logstash based on a table of cidr->name mappings and optionally adds asn name fields"
6
6
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program. Filter adds tags to events in logstash based on a table of cidr->name mappings and optionally adds asn name fields"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-cidrtagmap
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - svdasein
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-08-15 00:00:00.000000000 Z
11
+ date: 2017-10-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: logstash-core-plugin-api
@@ -100,3 +100,4 @@ summary: Filter adds tags to events in logstash based on a table of cidr->name m
100
100
  test_files:
101
101
  - spec/filters/example_spec.rb
102
102
  - spec/spec_helper.rb
103
+ has_rdoc: