logstash-filter-cidrtagmap 2.1.0 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/logstash/filters/cidrtagmap.rb +3 -3
- data/logstash-filter-cidrtagmap.gemspec +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 33b9265423d1404259c0f09c39b60037d9320a0f
|
|
4
|
+
data.tar.gz: 68e7a6a92a928855534f2b4415d27090505519dc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 919b0c6f601a7e815a0a7534b9acd84b0ed3b92c1715c67dba0344e2978dfb1f092be1a6d2229a86784ddcdfb2bce6ca3d686325c566c22a19bf2c8142eaeff5
|
|
7
|
+
data.tar.gz: 4b5789a1add66f0eaa07e3cd2d955528c506719eb8ec0939ac4cc89b2e18825862c37121f71f759cab4062978b37378a592083113f09bb8444e5c13d2d727d76
|
data/README.md
CHANGED
|
@@ -33,7 +33,7 @@ You must specify a map source. Currently there are two forms of this: file based
|
|
|
33
33
|
* mapfilepath points to an external / stand alone text file consisting of lines of the form:
|
|
34
34
|
|
|
35
35
|
```
|
|
36
|
-
<network>/<mask>,<tag>
|
|
36
|
+
<network>/<mask>,<tag>[,<tag>...]
|
|
37
37
|
```
|
|
38
38
|
|
|
39
39
|
The filter can be made to re-load its in-memory representation of the contents of the
|
|
@@ -51,7 +51,7 @@ touch <mapfilepath>.RELOAD
|
|
|
51
51
|
|
|
52
52
|
|
|
53
53
|
In redis then you should define two items:
|
|
54
|
-
* redisnamespace.cidrmap = a hash with cidr => tag kv pairs
|
|
54
|
+
* redisnamespace.cidrmap = a hash with cidr => tag kv pairs. The value can be a comma separated list of tags.
|
|
55
55
|
* redisnamespace.reloadmap = 1|0 - tell filter to reload map
|
|
56
56
|
|
|
57
57
|
|
|
@@ -61,7 +61,7 @@ Other configuration:
|
|
|
61
61
|
* ipfieldlist (required) is a list of event fields that will be eligible for mapping. Everything that matches
|
|
62
62
|
will be put in a structure subtending an item called cidrtagmap, so
|
|
63
63
|
from the above example a match of the [netflow][dst_address] field would add
|
|
64
|
-
cidrtagmap.netflow.dst_address.
|
|
64
|
+
cidrtagmap.netflow.dst_address.tags. A pair to this field will be cidrtagmap.netflow.dst_address.match
|
|
65
65
|
which indicates which rule was matched for the mapping.
|
|
66
66
|
|
|
67
67
|
* asnmapfilepath (optional) points to a copy of this file: ftp://ftp.arin.net/info/asn.txt
|
|
@@ -8,9 +8,9 @@ class MapEntry
|
|
|
8
8
|
attr_reader :range,:tag
|
|
9
9
|
def initialize(spec = "")
|
|
10
10
|
begin
|
|
11
|
-
parts = spec.split(',')
|
|
11
|
+
parts = spec.split(',',2)
|
|
12
12
|
@range = IPAddr.new(parts[0])
|
|
13
|
-
@tag = parts[1]
|
|
13
|
+
@tag = parts[1].split(',')
|
|
14
14
|
return self
|
|
15
15
|
rescue
|
|
16
16
|
@logger.warn("cidrtagmap: error parsing map entry #{spec}")
|
|
@@ -176,7 +176,7 @@ class LogStash::Filters::CIDRTagMap < LogStash::Filters::Base
|
|
|
176
176
|
mapping = mapForIp(ipvalue)
|
|
177
177
|
if mapping
|
|
178
178
|
@logger.debug("cidrtagmap: I mapped IP address #{ipvalue} to #{mapping.tag} via range #{mapping.range.to_s}")
|
|
179
|
-
event.set("[cidrtagmap]#{fieldname}[
|
|
179
|
+
event.set("[cidrtagmap]#{fieldname}[tags]",mapping.tag)
|
|
180
180
|
event.set("[cidrtagmap]#{fieldname}[match]",mapping.range.to_s)
|
|
181
181
|
filter_matched(event)
|
|
182
182
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-filter-cidrtagmap'
|
|
3
|
-
s.version = '2.
|
|
3
|
+
s.version = '2.2.0'
|
|
4
4
|
s.licenses = ['Apache-2.0']
|
|
5
5
|
s.summary = "Filter adds tags to events in logstash based on a table of cidr->name mappings and optionally adds asn name fields"
|
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program. Filter adds tags to events in logstash based on a table of cidr->name mappings and optionally adds asn name fields"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-cidrtagmap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- svdasein
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-10-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: logstash-core-plugin-api
|
|
@@ -100,3 +100,4 @@ summary: Filter adds tags to events in logstash based on a table of cidr->name m
|
|
|
100
100
|
test_files:
|
|
101
101
|
- spec/filters/example_spec.rb
|
|
102
102
|
- spec/spec_helper.rb
|
|
103
|
+
has_rdoc:
|