logstash-filter-dns 3.0.14 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/docs/index.asciidoc +18 -7
- data/lib/logstash/filters/dns.rb +42 -6
- data/logstash-filter-dns.gemspec +1 -1
- data/spec/filters/dns_spec.rb +113 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 72c7e403d0237346a3b975607b580a4becc8c8fb58307837787672aedd8c1e39
|
|
4
|
+
data.tar.gz: 362fda06ed74282ccb9601d8edd520de61feb04da36dd4faf37242ddabfe334e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 63b668e2338a8b0a7d2135bcc54fb6325cad0a1cce60a5a6aadd6a9328c14e8a187248d2211cff189c6bbddea185b1150fe46af2b816a29f735498fbf35d0033
|
|
7
|
+
data.tar.gz: 7ebd10080f2bd78bc325a566f5b31031d20bb8c3e35ee8481bb6943ab8bc07587883f61270b32116500455053a9641f8191cca13f85a25ee5101fab6c513b97c
|
data/CHANGELOG.md
CHANGED
data/docs/index.asciidoc
CHANGED
|
@@ -55,7 +55,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
|
55
55
|
| <<plugins-{type}s-{plugin}-hit_cache_ttl>> |<<number,number>>|No
|
|
56
56
|
| <<plugins-{type}s-{plugin}-hostsfile>> |<<array,array>>|No
|
|
57
57
|
| <<plugins-{type}s-{plugin}-max_retries>> |<<number,number>>|No
|
|
58
|
-
| <<plugins-{type}s-{plugin}-nameserver>> |<<
|
|
58
|
+
| <<plugins-{type}s-{plugin}-nameserver>> |<<hash,hash>>|No
|
|
59
59
|
| <<plugins-{type}s-{plugin}-resolve>> |<<array,array>>|No
|
|
60
60
|
| <<plugins-{type}s-{plugin}-reverse>> |<<array,array>>|No
|
|
61
61
|
| <<plugins-{type}s-{plugin}-timeout>> |<<number,number>>|No
|
|
@@ -126,18 +126,29 @@ number of times to retry a failed resolve/reverse
|
|
|
126
126
|
[id="plugins-{type}s-{plugin}-nameserver"]
|
|
127
127
|
===== `nameserver`
|
|
128
128
|
|
|
129
|
-
* Value type is <<
|
|
129
|
+
* Value type is <<hash,hash>>, and is composed of:
|
|
130
|
+
* a required `address` key, whose value is either a <<string,string>> or an <<array,array>>, representing one or more nameserver ip addresses
|
|
131
|
+
* an optional `search` key, whose value is either a <<string,string>> or an <<array,array>>, representing between one and six search domains (e.g., with search domain `com`, a query for `example` will match DNS entries for `example.com`)
|
|
132
|
+
* an optional `ndots` key, used in conjunction with `search`, whose value is a <<number,number>>, representing the minimum number of dots in a domain name being resolved that will _prevent_ the search domains from being used (default `1`; this option is rarely needed)
|
|
133
|
+
* For backward-compatibility, values of <<string,string>> and <<array,array>> are also accepted, representing one or more nameserver ip addresses _without_ search domains.
|
|
130
134
|
* There is no default value for this setting.
|
|
131
135
|
|
|
132
|
-
Use custom nameserver(s). For example:
|
|
136
|
+
Use custom nameserver(s). For example:
|
|
137
|
+
|
|
138
|
+
[source]
|
|
139
|
+
filter {
|
|
140
|
+
dns {
|
|
141
|
+
nameserver => {
|
|
142
|
+
address => ["8.8.8.8", "8.8.4.4"]
|
|
143
|
+
search => ["internal.net"]
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
|
|
133
148
|
If `nameserver` is not specified then `/etc/resolv.conf` will be read to
|
|
134
149
|
configure the resolver using the `nameserver`, `domain`,
|
|
135
150
|
`search` and `ndots` directives in `/etc/resolv.conf`.
|
|
136
151
|
|
|
137
|
-
Note that nameservers normally resolve fully qualified domain names (FQDN)
|
|
138
|
-
and relying on `/etc/resolv.conf` can be useful to provide a domains search
|
|
139
|
-
list to resolve underqualified host names for example.
|
|
140
|
-
|
|
141
152
|
[id="plugins-{type}s-{plugin}-resolve"]
|
|
142
153
|
===== `resolve`
|
|
143
154
|
|
data/lib/logstash/filters/dns.rb
CHANGED
|
@@ -46,14 +46,25 @@ class LogStash::Filters::DNS < LogStash::Filters::Base
|
|
|
46
46
|
# specified under `reverse` and `resolve`.
|
|
47
47
|
config :action, :validate => [ "append", "replace" ], :default => "append"
|
|
48
48
|
|
|
49
|
-
# Use custom nameserver(s). For example:
|
|
49
|
+
# Use custom nameserver(s). For example:
|
|
50
|
+
# filter {
|
|
51
|
+
# dns {
|
|
52
|
+
# nameserver => {
|
|
53
|
+
# address => ["8.8.8.8", "8.8.4.4"]
|
|
54
|
+
# search => ["internal.net"]
|
|
55
|
+
# }
|
|
56
|
+
# }
|
|
57
|
+
# }
|
|
58
|
+
#
|
|
59
|
+
# nameserver is a hash with the following key:
|
|
60
|
+
# * a required `address` key, whose value is either a <<string,string>> or an <<array,array>>, representing one or more nameserver ip addresses
|
|
61
|
+
# * an optional `search` key, whose value is either a <<string,string>> or an <<array,array>>, representing between one and six search domains (e.g., with search domain `com`, a query for `example` will match DNS entries for `example.com`)
|
|
62
|
+
# * an optional `ndots` key, used in conjunction with `search`, whose value is a <<number,number>>, representing the minimum number of dots in a domain name being resolved that will _prevent_ the search domains from being used (default `1`; this option is rarely needed)
|
|
63
|
+
# * For backward-compatibility, string ans arrays values are also accepted, representing one or more nameserver ip addresses _without_ search domains.
|
|
64
|
+
#
|
|
50
65
|
# If `nameserver` is not specified then `/etc/resolv.conf` will be read to
|
|
51
66
|
# configure the resolver using the `nameserver`, `domain`,
|
|
52
67
|
# `search` and `ndots` directives in `/etc/resolv.conf`.
|
|
53
|
-
#
|
|
54
|
-
# Note that nameservers normally resolve fully qualified domain names (FQDN)
|
|
55
|
-
# and relying on `/etc/resolv.conf` can be useful to provide a domains search
|
|
56
|
-
# list to resolve underqualified host names for example.
|
|
57
68
|
config :nameserver, :validate => :array
|
|
58
69
|
|
|
59
70
|
# `resolv` calls will be wrapped in a timeout instance
|
|
@@ -125,7 +136,32 @@ class LogStash::Filters::DNS < LogStash::Filters::Base
|
|
|
125
136
|
|
|
126
137
|
def build_user_dns_resolver
|
|
127
138
|
return [] if @nameserver.nil? || @nameserver.empty?
|
|
128
|
-
|
|
139
|
+
|
|
140
|
+
[::Resolv::DNS.new(normalised_nameserver)]
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
def normalised_nameserver
|
|
144
|
+
nameserver_hash = @nameserver.kind_of?(Hash) ? @nameserver.dup : { 'address' => @nameserver }
|
|
145
|
+
|
|
146
|
+
nameserver = nameserver_hash.delete('address') || fail(LogStash::ConfigurationError, "DNS Filter: `nameserver` hash must include `address` (got `#{@nameserver}`)")
|
|
147
|
+
nameserver = Array(nameserver).map(&:to_s)
|
|
148
|
+
nameserver.empty? && fail(LogStash::ConfigurationError, "DNS Filter: `nameserver` addresses, when specified, cannot be empty (got `#{@nameserver}`)")
|
|
149
|
+
|
|
150
|
+
search = nameserver_hash.delete('search') || []
|
|
151
|
+
search = Array(search).map(&:to_s)
|
|
152
|
+
search.size > 6 && fail(LogStash::ConfigurationError, "DNS Filter: A maximum of 6 `search` domains are accepted (got `#{@nameserver}`)")
|
|
153
|
+
|
|
154
|
+
ndots = nameserver_hash.delete('ndots') || 1
|
|
155
|
+
ndots = Integer(ndots)
|
|
156
|
+
ndots <= 0 && fail(LogStash::ConfigurationError, "DNS Filter: `ndots` must be positive (got `#{@nameserver}`)")
|
|
157
|
+
|
|
158
|
+
fail(LogStash::ConfigurationError, "Unknown `nameserver` argument(s): #{nameserver_hash}") unless nameserver_hash.empty?
|
|
159
|
+
|
|
160
|
+
{
|
|
161
|
+
:nameserver => nameserver,
|
|
162
|
+
:search => search,
|
|
163
|
+
:ndots => ndots
|
|
164
|
+
}
|
|
129
165
|
end
|
|
130
166
|
|
|
131
167
|
def resolve(event)
|
data/logstash-filter-dns.gemspec
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-filter-dns'
|
|
4
|
-
s.version = '3.0
|
|
4
|
+
s.version = '3.1.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Performs a standard or reverse DNS lookup"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
data/spec/filters/dns_spec.rb
CHANGED
|
@@ -418,7 +418,119 @@ describe LogStash::Filters::DNS do
|
|
|
418
418
|
end
|
|
419
419
|
end
|
|
420
420
|
|
|
421
|
-
describe "with
|
|
421
|
+
describe "with search configuration" do
|
|
422
|
+
subject(:dns_filter_plugin) { LogStash::Filters::DNS.new(config) }
|
|
423
|
+
|
|
424
|
+
before(:each) do
|
|
425
|
+
subject.register
|
|
426
|
+
end
|
|
427
|
+
|
|
428
|
+
context "search domain specified" do
|
|
429
|
+
let(:config) { { "resolve" => ["domain"], "action" => "replace", "nameserver" => { "address" => ["1.2.3.4"], "search" => "elastic.co" } } }
|
|
430
|
+
let(:event) { LogStash::Event.new("domain" => "training") }
|
|
431
|
+
|
|
432
|
+
it "will expand training to training.elastic.co" do
|
|
433
|
+
allow(Resolv::DNS::Name).to receive(:new).and_call_original
|
|
434
|
+
|
|
435
|
+
# This is implementation specific but the only way I found to verify that the "search" option was working.
|
|
436
|
+
expect(Resolv::DNS::Name).to receive(:new).with([Resolv::DNS::Label::Str.new("training"), Resolv::DNS::Label::Str.new("elastic"), Resolv::DNS::Label::Str.new("co")]).and_call_original
|
|
437
|
+
|
|
438
|
+
subject.filter(event)
|
|
439
|
+
end
|
|
440
|
+
end
|
|
441
|
+
end
|
|
442
|
+
|
|
443
|
+
describe "with nameserver configuration" do
|
|
444
|
+
subject(:dns_filter_plugin) { LogStash::Filters::DNS.new(config) }
|
|
445
|
+
|
|
446
|
+
before(:each) do
|
|
447
|
+
allow(Resolv::DNS).to receive(:new).and_call_original
|
|
448
|
+
end
|
|
449
|
+
|
|
450
|
+
context 'nameserver specified as a string' do
|
|
451
|
+
let(:config) { { "nameserver" => "8.8.8.8" } }
|
|
452
|
+
|
|
453
|
+
it 'sets up the expected Resolv::DNS' do
|
|
454
|
+
dns_filter_plugin.register
|
|
455
|
+
|
|
456
|
+
expect(Resolv::DNS).to have_received(:new).with(:nameserver => ["8.8.8.8"], :search => [], :ndots => 1)
|
|
457
|
+
end
|
|
458
|
+
end
|
|
459
|
+
|
|
460
|
+
context 'nameserver specified as an array of strings' do
|
|
461
|
+
let(:config) { { "nameserver" => ["8.8.8.8", "8.8.4.4"] } }
|
|
462
|
+
|
|
463
|
+
it 'sets up the expected Resolv::DNS' do
|
|
464
|
+
dns_filter_plugin.register
|
|
465
|
+
|
|
466
|
+
expect(Resolv::DNS).to have_received(:new).with(:nameserver => ["8.8.8.8", "8.8.4.4"], :search => [], :ndots => 1)
|
|
467
|
+
end
|
|
468
|
+
end
|
|
469
|
+
|
|
470
|
+
context 'nameserver specified as a hash' do
|
|
471
|
+
context 'with only string address' do
|
|
472
|
+
let(:config) { { "nameserver" => { "address" => "8.8.8.8" } } }
|
|
473
|
+
|
|
474
|
+
it 'sets up the expected Resolv::DNS' do
|
|
475
|
+
dns_filter_plugin.register
|
|
476
|
+
|
|
477
|
+
expect(Resolv::DNS).to have_received(:new).with(:nameserver => ["8.8.8.8"], :search => [], :ndots => 1)
|
|
478
|
+
end
|
|
479
|
+
end
|
|
480
|
+
context 'with only array address' do
|
|
481
|
+
let(:config) { { "nameserver" => { "address" => ["8.8.8.8", "8.8.4.4"] } } }
|
|
482
|
+
|
|
483
|
+
it 'sets up the expected Resolv::DNS' do
|
|
484
|
+
dns_filter_plugin.register
|
|
485
|
+
|
|
486
|
+
expect(Resolv::DNS).to have_received(:new).with(:nameserver => ["8.8.8.8", "8.8.4.4"], :search => [], :ndots => 1)
|
|
487
|
+
end
|
|
488
|
+
end
|
|
489
|
+
context 'with search domains' do
|
|
490
|
+
let(:config) do
|
|
491
|
+
{
|
|
492
|
+
"nameserver" => {
|
|
493
|
+
"address" => ["127.0.0.1"],
|
|
494
|
+
"search" => search_domains
|
|
495
|
+
}
|
|
496
|
+
}
|
|
497
|
+
end
|
|
498
|
+
|
|
499
|
+
{
|
|
500
|
+
"string" => "internal.net",
|
|
501
|
+
"array of strings" => ["internal.net", "internal1.com"]
|
|
502
|
+
}.each do |desc, search_domains_arg|
|
|
503
|
+
let(:search_domains) { search_domains_arg }
|
|
504
|
+
context "as #{desc}" do
|
|
505
|
+
it 'sets up the expected Resolv::DNS' do
|
|
506
|
+
dns_filter_plugin.register
|
|
507
|
+
|
|
508
|
+
expect(Resolv::DNS).to have_received(:new).with(:nameserver => ["127.0.0.1"], :search => Array(search_domains), :ndots => 1)
|
|
509
|
+
end
|
|
510
|
+
end
|
|
511
|
+
end
|
|
512
|
+
end
|
|
513
|
+
end
|
|
514
|
+
end
|
|
515
|
+
|
|
516
|
+
describe "without nameserver configuration" do
|
|
517
|
+
subject(:dns_filter_plugin) { LogStash::Filters::DNS.new(config) }
|
|
518
|
+
|
|
519
|
+
context 'nameserver not specified' do
|
|
520
|
+
let(:config) { { "resolve" => ["domain"], "action" => "replace" } }
|
|
521
|
+
|
|
522
|
+
it 'sets up the expected Resolv::DNS without arguments' do
|
|
523
|
+
# We expect that when no nameserver option is specified
|
|
524
|
+
# Resolv::DNS.new will be called without arguments thus reading /etc/resolv.conf
|
|
525
|
+
# for its configuration which is the desired behaviour for backward compatibility
|
|
526
|
+
|
|
527
|
+
expect(Resolv::DNS).to receive(:new).once.with(no_args)
|
|
528
|
+
dns_filter_plugin.register
|
|
529
|
+
end
|
|
530
|
+
end
|
|
531
|
+
end
|
|
532
|
+
|
|
533
|
+
describe "with hostsfile integration" do
|
|
422
534
|
describe "lookup using fixture hosts file" do
|
|
423
535
|
let(:subject) { LogStash::Filters::DNS.new(config) }
|
|
424
536
|
let(:hostsfile) { File.join(File.dirname(__FILE__), "..", "fixtures", "hosts") }
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-dns
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0
|
|
4
|
+
version: 3.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-10-
|
|
11
|
+
date: 2019-10-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|