logstash-filter-geoip 3.0.0.beta2-java → 3.0.0.beta3-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1499ec065d0bfaa47b92a3cf9624a8805c444b03
4
- data.tar.gz: ffae240afba32083915fa22df5086d8e444a6dad
3
+ metadata.gz: cb67c00c5522d0ee47841e2e0c190cf31bec3b39
4
+ data.tar.gz: 57f746ef6d54bc23cab08c3bd936f19ddbc6e33c
5
5
  SHA512:
6
- metadata.gz: 1bdf1fd231124081179701a7bdacec28a2e02f72d9aa6985816da63febdece090740b5bee28f7221efcfcc6517fa21c5fa846ff431245f7c1a4999e597d7e408
7
- data.tar.gz: 76e948535deac9741809fa4b51a56bd299eb37467607719e6ea92ac520e79616c794a616601cbe6cd17e03f1b704c4b9b8419889b4168c58e5752bc1b42e3020
6
+ metadata.gz: 2f8d34ddce2f3bf78912b8936bd92dd03e5be5bca6a2ddba7c791d846a82b29f8479f5d908302e75f3893264c94e43a0ef067bbfed1e971212133b13b056a989
7
+ data.tar.gz: 7cc2e5fc6fff4156eaecda1996cb02bc5ffed209092920651916edbb87a1e32dcd57199c37346688c80cd046d208e92522e121376c037c46a97b5b8d017147c8
@@ -1,3 +1,6 @@
1
+ # 3.0.0-beta3
2
+ - Return empty result when IP lookup fails for location field (#70)
3
+
1
4
  # 3.0.0-beta2
2
5
  - Internal: Actually include the vendored jars
3
6
 
@@ -119,6 +119,9 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
119
119
  # to having multiple caches for different instances at different points in the pipeline, that would just increase the
120
120
  # number of cache misses and waste memory.
121
121
  config :lru_cache_size, :validate => :number, :default => 1000
122
+
123
+ # Tags the event on failure to look up geo information. This can be used in later analysis.
124
+ config :tag_on_failure, :validate => :array, :default => ["_geoip_lookup_failure"]
122
125
 
123
126
  public
124
127
  def register
@@ -150,69 +153,84 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
150
153
  begin
151
154
  ip = event[@source]
152
155
  ip = ip.first if ip.is_a? Array
156
+ geo_data_hash = Hash.new
153
157
  ip_address = InetAddress.getByName(ip)
154
158
  response = @parser.city(ip_address)
155
- country = response.getCountry()
156
- subdivision = response.getMostSpecificSubdivision()
157
- city = response.getCity()
158
- postal = response.getPostal()
159
- location = response.getLocation()
160
-
161
- geo_data_hash = Hash.new()
162
-
163
- @fields.each do |field|
164
- case field
165
- when "city_name"
166
- geo_data_hash["city_name"] = city.getName()
167
- when "country_name"
168
- geo_data_hash["country_name"] = country.getName()
169
- when "continent_code"
170
- geo_data_hash["continent_code"] = response.getContinent().getCode()
171
- when "continent_name"
172
- geo_data_hash["continent_name"] = response.getContinent().getName()
173
- when "country_code2"
174
- geo_data_hash["country_code2"] = country.getIsoCode()
175
- when "country_code3"
176
- geo_data_hash["country_code3"] = country.getIsoCode()
177
- when "ip"
178
- geo_data_hash["ip"] = ip_address.getHostAddress()
179
- when "postal_code"
180
- geo_data_hash["postal_code"] = postal.getCode()
181
- when "dma_code"
182
- geo_data_hash["dma_code"] = location.getMetroCode()
183
- when "region_name"
184
- geo_data_hash["region_name"] = subdivision.getName()
185
- when "region_code"
186
- geo_data_hash["region_code"] = subdivision.getIsoCode()
187
- when "timezone"
188
- geo_data_hash["timezone"] = location.getTimeZone()
189
- when "location"
190
- geo_data_hash["location"] = [ location.getLongitude(), location.getLatitude() ]
191
- when "latitude"
192
- geo_data_hash["latitude"] = location.getLatitude()
193
- when "longitude"
194
- geo_data_hash["longitude"] = location.getLongitude()
195
- else
196
- raise Exception.new("[#{field}] is not a supported field option.")
197
- end
198
- end
199
-
159
+ populate_geo_data(response, ip_address, geo_data_hash)
200
160
  rescue com.maxmind.geoip2.exception.AddressNotFoundException => e
201
161
  @logger.debug("IP not found!", :exception => e, :field => @source, :event => event)
202
- event[@target] = {}
203
- return
204
162
  rescue java.net.UnknownHostException => e
205
163
  @logger.error("IP Field contained invalid IP address or hostname", :exception => e, :field => @source, :event => event)
206
- event[@target] = {}
207
- return
208
164
  rescue Exception => e
209
165
  @logger.error("Unknown error while looking up GeoIP data", :exception => e, :field => @source, :event => event)
210
- event[@target] = {}
211
- return
166
+ # Dont' swallow this, bubble up for unknown issue
167
+ raise e
212
168
  end
213
169
 
214
170
  event[@target] = geo_data_hash
215
171
 
172
+ if geo_data_hash.empty?
173
+ tag_unsuccessful_lookup(event)
174
+ return
175
+ end
176
+
216
177
  filter_matched(event)
217
178
  end # def filter
179
+
180
+ def populate_geo_data(response, ip_address, geo_data_hash)
181
+ country = response.getCountry()
182
+ subdivision = response.getMostSpecificSubdivision()
183
+ city = response.getCity()
184
+ postal = response.getPostal()
185
+ location = response.getLocation()
186
+
187
+ # if location is empty, there is no point populating geo data
188
+ # and most likely all other fields are empty as well
189
+ if location.getLatitude().nil? && location.getLongitude().nil?
190
+ return
191
+ end
192
+
193
+ @fields.each do |field|
194
+ case field
195
+ when "city_name"
196
+ geo_data_hash["city_name"] = city.getName()
197
+ when "country_name"
198
+ geo_data_hash["country_name"] = country.getName()
199
+ when "continent_code"
200
+ geo_data_hash["continent_code"] = response.getContinent().getCode()
201
+ when "continent_name"
202
+ geo_data_hash["continent_name"] = response.getContinent().getName()
203
+ when "country_code2"
204
+ geo_data_hash["country_code2"] = country.getIsoCode()
205
+ when "country_code3"
206
+ geo_data_hash["country_code3"] = country.getIsoCode()
207
+ when "ip"
208
+ geo_data_hash["ip"] = ip_address.getHostAddress()
209
+ when "postal_code"
210
+ geo_data_hash["postal_code"] = postal.getCode()
211
+ when "dma_code"
212
+ geo_data_hash["dma_code"] = location.getMetroCode()
213
+ when "region_name"
214
+ geo_data_hash["region_name"] = subdivision.getName()
215
+ when "region_code"
216
+ geo_data_hash["region_code"] = subdivision.getIsoCode()
217
+ when "timezone"
218
+ geo_data_hash["timezone"] = location.getTimeZone()
219
+ when "location"
220
+ geo_data_hash["location"] = [ location.getLongitude(), location.getLatitude() ]
221
+ when "latitude"
222
+ geo_data_hash["latitude"] = location.getLatitude()
223
+ when "longitude"
224
+ geo_data_hash["longitude"] = location.getLongitude()
225
+ else
226
+ raise Exception.new("[#{field}] is not a supported field option.")
227
+ end
228
+ end
229
+ end
230
+
231
+ def tag_unsuccessful_lookup(event)
232
+ @logger.debug? && @logger.debug("IP #{event[@source]} was not found in the database", :event => event)
233
+ @tag_on_failure.each{|tag| event.tag(tag)}
234
+ end
235
+
218
236
  end # class LogStash::Filters::GeoIP
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-filter-geoip'
4
- s.version = '3.0.0.beta2'
4
+ s.version = '3.0.0.beta3'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "$summary"
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -173,8 +173,8 @@ describe LogStash::Filters::GeoIP do
173
173
  expect(event["geoip"]).to eq({})
174
174
  end
175
175
 
176
- it "should not have added any tags" do
177
- expect(event["tags"]).to be_nil
176
+ it "should add failure tags" do
177
+ expect(event["tags"]).to include("_geoip_lookup_failure")
178
178
  end
179
179
  end
180
180
 
@@ -186,6 +186,33 @@ describe LogStash::Filters::GeoIP do
186
186
  expect(event["geoip"]).to eq({})
187
187
  end
188
188
  end
189
+
190
+ context "when a IP is not found in the DB" do
191
+ let(:ipstring) { "113.208.89.21" }
192
+
193
+ it "should set the target field to an empty hash" do
194
+ expect(event["geoip"]).to eq({})
195
+ expect(event["tags"]).to include("_geoip_lookup_failure")
196
+ end
197
+ end
198
+
199
+ context "when IP is IPv6 format for localhost" do
200
+ let(:ipstring) { "::1" }
201
+
202
+ it "should set the target field to an empty hash" do
203
+ expect(event["geoip"]).to eq({})
204
+ end
205
+ end
206
+
207
+ context "when IP is IPv6 format" do
208
+ let(:ipstring) { "2607:f0d0:1002:51::4" }
209
+
210
+ it "should set the target field to an empty hash" do
211
+ expect(event["geoip"]).not_to be_empty
212
+ expect(event["geoip"]["city_name"]).not_to be_nil
213
+ end
214
+ end
215
+
189
216
  end
190
217
 
191
218
  context "should return the correct source field in the logging message" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-geoip
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.0.beta2
4
+ version: 3.0.0.beta3
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-04-28 00:00:00.000000000 Z
11
+ date: 2016-04-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement