logstash-filter-geoip 7.2.1-java → 7.2.5-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 285fa554ef1f4455e341836fd13e7b1af1a07c52b81d41854adfe6640d831eba
-  data.tar.gz: e7dfba0e36f8255f15b27dcc8e55325b273941f277a6b9e3004e2c00e350778c
+  metadata.gz: 5343724bbb8e5c095b58bce550a623e52b430be296389ca4fa96d590ae75e833
+  data.tar.gz: 1c4d5fbc791114fe2ef3fb84fd4c69ea727232e3e60bd4ceed3b2fb36fb1dee4
 SHA512:
-  metadata.gz: 6495b6e4a085cca0b2e23310621bbd6543ad0118dc3cd35aa97224795a12ff3e3714194460974fb86961e74e2653b3926e2d94b4941a5f80582700319ae73f18
-  data.tar.gz: ce5b1b5bbc3b103de2cb0760bb3ab9d2b125e2d70d92fec20ef8f84b40f9e92cdbaf95ffd0954d7c2eacd85bd3865284a5d021f81e328fa82566dcaf42a0b3ec
+  metadata.gz: a982a61ac68f2e8a53c480e26652970be26a0773e0c4aaa5ad062e476b957eabeef1d6671db62ba9469cfa39010f650ec1b5d797e6cd09115644013e13b6cf02
+  data.tar.gz: c3163f27b7cdd8bdd57765f5214c816c9e9a93093b0de4a4931e132df92d92ef544835ad6f69c337fa0376cab4044f34f94ccf50180714eb0844b6c1be7e896f

data/CHANGELOG.md

@@ -1,3 +1,16 @@
+## 7.2.5
+  - Added preview of ECS-v8 support with existing ECS-v1 implementation [#193](https://github.com/logstash-plugins/logstash-filter-geoip/pull/193)
+
+## 7.2.4
+  - Fix: update to Gradle 7 [#191](https://github.com/logstash-plugins/logstash-filter-geoip/pull/191)
+  - [DOC] Clarify CC licensed database indefinite use condition and air-gapped environment [#192](https://github.com/logstash-plugins/logstash-filter-geoip/pull/192)
+
+## 7.2.3
+  - [DOC] Add documentation for bootstrapping air-gapped environment for database auto-update [#189](https://github.com/logstash-plugins/logstash-filter-geoip/pull/189)
+
+## 7.2.2
+  - [DOC] Add documentation for database auto-update behavior and database metrics [#187](https://github.com/logstash-plugins/logstash-filter-geoip/pull/187)
+
 ## 7.2.1
   - Republish the gem due to missing jars in 7.2.0 [#186](https://github.com/logstash-plugins/logstash-filter-geoip/pull/186)
 

data/docs/index.asciidoc

@@ -43,9 +43,7 @@ If you would like to get Autonomous System Number(ASN) information, you can use
 https://www.maxmind.com[MaxMind] changed from releasing the GeoIP database under
 a Creative Commons (CC) license to a proprietary end-user license agreement
 (EULA).  The MaxMind EULA requires Logstash to update the MaxMind database
-within 30 days of a database update. If Logstash fails to download the database
-for 30 days, the geoip filter will stop enriching events in order to maintain compliance.
-Events will be tagged with `_geoip_expired_database` tag to facilitate the handling of this situation.
+within 30 days of a database update.
 
 The GeoIP filter plugin can manage the database for users running the Logstash default
 distribution, or you can manage
@@ -57,6 +55,120 @@ Otherwise, you are responsible for maintaining compliance.
 The Logstash open source distribution uses the MaxMind Creative Commons license
 database by default.
 
+[id="plugins-{type}s-{plugin}-database_auto"]
+==== Database Auto-update
+
+This plugin bundles Creative Commons (CC) license databases.
+Logstash checks for database updates every day. It downloads the latest and can replace the old database
+while the plugin is running.
+After Logstash downloads EULA license databases, it will not fallback to CC license databases.
+
+NOTE: If the database has never been updated successfully, as in air-gapped environments, Logstash can use CC license databases indefinitely.
+
+After Logstash has switched to a EULA licensed database, the geoip filter will
+stop enriching events in order to maintain compliance if Logstash fails to
+check for database updates for 30 days.
+Events will be tagged with `_geoip_expired_database` tag to facilitate the handling of this situation.
+
+TIP: When possible, allow Logstash to access the internet to download databases so that they are always up-to-date.
+
+[id="plugins-{type}s-{plugin}-manage_update"]
+==== Manage your own database updates
+
+**Use a proxy endpoint**
+
+If you can't connect directly to the Elastic GeoIP endpoint, consider setting up
+a secure proxy. You can then specify the proxy endpoint URL in the
+`xpack.geoip.download.endpoint` setting in `logstash.yml` file.
+
+**Use a custom endpoint (air-gapped environments)**
+
+If you work in air-gapped environment and can't update your databases from the Elastic endpoint,
+You can then download databases from MaxMind and bootstrap the service.
+
+. Download your `.mmdb` database files from the
+http://dev.maxmind.com/geoip/geoip2/geolite2[MaxMind site].
+
+. Copy your database files to a single directory.
+
+. https://www.elastic.co/downloads/elasticsearch[Download {es}].
+
+. From your {es} directory, run:
++
+[source,sh]
+----
+./bin/elasticsearch-geoip -s my/database/dir
+----
+
+. Serve the static database files from your directory. For example, you can use
+Docker to serve the files from nginx server:
++
+[source,sh]
+----
+docker run -p 8080:80 -v my/database/dir:/usr/share/nginx/html:ro nginx
+----
+
+. Specify the service's endpoint URL using the
+`xpack.geoip.download.endpoint=http://localhost:8080/overview.json` setting in `logstash.yml`.
+
+Logstash gets automatic updates from this service.
+
+[id="plugins-{type}s-{plugin}-metrics"]
+==== Database Metrics
+
+You can monitor database status through the {logstash-ref}/node-stats-api.html#node-stats-api[Node Stats API].
+
+The following request returns a JSON document containing database manager stats,
+including:
+
+* database status and freshness
+** `geoip_download_manager.database.*.status`
+*** `init` : initial CC database status
+*** `up_to_date` : using up-to-date EULA database
+*** `to_be_expired` : 25 days without calling service
+*** `expired` : 30 days without calling service
+** `fail_check_in_days` : number of days Logstash fails to call service since the last success
+* info about download successes and failures
+** `geoip_download_manager.download_stats.successes` number of successful checks and downloads
+** `geoip_download_manager.download_stats.failures` number of failed check or download
+** `geoip_download_manager.download_stats.status`
+*** `updating` : check and download at the moment
+*** `succeeded` : last download succeed
+*** `failed` : last download failed
+
+[source,js]
+--------------------------------------------------
+curl -XGET 'localhost:9600/_node/stats/geoip_download_manager?pretty'
+--------------------------------------------------
+
+Example response:
+
+[source,js]
+--------------------------------------------------
+{
+  "geoip_download_manager" : {
+    "database" : {
+      "ASN" : {
+        "status" : "up_to_date",
+        "fail_check_in_days" : 0,
+        "last_updated_at": "2021-06-21T16:06:54+02:00"
+      },
+      "City" : {
+        "status" : "up_to_date",
+        "fail_check_in_days" : 0,
+        "last_updated_at": "2021-06-21T16:06:54+02:00"
+      }
+    },
+    "download_stats" : {
+      "successes" : 15,
+      "failures" : 1,
+      "last_checked_at" : "2021-06-21T16:07:03+02:00",
+      "status" : "succeeded"
+    }
+  }
+}
+--------------------------------------------------
+
 ==== Details
 
 A `[geoip][location]` field is created if
@@ -172,7 +284,7 @@ For the built-in GeoLite2 City database, the following are available:
 * Value type is <<string,string>>
 * Supported values are:
 ** `disabled`: unstructured geo data added at root level
-** `v1`: uses fields that are compatible with Elastic Common Schema (for example, `[client][geo][country_name]`)
+** `v1`, `v8`: uses fields that are compatible with Elastic Common Schema (for example, `[client][geo][country_name]`)
 * Default value depends on which version of Logstash is running:
 ** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
 ** Otherwise, the default value is `disabled`.

data/lib/logstash/filters/geoip.rb

@@ -32,7 +32,7 @@ require "logstash/plugin_mixins/ecs_compatibility_support"
 # --
 
 class LogStash::Filters::GeoIP < LogStash::Filters::Base
-  include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1)
+  include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
 
   config_name "geoip"
 

data/logstash-filter-geoip.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-geoip'
-  s.version         = '7.2.1'
+  s.version         = '7.2.5'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Adds geographical information about an IP address"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -22,7 +22,7 @@ Gem::Specification.new do |s|
 
   # Gem dependencies
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
-  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.1'
+  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.2'
   s.add_development_dependency 'logstash-devutils'
   s.add_development_dependency 'insist'
   s.add_development_dependency 'benchmark-ips'

data/spec/filters/geoip_ecs_spec.rb

@@ -14,7 +14,7 @@ describe LogStash::Filters::GeoIP do
   describe "simple ip filter", :aggregate_failures do
 
     context "when specifying the target", :ecs_compatibility_support do
-      ecs_compatibility_matrix(:disabled, :v1) do |ecs_select|
+      ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do |ecs_select|
 
         let(:ip) { "8.8.8.8" }
         let(:event) { LogStash::Event.new("message" => ip) }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-geoip
 version: !ruby/object:Gem::Version
-  version: 7.2.1
+  version: 7.2.5
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-16 00:00:00.000000000 Z
+date: 2021-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -35,7 +35,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
   name: logstash-mixin-ecs_compatibility_support
   prerelease: false
   type: :runtime
@@ -43,7 +43,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -152,8 +152,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Adds geographical information about an IP address