logstash-filter-geoip 7.2.2-java → 7.2.6-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/docs/index.asciidoc +47 -4
- data/lib/logstash/filters/geoip.rb +1 -1
- data/logstash-filter-geoip.gemspec +2 -2
- data/spec/filters/geoip_ecs_spec.rb +1 -1
- data/vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/6.0.0/logstash-filter-geoip-6.0.0.jar +0 -0
- metadata +5 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 433ba5fee36660147ee97dfe1f43b301184840886bc7bbc5d831b02337ba4606
|
|
4
|
+
data.tar.gz: 897f4da52600922cfb828444b349123dedc03a79b0062fb494db56561894f8aa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7575caa6518fb518269defd3186b02f04996c723692dd0f0e3e12b3d05b03be51b97f65c74a3b1c110a43d22ce1880601c0729764bb162099cae8c21b12d85a5
|
|
7
|
+
data.tar.gz: cc3761f22ac75732293f0812851a2b5eab426f510def361cbe8f251dc2685f0ab10e2b0e98bd4d1ee40ff72f43a6e19ccbcac7c5399c0bf12d245db6dcc50484
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,16 @@
|
|
|
1
|
+
## 7.2.6
|
|
2
|
+
- Update Log4J dependencies [#196](https://github.com/logstash-plugins/logstash-filter-geoip/pull/196)
|
|
3
|
+
|
|
4
|
+
## 7.2.5
|
|
5
|
+
- Added preview of ECS-v8 support with existing ECS-v1 implementation [#193](https://github.com/logstash-plugins/logstash-filter-geoip/pull/193)
|
|
6
|
+
|
|
7
|
+
## 7.2.4
|
|
8
|
+
- Fix: update to Gradle 7 [#191](https://github.com/logstash-plugins/logstash-filter-geoip/pull/191)
|
|
9
|
+
- [DOC] Clarify CC licensed database indefinite use condition and air-gapped environment [#192](https://github.com/logstash-plugins/logstash-filter-geoip/pull/192)
|
|
10
|
+
|
|
11
|
+
## 7.2.3
|
|
12
|
+
- [DOC] Add documentation for bootstrapping air-gapped environment for database auto-update [#189](https://github.com/logstash-plugins/logstash-filter-geoip/pull/189)
|
|
13
|
+
|
|
1
14
|
## 7.2.2
|
|
2
15
|
- [DOC] Add documentation for database auto-update behavior and database metrics [#187](https://github.com/logstash-plugins/logstash-filter-geoip/pull/187)
|
|
3
16
|
|
data/docs/index.asciidoc
CHANGED
|
@@ -59,17 +59,60 @@ database by default.
|
|
|
59
59
|
==== Database Auto-update
|
|
60
60
|
|
|
61
61
|
This plugin bundles Creative Commons (CC) license databases.
|
|
62
|
-
In air-gapped environments, Logstash can use CC license databases indefinitely.
|
|
63
62
|
Logstash checks for database updates every day. It downloads the latest and can replace the old database
|
|
64
63
|
while the plugin is running.
|
|
65
64
|
After Logstash downloads EULA license databases, it will not fallback to CC license databases.
|
|
66
65
|
|
|
67
|
-
If
|
|
68
|
-
|
|
66
|
+
NOTE: If the database has never been updated successfully, as in air-gapped environments, Logstash can use CC license databases indefinitely.
|
|
67
|
+
|
|
68
|
+
After Logstash has switched to a EULA licensed database, the geoip filter will
|
|
69
|
+
stop enriching events in order to maintain compliance if Logstash fails to
|
|
70
|
+
check for database updates for 30 days.
|
|
69
71
|
Events will be tagged with `_geoip_expired_database` tag to facilitate the handling of this situation.
|
|
70
72
|
|
|
71
73
|
TIP: When possible, allow Logstash to access the internet to download databases so that they are always up-to-date.
|
|
72
74
|
|
|
75
|
+
[id="plugins-{type}s-{plugin}-manage_update"]
|
|
76
|
+
==== Manage your own database updates
|
|
77
|
+
|
|
78
|
+
**Use a proxy endpoint**
|
|
79
|
+
|
|
80
|
+
If you can't connect directly to the Elastic GeoIP endpoint, consider setting up
|
|
81
|
+
a secure proxy. You can then specify the proxy endpoint URL in the
|
|
82
|
+
`xpack.geoip.download.endpoint` setting in `logstash.yml` file.
|
|
83
|
+
|
|
84
|
+
**Use a custom endpoint (air-gapped environments)**
|
|
85
|
+
|
|
86
|
+
If you work in air-gapped environment and can't update your databases from the Elastic endpoint,
|
|
87
|
+
You can then download databases from MaxMind and bootstrap the service.
|
|
88
|
+
|
|
89
|
+
. Download your `.mmdb` database files from the
|
|
90
|
+
http://dev.maxmind.com/geoip/geoip2/geolite2[MaxMind site].
|
|
91
|
+
|
|
92
|
+
. Copy your database files to a single directory.
|
|
93
|
+
|
|
94
|
+
. https://www.elastic.co/downloads/elasticsearch[Download {es}].
|
|
95
|
+
|
|
96
|
+
. From your {es} directory, run:
|
|
97
|
+
+
|
|
98
|
+
[source,sh]
|
|
99
|
+
----
|
|
100
|
+
./bin/elasticsearch-geoip -s my/database/dir
|
|
101
|
+
----
|
|
102
|
+
|
|
103
|
+
. Serve the static database files from your directory. For example, you can use
|
|
104
|
+
Docker to serve the files from nginx server:
|
|
105
|
+
+
|
|
106
|
+
[source,sh]
|
|
107
|
+
----
|
|
108
|
+
docker run -p 8080:80 -v my/database/dir:/usr/share/nginx/html:ro nginx
|
|
109
|
+
----
|
|
110
|
+
|
|
111
|
+
. Specify the service's endpoint URL using the
|
|
112
|
+
`xpack.geoip.download.endpoint=http://localhost:8080/overview.json` setting in `logstash.yml`.
|
|
113
|
+
|
|
114
|
+
Logstash gets automatic updates from this service.
|
|
115
|
+
|
|
73
116
|
[id="plugins-{type}s-{plugin}-metrics"]
|
|
74
117
|
==== Database Metrics
|
|
75
118
|
|
|
@@ -241,7 +284,7 @@ For the built-in GeoLite2 City database, the following are available:
|
|
|
241
284
|
* Value type is <<string,string>>
|
|
242
285
|
* Supported values are:
|
|
243
286
|
** `disabled`: unstructured geo data added at root level
|
|
244
|
-
** `v1`: uses fields that are compatible with Elastic Common Schema (for example, `[client][geo][country_name]`)
|
|
287
|
+
** `v1`, `v8`: uses fields that are compatible with Elastic Common Schema (for example, `[client][geo][country_name]`)
|
|
245
288
|
* Default value depends on which version of Logstash is running:
|
|
246
289
|
** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
|
|
247
290
|
** Otherwise, the default value is `disabled`.
|
|
@@ -32,7 +32,7 @@ require "logstash/plugin_mixins/ecs_compatibility_support"
|
|
|
32
32
|
# --
|
|
33
33
|
|
|
34
34
|
class LogStash::Filters::GeoIP < LogStash::Filters::Base
|
|
35
|
-
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1)
|
|
35
|
+
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
|
|
36
36
|
|
|
37
37
|
config_name "geoip"
|
|
38
38
|
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-filter-geoip'
|
|
4
|
-
s.version = '7.2.
|
|
4
|
+
s.version = '7.2.6'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Adds geographical information about an IP address"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -22,7 +22,7 @@ Gem::Specification.new do |s|
|
|
|
22
22
|
|
|
23
23
|
# Gem dependencies
|
|
24
24
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
|
25
|
-
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.
|
|
25
|
+
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.2'
|
|
26
26
|
s.add_development_dependency 'logstash-devutils'
|
|
27
27
|
s.add_development_dependency 'insist'
|
|
28
28
|
s.add_development_dependency 'benchmark-ips'
|
|
@@ -14,7 +14,7 @@ describe LogStash::Filters::GeoIP do
|
|
|
14
14
|
describe "simple ip filter", :aggregate_failures do
|
|
15
15
|
|
|
16
16
|
context "when specifying the target", :ecs_compatibility_support do
|
|
17
|
-
ecs_compatibility_matrix(:disabled, :v1) do |ecs_select|
|
|
17
|
+
ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do |ecs_select|
|
|
18
18
|
|
|
19
19
|
let(:ip) { "8.8.8.8" }
|
|
20
20
|
let(:event) { LogStash::Event.new("message" => ip) }
|
|
Binary file
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-geoip
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.2.
|
|
4
|
+
version: 7.2.6
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-12-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -35,7 +35,7 @@ dependencies:
|
|
|
35
35
|
requirements:
|
|
36
36
|
- - "~>"
|
|
37
37
|
- !ruby/object:Gem::Version
|
|
38
|
-
version: '1.
|
|
38
|
+
version: '1.2'
|
|
39
39
|
name: logstash-mixin-ecs_compatibility_support
|
|
40
40
|
prerelease: false
|
|
41
41
|
type: :runtime
|
|
@@ -43,7 +43,7 @@ dependencies:
|
|
|
43
43
|
requirements:
|
|
44
44
|
- - "~>"
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
|
-
version: '1.
|
|
46
|
+
version: '1.2'
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
49
|
requirements:
|
|
@@ -152,8 +152,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
152
152
|
- !ruby/object:Gem::Version
|
|
153
153
|
version: '0'
|
|
154
154
|
requirements: []
|
|
155
|
-
|
|
156
|
-
rubygems_version: 2.6.13
|
|
155
|
+
rubygems_version: 3.1.6
|
|
157
156
|
signing_key:
|
|
158
157
|
specification_version: 4
|
|
159
158
|
summary: Adds geographical information about an IP address
|