logstash-filter-geoip 7.2.2-java → 7.2.6-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/docs/index.asciidoc +47 -4
- data/lib/logstash/filters/geoip.rb +1 -1
- data/logstash-filter-geoip.gemspec +2 -2
- data/spec/filters/geoip_ecs_spec.rb +1 -1
- data/vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/6.0.0/logstash-filter-geoip-6.0.0.jar +0 -0
- metadata +5 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 433ba5fee36660147ee97dfe1f43b301184840886bc7bbc5d831b02337ba4606
|
|
4
|
+
data.tar.gz: 897f4da52600922cfb828444b349123dedc03a79b0062fb494db56561894f8aa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7575caa6518fb518269defd3186b02f04996c723692dd0f0e3e12b3d05b03be51b97f65c74a3b1c110a43d22ce1880601c0729764bb162099cae8c21b12d85a5
|
|
7
|
+
data.tar.gz: cc3761f22ac75732293f0812851a2b5eab426f510def361cbe8f251dc2685f0ab10e2b0e98bd4d1ee40ff72f43a6e19ccbcac7c5399c0bf12d245db6dcc50484
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,16 @@
|
|
|
1
|
+
## 7.2.6
|
|
2
|
+
- Update Log4J dependencies [#196](https://github.com/logstash-plugins/logstash-filter-geoip/pull/196)
|
|
3
|
+
|
|
4
|
+
## 7.2.5
|
|
5
|
+
- Added preview of ECS-v8 support with existing ECS-v1 implementation [#193](https://github.com/logstash-plugins/logstash-filter-geoip/pull/193)
|
|
6
|
+
|
|
7
|
+
## 7.2.4
|
|
8
|
+
- Fix: update to Gradle 7 [#191](https://github.com/logstash-plugins/logstash-filter-geoip/pull/191)
|
|
9
|
+
- [DOC] Clarify CC licensed database indefinite use condition and air-gapped environment [#192](https://github.com/logstash-plugins/logstash-filter-geoip/pull/192)
|
|
10
|
+
|
|
11
|
+
## 7.2.3
|
|
12
|
+
- [DOC] Add documentation for bootstrapping air-gapped environment for database auto-update [#189](https://github.com/logstash-plugins/logstash-filter-geoip/pull/189)
|
|
13
|
+
|
|
1
14
|
## 7.2.2
|
|
2
15
|
- [DOC] Add documentation for database auto-update behavior and database metrics [#187](https://github.com/logstash-plugins/logstash-filter-geoip/pull/187)
|
|
3
16
|
|
data/docs/index.asciidoc
CHANGED
|
@@ -59,17 +59,60 @@ database by default.
|
|
|
59
59
|
==== Database Auto-update
|
|
60
60
|
|
|
61
61
|
This plugin bundles Creative Commons (CC) license databases.
|
|
62
|
-
In air-gapped environments, Logstash can use CC license databases indefinitely.
|
|
63
62
|
Logstash checks for database updates every day. It downloads the latest and can replace the old database
|
|
64
63
|
while the plugin is running.
|
|
65
64
|
After Logstash downloads EULA license databases, it will not fallback to CC license databases.
|
|
66
65
|
|
|
67
|
-
If
|
|
68
|
-
|
|
66
|
+
NOTE: If the database has never been updated successfully, as in air-gapped environments, Logstash can use CC license databases indefinitely.
|
|
67
|
+
|
|
68
|
+
After Logstash has switched to a EULA licensed database, the geoip filter will
|
|
69
|
+
stop enriching events in order to maintain compliance if Logstash fails to
|
|
70
|
+
check for database updates for 30 days.
|
|
69
71
|
Events will be tagged with `_geoip_expired_database` tag to facilitate the handling of this situation.
|
|
70
72
|
|
|
71
73
|
TIP: When possible, allow Logstash to access the internet to download databases so that they are always up-to-date.
|
|
72
74
|
|
|
75
|
+
[id="plugins-{type}s-{plugin}-manage_update"]
|
|
76
|
+
==== Manage your own database updates
|
|
77
|
+
|
|
78
|
+
**Use a proxy endpoint**
|
|
79
|
+
|
|
80
|
+
If you can't connect directly to the Elastic GeoIP endpoint, consider setting up
|
|
81
|
+
a secure proxy. You can then specify the proxy endpoint URL in the
|
|
82
|
+
`xpack.geoip.download.endpoint` setting in `logstash.yml` file.
|
|
83
|
+
|
|
84
|
+
**Use a custom endpoint (air-gapped environments)**
|
|
85
|
+
|
|
86
|
+
If you work in air-gapped environment and can't update your databases from the Elastic endpoint,
|
|
87
|
+
You can then download databases from MaxMind and bootstrap the service.
|
|
88
|
+
|
|
89
|
+
. Download your `.mmdb` database files from the
|
|
90
|
+
http://dev.maxmind.com/geoip/geoip2/geolite2[MaxMind site].
|
|
91
|
+
|
|
92
|
+
. Copy your database files to a single directory.
|
|
93
|
+
|
|
94
|
+
. https://www.elastic.co/downloads/elasticsearch[Download {es}].
|
|
95
|
+
|
|
96
|
+
. From your {es} directory, run:
|
|
97
|
+
+
|
|
98
|
+
[source,sh]
|
|
99
|
+
----
|
|
100
|
+
./bin/elasticsearch-geoip -s my/database/dir
|
|
101
|
+
----
|
|
102
|
+
|
|
103
|
+
. Serve the static database files from your directory. For example, you can use
|
|
104
|
+
Docker to serve the files from nginx server:
|
|
105
|
+
+
|
|
106
|
+
[source,sh]
|
|
107
|
+
----
|
|
108
|
+
docker run -p 8080:80 -v my/database/dir:/usr/share/nginx/html:ro nginx
|
|
109
|
+
----
|
|
110
|
+
|
|
111
|
+
. Specify the service's endpoint URL using the
|
|
112
|
+
`xpack.geoip.download.endpoint=http://localhost:8080/overview.json` setting in `logstash.yml`.
|
|
113
|
+
|
|
114
|
+
Logstash gets automatic updates from this service.
|
|
115
|
+
|
|
73
116
|
[id="plugins-{type}s-{plugin}-metrics"]
|
|
74
117
|
==== Database Metrics
|
|
75
118
|
|
|
@@ -241,7 +284,7 @@ For the built-in GeoLite2 City database, the following are available:
|
|
|
241
284
|
* Value type is <<string,string>>
|
|
242
285
|
* Supported values are:
|
|
243
286
|
** `disabled`: unstructured geo data added at root level
|
|
244
|
-
** `v1`: uses fields that are compatible with Elastic Common Schema (for example, `[client][geo][country_name]`)
|
|
287
|
+
** `v1`, `v8`: uses fields that are compatible with Elastic Common Schema (for example, `[client][geo][country_name]`)
|
|
245
288
|
* Default value depends on which version of Logstash is running:
|
|
246
289
|
** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
|
|
247
290
|
** Otherwise, the default value is `disabled`.
|
|
@@ -32,7 +32,7 @@ require "logstash/plugin_mixins/ecs_compatibility_support"
|
|
|
32
32
|
# --
|
|
33
33
|
|
|
34
34
|
class LogStash::Filters::GeoIP < LogStash::Filters::Base
|
|
35
|
-
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1)
|
|
35
|
+
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
|
|
36
36
|
|
|
37
37
|
config_name "geoip"
|
|
38
38
|
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-filter-geoip'
|
|
4
|
-
s.version = '7.2.
|
|
4
|
+
s.version = '7.2.6'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Adds geographical information about an IP address"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -22,7 +22,7 @@ Gem::Specification.new do |s|
|
|
|
22
22
|
|
|
23
23
|
# Gem dependencies
|
|
24
24
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
|
25
|
-
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.
|
|
25
|
+
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.2'
|
|
26
26
|
s.add_development_dependency 'logstash-devutils'
|
|
27
27
|
s.add_development_dependency 'insist'
|
|
28
28
|
s.add_development_dependency 'benchmark-ips'
|
|
@@ -14,7 +14,7 @@ describe LogStash::Filters::GeoIP do
|
|
|
14
14
|
describe "simple ip filter", :aggregate_failures do
|
|
15
15
|
|
|
16
16
|
context "when specifying the target", :ecs_compatibility_support do
|
|
17
|
-
ecs_compatibility_matrix(:disabled, :v1) do |ecs_select|
|
|
17
|
+
ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do |ecs_select|
|
|
18
18
|
|
|
19
19
|
let(:ip) { "8.8.8.8" }
|
|
20
20
|
let(:event) { LogStash::Event.new("message" => ip) }
|
|
Binary file
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-geoip
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.2.
|
|
4
|
+
version: 7.2.6
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-12-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -35,7 +35,7 @@ dependencies:
|
|
|
35
35
|
requirements:
|
|
36
36
|
- - "~>"
|
|
37
37
|
- !ruby/object:Gem::Version
|
|
38
|
-
version: '1.
|
|
38
|
+
version: '1.2'
|
|
39
39
|
name: logstash-mixin-ecs_compatibility_support
|
|
40
40
|
prerelease: false
|
|
41
41
|
type: :runtime
|
|
@@ -43,7 +43,7 @@ dependencies:
|
|
|
43
43
|
requirements:
|
|
44
44
|
- - "~>"
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
|
-
version: '1.
|
|
46
|
+
version: '1.2'
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
49
|
requirements:
|
|
@@ -152,8 +152,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
152
152
|
- !ruby/object:Gem::Version
|
|
153
153
|
version: '0'
|
|
154
154
|
requirements: []
|
|
155
|
-
|
|
156
|
-
rubygems_version: 2.6.13
|
|
155
|
+
rubygems_version: 3.1.6
|
|
157
156
|
signing_key:
|
|
158
157
|
specification_version: 4
|
|
159
158
|
summary: Adds geographical information about an IP address
|