logstash-filter-geoip 7.2.3-java → 7.2.7-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/docs/index.asciidoc +9 -9
- data/lib/logstash/filters/geoip.rb +1 -1
- data/logstash-filter-geoip.gemspec +2 -2
- data/spec/filters/geoip_ecs_spec.rb +1 -1
- data/vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/6.0.0/logstash-filter-geoip-6.0.0.jar +0 -0
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7eb0e71f8a7e34725b9ed42e5839ad7015fd53672802b01c92c5c33c3acb55ce
|
4
|
+
data.tar.gz: 71f871e60772fa2f21d5995ee93ac9b26d426463e4e87705e00028eb074bbe1a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1e062cbeb38a866831d9dd9c359605d3f2b883819299bffbbb685af54fb9891f6ec3d4a81cebbad357a2a0c6cecffecdc2cf2284c00b8711c5dd6283c9620702
|
7
|
+
data.tar.gz: f83c4acfe3d702163d284cfae089d5deddcebe9754945dee22bf760e23d8b301f7dfcd2e4b98dfa509299f3f36993977cf94ee2d82df0fdf7fb9b05e3a5da7ed
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,16 @@
|
|
1
|
+
## 7.2.7
|
2
|
+
- Ensure java 8 compatibility [#197](https://github.com/logstash-plugins/logstash-filter-geoip/pull/197)
|
3
|
+
|
4
|
+
## 7.2.6
|
5
|
+
- Update Log4J dependencies [#196](https://github.com/logstash-plugins/logstash-filter-geoip/pull/196)
|
6
|
+
|
7
|
+
## 7.2.5
|
8
|
+
- Added preview of ECS-v8 support with existing ECS-v1 implementation [#193](https://github.com/logstash-plugins/logstash-filter-geoip/pull/193)
|
9
|
+
|
10
|
+
## 7.2.4
|
11
|
+
- Fix: update to Gradle 7 [#191](https://github.com/logstash-plugins/logstash-filter-geoip/pull/191)
|
12
|
+
- [DOC] Clarify CC licensed database indefinite use condition and air-gapped environment [#192](https://github.com/logstash-plugins/logstash-filter-geoip/pull/192)
|
13
|
+
|
1
14
|
## 7.2.3
|
2
15
|
- [DOC] Add documentation for bootstrapping air-gapped environment for database auto-update [#189](https://github.com/logstash-plugins/logstash-filter-geoip/pull/189)
|
3
16
|
|
data/docs/index.asciidoc
CHANGED
@@ -59,13 +59,15 @@ database by default.
|
|
59
59
|
==== Database Auto-update
|
60
60
|
|
61
61
|
This plugin bundles Creative Commons (CC) license databases.
|
62
|
-
In air-gapped environments, Logstash can use CC license databases indefinitely.
|
63
62
|
Logstash checks for database updates every day. It downloads the latest and can replace the old database
|
64
63
|
while the plugin is running.
|
65
64
|
After Logstash downloads EULA license databases, it will not fallback to CC license databases.
|
66
65
|
|
67
|
-
If
|
68
|
-
|
66
|
+
NOTE: If the database has never been updated successfully, as in air-gapped environments, Logstash can use CC license databases indefinitely.
|
67
|
+
|
68
|
+
After Logstash has switched to a EULA licensed database, the geoip filter will
|
69
|
+
stop enriching events in order to maintain compliance if Logstash fails to
|
70
|
+
check for database updates for 30 days.
|
69
71
|
Events will be tagged with `_geoip_expired_database` tag to facilitate the handling of this situation.
|
70
72
|
|
71
73
|
TIP: When possible, allow Logstash to access the internet to download databases so that they are always up-to-date.
|
@@ -79,13 +81,10 @@ If you can't connect directly to the Elastic GeoIP endpoint, consider setting up
|
|
79
81
|
a secure proxy. You can then specify the proxy endpoint URL in the
|
80
82
|
`xpack.geoip.download.endpoint` setting in `logstash.yml` file.
|
81
83
|
|
82
|
-
**Use a custom endpoint**
|
84
|
+
**Use a custom endpoint (air-gapped environments)**
|
83
85
|
|
84
86
|
If you work in air-gapped environment and can't update your databases from the Elastic endpoint,
|
85
|
-
|
86
|
-
|
87
|
-
You can create a service that mimics the Elastic GeoIP endpoint. You can then
|
88
|
-
get automatic updates from this service.
|
87
|
+
You can then download databases from MaxMind and bootstrap the service.
|
89
88
|
|
90
89
|
. Download your `.mmdb` database files from the
|
91
90
|
http://dev.maxmind.com/geoip/geoip2/geolite2[MaxMind site].
|
@@ -112,6 +111,7 @@ docker run -p 8080:80 -v my/database/dir:/usr/share/nginx/html:ro nginx
|
|
112
111
|
. Specify the service's endpoint URL using the
|
113
112
|
`xpack.geoip.download.endpoint=http://localhost:8080/overview.json` setting in `logstash.yml`.
|
114
113
|
|
114
|
+
Logstash gets automatic updates from this service.
|
115
115
|
|
116
116
|
[id="plugins-{type}s-{plugin}-metrics"]
|
117
117
|
==== Database Metrics
|
@@ -284,7 +284,7 @@ For the built-in GeoLite2 City database, the following are available:
|
|
284
284
|
* Value type is <<string,string>>
|
285
285
|
* Supported values are:
|
286
286
|
** `disabled`: unstructured geo data added at root level
|
287
|
-
** `v1`: uses fields that are compatible with Elastic Common Schema (for example, `[client][geo][country_name]`)
|
287
|
+
** `v1`, `v8`: uses fields that are compatible with Elastic Common Schema (for example, `[client][geo][country_name]`)
|
288
288
|
* Default value depends on which version of Logstash is running:
|
289
289
|
** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
|
290
290
|
** Otherwise, the default value is `disabled`.
|
@@ -32,7 +32,7 @@ require "logstash/plugin_mixins/ecs_compatibility_support"
|
|
32
32
|
# --
|
33
33
|
|
34
34
|
class LogStash::Filters::GeoIP < LogStash::Filters::Base
|
35
|
-
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1)
|
35
|
+
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
|
36
36
|
|
37
37
|
config_name "geoip"
|
38
38
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-filter-geoip'
|
4
|
-
s.version = '7.2.
|
4
|
+
s.version = '7.2.7'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Adds geographical information about an IP address"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -22,7 +22,7 @@ Gem::Specification.new do |s|
|
|
22
22
|
|
23
23
|
# Gem dependencies
|
24
24
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
25
|
-
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.
|
25
|
+
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.2'
|
26
26
|
s.add_development_dependency 'logstash-devutils'
|
27
27
|
s.add_development_dependency 'insist'
|
28
28
|
s.add_development_dependency 'benchmark-ips'
|
@@ -14,7 +14,7 @@ describe LogStash::Filters::GeoIP do
|
|
14
14
|
describe "simple ip filter", :aggregate_failures do
|
15
15
|
|
16
16
|
context "when specifying the target", :ecs_compatibility_support do
|
17
|
-
ecs_compatibility_matrix(:disabled, :v1) do |ecs_select|
|
17
|
+
ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do |ecs_select|
|
18
18
|
|
19
19
|
let(:ip) { "8.8.8.8" }
|
20
20
|
let(:event) { LogStash::Event.new("message" => ip) }
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-filter-geoip
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.2.
|
4
|
+
version: 7.2.7
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-12-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -35,7 +35,7 @@ dependencies:
|
|
35
35
|
requirements:
|
36
36
|
- - "~>"
|
37
37
|
- !ruby/object:Gem::Version
|
38
|
-
version: '1.
|
38
|
+
version: '1.2'
|
39
39
|
name: logstash-mixin-ecs_compatibility_support
|
40
40
|
prerelease: false
|
41
41
|
type: :runtime
|
@@ -43,7 +43,7 @@ dependencies:
|
|
43
43
|
requirements:
|
44
44
|
- - "~>"
|
45
45
|
- !ruby/object:Gem::Version
|
46
|
-
version: '1.
|
46
|
+
version: '1.2'
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
49
49
|
requirements:
|