logstash-filter-geoip 7.2.6-java → 7.2.10-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 433ba5fee36660147ee97dfe1f43b301184840886bc7bbc5d831b02337ba4606
4
- data.tar.gz: 897f4da52600922cfb828444b349123dedc03a79b0062fb494db56561894f8aa
3
+ metadata.gz: 0e7b28476c126af68bc29d44c7d64ec15aa5e09eed39c45a53d1c52d62f6c2c4
4
+ data.tar.gz: 6679da72cdaf947fccaf8140a82019668bf6c099f708638fdcf15e0dde8701a6
5
5
  SHA512:
6
- metadata.gz: 7575caa6518fb518269defd3186b02f04996c723692dd0f0e3e12b3d05b03be51b97f65c74a3b1c110a43d22ce1880601c0729764bb162099cae8c21b12d85a5
7
- data.tar.gz: cc3761f22ac75732293f0812851a2b5eab426f510def361cbe8f251dc2685f0ab10e2b0e98bd4d1ee40ff72f43a6e19ccbcac7c5399c0bf12d245db6dcc50484
6
+ metadata.gz: fc1051fee22e58527e8e091108f9e24d5f314ea92357817bf700765863c6bb320bca5f59835f1a873bb40f4f26df9c1847c18babdc1ebccb94d9f0e60d916f03
7
+ data.tar.gz: 694bbeeec97b179ccc6d52d5c94a56dfbe693c4bef95a44cbaadaa9bda2bc84b8e6c0eb5b6e73a8b94fb8930a649e59fa4a0f3206b4616baedabcf90015e0372
data/CHANGELOG.md CHANGED
@@ -1,3 +1,16 @@
1
+ ## 7.2.10
2
+ - [DOC] Air-gapped environment requires both ASN and City databases [#204](https://github.com/logstash-plugins/logstash-filter-geoip/pull/204)
3
+
4
+ ## 7.2.9
5
+ - Fix: red CI in Logstash 8.0 [#201](https://github.com/logstash-plugins/logstash-filter-geoip/pull/201)
6
+ - Update Log4j dependency to 2.17.1
7
+
8
+ ## 7.2.8
9
+ - Update Log4j dependency to 2.17.0
10
+
11
+ ## 7.2.7
12
+ - Ensure java 8 compatibility [#197](https://github.com/logstash-plugins/logstash-filter-geoip/pull/197)
13
+
1
14
  ## 7.2.6
2
15
  - Update Log4J dependencies [#196](https://github.com/logstash-plugins/logstash-filter-geoip/pull/196)
3
16
 
data/docs/index.asciidoc CHANGED
@@ -86,10 +86,10 @@ a secure proxy. You can then specify the proxy endpoint URL in the
86
86
  If you work in air-gapped environment and can't update your databases from the Elastic endpoint,
87
87
  You can then download databases from MaxMind and bootstrap the service.
88
88
 
89
- . Download your `.mmdb` database files from the
89
+ . Download both `GeoLite2-ASN.mmdb` and `GeoLite2-City.mmdb` database files from the
90
90
  http://dev.maxmind.com/geoip/geoip2/geolite2[MaxMind site].
91
91
 
92
- . Copy your database files to a single directory.
92
+ . Copy both database files to a single directory.
93
93
 
94
94
  . https://www.elastic.co/downloads/elasticsearch[Download {es}].
95
95
 
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-filter-geoip'
4
- s.version = '7.2.6'
4
+ s.version = '7.2.10'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Adds geographical information about an IP address"
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -48,7 +48,6 @@ describe LogStash::Filters::GeoIP do
48
48
  end
49
49
  end
50
50
 
51
-
52
51
  context "with ASN database" do
53
52
  let(:options) { common_options.merge({"database" => ASNDB}) }
54
53
 
@@ -59,27 +58,96 @@ describe LogStash::Filters::GeoIP do
59
58
  expect( event.get ecs_select[disabled: "[#{target}][asn]", v1: "[#{target}][as][number]"] ).to eq 15169
60
59
  expect( event.get ecs_select[disabled: "[#{target}][as_org]", v1: "[#{target}][as][organization][name]"] ).to eq "Google LLC"
61
60
  end
61
+
62
+ context "with customize fields" do
63
+ let(:fields) { ["AUTONOMOUS_SYSTEM_NUMBER"] }
64
+ let(:options) { common_options.merge({"database" => ASNDB, "fields" => fields}) }
65
+
66
+ it "should give asn field" do
67
+ plugin.filter(event)
68
+
69
+ expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to be_nil
70
+ expect( event.get ecs_select[disabled: "[#{target}][as_org]", v1: "[#{target}][as][organization][name]"] ).to be_nil
71
+
72
+ expect( event.get ecs_select[disabled: "[#{target}][asn]", v1: "[#{target}][as][number]"] ).to eq 15169
73
+ end
74
+ end
62
75
  end
63
76
 
64
77
  context "with customize fields" do
65
- let(:fields) { ["continent_name", "timezone"] }
66
- let(:options) { common_options.merge({"fields" => fields}) }
78
+ context "continent_name and timezone" do
79
+ let(:fields) { ["continent_name", "timezone"] }
80
+ let(:options) { common_options.merge({"fields" => fields}) }
67
81
 
68
- it "should return fields" do
69
- plugin.filter(event)
82
+ it "should return fields in UTF8" do
83
+ plugin.filter(event)
70
84
 
71
- expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to be_nil
72
- expect( event.get ecs_select[disabled: "[#{target}][country_code2]", v1: "[#{target}][geo][country_iso_code]"] ).to be_nil
73
- expect( event.get ecs_select[disabled: "[#{target}][country_name]", v1: "[#{target}][geo][country_name]"] ).to be_nil
74
- expect( event.get ecs_select[disabled: "[#{target}][continent_code]", v1: "[#{target}][geo][continent_code]"] ).to be_nil
75
- expect( event.get ecs_select[disabled: "[#{target}][location][lat]", v1: "[#{target}][geo][location][lat]"] ).to be_nil
76
- expect( event.get ecs_select[disabled: "[#{target}][location][lon]", v1: "[#{target}][geo][location][lon]"] ).to be_nil
85
+ expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to be_nil
86
+ expect( event.get ecs_select[disabled: "[#{target}][country_code2]", v1: "[#{target}][geo][country_iso_code]"] ).to be_nil
87
+ expect( event.get ecs_select[disabled: "[#{target}][country_name]", v1: "[#{target}][geo][country_name]"] ).to be_nil
88
+ expect( event.get ecs_select[disabled: "[#{target}][continent_code]", v1: "[#{target}][geo][continent_code]"] ).to be_nil
89
+ expect( event.get ecs_select[disabled: "[#{target}][location][lat]", v1: "[#{target}][geo][location][lat]"] ).to be_nil
90
+ expect( event.get ecs_select[disabled: "[#{target}][location][lon]", v1: "[#{target}][geo][location][lon]"] ).to be_nil
91
+
92
+ continent_name = event.get ecs_select[disabled: "[#{target}][continent_name]", v1: "[#{target}][geo][continent_name]"]
93
+ timezone = event.get ecs_select[disabled: "[#{target}][timezone]", v1: "[#{target}][geo][timezone]"]
94
+ expect( continent_name ).to eq "North America"
95
+ expect( timezone ).to eq "America/Chicago"
96
+ expect( continent_name.encoding ).to eq Encoding::UTF_8
97
+ expect( timezone.encoding ).to eq Encoding::UTF_8
98
+ end
99
+ end
77
100
 
78
- expect( event.get ecs_select[disabled: "[#{target}][continent_name]", v1: "[#{target}][geo][continent_name]"] ).to eq "North America"
79
- expect( event.get ecs_select[disabled: "[#{target}][timezone]", v1: "[#{target}][geo][timezone]"] ).to eq "America/Chicago"
101
+ context "location" do
102
+ shared_examples "provide location, lat and lon" do
103
+ it "should return location, lat and lon" do
104
+ plugin.filter(event)
105
+
106
+ expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to be_nil
107
+ expect( event.get ecs_select[disabled: "[#{target}][country_code2]", v1: "[#{target}][geo][country_iso_code]"] ).to be_nil
108
+ expect( event.get ecs_select[disabled: "[#{target}][country_name]", v1: "[#{target}][geo][country_name]"] ).to be_nil
109
+ expect( event.get ecs_select[disabled: "[#{target}][continent_code]", v1: "[#{target}][geo][continent_code]"] ).to be_nil
110
+ expect( event.get ecs_select[disabled: "[#{target}][continent_name]", v1: "[#{target}][geo][continent_name]"] ).to be_nil
111
+ expect( event.get ecs_select[disabled: "[#{target}][timezone]", v1: "[#{target}][geo][timezone]"] ).to be_nil
112
+
113
+ expect( event.get ecs_select[disabled: "[#{target}][location][lat]", v1: "[#{target}][geo][location][lat]"] ).not_to be_nil
114
+ expect( event.get ecs_select[disabled: "[#{target}][location][lon]", v1: "[#{target}][geo][location][lon]"] ).not_to be_nil
115
+ end
116
+ end
117
+
118
+ context "location and longitude" do
119
+ let(:fields) { ["location", "longitude"] }
120
+ let(:options) { common_options.merge({"fields" => fields}) }
121
+ it_behaves_like "provide location, lat and lon"
122
+ end
123
+
124
+ context "location and latitude" do
125
+ let(:fields) { ["location", "latitude"] }
126
+ let(:options) { common_options.merge({"fields" => fields}) }
127
+ it_behaves_like "provide location, lat and lon"
128
+ end
80
129
  end
81
- end
82
130
 
131
+ context "continent_code and IP is IPv6 format" do
132
+ let(:ip) { "2607:f0d0:1002:51::4" }
133
+ let(:fields) { ["continent_code", "ip"] }
134
+ let(:options) { common_options.merge({"fields" => fields}) }
135
+
136
+ it "should return fields" do
137
+ plugin.filter(event)
138
+
139
+ expect( event.get ecs_select[disabled: "[#{target}][country_code2]", v1: "[#{target}][geo][country_iso_code]"] ).to be_nil
140
+ expect( event.get ecs_select[disabled: "[#{target}][country_name]", v1: "[#{target}][geo][country_name]"] ).to be_nil
141
+ expect( event.get ecs_select[disabled: "[#{target}][continent_name]", v1: "[#{target}][geo][continent_name]"] ).to be_nil
142
+ expect( event.get ecs_select[disabled: "[#{target}][location][lat]", v1: "[#{target}][geo][location][lat]"] ).to be_nil
143
+ expect( event.get ecs_select[disabled: "[#{target}][location][lon]", v1: "[#{target}][geo][location][lon]"] ).to be_nil
144
+ expect( event.get ecs_select[disabled: "[#{target}][timezone]", v1: "[#{target}][geo][timezone]"] ).to be_nil
145
+
146
+ expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to eq("2607:f0d0:1002:51:0:0:0:4")
147
+ expect( event.get ecs_select[disabled: "[#{target}][continent_code]", v1: "[#{target}][geo][continent_code]"] ).to eq("NA")
148
+ end
149
+ end
150
+ end
83
151
  end
84
152
  end
85
153
 
@@ -6,78 +6,33 @@ require "logstash/filters/geoip"
6
6
  CITYDB = ::Dir.glob(::File.expand_path(::File.join("..", "..", "..", "vendor", "GeoLite2-City.mmdb"), __FILE__)).first
7
7
  ASNDB = ::Dir.glob(::File.expand_path(::File.join("..", "..", "..", "vendor", "GeoLite2-ASN.mmdb"), __FILE__)).first
8
8
 
9
- describe LogStash::Filters::GeoIP do
10
- describe "defaults" do
11
- config <<-CONFIG
12
- filter {
13
- geoip {
14
- source => "ip"
15
- database => "#{CITYDB}"
16
- }
17
- }
18
- CONFIG
19
-
20
- sample("ip" => "8.8.8.8") do
21
- insist { subject }.include?("geoip")
22
-
23
- expected_fields = %w(ip country_code2 country_code3 country_name
24
- continent_code latitude longitude location)
25
- expected_fields.each do |f|
26
- insist { subject.get("geoip") }.include?(f)
27
- end
28
- end
29
9
 
30
- sample("ip" => "127.0.0.1") do
31
- # assume geoip fails on localhost lookups
32
- expect(subject.get("geoip")).to eq({})
10
+ describe LogStash::Filters::GeoIP do
11
+ shared_examples "invalid empty IP" do
12
+ it "should not give target field" do
13
+ expect(event.get(target)).to be_nil
14
+ expect(event.get("tags")).to include("_geoip_lookup_failure")
33
15
  end
34
16
  end
35
17
 
36
- describe "normal operations" do
37
- config <<-CONFIG
38
- filter {
39
- geoip {
40
- source => "ip"
41
- database => "#{CITYDB}"
42
- target => src_ip
43
- add_tag => "done"
44
- }
45
- }
46
- CONFIG
47
-
48
- context "when specifying the target" do
49
-
50
- sample("ip" => "8.8.8.8") do
51
- expect(subject).to include("src_ip")
52
-
53
- expected_fields = %w(ip country_code2 country_code3 country_name
54
- continent_code latitude longitude location)
55
- expected_fields.each do |f|
56
- expect(subject.get("src_ip")).to include(f)
57
- end
58
- end
59
-
60
- sample("ip" => "127.0.0.1") do
61
- # assume geoip fails on localhost lookups
62
- expect(subject.get("src_ip")).to eq({})
63
- end
64
- end
65
-
66
- context "when specifying add_tag" do
67
- sample("ip" => "8.8.8.8") do
68
- expect(subject.get("tags")).to include("done")
69
- end
18
+ shared_examples "invalid string IP" do
19
+ it "should give empty hash in target field" do
20
+ expect(event.get(target)).to eq({})
21
+ expect(event.get("tags")).to include("_geoip_lookup_failure")
70
22
  end
71
23
  end
72
24
 
73
- describe "source is derived from target" do
74
- subject(:event) { LogStash::Event.new("target" => { "ip" => "173.9.34.107" } ) }
25
+ let(:target) { "server" }
26
+
27
+ describe "invalid IP" do
28
+ let(:ip) { "173.9.34.107" }
29
+ let(:event) { LogStash::Event.new("client" => { "ip" => ip } ) }
75
30
  let(:plugin) {
76
31
  LogStash::Filters::GeoIP.new(
77
- "source" => "[target][ip]",
78
- "target" => "target",
79
- "fields" => [ "city_name", "region_name" ],
80
- "add_tag" => "done", "database" => CITYDB
32
+ "source" => "[client][ip]",
33
+ "target" => target,
34
+ "fields" => %w[country_name continent_code],
35
+ "database" => CITYDB
81
36
  )
82
37
  }
83
38
 
@@ -86,200 +41,71 @@ describe LogStash::Filters::GeoIP do
86
41
  plugin.filter(event)
87
42
  end
88
43
 
89
- context "when source field 'ip' is a subfield of 'target'" do
90
-
91
- it "should preserve value in [target][ip]" do
92
- expect(event.get("[target][ip]")).to eq("173.9.34.107")
44
+ context "when ip is 127.0.0.1" do
45
+ let(:ip) { "127.0.0.1" }
46
+ it "should give empty hash" do
47
+ expect(event.get(target)).to eq({})
93
48
  end
94
-
95
- it "should set other subfields of 'target' properly" do
96
- expect(event.get("target").to_hash.keys.sort).to eq(["city_name", "ip", "region_name"])
97
- expect(event.get("[target][city_name]")).to eq("Malden")
98
- expect(event.get("[target][region_name]")).to eq("Massachusetts")
99
- end
100
-
101
49
  end
102
50
 
103
- end
104
-
105
- describe "correct encodings with default db" do
106
- config <<-CONFIG
107
- filter {
108
- geoip {
109
- source => "ip"
110
- database => "#{CITYDB}"
111
- }
112
- }
113
- CONFIG
114
- expected_fields = %w(ip country_code2 country_code3 country_name
115
- continent_code region_name city_name postal_code
116
- dma_code timezone)
117
-
118
- sample("ip" => "1.1.1.1") do
119
- checked = 0
120
- expected_fields.each do |f|
121
- next unless subject.get("geoip")[f]
122
- checked += 1
123
- insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
124
- end
125
- insist { checked } > 0
51
+ context "when ip is empty string" do
52
+ let(:ip) { "" }
53
+ it_behaves_like "invalid empty IP"
126
54
  end
127
55
 
128
- sample("ip" => "189.2.0.0") do
129
- checked = 0
130
- expected_fields.each do |f|
131
- next unless subject.get("geoip")[f]
132
- checked += 1
133
- insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
134
- end
135
- insist { checked } > 0
56
+ context "when ip is space" do
57
+ let(:ip) { " " }
58
+ it_behaves_like "invalid empty IP"
136
59
  end
137
60
 
138
- end
139
-
140
- describe "location field" do
141
- shared_examples_for "an event with a [geoip][location] field" do
142
- subject(:event) { LogStash::Event.new("message" => "8.8.8.8") }
143
- let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "fields" => fields, "database" => CITYDB) }
144
-
145
- before do
146
- plugin.register
147
- plugin.filter(event)
148
- end
149
-
150
- it "should have a location field" do
151
- expect(event.get("[geoip][location]")).not_to(be_nil)
152
- end
61
+ context "when ip is dash" do
62
+ let(:ip) { "-" }
63
+ it_behaves_like "invalid string IP"
153
64
  end
154
65
 
155
- context "when latitude field is excluded" do
156
- let(:fields) { ["country_name", "location", "longitude"] }
157
- it_behaves_like "an event with a [geoip][location] field"
66
+ context "when ip is N/A" do
67
+ let(:ip) { "N/A" }
68
+ it_behaves_like "invalid string IP"
158
69
  end
159
70
 
160
- context "when longitude field is excluded" do
161
- let(:fields) { ["country_name", "location", "latitude"] }
162
- it_behaves_like "an event with a [geoip][location] field"
71
+ context "when ip is two ip comma separated" do
72
+ let(:ip) { "123.45.67.89,61.160.232.222" }
73
+ it_behaves_like "invalid string IP"
163
74
  end
164
75
 
165
- context "when both latitude and longitude field are excluded" do
166
- let(:fields) { ["country_name", "location"] }
167
- it_behaves_like "an event with a [geoip][location] field"
76
+ context "when ip is not found in the DB" do
77
+ let(:ip) { "0.0.0.0" }
78
+ it_behaves_like "invalid string IP"
168
79
  end
169
- end
170
-
171
- describe "an invalid IP" do
172
- config <<-CONFIG
173
- filter {
174
- geoip {
175
- source => "ip"
176
- database => "#{CITYDB}"
177
- }
178
- }
179
- CONFIG
180
- describe "should not raise an error" do
181
- sample("ip" => "-") do
182
- expect{ subject }.to_not raise_error
183
- end
184
80
 
185
- sample("ip" => "~") do
186
- expect{ subject }.to_not raise_error
187
- end
188
-
189
- sample("ip" => "") do
190
- expect{ subject }.to_not raise_error
191
- end
192
-
193
- sample("ip" => " ") do
194
- expect{ subject }.to_not raise_error
195
- end
81
+ context "when ip is IPv6 format for localhost" do
82
+ let(:ip) { "::1" }
83
+ it_behaves_like "invalid string IP"
196
84
  end
85
+ end
197
86
 
198
- describe "empty database path" do
199
- let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message") }
200
- let(:event) { LogStash::Event.new("message" => "8.8.8.8") }
201
-
202
- context "when database manager give nil database path" do
203
- it "should tag expired database" do
204
- expect(plugin).to receive(:select_database_path).and_return(nil)
205
-
206
- plugin.register
207
- plugin.filter(event)
208
-
209
- expect(event.get("tags")).to include("_geoip_expired_database")
210
- end
211
- end
212
- end
87
+ describe "database path is empty" do
88
+ let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "target" => target) }
89
+ let(:event) { LogStash::Event.new("message" => "8.8.8.8") }
213
90
 
214
- describe "filter method outcomes" do
215
- let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "add_tag" => "done", "database" => CITYDB) }
216
- let(:event) { LogStash::Event.new("message" => ipstring) }
91
+ context "when database manager give nil database path" do
92
+ it "should tag expired database" do
93
+ expect(plugin).to receive(:select_database_path).and_return(nil)
217
94
 
218
- before do
219
95
  plugin.register
220
96
  plugin.filter(event)
221
- end
222
-
223
- context "when the bad IP is N/A" do
224
- # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/50
225
- let(:ipstring) { "N/A" }
226
-
227
- it "should set the target field to an empty hash" do
228
- expect(event.get("geoip")).to eq({})
229
- end
230
-
231
- it "should add failure tags" do
232
- expect(event.get("tags")).to include("_geoip_lookup_failure")
233
- end
234
- end
235
-
236
- context "when the bad IP is two ip comma separated" do
237
- # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/51
238
- let(:ipstring) { "123.45.67.89,61.160.232.222" }
239
97
 
240
- it "should set the target field to an empty hash" do
241
- expect(event.get("geoip")).to eq({})
242
- end
98
+ expect(event.get("tags")).to include("_geoip_expired_database")
243
99
  end
244
-
245
- context "when a IP is not found in the DB" do
246
- let(:ipstring) { "0.0.0.0" }
247
-
248
- it "should set the target field to an empty hash" do
249
- expect(event.get("geoip")).to eq({})
250
- expect(event.get("tags")).to include("_geoip_lookup_failure")
251
- end
252
- end
253
-
254
- context "when IP is IPv6 format for localhost" do
255
- let(:ipstring) { "::1" }
256
-
257
- it "should set the target field to an empty hash" do
258
- expect(event.get("geoip")).to eq({})
259
- end
260
- end
261
-
262
- context "when IP is valid IPv6 format" do
263
- let(:ipstring) { "2607:f0d0:1002:51::4" }
264
-
265
- it "should set the target fields properly" do
266
- expect(event.get("geoip")).not_to be_empty
267
- expect(event.get("geoip")["ip"]).to eq("2607:f0d0:1002:51:0:0:0:4")
268
- expect(event.get("geoip").to_hash.keys.sort).to eq(
269
- ["continent_code", "country_code2", "country_code3", "country_name", "ip", "latitude", "location", "longitude", "timezone"]
270
- )
271
- end
272
- end
273
-
274
100
  end
275
-
276
101
  end
277
102
 
278
- describe "an invalid database" do
103
+ describe "database path is an invalid database file" do
279
104
  config <<-CONFIG
280
105
  filter {
281
106
  geoip {
282
107
  source => "ip"
108
+ target => "geo"
283
109
  database => "./Gemfile"
284
110
  }
285
111
  }
@@ -292,40 +118,4 @@ describe LogStash::Filters::GeoIP do
292
118
  end
293
119
  end
294
120
 
295
- describe "GeoIP2-ASN database" do
296
- config <<-CONFIG
297
- filter {
298
- geoip {
299
- source => "ip"
300
- database => "#{ASNDB}"
301
- default_database_type => "ASN"
302
- }
303
- }
304
- CONFIG
305
-
306
- sample("ip" => "8.8.8.8") do
307
- expect(subject.get("geoip")).not_to be_empty
308
- expect(subject.get("geoip")["asn"]).to eq(15169)
309
- expect(subject.get("geoip")["as_org"]).to eq("Google LLC")
310
- end
311
- end
312
-
313
- describe "GeoIP2-ASN database with fields" do
314
- config <<-CONFIG
315
- filter {
316
- geoip {
317
- source => "ip"
318
- database => "#{ASNDB}"
319
- default_database_type => "ASN"
320
- fields => [ "AUTONOMOUS_SYSTEM_NUMBER" ]
321
- }
322
- }
323
- CONFIG
324
-
325
- sample("ip" => "8.8.8.8") do
326
- expect(subject.get("geoip")).not_to be_empty
327
- expect(subject.get("geoip")["asn"]).to eq(15169)
328
- end
329
- end
330
-
331
121
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-geoip
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.2.6
4
+ version: 7.2.10
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-12-10 00:00:00.000000000 Z
11
+ date: 2022-01-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement