logstash-filter-geoip 7.2.6-java → 7.2.10-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/docs/index.asciidoc +2 -2
- data/logstash-filter-geoip.gemspec +1 -1
- data/spec/filters/geoip_ecs_spec.rb +82 -14
- data/spec/filters/geoip_offline_spec.rb +53 -263
- data/vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/6.0.0/logstash-filter-geoip-6.0.0.jar +0 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0e7b28476c126af68bc29d44c7d64ec15aa5e09eed39c45a53d1c52d62f6c2c4
|
4
|
+
data.tar.gz: 6679da72cdaf947fccaf8140a82019668bf6c099f708638fdcf15e0dde8701a6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fc1051fee22e58527e8e091108f9e24d5f314ea92357817bf700765863c6bb320bca5f59835f1a873bb40f4f26df9c1847c18babdc1ebccb94d9f0e60d916f03
|
7
|
+
data.tar.gz: 694bbeeec97b179ccc6d52d5c94a56dfbe693c4bef95a44cbaadaa9bda2bc84b8e6c0eb5b6e73a8b94fb8930a649e59fa4a0f3206b4616baedabcf90015e0372
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,16 @@
|
|
1
|
+
## 7.2.10
|
2
|
+
- [DOC] Air-gapped environment requires both ASN and City databases [#204](https://github.com/logstash-plugins/logstash-filter-geoip/pull/204)
|
3
|
+
|
4
|
+
## 7.2.9
|
5
|
+
- Fix: red CI in Logstash 8.0 [#201](https://github.com/logstash-plugins/logstash-filter-geoip/pull/201)
|
6
|
+
- Update Log4j dependency to 2.17.1
|
7
|
+
|
8
|
+
## 7.2.8
|
9
|
+
- Update Log4j dependency to 2.17.0
|
10
|
+
|
11
|
+
## 7.2.7
|
12
|
+
- Ensure java 8 compatibility [#197](https://github.com/logstash-plugins/logstash-filter-geoip/pull/197)
|
13
|
+
|
1
14
|
## 7.2.6
|
2
15
|
- Update Log4J dependencies [#196](https://github.com/logstash-plugins/logstash-filter-geoip/pull/196)
|
3
16
|
|
data/docs/index.asciidoc
CHANGED
@@ -86,10 +86,10 @@ a secure proxy. You can then specify the proxy endpoint URL in the
|
|
86
86
|
If you work in air-gapped environment and can't update your databases from the Elastic endpoint,
|
87
87
|
You can then download databases from MaxMind and bootstrap the service.
|
88
88
|
|
89
|
-
. Download
|
89
|
+
. Download both `GeoLite2-ASN.mmdb` and `GeoLite2-City.mmdb` database files from the
|
90
90
|
http://dev.maxmind.com/geoip/geoip2/geolite2[MaxMind site].
|
91
91
|
|
92
|
-
. Copy
|
92
|
+
. Copy both database files to a single directory.
|
93
93
|
|
94
94
|
. https://www.elastic.co/downloads/elasticsearch[Download {es}].
|
95
95
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-filter-geoip'
|
4
|
-
s.version = '7.2.
|
4
|
+
s.version = '7.2.10'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Adds geographical information about an IP address"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -48,7 +48,6 @@ describe LogStash::Filters::GeoIP do
|
|
48
48
|
end
|
49
49
|
end
|
50
50
|
|
51
|
-
|
52
51
|
context "with ASN database" do
|
53
52
|
let(:options) { common_options.merge({"database" => ASNDB}) }
|
54
53
|
|
@@ -59,27 +58,96 @@ describe LogStash::Filters::GeoIP do
|
|
59
58
|
expect( event.get ecs_select[disabled: "[#{target}][asn]", v1: "[#{target}][as][number]"] ).to eq 15169
|
60
59
|
expect( event.get ecs_select[disabled: "[#{target}][as_org]", v1: "[#{target}][as][organization][name]"] ).to eq "Google LLC"
|
61
60
|
end
|
61
|
+
|
62
|
+
context "with customize fields" do
|
63
|
+
let(:fields) { ["AUTONOMOUS_SYSTEM_NUMBER"] }
|
64
|
+
let(:options) { common_options.merge({"database" => ASNDB, "fields" => fields}) }
|
65
|
+
|
66
|
+
it "should give asn field" do
|
67
|
+
plugin.filter(event)
|
68
|
+
|
69
|
+
expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to be_nil
|
70
|
+
expect( event.get ecs_select[disabled: "[#{target}][as_org]", v1: "[#{target}][as][organization][name]"] ).to be_nil
|
71
|
+
|
72
|
+
expect( event.get ecs_select[disabled: "[#{target}][asn]", v1: "[#{target}][as][number]"] ).to eq 15169
|
73
|
+
end
|
74
|
+
end
|
62
75
|
end
|
63
76
|
|
64
77
|
context "with customize fields" do
|
65
|
-
|
66
|
-
|
78
|
+
context "continent_name and timezone" do
|
79
|
+
let(:fields) { ["continent_name", "timezone"] }
|
80
|
+
let(:options) { common_options.merge({"fields" => fields}) }
|
67
81
|
|
68
|
-
|
69
|
-
|
82
|
+
it "should return fields in UTF8" do
|
83
|
+
plugin.filter(event)
|
70
84
|
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
85
|
+
expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to be_nil
|
86
|
+
expect( event.get ecs_select[disabled: "[#{target}][country_code2]", v1: "[#{target}][geo][country_iso_code]"] ).to be_nil
|
87
|
+
expect( event.get ecs_select[disabled: "[#{target}][country_name]", v1: "[#{target}][geo][country_name]"] ).to be_nil
|
88
|
+
expect( event.get ecs_select[disabled: "[#{target}][continent_code]", v1: "[#{target}][geo][continent_code]"] ).to be_nil
|
89
|
+
expect( event.get ecs_select[disabled: "[#{target}][location][lat]", v1: "[#{target}][geo][location][lat]"] ).to be_nil
|
90
|
+
expect( event.get ecs_select[disabled: "[#{target}][location][lon]", v1: "[#{target}][geo][location][lon]"] ).to be_nil
|
91
|
+
|
92
|
+
continent_name = event.get ecs_select[disabled: "[#{target}][continent_name]", v1: "[#{target}][geo][continent_name]"]
|
93
|
+
timezone = event.get ecs_select[disabled: "[#{target}][timezone]", v1: "[#{target}][geo][timezone]"]
|
94
|
+
expect( continent_name ).to eq "North America"
|
95
|
+
expect( timezone ).to eq "America/Chicago"
|
96
|
+
expect( continent_name.encoding ).to eq Encoding::UTF_8
|
97
|
+
expect( timezone.encoding ).to eq Encoding::UTF_8
|
98
|
+
end
|
99
|
+
end
|
77
100
|
|
78
|
-
|
79
|
-
|
101
|
+
context "location" do
|
102
|
+
shared_examples "provide location, lat and lon" do
|
103
|
+
it "should return location, lat and lon" do
|
104
|
+
plugin.filter(event)
|
105
|
+
|
106
|
+
expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to be_nil
|
107
|
+
expect( event.get ecs_select[disabled: "[#{target}][country_code2]", v1: "[#{target}][geo][country_iso_code]"] ).to be_nil
|
108
|
+
expect( event.get ecs_select[disabled: "[#{target}][country_name]", v1: "[#{target}][geo][country_name]"] ).to be_nil
|
109
|
+
expect( event.get ecs_select[disabled: "[#{target}][continent_code]", v1: "[#{target}][geo][continent_code]"] ).to be_nil
|
110
|
+
expect( event.get ecs_select[disabled: "[#{target}][continent_name]", v1: "[#{target}][geo][continent_name]"] ).to be_nil
|
111
|
+
expect( event.get ecs_select[disabled: "[#{target}][timezone]", v1: "[#{target}][geo][timezone]"] ).to be_nil
|
112
|
+
|
113
|
+
expect( event.get ecs_select[disabled: "[#{target}][location][lat]", v1: "[#{target}][geo][location][lat]"] ).not_to be_nil
|
114
|
+
expect( event.get ecs_select[disabled: "[#{target}][location][lon]", v1: "[#{target}][geo][location][lon]"] ).not_to be_nil
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
context "location and longitude" do
|
119
|
+
let(:fields) { ["location", "longitude"] }
|
120
|
+
let(:options) { common_options.merge({"fields" => fields}) }
|
121
|
+
it_behaves_like "provide location, lat and lon"
|
122
|
+
end
|
123
|
+
|
124
|
+
context "location and latitude" do
|
125
|
+
let(:fields) { ["location", "latitude"] }
|
126
|
+
let(:options) { common_options.merge({"fields" => fields}) }
|
127
|
+
it_behaves_like "provide location, lat and lon"
|
128
|
+
end
|
80
129
|
end
|
81
|
-
end
|
82
130
|
|
131
|
+
context "continent_code and IP is IPv6 format" do
|
132
|
+
let(:ip) { "2607:f0d0:1002:51::4" }
|
133
|
+
let(:fields) { ["continent_code", "ip"] }
|
134
|
+
let(:options) { common_options.merge({"fields" => fields}) }
|
135
|
+
|
136
|
+
it "should return fields" do
|
137
|
+
plugin.filter(event)
|
138
|
+
|
139
|
+
expect( event.get ecs_select[disabled: "[#{target}][country_code2]", v1: "[#{target}][geo][country_iso_code]"] ).to be_nil
|
140
|
+
expect( event.get ecs_select[disabled: "[#{target}][country_name]", v1: "[#{target}][geo][country_name]"] ).to be_nil
|
141
|
+
expect( event.get ecs_select[disabled: "[#{target}][continent_name]", v1: "[#{target}][geo][continent_name]"] ).to be_nil
|
142
|
+
expect( event.get ecs_select[disabled: "[#{target}][location][lat]", v1: "[#{target}][geo][location][lat]"] ).to be_nil
|
143
|
+
expect( event.get ecs_select[disabled: "[#{target}][location][lon]", v1: "[#{target}][geo][location][lon]"] ).to be_nil
|
144
|
+
expect( event.get ecs_select[disabled: "[#{target}][timezone]", v1: "[#{target}][geo][timezone]"] ).to be_nil
|
145
|
+
|
146
|
+
expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to eq("2607:f0d0:1002:51:0:0:0:4")
|
147
|
+
expect( event.get ecs_select[disabled: "[#{target}][continent_code]", v1: "[#{target}][geo][continent_code]"] ).to eq("NA")
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
83
151
|
end
|
84
152
|
end
|
85
153
|
|
@@ -6,78 +6,33 @@ require "logstash/filters/geoip"
|
|
6
6
|
CITYDB = ::Dir.glob(::File.expand_path(::File.join("..", "..", "..", "vendor", "GeoLite2-City.mmdb"), __FILE__)).first
|
7
7
|
ASNDB = ::Dir.glob(::File.expand_path(::File.join("..", "..", "..", "vendor", "GeoLite2-ASN.mmdb"), __FILE__)).first
|
8
8
|
|
9
|
-
describe LogStash::Filters::GeoIP do
|
10
|
-
describe "defaults" do
|
11
|
-
config <<-CONFIG
|
12
|
-
filter {
|
13
|
-
geoip {
|
14
|
-
source => "ip"
|
15
|
-
database => "#{CITYDB}"
|
16
|
-
}
|
17
|
-
}
|
18
|
-
CONFIG
|
19
|
-
|
20
|
-
sample("ip" => "8.8.8.8") do
|
21
|
-
insist { subject }.include?("geoip")
|
22
|
-
|
23
|
-
expected_fields = %w(ip country_code2 country_code3 country_name
|
24
|
-
continent_code latitude longitude location)
|
25
|
-
expected_fields.each do |f|
|
26
|
-
insist { subject.get("geoip") }.include?(f)
|
27
|
-
end
|
28
|
-
end
|
29
9
|
|
30
|
-
|
31
|
-
|
32
|
-
|
10
|
+
describe LogStash::Filters::GeoIP do
|
11
|
+
shared_examples "invalid empty IP" do
|
12
|
+
it "should not give target field" do
|
13
|
+
expect(event.get(target)).to be_nil
|
14
|
+
expect(event.get("tags")).to include("_geoip_lookup_failure")
|
33
15
|
end
|
34
16
|
end
|
35
17
|
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
source => "ip"
|
41
|
-
database => "#{CITYDB}"
|
42
|
-
target => src_ip
|
43
|
-
add_tag => "done"
|
44
|
-
}
|
45
|
-
}
|
46
|
-
CONFIG
|
47
|
-
|
48
|
-
context "when specifying the target" do
|
49
|
-
|
50
|
-
sample("ip" => "8.8.8.8") do
|
51
|
-
expect(subject).to include("src_ip")
|
52
|
-
|
53
|
-
expected_fields = %w(ip country_code2 country_code3 country_name
|
54
|
-
continent_code latitude longitude location)
|
55
|
-
expected_fields.each do |f|
|
56
|
-
expect(subject.get("src_ip")).to include(f)
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
sample("ip" => "127.0.0.1") do
|
61
|
-
# assume geoip fails on localhost lookups
|
62
|
-
expect(subject.get("src_ip")).to eq({})
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
context "when specifying add_tag" do
|
67
|
-
sample("ip" => "8.8.8.8") do
|
68
|
-
expect(subject.get("tags")).to include("done")
|
69
|
-
end
|
18
|
+
shared_examples "invalid string IP" do
|
19
|
+
it "should give empty hash in target field" do
|
20
|
+
expect(event.get(target)).to eq({})
|
21
|
+
expect(event.get("tags")).to include("_geoip_lookup_failure")
|
70
22
|
end
|
71
23
|
end
|
72
24
|
|
73
|
-
|
74
|
-
|
25
|
+
let(:target) { "server" }
|
26
|
+
|
27
|
+
describe "invalid IP" do
|
28
|
+
let(:ip) { "173.9.34.107" }
|
29
|
+
let(:event) { LogStash::Event.new("client" => { "ip" => ip } ) }
|
75
30
|
let(:plugin) {
|
76
31
|
LogStash::Filters::GeoIP.new(
|
77
|
-
"source" => "[
|
78
|
-
"target" =>
|
79
|
-
"fields" => [
|
80
|
-
"
|
32
|
+
"source" => "[client][ip]",
|
33
|
+
"target" => target,
|
34
|
+
"fields" => %w[country_name continent_code],
|
35
|
+
"database" => CITYDB
|
81
36
|
)
|
82
37
|
}
|
83
38
|
|
@@ -86,200 +41,71 @@ describe LogStash::Filters::GeoIP do
|
|
86
41
|
plugin.filter(event)
|
87
42
|
end
|
88
43
|
|
89
|
-
context "when
|
90
|
-
|
91
|
-
it "should
|
92
|
-
expect(event.get(
|
44
|
+
context "when ip is 127.0.0.1" do
|
45
|
+
let(:ip) { "127.0.0.1" }
|
46
|
+
it "should give empty hash" do
|
47
|
+
expect(event.get(target)).to eq({})
|
93
48
|
end
|
94
|
-
|
95
|
-
it "should set other subfields of 'target' properly" do
|
96
|
-
expect(event.get("target").to_hash.keys.sort).to eq(["city_name", "ip", "region_name"])
|
97
|
-
expect(event.get("[target][city_name]")).to eq("Malden")
|
98
|
-
expect(event.get("[target][region_name]")).to eq("Massachusetts")
|
99
|
-
end
|
100
|
-
|
101
49
|
end
|
102
50
|
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
config <<-CONFIG
|
107
|
-
filter {
|
108
|
-
geoip {
|
109
|
-
source => "ip"
|
110
|
-
database => "#{CITYDB}"
|
111
|
-
}
|
112
|
-
}
|
113
|
-
CONFIG
|
114
|
-
expected_fields = %w(ip country_code2 country_code3 country_name
|
115
|
-
continent_code region_name city_name postal_code
|
116
|
-
dma_code timezone)
|
117
|
-
|
118
|
-
sample("ip" => "1.1.1.1") do
|
119
|
-
checked = 0
|
120
|
-
expected_fields.each do |f|
|
121
|
-
next unless subject.get("geoip")[f]
|
122
|
-
checked += 1
|
123
|
-
insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
|
124
|
-
end
|
125
|
-
insist { checked } > 0
|
51
|
+
context "when ip is empty string" do
|
52
|
+
let(:ip) { "" }
|
53
|
+
it_behaves_like "invalid empty IP"
|
126
54
|
end
|
127
55
|
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
next unless subject.get("geoip")[f]
|
132
|
-
checked += 1
|
133
|
-
insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
|
134
|
-
end
|
135
|
-
insist { checked } > 0
|
56
|
+
context "when ip is space" do
|
57
|
+
let(:ip) { " " }
|
58
|
+
it_behaves_like "invalid empty IP"
|
136
59
|
end
|
137
60
|
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
shared_examples_for "an event with a [geoip][location] field" do
|
142
|
-
subject(:event) { LogStash::Event.new("message" => "8.8.8.8") }
|
143
|
-
let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "fields" => fields, "database" => CITYDB) }
|
144
|
-
|
145
|
-
before do
|
146
|
-
plugin.register
|
147
|
-
plugin.filter(event)
|
148
|
-
end
|
149
|
-
|
150
|
-
it "should have a location field" do
|
151
|
-
expect(event.get("[geoip][location]")).not_to(be_nil)
|
152
|
-
end
|
61
|
+
context "when ip is dash" do
|
62
|
+
let(:ip) { "-" }
|
63
|
+
it_behaves_like "invalid string IP"
|
153
64
|
end
|
154
65
|
|
155
|
-
context "when
|
156
|
-
let(:
|
157
|
-
it_behaves_like "
|
66
|
+
context "when ip is N/A" do
|
67
|
+
let(:ip) { "N/A" }
|
68
|
+
it_behaves_like "invalid string IP"
|
158
69
|
end
|
159
70
|
|
160
|
-
context "when
|
161
|
-
let(:
|
162
|
-
it_behaves_like "
|
71
|
+
context "when ip is two ip comma separated" do
|
72
|
+
let(:ip) { "123.45.67.89,61.160.232.222" }
|
73
|
+
it_behaves_like "invalid string IP"
|
163
74
|
end
|
164
75
|
|
165
|
-
context "when
|
166
|
-
let(:
|
167
|
-
it_behaves_like "
|
76
|
+
context "when ip is not found in the DB" do
|
77
|
+
let(:ip) { "0.0.0.0" }
|
78
|
+
it_behaves_like "invalid string IP"
|
168
79
|
end
|
169
|
-
end
|
170
|
-
|
171
|
-
describe "an invalid IP" do
|
172
|
-
config <<-CONFIG
|
173
|
-
filter {
|
174
|
-
geoip {
|
175
|
-
source => "ip"
|
176
|
-
database => "#{CITYDB}"
|
177
|
-
}
|
178
|
-
}
|
179
|
-
CONFIG
|
180
|
-
describe "should not raise an error" do
|
181
|
-
sample("ip" => "-") do
|
182
|
-
expect{ subject }.to_not raise_error
|
183
|
-
end
|
184
80
|
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
sample("ip" => "") do
|
190
|
-
expect{ subject }.to_not raise_error
|
191
|
-
end
|
192
|
-
|
193
|
-
sample("ip" => " ") do
|
194
|
-
expect{ subject }.to_not raise_error
|
195
|
-
end
|
81
|
+
context "when ip is IPv6 format for localhost" do
|
82
|
+
let(:ip) { "::1" }
|
83
|
+
it_behaves_like "invalid string IP"
|
196
84
|
end
|
85
|
+
end
|
197
86
|
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
context "when database manager give nil database path" do
|
203
|
-
it "should tag expired database" do
|
204
|
-
expect(plugin).to receive(:select_database_path).and_return(nil)
|
205
|
-
|
206
|
-
plugin.register
|
207
|
-
plugin.filter(event)
|
208
|
-
|
209
|
-
expect(event.get("tags")).to include("_geoip_expired_database")
|
210
|
-
end
|
211
|
-
end
|
212
|
-
end
|
87
|
+
describe "database path is empty" do
|
88
|
+
let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "target" => target) }
|
89
|
+
let(:event) { LogStash::Event.new("message" => "8.8.8.8") }
|
213
90
|
|
214
|
-
|
215
|
-
|
216
|
-
|
91
|
+
context "when database manager give nil database path" do
|
92
|
+
it "should tag expired database" do
|
93
|
+
expect(plugin).to receive(:select_database_path).and_return(nil)
|
217
94
|
|
218
|
-
before do
|
219
95
|
plugin.register
|
220
96
|
plugin.filter(event)
|
221
|
-
end
|
222
|
-
|
223
|
-
context "when the bad IP is N/A" do
|
224
|
-
# regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/50
|
225
|
-
let(:ipstring) { "N/A" }
|
226
|
-
|
227
|
-
it "should set the target field to an empty hash" do
|
228
|
-
expect(event.get("geoip")).to eq({})
|
229
|
-
end
|
230
|
-
|
231
|
-
it "should add failure tags" do
|
232
|
-
expect(event.get("tags")).to include("_geoip_lookup_failure")
|
233
|
-
end
|
234
|
-
end
|
235
|
-
|
236
|
-
context "when the bad IP is two ip comma separated" do
|
237
|
-
# regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/51
|
238
|
-
let(:ipstring) { "123.45.67.89,61.160.232.222" }
|
239
97
|
|
240
|
-
|
241
|
-
expect(event.get("geoip")).to eq({})
|
242
|
-
end
|
98
|
+
expect(event.get("tags")).to include("_geoip_expired_database")
|
243
99
|
end
|
244
|
-
|
245
|
-
context "when a IP is not found in the DB" do
|
246
|
-
let(:ipstring) { "0.0.0.0" }
|
247
|
-
|
248
|
-
it "should set the target field to an empty hash" do
|
249
|
-
expect(event.get("geoip")).to eq({})
|
250
|
-
expect(event.get("tags")).to include("_geoip_lookup_failure")
|
251
|
-
end
|
252
|
-
end
|
253
|
-
|
254
|
-
context "when IP is IPv6 format for localhost" do
|
255
|
-
let(:ipstring) { "::1" }
|
256
|
-
|
257
|
-
it "should set the target field to an empty hash" do
|
258
|
-
expect(event.get("geoip")).to eq({})
|
259
|
-
end
|
260
|
-
end
|
261
|
-
|
262
|
-
context "when IP is valid IPv6 format" do
|
263
|
-
let(:ipstring) { "2607:f0d0:1002:51::4" }
|
264
|
-
|
265
|
-
it "should set the target fields properly" do
|
266
|
-
expect(event.get("geoip")).not_to be_empty
|
267
|
-
expect(event.get("geoip")["ip"]).to eq("2607:f0d0:1002:51:0:0:0:4")
|
268
|
-
expect(event.get("geoip").to_hash.keys.sort).to eq(
|
269
|
-
["continent_code", "country_code2", "country_code3", "country_name", "ip", "latitude", "location", "longitude", "timezone"]
|
270
|
-
)
|
271
|
-
end
|
272
|
-
end
|
273
|
-
|
274
100
|
end
|
275
|
-
|
276
101
|
end
|
277
102
|
|
278
|
-
describe "an invalid database" do
|
103
|
+
describe "database path is an invalid database file" do
|
279
104
|
config <<-CONFIG
|
280
105
|
filter {
|
281
106
|
geoip {
|
282
107
|
source => "ip"
|
108
|
+
target => "geo"
|
283
109
|
database => "./Gemfile"
|
284
110
|
}
|
285
111
|
}
|
@@ -292,40 +118,4 @@ describe LogStash::Filters::GeoIP do
|
|
292
118
|
end
|
293
119
|
end
|
294
120
|
|
295
|
-
describe "GeoIP2-ASN database" do
|
296
|
-
config <<-CONFIG
|
297
|
-
filter {
|
298
|
-
geoip {
|
299
|
-
source => "ip"
|
300
|
-
database => "#{ASNDB}"
|
301
|
-
default_database_type => "ASN"
|
302
|
-
}
|
303
|
-
}
|
304
|
-
CONFIG
|
305
|
-
|
306
|
-
sample("ip" => "8.8.8.8") do
|
307
|
-
expect(subject.get("geoip")).not_to be_empty
|
308
|
-
expect(subject.get("geoip")["asn"]).to eq(15169)
|
309
|
-
expect(subject.get("geoip")["as_org"]).to eq("Google LLC")
|
310
|
-
end
|
311
|
-
end
|
312
|
-
|
313
|
-
describe "GeoIP2-ASN database with fields" do
|
314
|
-
config <<-CONFIG
|
315
|
-
filter {
|
316
|
-
geoip {
|
317
|
-
source => "ip"
|
318
|
-
database => "#{ASNDB}"
|
319
|
-
default_database_type => "ASN"
|
320
|
-
fields => [ "AUTONOMOUS_SYSTEM_NUMBER" ]
|
321
|
-
}
|
322
|
-
}
|
323
|
-
CONFIG
|
324
|
-
|
325
|
-
sample("ip" => "8.8.8.8") do
|
326
|
-
expect(subject.get("geoip")).not_to be_empty
|
327
|
-
expect(subject.get("geoip")["asn"]).to eq(15169)
|
328
|
-
end
|
329
|
-
end
|
330
|
-
|
331
121
|
end
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-filter-geoip
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.2.
|
4
|
+
version: 7.2.10
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-01-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|