logstash-filter-geoip 0.1.9 → 0.1.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/logstash/filters/geoip.rb +6 -6
- data/logstash-filter-geoip.gemspec +1 -1
- data/spec/filters/geoip_spec.rb +57 -4
- metadata +17 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a390796c41012bb317660617d153447bc0ddb41d
|
4
|
+
data.tar.gz: 92a01375dc07a6544148eb95e85348894b2071ae
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3506a0bd8697bc5cf4ad651f7de0510e1550d5637809548bb8b8daae9ddd3dc184d639552a6b06fc1330781e906c263046fc0b1e534b1e0ab30aa6bf404b9da6
|
7
|
+
data.tar.gz: f252e8844eecadf8007c3e762d8ea566688e6e44e7a40d45a40920dbec498d4ccc4d6092194ab89ef66eacfa6aa7dbe54270704d333fd94f8c3b2eee1f53194d
|
@@ -10,7 +10,7 @@ require "tempfile"
|
|
10
10
|
# the GeoIP lookup returns a latitude and longitude. The field is stored in
|
11
11
|
# http://geojson.org/geojson-spec.html[GeoJSON] format. Additionally,
|
12
12
|
# the default Elasticsearch template provided with the
|
13
|
-
# <<plugins-outputs-elasticsearch,`elasticsearch` output>> maps
|
13
|
+
# <<plugins-outputs-elasticsearch,`elasticsearch` output>> maps
|
14
14
|
# the `[geoip][location]` field to an http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/mapping-geo-point-type.html#_mapping_options[Elasticsearch geo_point].
|
15
15
|
#
|
16
16
|
# As this field is a `geo_point` _and_ it is still valid GeoJSON, you get
|
@@ -114,11 +114,15 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
|
|
114
114
|
@logger.error("Unknown error while looking up GeoIP data", :exception => e, :field => @field, :event => event)
|
115
115
|
end
|
116
116
|
|
117
|
-
return if geo_data.nil?
|
117
|
+
return if geo_data.nil? || !geo_data.respond_to?(:to_hash)
|
118
118
|
|
119
119
|
geo_data_hash = geo_data.to_hash
|
120
120
|
geo_data_hash.delete(:request)
|
121
121
|
event[@target] = {} if event[@target].nil?
|
122
|
+
if geo_data_hash.key?(:latitude) && geo_data_hash.key?(:longitude)
|
123
|
+
# If we have latitude and longitude values, add the location field as GeoJSON array
|
124
|
+
geo_data_hash[:location] = [ geo_data_hash[:longitude].to_f, geo_data_hash[:latitude].to_f ]
|
125
|
+
end
|
122
126
|
geo_data_hash.each do |key, value|
|
123
127
|
next if value.nil? || (value.is_a?(String) && value.empty?)
|
124
128
|
if @fields.nil? || @fields.empty? || @fields.include?(key.to_s)
|
@@ -136,10 +140,6 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
|
|
136
140
|
event[@target][key.to_s] = value
|
137
141
|
end
|
138
142
|
end # geo_data_hash.each
|
139
|
-
if event[@target].key?('latitude') && event[@target].key?('longitude')
|
140
|
-
# If we have latitude and longitude values, add the location field as GeoJSON array
|
141
|
-
event[@target]['location'] = [ event[@target]["longitude"].to_f, event[@target]["latitude"].to_f ]
|
142
|
-
end
|
143
143
|
filter_matched(event)
|
144
144
|
end # def filter
|
145
145
|
end # class LogStash::Filters::GeoIP
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-filter-geoip'
|
4
|
-
s.version = '0.1.
|
4
|
+
s.version = '0.1.10'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "$summary"
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
data/spec/filters/geoip_spec.rb
CHANGED
@@ -1,12 +1,35 @@
|
|
1
1
|
require "logstash/devutils/rspec/spec_helper"
|
2
2
|
require "logstash/filters/geoip"
|
3
3
|
|
4
|
+
ASNDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoIPASNum*.dat").first
|
5
|
+
|
4
6
|
describe LogStash::Filters::GeoIP do
|
5
7
|
|
8
|
+
describe "ASN db" do
|
9
|
+
config <<-CONFIG
|
10
|
+
filter {
|
11
|
+
geoip {
|
12
|
+
source => "ip"
|
13
|
+
database => "#{ASNDB}"
|
14
|
+
}
|
15
|
+
}
|
16
|
+
CONFIG
|
17
|
+
|
18
|
+
sample("ip" => "1.1.1.1") do
|
19
|
+
insist { subject["geoip"]["asn"] } == "Google Inc."
|
20
|
+
end
|
21
|
+
|
22
|
+
# avoid crashing on unsupported IPv6 addresses
|
23
|
+
# see https://github.com/logstash-plugins/logstash-filter-geoip/issues/21
|
24
|
+
sample("ip" => "2a02:8071:aa1:c700:7984:22fc:c8e6:f6ff") do
|
25
|
+
reject { subject }.include?("geoip")
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
6
29
|
describe "defaults" do
|
7
30
|
config <<-CONFIG
|
8
31
|
filter {
|
9
|
-
geoip {
|
32
|
+
geoip {
|
10
33
|
source => "ip"
|
11
34
|
#database => "vendor/geoip/GeoLiteCity.dat"
|
12
35
|
}
|
@@ -34,7 +57,7 @@ describe LogStash::Filters::GeoIP do
|
|
34
57
|
describe "Specify the target" do
|
35
58
|
config <<-CONFIG
|
36
59
|
filter {
|
37
|
-
geoip {
|
60
|
+
geoip {
|
38
61
|
source => "ip"
|
39
62
|
#database => "vendor/geoip/GeoLiteCity.dat"
|
40
63
|
target => src_ip
|
@@ -94,12 +117,11 @@ describe LogStash::Filters::GeoIP do
|
|
94
117
|
end
|
95
118
|
|
96
119
|
describe "correct encodings with ASN db" do
|
97
|
-
asndb = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoIPASNum*.dat").first
|
98
120
|
config <<-CONFIG
|
99
121
|
filter {
|
100
122
|
geoip {
|
101
123
|
source => "ip"
|
102
|
-
database => "#{
|
124
|
+
database => "#{ASNDB}"
|
103
125
|
}
|
104
126
|
}
|
105
127
|
CONFIG
|
@@ -118,4 +140,35 @@ describe LogStash::Filters::GeoIP do
|
|
118
140
|
insist { subject["geoip"]["asn"].encoding } == Encoding::UTF_8
|
119
141
|
end
|
120
142
|
end
|
143
|
+
|
144
|
+
describe "location field" do
|
145
|
+
shared_examples_for "an event with a [geoip][location] field" do
|
146
|
+
subject(:event) { LogStash::Event.new("message" => "8.8.8.8") }
|
147
|
+
let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "fields" => ["country_name", "location", "longitude"]) }
|
148
|
+
|
149
|
+
before do
|
150
|
+
plugin.register
|
151
|
+
plugin.filter(event)
|
152
|
+
end
|
153
|
+
|
154
|
+
it "should have a location field" do
|
155
|
+
expect(event["[geoip][location]"]).not_to(be_nil)
|
156
|
+
end
|
157
|
+
end
|
158
|
+
|
159
|
+
context "when latitude field is excluded" do
|
160
|
+
let(:fields) { ["country_name", "location", "longitude"] }
|
161
|
+
it_behaves_like "an event with a [geoip][location] field"
|
162
|
+
end
|
163
|
+
|
164
|
+
context "when longitude field is excluded" do
|
165
|
+
let(:fields) { ["country_name", "location", "latitude"] }
|
166
|
+
it_behaves_like "an event with a [geoip][location] field"
|
167
|
+
end
|
168
|
+
|
169
|
+
context "when both latitude and longitude field are excluded" do
|
170
|
+
let(:fields) { ["country_name", "location"] }
|
171
|
+
it_behaves_like "an event with a [geoip][location] field"
|
172
|
+
end
|
173
|
+
end
|
121
174
|
end
|
metadata
CHANGED
@@ -1,17 +1,18 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-filter-geoip
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-05-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
|
14
|
+
name: logstash-core
|
15
|
+
version_requirements: !ruby/object:Gem::Requirement
|
15
16
|
requirements:
|
16
17
|
- - '>='
|
17
18
|
- !ruby/object:Gem::Version
|
@@ -19,10 +20,7 @@ dependencies:
|
|
19
20
|
- - <
|
20
21
|
- !ruby/object:Gem::Version
|
21
22
|
version: 2.0.0
|
22
|
-
|
23
|
-
prerelease: false
|
24
|
-
type: :runtime
|
25
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirement: !ruby/object:Gem::Requirement
|
26
24
|
requirements:
|
27
25
|
- - '>='
|
28
26
|
- !ruby/object:Gem::Version
|
@@ -30,34 +28,36 @@ dependencies:
|
|
30
28
|
- - <
|
31
29
|
- !ruby/object:Gem::Version
|
32
30
|
version: 2.0.0
|
31
|
+
prerelease: false
|
32
|
+
type: :runtime
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
|
+
name: geoip
|
35
|
+
version_requirements: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - '>='
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: 1.3.2
|
34
40
|
requirement: !ruby/object:Gem::Requirement
|
35
41
|
requirements:
|
36
42
|
- - '>='
|
37
43
|
- !ruby/object:Gem::Version
|
38
44
|
version: 1.3.2
|
39
|
-
name: geoip
|
40
45
|
prerelease: false
|
41
46
|
type: :runtime
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: logstash-devutils
|
42
49
|
version_requirements: !ruby/object:Gem::Requirement
|
43
50
|
requirements:
|
44
51
|
- - '>='
|
45
52
|
- !ruby/object:Gem::Version
|
46
|
-
version:
|
47
|
-
- !ruby/object:Gem::Dependency
|
53
|
+
version: '0'
|
48
54
|
requirement: !ruby/object:Gem::Requirement
|
49
55
|
requirements:
|
50
56
|
- - '>='
|
51
57
|
- !ruby/object:Gem::Version
|
52
58
|
version: '0'
|
53
|
-
name: logstash-devutils
|
54
59
|
prerelease: false
|
55
60
|
type: :development
|
56
|
-
version_requirements: !ruby/object:Gem::Requirement
|
57
|
-
requirements:
|
58
|
-
- - '>='
|
59
|
-
- !ruby/object:Gem::Version
|
60
|
-
version: '0'
|
61
61
|
description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
|
62
62
|
email: info@elastic.co
|
63
63
|
executables: []
|
@@ -74,8 +74,8 @@ files:
|
|
74
74
|
- logstash-filter-geoip.gemspec
|
75
75
|
- spec/filters/geoip_spec.rb
|
76
76
|
- vendor.json
|
77
|
-
- vendor/GeoIPASNum-2014-02-12.dat
|
78
77
|
- vendor/GeoLiteCity-2013-01-18.dat
|
78
|
+
- vendor/GeoIPASNum-2014-02-12.dat
|
79
79
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
80
80
|
licenses:
|
81
81
|
- Apache License (2.0)
|