logstash-filter-geoip 4.0.3-java → 4.0.4-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -1
- data/lib/logstash/filters/geoip.rb +22 -9
- data/logstash-filter-geoip.gemspec +2 -3
- data/spec/filters/geoip_spec.rb +42 -7
- data/vendor/GeoLite2-City.mmdb +0 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bbf7e3621c24e4bc6f64df90421f55c52f74c13e
|
4
|
+
data.tar.gz: 03641338d9d39484912b82551cc33dc97a61d2f2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 14e164de08ebb4410115223a3ad18a67aa50d3b86162f9f1b981657f63ea3d828b436036b2498f2e5ee47ed781ea34ff68f7e1a11e132c457bef5688b7e45e54
|
7
|
+
data.tar.gz: 101805ecd116cccea5dfcd48de645d6f86d47cc2aba7c9cf5466eecfb39f815dbe2c0a472a2da6cb01e2e0e72375cf33b05ae86459a5104758d4790951644541
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,10 @@
|
|
1
|
+
## 4.0.4
|
2
|
+
- Update of the GeoIP2 DB
|
3
|
+
- Target should be merged and not completely overwritten (#98)
|
4
|
+
|
1
5
|
## 4.0.3
|
2
6
|
- Update of the GeoIP2 DB
|
7
|
+
|
3
8
|
## 4.0.2
|
4
9
|
- Recreate gem since 4.0.1 lacked jars
|
5
10
|
|
@@ -16,7 +21,7 @@
|
|
16
21
|
# 3.0.0-beta2
|
17
22
|
- Internal: Actually include the vendored jars
|
18
23
|
|
19
|
-
# 3.0.0-beta1
|
24
|
+
# 3.0.0-beta1
|
20
25
|
- Changed plugin to use GeoIP2 database. See http://dev.maxmind.com/geoip/geoip2/whats-new-in-geoip2/
|
21
26
|
|
22
27
|
# 2.0.7
|
@@ -47,7 +47,7 @@ end
|
|
47
47
|
# map visualization).
|
48
48
|
#
|
49
49
|
# Note: This product includes GeoLite2 data created by MaxMind, available from
|
50
|
-
# http://www.maxmind.com. This database is licensed under
|
50
|
+
# http://www.maxmind.com. This database is licensed under
|
51
51
|
# http://creativecommons.org/licenses/by-sa/4.0/[Creative Commons Attribution-ShareAlike 4.0 International License]
|
52
52
|
|
53
53
|
class LogStash::Filters::GeoIP < LogStash::Filters::Base
|
@@ -121,7 +121,7 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
|
|
121
121
|
# to having multiple caches for different instances at different points in the pipeline, that would just increase the
|
122
122
|
# number of cache misses and waste memory.
|
123
123
|
config :lru_cache_size, :validate => :number, :default => 1000
|
124
|
-
|
124
|
+
|
125
125
|
# Tags the event on failure to look up geo information. This can be used in later analysis.
|
126
126
|
config :tag_on_failure, :validate => :array, :default => ["_geoip_lookup_failure"]
|
127
127
|
|
@@ -169,16 +169,13 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
|
|
169
169
|
raise e
|
170
170
|
end
|
171
171
|
|
172
|
-
|
173
|
-
|
174
|
-
|
172
|
+
if apply_geodata(geo_data_hash, event)
|
173
|
+
filter_matched(event)
|
174
|
+
else
|
175
175
|
tag_unsuccessful_lookup(event)
|
176
|
-
return
|
177
176
|
end
|
178
|
-
|
179
|
-
filter_matched(event)
|
180
177
|
end # def filter
|
181
|
-
|
178
|
+
|
182
179
|
def populate_geo_data(response, ip_address, geo_data_hash)
|
183
180
|
country = response.getCountry()
|
184
181
|
subdivision = response.getMostSpecificSubdivision()
|
@@ -235,4 +232,20 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
|
|
235
232
|
@tag_on_failure.each{|tag| event.tag(tag)}
|
236
233
|
end
|
237
234
|
|
235
|
+
def apply_geodata(geo_data_hash, event)
|
236
|
+
# don't do anything more if the lookup result is nil?
|
237
|
+
return false if geo_data_hash.nil?
|
238
|
+
# only do event.set(@target) if the lookup result is not nil
|
239
|
+
event.set(@target, {}) if event.get(@target).nil?
|
240
|
+
# don't do anything more if the lookup result is empty?
|
241
|
+
return false if geo_data_hash.empty?
|
242
|
+
geo_data_hash.each do |key, value|
|
243
|
+
if @fields.include?(key) && value
|
244
|
+
# can't dup numerics
|
245
|
+
event.set("[#{@target}][#{key}]", value.is_a?(Numeric) ? value : value.dup)
|
246
|
+
end
|
247
|
+
end # geo_data_hash.each
|
248
|
+
true
|
249
|
+
end
|
250
|
+
|
238
251
|
end # class LogStash::Filters::GeoIP
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-filter-geoip'
|
4
|
-
s.version = '4.0.
|
4
|
+
s.version = '4.0.4'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "$summary"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -26,9 +26,8 @@ Gem::Specification.new do |s|
|
|
26
26
|
s.requirements << "jar com.maxmind.geoip2:geoip2, 2.5.0, :exclusions=> [com.google.http-client:google-http-client]"
|
27
27
|
|
28
28
|
s.add_development_dependency "jar-dependencies"
|
29
|
-
|
29
|
+
|
30
30
|
s.add_development_dependency 'ruby-maven', '~> 3.3'
|
31
31
|
|
32
32
|
s.add_development_dependency 'logstash-devutils'
|
33
33
|
end
|
34
|
-
|
data/spec/filters/geoip_spec.rb
CHANGED
@@ -73,6 +73,38 @@ describe LogStash::Filters::GeoIP do
|
|
73
73
|
end
|
74
74
|
end
|
75
75
|
|
76
|
+
describe "source is derived from target" do
|
77
|
+
subject(:event) { LogStash::Event.new("target" => { "ip" => "173.9.34.107" } ) }
|
78
|
+
let(:plugin) {
|
79
|
+
LogStash::Filters::GeoIP.new(
|
80
|
+
"source" => "[target][ip]",
|
81
|
+
"target" => "target",
|
82
|
+
"fields" => [ "city_name", "region_name" ],
|
83
|
+
"add_tag" => "done", "database" => CITYDB
|
84
|
+
)
|
85
|
+
}
|
86
|
+
|
87
|
+
before do
|
88
|
+
plugin.register
|
89
|
+
plugin.filter(event)
|
90
|
+
end
|
91
|
+
|
92
|
+
context "when source field 'ip' is a subfield of 'target'" do
|
93
|
+
|
94
|
+
it "should preserve value in [target][ip]" do
|
95
|
+
expect(event.get("[target][ip]")).to eq("173.9.34.107")
|
96
|
+
end
|
97
|
+
|
98
|
+
it "should set other subfields of 'target' properly" do
|
99
|
+
expect(event.get("target").to_hash.keys.sort).to eq(["city_name", "ip", "region_name"])
|
100
|
+
expect(event.get("[target][city_name]")).to eq("Mendon")
|
101
|
+
expect(event.get("[target][region_name]")).to eq("Massachusetts")
|
102
|
+
end
|
103
|
+
|
104
|
+
end
|
105
|
+
|
106
|
+
end
|
107
|
+
|
76
108
|
describe "correct encodings with default db" do
|
77
109
|
config <<-CONFIG
|
78
110
|
filter {
|
@@ -187,7 +219,7 @@ describe LogStash::Filters::GeoIP do
|
|
187
219
|
expect(event.get("geoip")).to eq({})
|
188
220
|
end
|
189
221
|
end
|
190
|
-
|
222
|
+
|
191
223
|
context "when a IP is not found in the DB" do
|
192
224
|
let(:ipstring) { "0.0.0.0" }
|
193
225
|
|
@@ -196,7 +228,7 @@ describe LogStash::Filters::GeoIP do
|
|
196
228
|
expect(event.get("tags")).to include("_geoip_lookup_failure")
|
197
229
|
end
|
198
230
|
end
|
199
|
-
|
231
|
+
|
200
232
|
context "when IP is IPv6 format for localhost" do
|
201
233
|
let(:ipstring) { "::1" }
|
202
234
|
|
@@ -204,16 +236,19 @@ describe LogStash::Filters::GeoIP do
|
|
204
236
|
expect(event.get("geoip")).to eq({})
|
205
237
|
end
|
206
238
|
end
|
207
|
-
|
208
|
-
context "when IP is IPv6 format" do
|
239
|
+
|
240
|
+
context "when IP is valid IPv6 format" do
|
209
241
|
let(:ipstring) { "2607:f0d0:1002:51::4" }
|
210
242
|
|
211
|
-
it "should set the target
|
243
|
+
it "should set the target fields properly" do
|
212
244
|
expect(event.get("geoip")).not_to be_empty
|
213
|
-
expect(event.get("geoip")["
|
245
|
+
expect(event.get("geoip")["ip"]).to eq("2607:f0d0:1002:51:0:0:0:4")
|
246
|
+
expect(event.get("geoip").to_hash.keys.sort).to eq(
|
247
|
+
["continent_code", "country_code2", "country_code3", "country_name", "ip", "latitude", "location", "longitude"]
|
248
|
+
)
|
214
249
|
end
|
215
250
|
end
|
216
|
-
|
251
|
+
|
217
252
|
end
|
218
253
|
|
219
254
|
context "should return the correct source field in the logging message" do
|
data/vendor/GeoLite2-City.mmdb
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-filter-geoip
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.0.
|
4
|
+
version: 4.0.4
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-11-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|