logstash-filter-geoip 4.1.1-java → 4.2.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c9e2ae6154f3fb6786003715d49ffb91f35a2e34
-  data.tar.gz: 50c92eba1af277a4ddce9f038142a035063b0b07
+  metadata.gz: b7e65b1d5c1999721ca71919a80456212728f06e
+  data.tar.gz: a2fac474da826188d901084c675f02f554f69af4
 SHA512:
-  metadata.gz: 731ce064ee7eae5cb286d12d7736c162016b5fe68c1e6c48697f1ffc930893f9a941cdcd4ecc715fed6077d82ace86c1d8c8446447c7599e8e16a83e55916b32
-  data.tar.gz: a374eeef224c9e60a13d4aac58a89c19d4c47c51fafb60915e8bedcd487221802ddc0c6ec63576e3ed4cf053f390a5b761fd8801d55e1b7b2c7a057fdaae6db1
+  metadata.gz: be13622780cf0997cdf9765a206ad1ecebd0e471d1b71599bd203e7257217c725d9de9d9a295a38b7fa220536d73d981b300449829754b7808beed09db5e5076
+  data.tar.gz: 9b62ae00ecac61f70f9e694eac48624f619b26b21980f478ad379dded6fcde45837b2a61888d1e4df62674fb75c566693e421a011fed2e0985d63f45bddc27e6

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 4.2.0
+  - Add support for GeoLite2-ASN database from Maxmind for ASN data.
+  - Update Java dependencies to 2.9.0 to support the new ASN database.
+
 ## 4.1.1
   - Add support for commercial databases from Maxmind.
   - Add ASN data support via GeoIP2-ISP database.

data/Gemfile

@@ -1,4 +1,11 @@
 source 'https://rubygems.org'
 
-# Specify your gem's dependencies in logstash-mass_effect.gemspec
 gemspec
+
+logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
+use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
+
+if Dir.exist?(logstash_path) && use_logstash_source
+  gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
+  gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
+end

data/docs/index.asciidoc

@@ -14,15 +14,30 @@ END - GENERATED VARIABLES, DO NOT EDIT!
 
 [id="plugins-{type}-{plugin}"]
 
-=== Geoip
+=== Geoip filter plugin
 
 include::{include_path}/plugin_header.asciidoc[]
 
 ==== Description
 
 The GeoIP filter adds information about the geographical location of IP addresses,
-based on data from the Maxmind GeoLite2 database. Commercial databases from Maxmind are 
-also supported in this plugin.
+based on data from the Maxmind GeoLite2 databases.
+
+==== Supported Databases
+
+This plugin is bundled with https://dev.maxmind.com/geoip/geoip2/geolite2[GeoLite2] City database out of the box. From Maxmind's description -- 
+"GeoLite2 databases are free IP geolocation databases comparable to, but less accurate than, MaxMind’s 
+GeoIP2 databases". Please see GeoIP Lite2 license for more details.
+
+https://www.maxmind.com/en/geoip2-databases[Commercial databases] from Maxmind are also supported in this plugin.
+
+If you need to use databases other than the bundled GeoLite2 City, you can download them directly 
+from Maxmind's website and use the `database` option to specify their location. The GeoLite2 databases 
+can be downloaded from https://dev.maxmind.com/geoip/geoip2/geolite2[here].
+
+If you would like to get Autonomous System Number(ASN) information, you can use the GeoLite2-ASN database.
+
+==== Details
 
 A `[geoip][location]` field is created if
 the GeoIP lookup returns a latitude and longitude. The field is stored in

data/lib/logstash-filter-geoip_jars.rb

@@ -1,6 +1,6 @@
 # AUTOGENERATED BY THE GRADLE SCRIPT. DO NOT EDIT.
 
 require 'jar_dependencies'
-require_jar('com.maxmind.geoip2', 'geoip2', '2.8.0')
-require_jar('com.maxmind.db', 'maxmind-db', '1.2.1')
-require_jar('org.logstash.filters', 'logstash-filter-geoip', '4.1.0')
+require_jar('com.maxmind.geoip2', 'geoip2', '2.9.0')
+require_jar('com.maxmind.db', 'maxmind-db', '1.2.2')
+require_jar('org.logstash.filters', 'logstash-filter-geoip', '4.2.0')

data/logstash-filter-geoip.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-geoip'
-  s.version         = '4.1.1'
+  s.version         = '4.2.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "$summary"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/filters/geoip_spec.rb

@@ -3,6 +3,8 @@ require "logstash/devutils/rspec/spec_helper"
 require "logstash/filters/geoip"
 
 CITYDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoLite2-City.mmdb").first
+# this is downloaded in build dir so we don't accidentally package this database when creating a gem
+ASNDB = ::Dir.glob(::File.expand_path("../../build/GeoLite2-ASN_*", ::File.dirname(__FILE__))+"/GeoLite2-ASN.mmdb").first
 
 describe LogStash::Filters::GeoIP do
 
@@ -20,9 +22,7 @@ describe LogStash::Filters::GeoIP do
       insist { subject }.include?("geoip")
 
       expected_fields = %w(ip country_code2 country_code3 country_name
-                           continent_code region_name city_name postal_code
-                           latitude longitude dma_code timezone
-                           location )
+                           continent_code latitude longitude location)
       expected_fields.each do |f|
         insist { subject.get("geoip") }.include?(f)
       end
@@ -52,9 +52,7 @@ describe LogStash::Filters::GeoIP do
         expect(subject).to include("src_ip")
 
         expected_fields = %w(ip country_code2 country_code3 country_name
-                             continent_code region_name city_name postal_code
-                             latitude longitude dma_code timezone
-                             location )
+                             continent_code latitude longitude location)
         expected_fields.each do |f|
           expect(subject.get("src_ip")).to include(f)
         end
@@ -270,4 +268,23 @@ describe LogStash::Filters::GeoIP do
     end
   end
 
+  describe "GeoIP2-ASN database" do
+    config <<-CONFIG
+      filter {
+        geoip {
+          source => "ip"
+          database => "#{ASNDB}"
+        }
+      }
+    CONFIG
+
+    sample("ip" => "8.8.8.8") do
+      expect(subject.get("geoip")).not_to be_empty
+      expect(subject.get("geoip")["asn"]).to eq(15169)
+      expect(subject.get("geoip")["as_org"]).to eq("Google Inc.")
+    end
+
+
+  end
+
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-geoip
 version: !ruby/object:Gem::Version
-  version: 4.1.1
+  version: 4.2.0
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-05-15 00:00:00.000000000 Z
+date: 2017-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -78,9 +78,9 @@ files:
 - maxmind-db-NOTICE.txt
 - spec/filters/geoip_spec.rb
 - vendor/GeoLite2-City.mmdb
-- vendor/jar-dependencies/com/maxmind/db/maxmind-db/1.2.1/maxmind-db-1.2.1.jar
-- vendor/jar-dependencies/com/maxmind/geoip2/geoip2/2.8.0/geoip2-2.8.0.jar
-- vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/4.1.0/logstash-filter-geoip-4.1.0.jar
+- vendor/jar-dependencies/com/maxmind/db/maxmind-db/1.2.2/maxmind-db-1.2.2.jar
+- vendor/jar-dependencies/com/maxmind/geoip2/geoip2/2.9.0/geoip2-2.9.0.jar
+- vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/4.2.0/logstash-filter-geoip-4.2.0.jar
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)