logstash-filter-greynoise 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3b64201b6ac0532119871fc1cfc37259200e7477
-  data.tar.gz: f3ae39a58ea2ef70f6fd336cc21bda194248208c
+  metadata.gz: f9c27e1e995ecc1c5eb06382c173f31525c1e929
+  data.tar.gz: 5dd09c34b1dd17d1a0d25f2cd6cfa394d7aed80a
 SHA512:
-  metadata.gz: a027c800ed100e45e1bab4edeb37c505e4a54596914ae167cc9504e95afc867e44ffc97b2381630fd0a359a3a07eb52cdfff02994a966c5eab6802b0b2e93f3c
-  data.tar.gz: 3a575121c37a4cbe6b2c65c74738d0cf266c0218808c85a98b3321d177ea3a81f92c6bacab999819c18947564ee8bf7d28d747e687b9288bb40bb2fa619b29c2
+  metadata.gz: '058f7663ec7490210c0c8d44e94494dbfa4e7c045825e25eea9bc50ca69080c33c073eacca36689fb78824dcadc316ff487c7ecae0c9d13a107a468b370738bf'
+  data.tar.gz: 6e3f98269362576b32ad8fe1f15b82ea990c0263963523928104e8a97b60617b4b3720bd4fb71b9455658f6f4c066d46da84ffedc6ecd6b7bb101177693735c8

data/CHANGELOG.md

@@ -1,2 +1,4 @@
 ## 0.1.0
   - Plugin created with the logstash plugin generator
+## 0.1.1 
+  - Added target field for output

data/README.md

@@ -1,79 +1,75 @@
-# Logstash Plugin
+# Logstash REST Filter [![Build Status](https://travis-ci.org/logstash-plugins/logstash-filter-http.svg?branch=master)](https://travis-ci.org/logstash-plugins/logstash-filter-http)
 
-This is a plugin for [Logstash](https://github.com/elastic/logstash).
+This is a filter plugin for [Logstash](https://github.com/elastic/logstash).
 
 It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
 
 ## Documentation
 
-Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
+The Greynoise filter adds information about IP addresses from logstash events via the Greynoise API.
 
-- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
-- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
+GreyNoise is a system that collects and analyzes data on Internet-wide scanners.
+GreyNoise collects data on benign scanners such as Shodan.io, as well as malicious actors like SSH and telnet worms.
 
-## Need Help?
-
-Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
-
-## Developing
-
-### 1. Plugin Developement and Testing
-
-#### Code
-- To get started, you'll need JRuby with the Bundler gem installed.
-
-- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
+## Usage
+### 1. Installation
+You can use the built-in plugin tool of Logstash to install the filter:
+```
+$LS_HOME/bin/logstash-plugin install logstash-filter-greynoise
+```
 
-- Install dependencies
-```sh
+Or you can build it yourself:
+```
+git clone https://github.com/nsherron90/logstash-filter-greynoise.git
 bundle install
+gem build logstash-filter-greynoise.gemspec
+$LS_HOME/bin/logstash-plugin install logstash-filter-greynoise-0.1.1.gem
 ```
 
-#### Test
-
-- Update your dependencies
+### 2. Filter Configuration
+Add the following inside the filter section of your logstash configuration:
 
 ```sh
-bundle install
+filter {
+  greynoise {
+    ip => "ip_value"                 # string (required, reference to ip address field)
+    key => "your_greynoise_key"      # string (optional, no default)
+    target => "greynoise"            # string (optional, default = greynoise)
+  }
+}
 ```
 
-- Run tests
+Print plugin version:
 
-```sh
-bundle exec rspec
+``` bash
+bin/logstash-plugin list --verbose | grep greynoise
 ```
 
-### 2. Running your unpublished Plugin in Logstash
+Example for running logstash from `cli`:
 
-#### 2.1 Run in a local Logstash clone
+``` bash
+bin/logstash --debug -e \
+'input {
+    stdin {}
+}
 
-- Edit Logstash `Gemfile` and add the local plugin path, for example:
-```ruby
-gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
-```
-- Install plugin
-```sh
-bin/logstash-plugin install --no-verify
-```
-- Run Logstash with your plugin
-```sh
-bin/logstash -e 'filter {awesome {}}'
-```
-At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
-
-#### 2.2 Run in an installed Logstash
 
-You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
+filter {
+  greynoise {
+    ip => "%{message}"
+   }
+}
 
-- Build your plugin gem
-```sh
-gem build logstash-filter-awesome.gemspec
-```
-- Install the plugin from the Logstash home
-```sh
-bin/logstash-plugin install /your/local/plugin/logstash-filter-awesome.gem
+output {
+   stdout {
+      codec => rubydebug {
+          metadata => true
+          }
+      }
+}'
 ```
-- Start Logstash and proceed to test the plugin
+
+
 
 ## Contributing
 
@@ -83,4 +79,4 @@ Programming is not a required skill. Whatever you've seen about open source and
 
 It is more important to the community that you are able to contribute.
 
-For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
+For more information about contributing, see the [CONTRIBUTING](https://github.com/elasticsearch/logstash/blob/master/CONTRIBUTING.md) file.

data/lib/logstash/filters/greynoise.rb

@@ -14,17 +14,19 @@ class LogStash::Filters::Greynoise < LogStash::Filters::Base
   # Setting the config_name here is required. This is how you
   # configure this filter from your Logstash config.
   #
-  # filter {
-  #    {
-  #     message => "My message..."
-  #   }
-  # }
-  #
+   #  filter {
+   #   greynoise {
+   #     ip => "ip"
+   #   }
+   #  }
+
   config_name "greynoise"
 
   # Replace the message with this value.
-  config :key, :validate => :string, :required => false
+
   config :ip, :validate => :string, :required => true
+  config :key, :validate => :string, :required => false
+  config :target, :validate => :string, :default => "greynoise"
 
 
 
@@ -48,7 +50,7 @@ class LogStash::Filters::Greynoise < LogStash::Filters::Base
 
     result = JSON.parse(response.body)
 
-    event.set('greynoise', result)
+    event.set(@target, result)
     # filter_matched should go in the last line of our successful code
     filter_matched(event)
 

data/logstash-filter-greynoise.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name          = 'logstash-filter-greynoise'
-  s.version       = '0.1.0'
+  s.version       = '0.1.1'
   s.licenses      = ['Apache-2.0']
   s.summary = 'This greynoise filter takes contents in the ip field and returns greynoise api data (see https://greynoise.io/ for more info).'
   s.description     = 'This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install logstash-filter-greynoise. This gem is not a stand-alone program'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-greynoise
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - nsherron90
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-04-22 00:00:00.000000000 Z
+date: 2019-04-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement