logstash-filter-ieee_oui 1.0.3 → 1.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +2 -0
  3. data/README.md +12 -13
  4. data/lib/logstash/filters/ieee_oui.rb +31 -9
  5. data/logstash-filter-ieee_oui.gemspec +1 -1
  6. data/spec/filters/ieee_oui_spec.rb +3 -6
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e53e780052ecbe451efdb6f2edb4fb8626cec424712fdfc4dca766094f54aef5
4
- data.tar.gz: 4cab1322e9e921f0bd8d97098d5e00da5864d423cb6769317782b9ed4482e497
3
+ metadata.gz: 8b61037e52fda75b4e8a35244d59dea7246e8c8ce719853dfcfb45d8eba1ad01
4
+ data.tar.gz: ab87f272af68fe7f88ef6ed3117839f5beab36d74ce8f8ee6ccad8731873359a
5
5
  SHA512:
6
- metadata.gz: c58ddfdc06ac071d5f9cd77d7d725589ee30b0237bcbef6c0974b65dc23840400cfa316d5f96c05f88f2afc51687f5b9b57c6cf3a3ecccf5b6b6189184a029ef
7
- data.tar.gz: 0c2475c9efe4d819189a77c3d7335c612524ee1d0e1fba558031c1134302100f6cc2ccad9631317d814cd0c66852810c3daca9a2d170a4c020d575a9651e20b4
6
+ metadata.gz: 7abfa3b8c0575693846535c186ed1799041b294fc5e6d6a38dbae20adae34ac9c6de11fb4f6d27aebd2865b3fa27cb69e4ae965517a0da26fef7368e121e1d06
7
+ data.tar.gz: 79eb3c71569239ceb9a7968c77f7d9a696e82871758dba3f7758b32d07b37b58773394aadc3ccee6713dd1bb89b61995afc75c9014c1c25e0d55c3408ebd181d
data/CHANGELOG.md CHANGED
@@ -1,3 +1,5 @@
1
+ ## 1.0.4
2
+ - added auto refresh of ouifile
1
3
  ## 1.0.3
2
4
  - stripped carriage return
3
5
  ## 1.0.2
data/README.md CHANGED
@@ -11,9 +11,16 @@ See [logstash-oui-scraper](https://github.com/Vigilant-LLC/logstash-oui-scraper)
11
11
 
12
12
  See [CHANGELOG](https://github.com/Vigilant-LLC/logstash-filter-ieee_oui/blob/master/CHANGELOG.md) for development notes.
13
13
 
14
-
15
- # License
16
- It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way. [LICENSE](https://github.com/Vigilant-LLC/logstash-filter-ieee_oui/blob/master/LICENSE)
14
+ #### USAGE
15
+ ```
16
+ filter {
17
+ ieee_oui {
18
+ source => 'macaddress'
19
+ target => 'oui_vendor'
20
+ ouifile => '/path_to/oui-logstash.txt'
21
+ }
22
+ }
23
+ ```
17
24
 
18
25
  #### Code
19
26
  - To get started, you'll need JRuby with the Bundler gem installed.
@@ -38,14 +45,6 @@ bin/logstash-plugin install /your/local/plugin/logstash-filter-ieee_oui.gem
38
45
  ```
39
46
  - Start Logstash and proceed to test the plugin
40
47
 
41
- #### USAGE
42
- ```
43
- filter {
44
- ieee_oui {
45
- source => 'macaddress'
46
- target => 'oui_vendor'
47
- ouifile => '/path_to/oui-logstash.txt'
48
- }
49
- }
50
- ```
48
+ # License
49
+ It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way. [LICENSE](https://github.com/Vigilant-LLC/logstash-filter-ieee_oui/blob/master/LICENSE)
51
50
 
data/lib/logstash/filters/ieee_oui.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # encoding: utf-8
2
2
  require "logstash/filters/base"
3
3
  require "logstash/namespace"
4
+ require 'digest'
4
5
 
5
6
  # The ieee_oui filter allows you to match mac addresses to vendor names.
6
7
  # It accepts source mac addresses delimited by a colon(:), a dash(-) or no delimiter.
@@ -36,35 +37,56 @@ class LogStash::Filters::IeeeOui < LogStash::Filters::Base
36
37
  @ouihash = nil
37
38
  else
38
39
  @logger.info("Using oui file", :path => @ouifile)
39
- @ouihash = Hash[*File.read(ouifile).split(/\t|\n/)]
40
+ @md5 = md5file(@ouifile)
41
+ @newmd5 = md5file(@ouifile)
42
+ @ouihash = hashfile(@ouifile)
40
43
  end
41
44
  end # def register
42
45
 
43
- public
46
+ #public
47
+ def md5file(file)
48
+ return Digest::MD5.file(file).hexdigest
49
+ end
50
+
51
+ def hashfile(file)
52
+ return Hash[*File.read(file).split(/\t|\n/)]
53
+ end
54
+
55
+ def refreshfile(file)
56
+ @newmd5 = md5file(file)
57
+ if @newmd5 != @md5
58
+ @md5 = md5file(file)
59
+ @ouihash = hashfile(file)
60
+ @logger.info("Refreshing oui file" , :path => file)
61
+ end
62
+ end
63
+
44
64
  def filter(event)
45
65
  matched = false
46
66
  if ! @ouihash.nil?
67
+ refreshfile(@ouifile)
47
68
  validhex = false
48
69
  mac = event.get(@source)
49
70
  delimiter = mac[2]
50
71
  if delimiter[/\H/]
51
- mfrid = mac.split("#{delimiter}")[0..2].join.upcase
72
+ mfrid = mac.split("#{delimiter}")[0..2].join.upcase
52
73
  else
53
74
  mfrid = mac[0,6].upcase
54
75
  end
55
76
  if !mfrid[/\H/]
56
77
  validhex = true
57
78
  vendor = @ouihash[mfrid]
58
- if vendor
79
+ if vendor.nil?
80
+ vendor = 'unknown'
81
+ else
59
82
  vendor = vendor.gsub(/\r/,"")
60
- matched = true
61
- event.set("#{@target}", vendor)
62
83
  end
84
+ matched = true
85
+ event.set("#{@target}", vendor)
63
86
  end
64
- # filter_matched should go in the last line of our successful code
65
- @logger.debug("Invalid Hex in source", :string => @source) if not validhex
66
- @tag_on_failure.each{|tag| event.tag(tag)} if not matched
67
87
  end
88
+ @logger.debug("Invalid Hex in source", :string => @source) if not validhex
89
+ @tag_on_failure.each{|tag| event.tag(tag)} if not matched
68
90
  filter_matched(event) if matched
69
91
  end # def filter
70
92
  end # class LogStash::Filters::IeeeOui
data/logstash-filter-ieee_oui.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-filter-ieee_oui'
3
- s.version = '1.0.3'
3
+ s.version = '1.0.4'
4
4
  s.licenses = ['Apache-2.0']
5
5
  s.summary = 'Logstash filter to parse OUI data from mac addresses, requires external OUI txt file from ieee.org'
6
6
  s.description = 'This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program'
data/spec/filters/ieee_oui_spec.rb CHANGED
@@ -39,7 +39,6 @@ describe LogStash::Filters::IeeeOui do
39
39
  end
40
40
  end
41
41
 
42
-
43
42
  describe "mac with dashes" do
44
43
  let(:config) do <<-CONFIG
45
44
  filter {
@@ -76,7 +75,6 @@ describe LogStash::Filters::IeeeOui do
76
75
  end
77
76
  end
78
77
 
79
-
80
78
  describe "mac invalid hex" do
81
79
  let(:config) do <<-CONFIG
82
80
  filter {
@@ -94,7 +92,7 @@ describe LogStash::Filters::IeeeOui do
94
92
  end
95
93
  end
96
94
 
97
- describe "non existent" do
95
+ describe "unknown" do
98
96
  let(:config) do <<-CONFIG
99
97
  filter {
100
98
  ieee_oui {
@@ -106,9 +104,8 @@ describe LogStash::Filters::IeeeOui do
106
104
  CONFIG
107
105
  end
108
106
 
109
- sample("mac" => "00-00-00-0b-67-6c") do
110
- expect(subject.get("tags")).to include("_ouilookupfailure")
107
+ sample("mac" => "02-42-C0-0b-67-6c") do
108
+ expect(subject.get('[oui][mac_vendor]')).to eq('unknown')
111
109
  end
112
110
  end
113
-
114
111
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-ieee_oui
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ version: 1.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Pananen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-01-29 00:00:00.000000000 Z
11
+ date: 2019-02-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement