RubyGems - logstash-filter-ieee_oui - Versions diffs - 1.0.3 → 1.0.4 - Mend

logstash-filter-ieee_oui 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +2 -0
data/README.md +12 -13
data/lib/logstash/filters/ieee_oui.rb +31 -9
data/logstash-filter-ieee_oui.gemspec +1 -1
data/spec/filters/ieee_oui_spec.rb +3 -6
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e53e780052ecbe451efdb6f2edb4fb8626cec424712fdfc4dca766094f54aef5
-  data.tar.gz: 4cab1322e9e921f0bd8d97098d5e00da5864d423cb6769317782b9ed4482e497
+  metadata.gz: 8b61037e52fda75b4e8a35244d59dea7246e8c8ce719853dfcfb45d8eba1ad01
+  data.tar.gz: ab87f272af68fe7f88ef6ed3117839f5beab36d74ce8f8ee6ccad8731873359a
 SHA512:
-  metadata.gz: c58ddfdc06ac071d5f9cd77d7d725589ee30b0237bcbef6c0974b65dc23840400cfa316d5f96c05f88f2afc51687f5b9b57c6cf3a3ecccf5b6b6189184a029ef
-  data.tar.gz: 0c2475c9efe4d819189a77c3d7335c612524ee1d0e1fba558031c1134302100f6cc2ccad9631317d814cd0c66852810c3daca9a2d170a4c020d575a9651e20b4
+  metadata.gz: 7abfa3b8c0575693846535c186ed1799041b294fc5e6d6a38dbae20adae34ac9c6de11fb4f6d27aebd2865b3fa27cb69e4ae965517a0da26fef7368e121e1d06
+  data.tar.gz: 79eb3c71569239ceb9a7968c77f7d9a696e82871758dba3f7758b32d07b37b58773394aadc3ccee6713dd1bb89b61995afc75c9014c1c25e0d55c3408ebd181d

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,5 @@
+## 1.0.4
+  - added auto refresh of ouifile
 ## 1.0.3
   - stripped carriage return
 ## 1.0.2

data/README.md CHANGED Viewed

@@ -11,9 +11,16 @@ See [logstash-oui-scraper](https://github.com/Vigilant-LLC/logstash-oui-scraper)
 See [CHANGELOG](https://github.com/Vigilant-LLC/logstash-filter-ieee_oui/blob/master/CHANGELOG.md) for development notes.
-# License
-It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way. [LICENSE](https://github.com/Vigilant-LLC/logstash-filter-ieee_oui/blob/master/LICENSE)
+#### USAGE
+```
+filter {
+  ieee_oui {
+    source => 'macaddress'
+    target => 'oui_vendor'
+    ouifile => '/path_to/oui-logstash.txt'
+  }
+}
+```
 #### Code
 - To get started, you'll need JRuby with the Bundler gem installed.
@@ -38,14 +45,6 @@ bin/logstash-plugin install /your/local/plugin/logstash-filter-ieee_oui.gem
 ```
 - Start Logstash and proceed to test the plugin
-#### USAGE
-```
-filter {
-  ieee_oui {
-    source => 'macaddress'
-    target => 'oui_vendor'
-    ouifile => '/path_to/oui-logstash.txt'
-  }
-}
-```
+# License
+It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way. [LICENSE](https://github.com/Vigilant-LLC/logstash-filter-ieee_oui/blob/master/LICENSE)

data/lib/logstash/filters/ieee_oui.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # encoding: utf-8
 require "logstash/filters/base"
 require "logstash/namespace"
+require 'digest'
 # The ieee_oui filter allows you to match mac addresses to vendor names.
 # It accepts source mac addresses delimited by a colon(:), a dash(-) or no delimiter.
@@ -36,35 +37,56 @@ class LogStash::Filters::IeeeOui < LogStash::Filters::Base
       @ouihash = nil
     else
       @logger.info("Using oui file", :path => @ouifile)
-      @ouihash = Hash[*File.read(ouifile).split(/\t|\n/)]
+      @md5 = md5file(@ouifile)
+      @newmd5 = md5file(@ouifile)
+      @ouihash = hashfile(@ouifile)
     end
   end # def register
-  public
+  #public
+  def md5file(file)
+    return Digest::MD5.file(file).hexdigest
+  end
+  def hashfile(file)
+    return Hash[*File.read(file).split(/\t|\n/)]
+  end
+  def refreshfile(file)
+    @newmd5 = md5file(file)
+    if @newmd5 != @md5
+      @md5 = md5file(file)
+      @ouihash = hashfile(file)
+      @logger.info("Refreshing oui file" , :path => file)
+    end
+  end
   def filter(event)
     matched = false
     if ! @ouihash.nil?
+      refreshfile(@ouifile)
       validhex = false
       mac = event.get(@source)
       delimiter = mac[2]
       if delimiter[/\H/]
-         mfrid = mac.split("#{delimiter}")[0..2].join.upcase
+        mfrid = mac.split("#{delimiter}")[0..2].join.upcase
       else
         mfrid = mac[0,6].upcase
       end
       if !mfrid[/\H/]
         validhex = true
         vendor = @ouihash[mfrid]
-        if vendor
+        if vendor.nil?
+          vendor = 'unknown'
+        else
           vendor = vendor.gsub(/\r/,"")
-          matched = true
-          event.set("#{@target}", vendor)
         end
+        matched = true
+        event.set("#{@target}", vendor)
       end
-      # filter_matched should go in the last line of our successful code
-      @logger.debug("Invalid Hex in source", :string => @source) if not validhex
-      @tag_on_failure.each{|tag| event.tag(tag)} if not matched
     end
+    @logger.debug("Invalid Hex in source", :string => @source) if not validhex
+    @tag_on_failure.each{|tag| event.tag(tag)} if not matched
     filter_matched(event) if matched
   end # def filter
 end # class LogStash::Filters::IeeeOui

data/logstash-filter-ieee_oui.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name          = 'logstash-filter-ieee_oui'
-  s.version       = '1.0.3'
+  s.version       = '1.0.4'
   s.licenses      = ['Apache-2.0']
   s.summary       = 'Logstash filter to parse OUI data from mac addresses, requires external OUI txt file from ieee.org'
   s.description   = 'This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program'

data/spec/filters/ieee_oui_spec.rb CHANGED Viewed

@@ -39,7 +39,6 @@ describe LogStash::Filters::IeeeOui do
     end
   end
   describe "mac with dashes" do
     let(:config) do <<-CONFIG
     filter {
@@ -76,7 +75,6 @@ describe LogStash::Filters::IeeeOui do
     end
   end
   describe "mac invalid hex" do
     let(:config) do <<-CONFIG
     filter {
@@ -94,7 +92,7 @@ describe LogStash::Filters::IeeeOui do
     end
   end
-  describe "non existent" do
+  describe "unknown" do
     let(:config) do <<-CONFIG
     filter {
       ieee_oui {
@@ -106,9 +104,8 @@ describe LogStash::Filters::IeeeOui do
     CONFIG
     end
-    sample("mac" => "00-00-00-0b-67-6c") do
-      expect(subject.get("tags")).to include("_ouilookupfailure")
+    sample("mac" => "02-42-C0-0b-67-6c") do
+      expect(subject.get('[oui][mac_vendor]')).to eq('unknown')
     end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-ieee_oui
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.0.4
 platform: ruby
 authors:
 - Mike Pananen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-01-29 00:00:00.000000000 Z
+date: 2019-02-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement