logstash-filter-ieee_oui 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +2 -0
  3. data/lib/logstash/filters/ieee_oui.rb +71 -10
  4. data/logstash-filter-ieee_oui.gemspec +2 -2
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8b61037e52fda75b4e8a35244d59dea7246e8c8ce719853dfcfb45d8eba1ad01
4
- data.tar.gz: ab87f272af68fe7f88ef6ed3117839f5beab36d74ce8f8ee6ccad8731873359a
3
+ metadata.gz: 7934ac9a7081a5aed7682884cd113b01c19343fbc61057b4fcd8a641ecf81125
4
+ data.tar.gz: 75b024faa7cfdbdafec42410ea2d3fe709350c1be6e5c3c8bbe25b8d2f6ba85e
5
5
  SHA512:
6
- metadata.gz: 7abfa3b8c0575693846535c186ed1799041b294fc5e6d6a38dbae20adae34ac9c6de11fb4f6d27aebd2865b3fa27cb69e4ae965517a0da26fef7368e121e1d06
7
- data.tar.gz: 79eb3c71569239ceb9a7968c77f7d9a696e82871758dba3f7758b32d07b37b58773394aadc3ccee6713dd1bb89b61995afc75c9014c1c25e0d55c3408ebd181d
6
+ metadata.gz: 27df1ac1fce0efbc62fd0100701cc5d8eedf08b081538004bfbc16966e7be1945b19f6d882102fa3d4c5767b71f14085794d2cb71cca311edbe7bcab232040f0
7
+ data.tar.gz: b1fa8960e81efdfcec07490c4af05c57034285f2a5a01d42715ca9772e42893f98ede8f17fee56559c2bf2ba054e884829dc523c37bae2a7d73fd2063ab42c44
data/CHANGELOG.md CHANGED
@@ -1,3 +1,5 @@
1
+ ## 1.0.5
2
+ - thread locking and refresh interval of oui file
1
3
  ## 1.0.4
2
4
  - added auto refresh of ouifile
3
5
  ## 1.0.3
data/lib/logstash/filters/ieee_oui.rb CHANGED
@@ -3,6 +3,8 @@ require "logstash/filters/base"
3
3
  require "logstash/namespace"
4
4
  require 'digest'
5
5
 
6
+ java_import 'java.util.concurrent.locks.ReentrantReadWriteLock'
7
+
6
8
  # The ieee_oui filter allows you to match mac addresses to vendor names.
7
9
  # It accepts source mac addresses delimited by a colon(:), a dash(-) or no delimiter.
8
10
  # The filter requires a specially formatted oui-logstash.txt file for the ouifile.
@@ -27,44 +29,98 @@ class LogStash::Filters::IeeeOui < LogStash::Filters::Base
27
29
  config :source, :validate => :string, :default => 'mac'
28
30
  # Target field for manufacture
29
31
  config :target, :validate => :string, :default => 'mac_mfr'
32
+ # Indicates how frequently (in seconds) to check the oui text file for updates
33
+ config :refresh_interval, :validate => :number, :default => 300
30
34
  # Tag if lookup failure occurs
31
35
  config :tag_on_failure, :validate => :array, :default => ["_ouilookupfailure"]
32
36
 
33
37
  public
34
38
  def register
39
+ rw_lock = java.util.concurrent.locks.ReentrantReadWriteLock.new
40
+ @read_lock = rw_lock.readLock
41
+ @write_lock = rw_lock.writeLock
42
+
35
43
  if @ouifile.nil?
36
- @logger.debug("You must specifiy 'ouifile => path_to_file' in your ieee_oui filter")
37
44
  @ouihash = nil
45
+ raise LogStash::ConfigurationError, I18n.t(
46
+ "logstash.agent.configuration.invalid_plugin_register",
47
+ :plugin => "filter",
48
+ :type => "ieee_oui",
49
+ :error => "You must specifiy 'ouifile => path_to_file' in your ieee_oui filter"
50
+ )
38
51
  else
39
- @logger.info("Using oui file", :path => @ouifile)
40
- @md5 = md5file(@ouifile)
41
- @newmd5 = md5file(@ouifile)
42
- @ouihash = hashfile(@ouifile)
52
+ @logger.info("Using OUI file", :path => @ouifile)
53
+ @logger.info("OUI file refresh check seconds", :number => @refresh_interval)
54
+ @md5 = nil
55
+ @newmd5 = nil
56
+ @ouihash = nil
57
+ @next_refresh = Time.now + @refresh_interval
58
+ lock_for_write { refreshfile(@ouifile) }
43
59
  end
44
60
  end # def register
45
61
 
46
- #public
62
+ private
63
+ def lock_for_write
64
+ @write_lock.lock
65
+ begin
66
+ yield
67
+ ensure
68
+ @write_lock.unlock
69
+ end
70
+ end # def lock_for_write
71
+
72
+ private
73
+ def lock_for_read # ensuring only one thread updates the OUI hash
74
+ @read_lock.lock
75
+ begin
76
+ yield
77
+ ensure
78
+ @read_lock.unlock
79
+ end
80
+ end #def lock_for_read
81
+
82
+ private
47
83
  def md5file(file)
48
84
  return Digest::MD5.file(file).hexdigest
49
85
  end
50
86
 
87
+ private
51
88
  def hashfile(file)
52
89
  return Hash[*File.read(file).split(/\t|\n/)]
53
90
  end
54
91
 
92
+ private
55
93
  def refreshfile(file)
56
94
  @newmd5 = md5file(file)
57
95
  if @newmd5 != @md5
58
96
  @md5 = md5file(file)
59
97
  @ouihash = hashfile(file)
60
- @logger.info("Refreshing oui file" , :path => file)
98
+ @next_refresh = Time.now + @refresh_interval
99
+ @logger.info("Refreshing OUI file", :path => file)
100
+ else
101
+ @logger.debug("OUI file unchanged", :path => file)
61
102
  end
103
+ @logger.debug("OUI file MD5", :string => @md5)
104
+ end
105
+
106
+ private
107
+ def needs_refresh?
108
+ @next_refresh < Time.now
62
109
  end
63
110
 
111
+ public
64
112
  def filter(event)
65
113
  matched = false
114
+
66
115
  if ! @ouihash.nil?
67
- refreshfile(@ouifile)
116
+ if needs_refresh?
117
+ lock_for_write do
118
+ if needs_refresh?
119
+ refreshfile(@ouifile)
120
+ end
121
+ end
122
+ end
123
+
68
124
  validhex = false
69
125
  mac = event.get(@source)
70
126
  delimiter = mac[2]
@@ -75,7 +131,10 @@ class LogStash::Filters::IeeeOui < LogStash::Filters::Base
75
131
  end
76
132
  if !mfrid[/\H/]
77
133
  validhex = true
78
- vendor = @ouihash[mfrid]
134
+ vendor = nil
135
+ lock_for_read do
136
+ vendor = @ouihash[mfrid]
137
+ end
79
138
  if vendor.nil?
80
139
  vendor = 'unknown'
81
140
  else
@@ -85,8 +144,10 @@ class LogStash::Filters::IeeeOui < LogStash::Filters::Base
85
144
  event.set("#{@target}", vendor)
86
145
  end
87
146
  end
88
- @logger.debug("Invalid Hex in source", :string => @source) if not validhex
147
+
148
+ @logger.debug("Invalid MAC address in source", :string => @source) if not validhex
89
149
  @tag_on_failure.each{|tag| event.tag(tag)} if not matched
90
150
  filter_matched(event) if matched
91
151
  end # def filter
152
+
92
153
  end # class LogStash::Filters::IeeeOui
data/logstash-filter-ieee_oui.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-filter-ieee_oui'
3
- s.version = '1.0.4'
3
+ s.version = '1.0.5'
4
4
  s.licenses = ['Apache-2.0']
5
5
  s.summary = 'Logstash filter to parse OUI data from mac addresses, requires external OUI txt file from ieee.org'
6
6
  s.description = 'This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program'
@@ -20,4 +20,4 @@ Gem::Specification.new do |s|
20
20
  # Gem dependencies
21
21
  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
22
22
  s.add_development_dependency 'logstash-devutils', '= 1.3.6'
23
- end
23
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-ieee_oui
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Pananen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-02-02 00:00:00.000000000 Z
11
+ date: 2019-03-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement