logstash-filter-ip2proxy 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/Gemfile +11 -0
- data/LICENSE +13 -0
- data/README.md +72 -0
- data/lib/logstash-filter-ip2proxy_jars.rb +3 -0
- data/lib/logstash/filters/ip2proxy.rb +50 -0
- data/logstash-filter-ip2proxy.gemspec +25 -0
- data/spec/filters/ip2proxy_spec.rb +27 -0
- data/spec/spec_helper.rb +2 -0
- data/vendor/IP2PROXY-LITE-PX4.BIN +0 -0
- data/vendor/jar-dependencies/com/ip2proxy/ip2proxy/ip2proxy/1.0.1/ip2proxy-1.0.1.jar +0 -0
- data/vendor/jar-dependencies/org/logstash/filters/logstash-filter-ip2proxy/1.0.0/logstash-filter-ip2proxy-1.0.0.jar +0 -0
- metadata +89 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 44aa5f88de1b88bd0f6192f49dc0a084fa583bbc
|
4
|
+
data.tar.gz: 8e81ae323854308d4065c36ccc8f219aa6e67951
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 1e72124b5078da4ab9439ecdd3ebd8e43184cf1a35ad93d8b79166f8917c709619788758d2717c0ac6b57940eabcd7b25391d688538ffc6c9a30a82f0bc16bd4
|
7
|
+
data.tar.gz: 3d40f3a530cc40ec254b30ae026429accfc039a29d556741e312771b8e0d23023544c85ec533061f9e9d6d412f9cad14cd0a0e5ed84fd41ae53688e4c2d01d21
|
data/Gemfile
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
source 'https://rubygems.org'
|
2
|
+
|
3
|
+
gemspec
|
4
|
+
|
5
|
+
logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
|
6
|
+
use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
|
7
|
+
|
8
|
+
if Dir.exist?(logstash_path) && use_logstash_source
|
9
|
+
gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
|
10
|
+
gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
|
11
|
+
end
|
data/LICENSE
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
Copyright (c) 2017 IP2Location.com
|
2
|
+
|
3
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
you may not use this file except in compliance with the License.
|
5
|
+
You may obtain a copy of the License at
|
6
|
+
|
7
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
|
9
|
+
Unless required by applicable law or agreed to in writing, software
|
10
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
See the License for the specific language governing permissions and
|
13
|
+
limitations under the License.
|
data/README.md
ADDED
@@ -0,0 +1,72 @@
|
|
1
|
+
# IP2Proxy Filter Plugin
|
2
|
+
This is IP2Proxy filter plugin for Logstash that enables Logstash's users to query an IP address if it was being used as open proxy, web proxy, VPN anonymizer and TOR exits. It also appends country, state, city and ISP information of the server. The library took the proxy IP address from **IP2Proxy BIN Data** file.
|
3
|
+
|
4
|
+
For the methods to use IP2Proxy filter plugin with Elastic Stack (Elasticsearch, Filebeat, Logstash, and Kibana), please take a look on this [tutorial](https://www.ip2location.com/tutorials/how-to-use-ip2proxy-filter-plugin-with-elastic-stack).
|
5
|
+
|
6
|
+
|
7
|
+
## Dependencies (IP2PROXY BIN DATA FILE)
|
8
|
+
This plugin requires IP2Proxy BIN data file to function. You may download the BIN data file at
|
9
|
+
* IP2Proxy LITE BIN Data (Free): https://lite.ip2location.com
|
10
|
+
* IP2Proxy Commercial BIN Data (Commercial): https://www.ip2location.com
|
11
|
+
|
12
|
+
|
13
|
+
## Installation
|
14
|
+
Install this plugin by the following code:
|
15
|
+
```
|
16
|
+
bin/logstash-plugin install logstash-filter-ip2proxy
|
17
|
+
```
|
18
|
+
|
19
|
+
|
20
|
+
## Config File Example
|
21
|
+
```
|
22
|
+
input {
|
23
|
+
beats {
|
24
|
+
port => "5043"
|
25
|
+
}
|
26
|
+
}
|
27
|
+
|
28
|
+
filter {
|
29
|
+
grok {
|
30
|
+
match => { "message" => "%{COMBINEDAPACHELOG}"}
|
31
|
+
}
|
32
|
+
ip2proxy {
|
33
|
+
source => "clientip"
|
34
|
+
}
|
35
|
+
}
|
36
|
+
|
37
|
+
output {
|
38
|
+
elasticsearch {
|
39
|
+
hosts => [ "localhost:9200" ]
|
40
|
+
}
|
41
|
+
}
|
42
|
+
```
|
43
|
+
|
44
|
+
|
45
|
+
## IP2Proxy Filter Configuration
|
46
|
+
|Setting|Input type|Required|
|
47
|
+
|---|---|---|
|
48
|
+
|source|string|Yes|
|
49
|
+
|database|a valid filesystem path|No|
|
50
|
+
|
51
|
+
* **source** field is a required setting that containing the IP address or hostname to get the ip information.
|
52
|
+
* **database** field is an optional setting that containing the path to the IP2Proxy BIN database file.
|
53
|
+
|
54
|
+
|
55
|
+
## Sample Output
|
56
|
+
|Field|Description|
|
57
|
+
|---|---|
|
58
|
+
|ip2proxy.city|the city name of the proxy|
|
59
|
+
|ip2proxy.country_long|the ISO3166-1 country name of the proxy|
|
60
|
+
|ip2proxy.country_short|the ISO3166-1 country code (two-characters) of the proxy|
|
61
|
+
|ip2proxy.is_proxy|Check whether if an IP address was a proxy. Returned value:<ul><li>-1 : errors</li><li>0 : not a proxy</li><li>1 : a proxy</li><li>2 : a data center IP address</li></ul>|
|
62
|
+
|ip2proxy.isp|the ISP name of the proxy|
|
63
|
+
|ip2proxy.proxy_type|the proxy type. Please visit <a href="https://www.ip2location.com/databases/px4-ip-proxytype-country-region-city-isp" target="_blank">IP2Location</a> for the list of proxy types supported|
|
64
|
+
|ip2proxy.region|the ISO3166-2 region name of the proxy|
|
65
|
+
|
66
|
+
![Example of data](https://www.ip2location.com/images/tutorial/logstash-filter-ip2proxy-screenshot.png)
|
67
|
+
|
68
|
+
|
69
|
+
## Support
|
70
|
+
Email: support@ip2location.com
|
71
|
+
|
72
|
+
URL: [https://www.ip2location.com](https://www.ip2location.com)
|
@@ -0,0 +1,50 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require "logstash/filters/base"
|
3
|
+
require "logstash/namespace"
|
4
|
+
|
5
|
+
require "logstash-filter-ip2proxy_jars"
|
6
|
+
|
7
|
+
class LogStash::Filters::IP2Proxy < LogStash::Filters::Base
|
8
|
+
config_name "ip2proxy"
|
9
|
+
|
10
|
+
# The path to the IP2Proxy.BIN database file which Logstash should use.
|
11
|
+
# If not specified, this will default to the IP2PROXY-LITE-PX4.BIN database that embedded in the plugin.
|
12
|
+
config :database, :validate => :path
|
13
|
+
|
14
|
+
# The field containing the IP address.
|
15
|
+
# If this field is an array, only the first value will be used.
|
16
|
+
config :source, :validate => :string, :required => true
|
17
|
+
|
18
|
+
# The field used to define iplocation as target.
|
19
|
+
config :target, :validate => :string, :default => 'ip2proxy'
|
20
|
+
|
21
|
+
public
|
22
|
+
def register
|
23
|
+
if @database.nil?
|
24
|
+
@database = ::Dir.glob(::File.join(::File.expand_path("../../../vendor/", ::File.dirname(__FILE__)),"IP2PROXY-LITE-PX4.BIN")).first
|
25
|
+
|
26
|
+
if @database.nil? || !File.exists?(@database)
|
27
|
+
raise "You must specify 'database => ...' in your ip2proxy filter (I looked for '#{@database}')"
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
@logger.info("Using ip2proxy database", :path => @database)
|
32
|
+
|
33
|
+
@ip2proxyfilter = org.logstash.filters.IP2ProxyFilter.new(@source, @target, @database)
|
34
|
+
end
|
35
|
+
|
36
|
+
public
|
37
|
+
def filter(event)
|
38
|
+
return unless filter?(event)
|
39
|
+
if @ip2proxyfilter.handleEvent(event)
|
40
|
+
filter_matched(event)
|
41
|
+
else
|
42
|
+
tag_iplookup_unsuccessful(event)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
def tag_iplookup_unsuccessful(event)
|
47
|
+
@logger.debug? && @logger.debug("IP #{event.get(@source)} was not found in the database", :event => event)
|
48
|
+
end
|
49
|
+
|
50
|
+
end # class LogStash::Filters::IP2Proxy
|
@@ -0,0 +1,25 @@
|
|
1
|
+
Gem::Specification.new do |s|
|
2
|
+
|
3
|
+
s.name = 'logstash-filter-ip2proxy'
|
4
|
+
s.version = '1.0.0'
|
5
|
+
s.licenses = ['Apache License (2.0)']
|
6
|
+
s.summary = "Logstash filter IP2Proxy"
|
7
|
+
s.description = "IP2Proxy filter plugin for Logstash enables Logstash's users to query an IP address if it was being used as open proxy, web proxy, VPN servers and TOR exits. It also appends country, state, city and ISP information of the server."
|
8
|
+
s.authors = ["IP2Location"]
|
9
|
+
s.email = 'support@ip2location.com'
|
10
|
+
s.homepage = "https://www.ip2location.com"
|
11
|
+
s.require_paths = ["lib", "vendor/jar-dependencies"]
|
12
|
+
|
13
|
+
# Files
|
14
|
+
s.files = Dir["lib/**/*",'spec/**/*',"vendor/**/*","vendor/jar-dependencies/**/*.jar","*.gemspec","*.md","Gemfile","LICENSE"]
|
15
|
+
|
16
|
+
# Tests
|
17
|
+
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
18
|
+
|
19
|
+
# Special flag to let us know this is actually a logstash plugin
|
20
|
+
s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
|
21
|
+
|
22
|
+
# Gem dependencies
|
23
|
+
s.add_runtime_dependency "logstash-core-plugin-api", "~> 2.0"
|
24
|
+
s.add_development_dependency "logstash-devutils"
|
25
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require_relative '../spec_helper'
|
3
|
+
require "logstash/filters/ip2proxy"
|
4
|
+
|
5
|
+
IP2PROXYDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/IP2PROXY-LITE-PX4.BIN").first
|
6
|
+
|
7
|
+
describe LogStash::Filters::IP2Proxy do
|
8
|
+
|
9
|
+
describe "normal test" do
|
10
|
+
config <<-CONFIG
|
11
|
+
filter {
|
12
|
+
ip2proxy {
|
13
|
+
source => "ip"
|
14
|
+
#database => "#{IP2PROXYDB}"
|
15
|
+
}
|
16
|
+
}
|
17
|
+
CONFIG
|
18
|
+
|
19
|
+
sample("ip" => "8.8.8.8") do
|
20
|
+
expect(subject.get("ip2proxy")).not_to be_empty
|
21
|
+
expect(subject.get("ip2proxy")["country_short"]).to eq("US")
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
26
|
+
|
27
|
+
end
|
data/spec/spec_helper.rb
ADDED
Binary file
|
Binary file
|
Binary file
|
metadata
ADDED
@@ -0,0 +1,89 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: logstash-filter-ip2proxy
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- IP2Location
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-11-24 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: logstash-core-plugin-api
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '2.0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '2.0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: logstash-devutils
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
description: IP2Proxy filter plugin for Logstash enables Logstash's users to query
|
42
|
+
an IP address if it was being used as open proxy, web proxy, VPN servers and TOR
|
43
|
+
exits. It also appends country, state, city and ISP information of the server.
|
44
|
+
email: support@ip2location.com
|
45
|
+
executables: []
|
46
|
+
extensions: []
|
47
|
+
extra_rdoc_files: []
|
48
|
+
files:
|
49
|
+
- Gemfile
|
50
|
+
- LICENSE
|
51
|
+
- README.md
|
52
|
+
- lib/logstash-filter-ip2proxy_jars.rb
|
53
|
+
- lib/logstash/filters/ip2proxy.rb
|
54
|
+
- logstash-filter-ip2proxy.gemspec
|
55
|
+
- spec/filters/ip2proxy_spec.rb
|
56
|
+
- spec/spec_helper.rb
|
57
|
+
- vendor/IP2PROXY-LITE-PX4.BIN
|
58
|
+
- vendor/jar-dependencies/com/ip2proxy/ip2proxy/ip2proxy/1.0.1/ip2proxy-1.0.1.jar
|
59
|
+
- vendor/jar-dependencies/org/logstash/filters/logstash-filter-ip2proxy/1.0.0/logstash-filter-ip2proxy-1.0.0.jar
|
60
|
+
homepage: https://www.ip2location.com
|
61
|
+
licenses:
|
62
|
+
- Apache License (2.0)
|
63
|
+
metadata:
|
64
|
+
logstash_plugin: 'true'
|
65
|
+
logstash_group: filter
|
66
|
+
post_install_message:
|
67
|
+
rdoc_options: []
|
68
|
+
require_paths:
|
69
|
+
- lib
|
70
|
+
- vendor/jar-dependencies
|
71
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
77
|
+
requirements:
|
78
|
+
- - ">="
|
79
|
+
- !ruby/object:Gem::Version
|
80
|
+
version: '0'
|
81
|
+
requirements: []
|
82
|
+
rubyforge_project:
|
83
|
+
rubygems_version: 2.6.14
|
84
|
+
signing_key:
|
85
|
+
specification_version: 4
|
86
|
+
summary: Logstash filter IP2Proxy
|
87
|
+
test_files:
|
88
|
+
- spec/filters/ip2proxy_spec.rb
|
89
|
+
- spec/spec_helper.rb
|