logstash-filter-ip2proxy 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +11 -0
  3. data/LICENSE +13 -0
  4. data/README.md +72 -0
  5. data/lib/logstash-filter-ip2proxy_jars.rb +3 -0
  6. data/lib/logstash/filters/ip2proxy.rb +50 -0
  7. data/logstash-filter-ip2proxy.gemspec +25 -0
  8. data/spec/filters/ip2proxy_spec.rb +27 -0
  9. data/spec/spec_helper.rb +2 -0
  10. data/vendor/IP2PROXY-LITE-PX4.BIN +0 -0
  11. data/vendor/jar-dependencies/com/ip2proxy/ip2proxy/ip2proxy/1.0.1/ip2proxy-1.0.1.jar +0 -0
  12. data/vendor/jar-dependencies/org/logstash/filters/logstash-filter-ip2proxy/1.0.0/logstash-filter-ip2proxy-1.0.0.jar +0 -0
  13. metadata +89 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 44aa5f88de1b88bd0f6192f49dc0a084fa583bbc
4
+ data.tar.gz: 8e81ae323854308d4065c36ccc8f219aa6e67951
5
+ SHA512:
6
+ metadata.gz: 1e72124b5078da4ab9439ecdd3ebd8e43184cf1a35ad93d8b79166f8917c709619788758d2717c0ac6b57940eabcd7b25391d688538ffc6c9a30a82f0bc16bd4
7
+ data.tar.gz: 3d40f3a530cc40ec254b30ae026429accfc039a29d556741e312771b8e0d23023544c85ec533061f9e9d6d412f9cad14cd0a0e5ed84fd41ae53688e4c2d01d21
data/Gemfile ADDED
@@ -0,0 +1,11 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gemspec
4
+
5
+ logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
6
+ use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
7
+
8
+ if Dir.exist?(logstash_path) && use_logstash_source
9
+ gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
10
+ gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
11
+ end
data/LICENSE ADDED
@@ -0,0 +1,13 @@
1
+ Copyright (c) 2017 IP2Location.com
2
+
3
+ Licensed under the Apache License, Version 2.0 (the "License");
4
+ you may not use this file except in compliance with the License.
5
+ You may obtain a copy of the License at
6
+
7
+ http://www.apache.org/licenses/LICENSE-2.0
8
+
9
+ Unless required by applicable law or agreed to in writing, software
10
+ distributed under the License is distributed on an "AS IS" BASIS,
11
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ See the License for the specific language governing permissions and
13
+ limitations under the License.
data/README.md ADDED
@@ -0,0 +1,72 @@
1
+ # IP2Proxy Filter Plugin
2
+ This is IP2Proxy filter plugin for Logstash that enables Logstash's users to query an IP address if it was being used as open proxy, web proxy, VPN anonymizer and TOR exits. It also appends country, state, city and ISP information of the server. The library took the proxy IP address from **IP2Proxy BIN Data** file.
3
+
4
+ For the methods to use IP2Proxy filter plugin with Elastic Stack (Elasticsearch, Filebeat, Logstash, and Kibana), please take a look on this [tutorial](https://www.ip2location.com/tutorials/how-to-use-ip2proxy-filter-plugin-with-elastic-stack).
5
+
6
+
7
+ ## Dependencies (IP2PROXY BIN DATA FILE)
8
+ This plugin requires IP2Proxy BIN data file to function. You may download the BIN data file at
9
+ * IP2Proxy LITE BIN Data (Free): https://lite.ip2location.com
10
+ * IP2Proxy Commercial BIN Data (Commercial): https://www.ip2location.com
11
+
12
+
13
+ ## Installation
14
+ Install this plugin by the following code:
15
+ ```
16
+ bin/logstash-plugin install logstash-filter-ip2proxy
17
+ ```
18
+
19
+
20
+ ## Config File Example
21
+ ```
22
+ input {
23
+ beats {
24
+ port => "5043"
25
+ }
26
+ }
27
+
28
+ filter {
29
+ grok {
30
+ match => { "message" => "%{COMBINEDAPACHELOG}"}
31
+ }
32
+ ip2proxy {
33
+ source => "clientip"
34
+ }
35
+ }
36
+
37
+ output {
38
+ elasticsearch {
39
+ hosts => [ "localhost:9200" ]
40
+ }
41
+ }
42
+ ```
43
+
44
+
45
+ ## IP2Proxy Filter Configuration
46
+ |Setting|Input type|Required|
47
+ |---|---|---|
48
+ |source|string|Yes|
49
+ |database|a valid filesystem path|No|
50
+
51
+ * **source** field is a required setting that containing the IP address or hostname to get the ip information.
52
+ * **database** field is an optional setting that containing the path to the IP2Proxy BIN database file.
53
+
54
+
55
+ ## Sample Output
56
+ |Field|Description|
57
+ |---|---|
58
+ |ip2proxy.city|the city name of the proxy|
59
+ |ip2proxy.country_long|the ISO3166-1 country name of the proxy|
60
+ |ip2proxy.country_short|the ISO3166-1 country code (two-characters) of the proxy|
61
+ |ip2proxy.is_proxy|Check whether if an IP address was a proxy. Returned value:<ul><li>-1 : errors</li><li>0 : not a proxy</li><li>1 : a proxy</li><li>2 : a data center IP address</li></ul>|
62
+ |ip2proxy.isp|the ISP name of the proxy|
63
+ |ip2proxy.proxy_type|the proxy type. Please visit <a href="https://www.ip2location.com/databases/px4-ip-proxytype-country-region-city-isp" target="_blank">IP2Location</a> for the list of proxy types supported|
64
+ |ip2proxy.region|the ISO3166-2 region name of the proxy|
65
+
66
+ ![Example of data](https://www.ip2location.com/images/tutorial/logstash-filter-ip2proxy-screenshot.png)
67
+
68
+
69
+ ## Support
70
+ Email: support@ip2location.com
71
+
72
+ URL: [https://www.ip2location.com](https://www.ip2location.com)
data/lib/logstash-filter-ip2proxy_jars.rb ADDED
@@ -0,0 +1,3 @@
1
+ require 'jar_dependencies'
2
+ require_jar('com.ip2proxy.ip2proxy', 'ip2proxy', '1.0.1')
3
+ require_jar('org.logstash.filters', 'logstash-filter-ip2proxy', '1.0.0')
data/lib/logstash/filters/ip2proxy.rb ADDED
@@ -0,0 +1,50 @@
1
+ # encoding: utf-8
2
+ require "logstash/filters/base"
3
+ require "logstash/namespace"
4
+
5
+ require "logstash-filter-ip2proxy_jars"
6
+
7
+ class LogStash::Filters::IP2Proxy < LogStash::Filters::Base
8
+ config_name "ip2proxy"
9
+
10
+ # The path to the IP2Proxy.BIN database file which Logstash should use.
11
+ # If not specified, this will default to the IP2PROXY-LITE-PX4.BIN database that embedded in the plugin.
12
+ config :database, :validate => :path
13
+
14
+ # The field containing the IP address.
15
+ # If this field is an array, only the first value will be used.
16
+ config :source, :validate => :string, :required => true
17
+
18
+ # The field used to define iplocation as target.
19
+ config :target, :validate => :string, :default => 'ip2proxy'
20
+
21
+ public
22
+ def register
23
+ if @database.nil?
24
+ @database = ::Dir.glob(::File.join(::File.expand_path("../../../vendor/", ::File.dirname(__FILE__)),"IP2PROXY-LITE-PX4.BIN")).first
25
+
26
+ if @database.nil? || !File.exists?(@database)
27
+ raise "You must specify 'database => ...' in your ip2proxy filter (I looked for '#{@database}')"
28
+ end
29
+ end
30
+
31
+ @logger.info("Using ip2proxy database", :path => @database)
32
+
33
+ @ip2proxyfilter = org.logstash.filters.IP2ProxyFilter.new(@source, @target, @database)
34
+ end
35
+
36
+ public
37
+ def filter(event)
38
+ return unless filter?(event)
39
+ if @ip2proxyfilter.handleEvent(event)
40
+ filter_matched(event)
41
+ else
42
+ tag_iplookup_unsuccessful(event)
43
+ end
44
+ end
45
+
46
+ def tag_iplookup_unsuccessful(event)
47
+ @logger.debug? && @logger.debug("IP #{event.get(@source)} was not found in the database", :event => event)
48
+ end
49
+
50
+ end # class LogStash::Filters::IP2Proxy
data/logstash-filter-ip2proxy.gemspec ADDED
@@ -0,0 +1,25 @@
1
+ Gem::Specification.new do |s|
2
+
3
+ s.name = 'logstash-filter-ip2proxy'
4
+ s.version = '1.0.0'
5
+ s.licenses = ['Apache License (2.0)']
6
+ s.summary = "Logstash filter IP2Proxy"
7
+ s.description = "IP2Proxy filter plugin for Logstash enables Logstash's users to query an IP address if it was being used as open proxy, web proxy, VPN servers and TOR exits. It also appends country, state, city and ISP information of the server."
8
+ s.authors = ["IP2Location"]
9
+ s.email = 'support@ip2location.com'
10
+ s.homepage = "https://www.ip2location.com"
11
+ s.require_paths = ["lib", "vendor/jar-dependencies"]
12
+
13
+ # Files
14
+ s.files = Dir["lib/**/*",'spec/**/*',"vendor/**/*","vendor/jar-dependencies/**/*.jar","*.gemspec","*.md","Gemfile","LICENSE"]
15
+
16
+ # Tests
17
+ s.test_files = s.files.grep(%r{^(test|spec|features)/})
18
+
19
+ # Special flag to let us know this is actually a logstash plugin
20
+ s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
21
+
22
+ # Gem dependencies
23
+ s.add_runtime_dependency "logstash-core-plugin-api", "~> 2.0"
24
+ s.add_development_dependency "logstash-devutils"
25
+ end
data/spec/filters/ip2proxy_spec.rb ADDED
@@ -0,0 +1,27 @@
1
+ # encoding: utf-8
2
+ require_relative '../spec_helper'
3
+ require "logstash/filters/ip2proxy"
4
+
5
+ IP2PROXYDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/IP2PROXY-LITE-PX4.BIN").first
6
+
7
+ describe LogStash::Filters::IP2Proxy do
8
+
9
+ describe "normal test" do
10
+ config <<-CONFIG
11
+ filter {
12
+ ip2proxy {
13
+ source => "ip"
14
+ #database => "#{IP2PROXYDB}"
15
+ }
16
+ }
17
+ CONFIG
18
+
19
+ sample("ip" => "8.8.8.8") do
20
+ expect(subject.get("ip2proxy")).not_to be_empty
21
+ expect(subject.get("ip2proxy")["country_short"]).to eq("US")
22
+ end
23
+ end
24
+
25
+ end
26
+
27
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,2 @@
1
+ # encoding: utf-8
2
+ require "logstash/devutils/rspec/spec_helper"
metadata ADDED
@@ -0,0 +1,89 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: logstash-filter-ip2proxy
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - IP2Location
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2017-11-24 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: logstash-core-plugin-api
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: logstash-devutils
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ description: IP2Proxy filter plugin for Logstash enables Logstash's users to query
42
+ an IP address if it was being used as open proxy, web proxy, VPN servers and TOR
43
+ exits. It also appends country, state, city and ISP information of the server.
44
+ email: support@ip2location.com
45
+ executables: []
46
+ extensions: []
47
+ extra_rdoc_files: []
48
+ files:
49
+ - Gemfile
50
+ - LICENSE
51
+ - README.md
52
+ - lib/logstash-filter-ip2proxy_jars.rb
53
+ - lib/logstash/filters/ip2proxy.rb
54
+ - logstash-filter-ip2proxy.gemspec
55
+ - spec/filters/ip2proxy_spec.rb
56
+ - spec/spec_helper.rb
57
+ - vendor/IP2PROXY-LITE-PX4.BIN
58
+ - vendor/jar-dependencies/com/ip2proxy/ip2proxy/ip2proxy/1.0.1/ip2proxy-1.0.1.jar
59
+ - vendor/jar-dependencies/org/logstash/filters/logstash-filter-ip2proxy/1.0.0/logstash-filter-ip2proxy-1.0.0.jar
60
+ homepage: https://www.ip2location.com
61
+ licenses:
62
+ - Apache License (2.0)
63
+ metadata:
64
+ logstash_plugin: 'true'
65
+ logstash_group: filter
66
+ post_install_message:
67
+ rdoc_options: []
68
+ require_paths:
69
+ - lib
70
+ - vendor/jar-dependencies
71
+ required_ruby_version: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ required_rubygems_version: !ruby/object:Gem::Requirement
77
+ requirements:
78
+ - - ">="
79
+ - !ruby/object:Gem::Version
80
+ version: '0'
81
+ requirements: []
82
+ rubyforge_project:
83
+ rubygems_version: 2.6.14
84
+ signing_key:
85
+ specification_version: 4
86
+ summary: Logstash filter IP2Proxy
87
+ test_files:
88
+ - spec/filters/ip2proxy_spec.rb
89
+ - spec/spec_helper.rb