logstash-filter-ip2proxy 2.0.0 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/logstash-filter-ip2proxy_jars.rb +2 -2
- data/lib/logstash/filters/ip2proxy.rb +154 -50
- data/logstash-filter-ip2proxy.gemspec +2 -2
- data/vendor/jar-dependencies/com/ip2proxy/ip2proxy/ip2proxy/3.0.2/ip2proxy-3.0.2.jar +0 -0
- data/vendor/jar-dependencies/org/logstash/filters/logstash-filter-ip2proxy/{2.0.0/logstash-filter-ip2proxy-2.0.0.jar → 2.1.0/logstash-filter-ip2proxy-2.1.0.jar} +0 -0
- metadata +5 -5
- data/vendor/jar-dependencies/com/ip2proxy/ip2proxy/ip2proxy/3.0.0/ip2proxy-3.0.0.jar +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0cd5f61d6fad06e1ff71bf978ceee7bad7f5560736111f7f7c5dec57e25bf3d4
|
4
|
+
data.tar.gz: c14c6f57e737bac618f1bb119e349e701cc53b7af1be9f19e823591e40e1ea4a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 223f76de27c284c1f65d1215a6db74bd2303af244753cfce641e26ce96436c50e8990b4394d6d641511a483519270d52943d5b10127524bed6fbd4e4a406f021
|
7
|
+
data.tar.gz: 10c42d26f03161530e9b7e79273b7bbbe549c599df6f61e99342287cad1e3977b63376afa04933d8d90c2735eba6538b1555cd9e246a9d1e0fcc9a289425d33d
|
@@ -1,3 +1,3 @@
|
|
1
1
|
require 'jar_dependencies'
|
2
|
-
require_jar('com.ip2proxy.ip2proxy', 'ip2proxy', '3.0.
|
3
|
-
require_jar('org.logstash.filters', 'logstash-filter-ip2proxy', '2.
|
2
|
+
require_jar('com.ip2proxy.ip2proxy', 'ip2proxy', '3.0.2')
|
3
|
+
require_jar('org.logstash.filters', 'logstash-filter-ip2proxy', '2.1.0')
|
@@ -1,50 +1,154 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
require "logstash/filters/base"
|
3
|
-
require "logstash/namespace"
|
4
|
-
|
5
|
-
require "logstash-filter-ip2proxy_jars"
|
6
|
-
|
7
|
-
class LogStash::Filters::IP2Proxy < LogStash::Filters::Base
|
8
|
-
config_name "ip2proxy"
|
9
|
-
|
10
|
-
# The path to the IP2Proxy.BIN database file which Logstash should use.
|
11
|
-
# If not specified, this will default to the IP2PROXY-LITE-PX4.BIN database that embedded in the plugin.
|
12
|
-
config :database, :validate => :path
|
13
|
-
|
14
|
-
# The field containing the IP address.
|
15
|
-
# If this field is an array, only the first value will be used.
|
16
|
-
config :source, :validate => :string, :required => true
|
17
|
-
|
18
|
-
# The field used to define iplocation as target.
|
19
|
-
config :target, :validate => :string, :default => 'ip2proxy'
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
end
|
1
|
+
# encoding: utf-8
|
2
|
+
require "logstash/filters/base"
|
3
|
+
require "logstash/namespace"
|
4
|
+
|
5
|
+
require "logstash-filter-ip2proxy_jars"
|
6
|
+
|
7
|
+
class LogStash::Filters::IP2Proxy < LogStash::Filters::Base
|
8
|
+
config_name "ip2proxy"
|
9
|
+
|
10
|
+
# The path to the IP2Proxy.BIN database file which Logstash should use.
|
11
|
+
# If not specified, this will default to the IP2PROXY-LITE-PX4.BIN database that embedded in the plugin.
|
12
|
+
config :database, :validate => :path
|
13
|
+
|
14
|
+
# The field containing the IP address.
|
15
|
+
# If this field is an array, only the first value will be used.
|
16
|
+
config :source, :validate => :string, :required => true
|
17
|
+
|
18
|
+
# The field used to define iplocation as target.
|
19
|
+
config :target, :validate => :string, :default => 'ip2proxy'
|
20
|
+
|
21
|
+
# The field used to define the size of the cache. It is not required and the default value is 10 000
|
22
|
+
config :cache_size, :validate => :number, :required => false, :default => 10_000
|
23
|
+
|
24
|
+
public
|
25
|
+
def register
|
26
|
+
if @database.nil?
|
27
|
+
@database = ::Dir.glob(::File.join(::File.expand_path("../../../vendor/", ::File.dirname(__FILE__)),"IP2PROXY-LITE-PX1.BIN")).first
|
28
|
+
|
29
|
+
if @database.nil? || !File.exists?(@database)
|
30
|
+
raise "You must specify 'database => ...' in your ip2proxy filter (I looked for '#{@database}')"
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
@logger.info("Using ip2proxy database", :path => @database)
|
35
|
+
|
36
|
+
@ip2proxyfilter = org.logstash.filters.IP2ProxyFilter.new(@source, @target, @database)
|
37
|
+
end
|
38
|
+
|
39
|
+
public
|
40
|
+
def filter(event)
|
41
|
+
ip = event.get(@source)
|
42
|
+
|
43
|
+
return unless filter?(event)
|
44
|
+
if value = Cache.find(event, ip, @ip2proxyfilter, @cache_size).get('ip2proxy')
|
45
|
+
event.set('ip2proxy', value)
|
46
|
+
filter_matched(event)
|
47
|
+
else
|
48
|
+
tag_iplookup_unsuccessful(event)
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def tag_iplookup_unsuccessful(event)
|
53
|
+
@logger.debug? && @logger.debug("IP #{event.get(@source)} was not found in the database", :event => event)
|
54
|
+
end
|
55
|
+
|
56
|
+
end # class LogStash::Filters::IP2Proxy
|
57
|
+
|
58
|
+
class OrderedHash
|
59
|
+
ONE = 1
|
60
|
+
|
61
|
+
attr_reader :times_queried # ip -> times queried
|
62
|
+
attr_reader :hash
|
63
|
+
|
64
|
+
def initialize
|
65
|
+
@times_queried = Hash.new(0) # ip -> times queried
|
66
|
+
@hash = {} # number of hits -> array of ips
|
67
|
+
end
|
68
|
+
|
69
|
+
def add(key)
|
70
|
+
hash[ONE] ||= []
|
71
|
+
hash[ONE] << key
|
72
|
+
times_queried[key] = ONE
|
73
|
+
end
|
74
|
+
|
75
|
+
def reorder(key)
|
76
|
+
number_of_queries = times_queried[key]
|
77
|
+
|
78
|
+
hash[number_of_queries].delete(key)
|
79
|
+
hash.delete(number_of_queries) if hash[number_of_queries].empty?
|
80
|
+
|
81
|
+
hash[number_of_queries + 1] ||= []
|
82
|
+
hash[number_of_queries + 1] << key
|
83
|
+
end
|
84
|
+
|
85
|
+
def increment(key)
|
86
|
+
add(key) unless times_queried.has_key?(key)
|
87
|
+
reorder(key)
|
88
|
+
times_queried[key] += 1
|
89
|
+
end
|
90
|
+
|
91
|
+
def delete_least_used
|
92
|
+
first_pile_with_something.shift.tap { |key| times_queried.delete(key) }
|
93
|
+
end
|
94
|
+
|
95
|
+
def first_pile_with_something
|
96
|
+
hash[hash.keys.min]
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
class Cache
|
101
|
+
ONE_DAY_IN_SECONDS = 86_400
|
102
|
+
|
103
|
+
@cache = {} # ip -> event
|
104
|
+
@timestamps = {} # ip -> time of caching
|
105
|
+
@times_queried = OrderedHash.new # ip -> times queried
|
106
|
+
@mutex = Mutex.new
|
107
|
+
|
108
|
+
class << self
|
109
|
+
attr_reader :cache
|
110
|
+
attr_reader :timestamps
|
111
|
+
attr_reader :times_queried
|
112
|
+
|
113
|
+
def find(event, ip, filter, cache_size)
|
114
|
+
synchronize do
|
115
|
+
if cache.has_key?(ip)
|
116
|
+
refresh_event(event, ip, filter) if too_old?(ip)
|
117
|
+
else
|
118
|
+
if cache_full?(cache_size)
|
119
|
+
make_room
|
120
|
+
end
|
121
|
+
cache_event(event, ip, filter)
|
122
|
+
end
|
123
|
+
times_queried.increment(ip)
|
124
|
+
cache[ip]
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
128
|
+
def too_old?(ip)
|
129
|
+
timestamps[ip] < Time.now - ONE_DAY_IN_SECONDS
|
130
|
+
end
|
131
|
+
|
132
|
+
def make_room
|
133
|
+
key = times_queried.delete_least_used
|
134
|
+
cache.delete(key)
|
135
|
+
timestamps.delete(key)
|
136
|
+
end
|
137
|
+
|
138
|
+
def cache_full?(cache_size)
|
139
|
+
cache.size >= cache_size
|
140
|
+
end
|
141
|
+
|
142
|
+
def cache_event(event, ip, filter)
|
143
|
+
filter.handleEvent(event)
|
144
|
+
cache[ip] = event
|
145
|
+
timestamps[ip] = Time.now
|
146
|
+
end
|
147
|
+
|
148
|
+
def synchronize(&block)
|
149
|
+
@mutex.synchronize(&block)
|
150
|
+
end
|
151
|
+
|
152
|
+
alias_method :refresh_event, :cache_event
|
153
|
+
end
|
154
|
+
end
|
@@ -1,8 +1,8 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-filter-ip2proxy'
|
4
|
-
s.version = '2.
|
5
|
-
s.licenses = ['Apache
|
4
|
+
s.version = '2.1.0'
|
5
|
+
s.licenses = ['Apache-2.0']
|
6
6
|
s.summary = "Logstash filter IP2Proxy"
|
7
7
|
s.description = "IP2Proxy filter plugin for Logstash enables Logstash's users to reverse search of IP address to detect VPN servers, open proxies, web proxies, Tor exit nodes, search engine robots, data center ranges and residential proxies using IP2Proxy BIN database."
|
8
8
|
s.authors = ["IP2Location"]
|
Binary file
|
File without changes
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-filter-ip2proxy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- IP2Location
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-05-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: logstash-core-plugin-api
|
@@ -56,11 +56,11 @@ files:
|
|
56
56
|
- spec/filters/ip2proxy_spec.rb
|
57
57
|
- spec/spec_helper.rb
|
58
58
|
- vendor/IP2PROXY-LITE-PX1.BIN
|
59
|
-
- vendor/jar-dependencies/com/ip2proxy/ip2proxy/ip2proxy/3.0.
|
60
|
-
- vendor/jar-dependencies/org/logstash/filters/logstash-filter-ip2proxy/2.
|
59
|
+
- vendor/jar-dependencies/com/ip2proxy/ip2proxy/ip2proxy/3.0.2/ip2proxy-3.0.2.jar
|
60
|
+
- vendor/jar-dependencies/org/logstash/filters/logstash-filter-ip2proxy/2.1.0/logstash-filter-ip2proxy-2.1.0.jar
|
61
61
|
homepage: https://www.ip2location.com
|
62
62
|
licenses:
|
63
|
-
- Apache
|
63
|
+
- Apache-2.0
|
64
64
|
metadata:
|
65
65
|
logstash_plugin: 'true'
|
66
66
|
logstash_group: filter
|