logstash-filter-ipam 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5f160ac54f8bc792c5c8e532de086002091d27cc571784e3d9139001d5c9530d
-  data.tar.gz: 3ea8071243425f5e7426079c86f1f5ceeed4bc233d52abc1f7c98031a554d965
+  metadata.gz: aa73397a601bf30ef7770ae0acbdbca481597337b99d4e5645fecddbd3b644da
+  data.tar.gz: eaeb7ce6e8ef074f38805f18783092f1b4a41e322740881db07a786888907170
 SHA512:
-  metadata.gz: fe0ba9b1b3b94b31e18ab3414b8531bdde0d50ca4b3aaeb5e27b11f21e0c4fb38308a7e052f69d09ae318c5af4b061f494890e120ba7598630c33e52c1c7fe62
-  data.tar.gz: fae7985e7626548eaaffc903509a8829fb8a0cc985bfe8364c91bb543a1ec41f765ced9d9de6199bdffbec6a6c7e9e78c27504702725c1b6da5115004c58ea16
+  metadata.gz: c9c1c7939ececb9984e9aa85e6d411324958b9c7e38b680bbef37e7308d5a530ec89e121e064c074aaf6acf69888cae7304a3940588f162df4f12ea0bb6c5cf9
+  data.tar.gz: 55868dcf04026c5e36f3942439f904322c55db2ab740227aebd2ff006eb3642980ccf10f826bd3f85e761d1a579b4a81919171bbc3345ec4bd6ed6bc29c117c7

data/lib/logstash/filters/ipam.rb

@@ -2,9 +2,10 @@
 require "logstash/filters/base"
 require "logstash/namespace"
 require "ipaddr"
+require "mysql"
 require "json"
 
-# This  filter will replace the contents of the default 
+# This  filter will replace the contents of the default
 # message field with whatever you specify in the configuration.
 #
 # It is only intended to be used as an .
@@ -12,50 +13,105 @@ class LogStash::Filters::Ipam < LogStash::Filters::Base
 
   # Setting the config_name here is required. This is how you
   # configure this filter from your Logstash config.
-  #
-  # filter {
-  #    {
-  #     message => "My message..."
-  #   }
-  # }
-  #
   config_name "ipam"
-  
-  # Replace the message with this value.
+
+  # Logstash filter options.
   config :ip, :validate => :string, :required => true
-  config :file, :validate => :string, :default => "/opt/subnets/subnets.json"
   config :field, :validate => :string, :default => "subnets"
+  config :gateway, :validate => :boolean, :default => false
 
+  # Mysql connection options.
+  config :mysql_host, :validate => :string, :required => true
+  config :mysql_user, :validate => :string, :required => true
+  config :mysql_pass, :validate => :string, :required => true
+  config :mysql_db, :validate => :string, :default => "phpipam"
 
-  public
-  def register
-    # Add instance variables
-  end # def register
+  # File storage options.
+  config :time_reset, :validate => :number, :default => 600
+  config :file, :validate => :string, :default => "/tmp/logstash-filter-ipam.json"
 
-  public
-  def filter(event)
-
-    results = Array.new
-    file = File.read(@file)
-    json = JSON.parse(file)
-    subnets = json["subnets"]
 
+  public
+  def register
+    # Check if the IP string is an actual IP, or stop process
     begin
-      ip = IPAddr.new(@ip)
+      @ip = IPAddr.new(@ip)
     rescue ArgumentError => e
       @logger.warn("Invalid IP address, skipping", :address => @ip, :event => event)
       nil
     end
+  end # def register
+
+  private
+  def downloadIpamSubnets(event)
+    begin
+      client = Mysql::Client.new(:host => @mysql_host,
+                                 :username => @mysql_user,
+                                 :password => @mysql_pass,
+                                 :database => @mysql_db)
+      result = client.query("SELECT id,  FROM subnets")
+      client.close()
+      return JSON.parse(result)
+    rescue
+        @logger.warn("Impossible to retrieve data from Mysql.", :address => @mysql_host, :event => event)
+    end
+  end
+
+  private
+  def getSubnets(event)
+    # Reading files
+    begin
+      file = File.read(@file)
+      json  JSON.parse(file)
+      return json["subnets"]
+    rescue
+      @logger.warn("Impossible to read into file.", :address => @file, :event => event)
+    end
+  end
 
+  private
+  def checkIpSubnets(ip, subnets)
+    results = Array.new
     subnets.each do |sub|
-      if IPAddr.new(sub['subnet'] + "/" + sub['netmask'].to_s) === ip
+      if !@gateway && sub['subnet'] == "0.0.0.0"
+        next
+      end
+      if IPAddr.new(sub['subnet'] + "/" + sub['netmask'].to_s).include?(ip)
         results.push(sub)
       end
     end
+    return results
+  end
+
+  private
+  def checkFile(event)
+    if (!File.exist?(@file) || File.mtime(@file).utc < (Time.now - @time_reset).utc)
+      begin
+        file = File.open(@file, 'w')
+        file.write(downloadIpamSubnets(event))
+      rescue
+        @logger.warn("Impossible to write into file.", :address => @file, :event => event)
+      end
+    end
+  end
+
+  public
+  def filter(event)
+    # Check file
+    #   if doesn't exist => create with content.
+    #   if need reset => update content.
+    checkFile(event)
+
+    # Get Subnets Checking the IP
+    # if can't read => Warning
+    # if gateway is false => won't register "0.0.0.0" subnets
+    ipamSubnets = getIpamSubnets(event)
+    subnets = checkIpSubnets(@ip, subnets)
 
     # Set field only if there is some subnets checked.
-    if results.length > 0
-      event.set(@field, results)
+    if subnets.length > 0
+      event.set(@field, subnets)
+    else
       # filter_matched should go in the last line of our successful code
       filter_matched(event)
     end

data/logstash-filter-ipam.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name          = 'logstash-filter-ipam'
-  s.version       = '0.1.1'
+  s.version       = '0.1.2'
   s.licenses      = ['Apache-2.0']
   s.summary       = 'Correlation with IPAM.'
   s.description   = 'Filter that allows getting subnets from existing file extracted from IPAM for an IP address.'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-ipam
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Corentin Dekimpe
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-12-20 00:00:00.000000000 Z
+date: 2017-12-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement