logstash-filter-ipinfo 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 15f6c1deaa822397819cb18884f5f5a2d93dd292a2bd7ec89b9405d5b64b00df
+  data.tar.gz: a96745474ef95cf6ae1da1aa6d6c6a0b8df2b27a1cd024c1597bea017a80f50b
+SHA512:
+  metadata.gz: 9cb9366310da3113d86325c458ae13c73a44e1da1aa6d9a1d2bf2ae91d83ddd754b24d8bc8b9b660e4013ff590c5ce1714620b4fa112ab9e022122e19978809d
+  data.tar.gz: bcaab36fbdb80f8ac9d7c5cafb4cad559deb203a10be89ac75c466904a9cd27c0efc1cb7bce17fa60adcca16888c2cecbd3f08ebcfb624076e4312fb392b2684

data/CONTRIBUTORS

@@ -0,0 +1,10 @@
+The following is a list of people who have contributed ideas, code, bug
+reports, or in general have helped logstash along its way.
+
+Contributors:
+* nsherron90 - nsherron90@gmail.com
+
+Note: If you've sent us patches, bug reports, or otherwise contributed to
+Logstash, and you aren't on the list above and want to be, please let us know
+and we'll make sure you're here. Contributions from folks like you are what make
+open source awesome.

data/DEVELOPER.md

@@ -0,0 +1,2 @@
+# logstash-filter-ipinfo
+Example filter plugin. This should help bootstrap your effort to write your own filter plugin!

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+gemspec
+

data/LICENSE

@@ -0,0 +1,11 @@
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,80 @@
+# Logstash Ipinfo Filter 
+This is a filter plugin for [Logstash](https://github.com/elastic/logstash).
+
+It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
+
+## Documentation
+
+The Ipinfo filter adds geolocation information for IP addresses from logstash events via the Ipinfo API.
+
+
+
+## Usage
+### 1. Installation
+You can use the built-in plugin tool of Logstash to install the filter:
+```
+$LS_HOME/bin/logstash-plugin install logstash-filter-ipinfo
+```
+
+Or you can build it yourself:
+```
+git clone https://github.com/nsherron90/logstash-filter-ipinfo.git
+bundle install
+gem build logstash-filter-ipinfo.gemspec
+$LS_HOME/bin/logstash-plugin install logstash-filter-ipinfo-0.1.1.gem
+```
+
+### 2. Filter Configuration
+Add the following inside the filter section of your logstash configuration:
+
+```sh
+filter {
+  ipinfo {
+    ip => "ip_value"                 # string (required, reference to ip address field)
+    token => "your_ipinfo_token"      # string (optional, no default)
+    target => "ipinfo"            # string (optional, default = ipinfo)
+  }
+}
+```
+
+Print plugin version:
+
+``` bash
+bin/logstash-plugin list --verbose | grep ipinfo
+```
+
+Example for running logstash from `cli`:
+
+``` bash
+bin/logstash --debug -e \
+'input {
+    stdin {}
+}
+
+
+filter {
+  ipinfo {
+    ip => "%{message}"
+   }
+}
+
+output {
+   stdout {
+      codec => rubydebug {
+          metadata => true
+          }
+      }
+}'
+```
+
+
+
+## Contributing
+
+All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
+
+Programming is not a required skill. Whatever you've seen about open source and maintainers or community members  saying "send patches or die" - you will not see that here.
+
+It is more important to the community that you are able to contribute.
+
+For more information about contributing, see the [CONTRIBUTING](https://github.com/elasticsearch/logstash/blob/master/CONTRIBUTING.md) file.

data/lib/logstash/filters/greynoise.rb

@@ -0,0 +1,61 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "json"
+require "logstash/namespace"
+require 'faraday'
+
+
+# This  filter will replace the contents of the default
+# message field with whatever you specify in the configuration.
+#
+# It is only intended to be used as an .
+class LogStash::Filters::Ipinfo < LogStash::Filters::Base
+
+  # Setting the config_name here is required. This is how you
+  # configure this filter from your Logstash config.
+  #
+   #  filter {
+   #   ipinfo {
+   #     ip => "ip"
+   #   }
+   #  }
+
+  config_name "ipinfo"
+
+  # Replace the message with this value.
+
+  config :ip, :validate => :string, :required => true
+  config :token, :validate => :string, :required => false
+  config :target, :validate => :string, :default => "ipinfo"
+
+
+
+  public
+  def register
+  end # def register
+
+  public
+  def filter(event)
+
+    # check if api token exists and has len of 10 or more to prevent forbidden response
+    if @token.length >= 10
+      url = "https://ipinfo.io/" + event.sprintf(ip) + "/json?token=" + event.sprintf(token)
+      uri = URI.parse(URI.encode(url.strip))
+      response = Faraday.get(uri, nil, 'User-Agent' => 'logstash-filter-ipinfo')
+    # if no token then use free api
+    else
+      url = "https://ipinfo.io/" + event.sprintf(ip) + "/json"
+      uri = URI.parse(URI.encode(url.strip))
+      response = Faraday.get(uri, nil, 'User-Agent' => 'logstash-filter-ipinfo')
+
+    end
+
+    result = JSON.parse(response.body)
+
+    event.set(@target, result)
+    # filter_matched should go in the last line of our successful code
+    filter_matched(event)
+
+  end # def filter
+end # class LogStash::Filters::Ipinfo
+

data/logstash-filter-ipinfo.gemspec

@@ -0,0 +1,25 @@
+Gem::Specification.new do |s|
+  s.name          = 'logstash-filter-ipinfo'
+  s.version       = '0.1.1'
+  s.licenses      = ['Apache-2.0']
+  s.summary = 'This ipinfo filter takes contents in the ip field and returns ipinfo api data (see https://ipinfo.io/ for more info).'
+  s.description     = 'This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install logstash-filter-ipinfo. This gem is not a stand-alone program'
+  s.homepage = 'https://github.com/nsherron90/logstash-filter-ipinfo'
+  s.authors       = ['nsherron90']
+  s.email         = 'nsherron90@gmail.com'
+  s.require_paths = ['lib']
+
+  # Files
+  s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
+   # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
+
+  # Gem dependencies
+  s.add_runtime_dependency 'logstash-core-plugin-api', '~> 2.0'
+  s.add_development_dependency 'logstash-devutils'
+  s.add_runtime_dependency  'faraday', '~> 0.9.2'
+
+end

data/spec/filters/greynoise_spec.rb

@@ -0,0 +1,35 @@
+# encoding: utf-8
+require_relative '../spec_helper'
+require "logstash/filters/ipinfo"
+
+describe LogStash::Filters::Ipinfo do
+
+  describe "defaults" do
+    let(:config) do <<-CONFIG
+      filter {
+        ipinfo {
+          ip => "ip"
+        }
+      }
+    CONFIG
+    # end
+
+    sample("ip" => "8.8.8.8") do
+      insist { subject }.include?("ipinfo")
+
+      expected_fields = %w(ipinfo.ip )
+      expected_fields.each do |f|
+        insist { subject.get("ipinfo") }.include?(f)
+      end
+    end
+    end
+  end
+end
+#
+#
+#     sample("message" => "some text") do
+#       expect(subject).to include("message")
+#       expect(subject.get('message')).to eq('Hello World')
+#     end
+#   end
+# end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+# encoding: utf-8
+require "logstash/devutils/rspec/spec_helper"

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification
+name: logstash-filter-ipinfo
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- nsherron90
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2019-05-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  name: logstash-core-plugin-api
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-devutils
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+  name: faraday
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+description: This gem is a Logstash plugin required to be installed on top of the
+  Logstash core pipeline using $LS_HOME/bin/logstash-plugin install logstash-filter-ipinfo.
+  This gem is not a stand-alone program
+email: nsherron90@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- CONTRIBUTORS
+- DEVELOPER.md
+- Gemfile
+- LICENSE
+- README.md
+- lib/logstash/filters/greynoise.rb
+- logstash-filter-ipinfo.gemspec
+- spec/filters/greynoise_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/nsherron90/logstash-filter-ipinfo
+licenses:
+- Apache-2.0
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: filter
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.7.9
+signing_key:
+specification_version: 4
+summary: This ipinfo filter takes contents in the ip field and returns ipinfo api
+  data (see https://ipinfo.io/ for more info).
+test_files:
+- spec/filters/greynoise_spec.rb
+- spec/spec_helper.rb