logstash-filter-phpipam 0.5.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c59a75c38c05ad39dff02abca85f6cd80984335f72e054f1f1fa89dccca96f5a
+  data.tar.gz: f4d8722f7726151514c5a0bb02afcdb11c01b59ec892ee0ab7452699263d6d5f
+SHA512:
+  metadata.gz: 6c771f8f94a30d0ec188d2378c8906d0c3d02a0a62886375ec6ef5a2d3bba43532c2fcc1deb851e3976eddca29cb9d177ecf2a4be62af1ad670a59c24b694d51
+  data.tar.gz: ff3fe80c111102e8356232559bf7feec7bff26cdedbc3f8bc6bc285dcb65295228f3caf16da60541523726709cd6b9759a1f7d9ce100ead4d6204628dd04924d

data/CHANGELOG.md

@@ -0,0 +1,2 @@
+## 0.1.0
+  - Plugin created with the logstash plugin generator

data/CONTRIBUTORS

@@ -0,0 +1,10 @@
+The following is a list of people who have contributed ideas, code, bug
+reports, or in general have helped logstash along its way.
+
+Contributors:
+*  - 
+
+Note: If you've sent us patches, bug reports, or otherwise contributed to
+Logstash, and you aren't on the list above and want to be, please let us know
+and we'll make sure you're here. Contributions from folks like you are what make
+open source awesome.

data/DEVELOPER.md

@@ -0,0 +1,2 @@
+# logstash-filter-phpipam
+Example filter plugin. This should help bootstrap your effort to write your own filter plugin!

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+gemspec
+

data/LICENSE

@@ -0,0 +1,11 @@
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,86 @@
+# Logstash Plugin
+
+This is a plugin for [Logstash](https://github.com/elastic/logstash).
+
+It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
+
+## Documentation
+
+Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
+
+- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
+- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
+
+## Need Help?
+
+Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
+
+## Developing
+
+### 1. Plugin Developement and Testing
+
+#### Code
+- To get started, you'll need JRuby with the Bundler gem installed.
+
+- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
+
+- Install dependencies
+```sh
+bundle install
+```
+
+#### Test
+
+- Update your dependencies
+
+```sh
+bundle install
+```
+
+- Run tests
+
+```sh
+bundle exec rspec
+```
+
+### 2. Running your unpublished Plugin in Logstash
+
+#### 2.1 Run in a local Logstash clone
+
+- Edit Logstash `Gemfile` and add the local plugin path, for example:
+```ruby
+gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
+```
+- Install plugin
+```sh
+bin/logstash-plugin install --no-verify
+```
+- Run Logstash with your plugin
+```sh
+bin/logstash -e 'filter {awesome {}}'
+```
+At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
+
+#### 2.2 Run in an installed Logstash
+
+You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
+
+- Build your plugin gem
+```sh
+gem build logstash-filter-awesome.gemspec
+```
+- Install the plugin from the Logstash home
+```sh
+bin/logstash-plugin install /your/local/plugin/logstash-filter-awesome.gem
+```
+- Start Logstash and proceed to test the plugin
+
+## Contributing
+
+All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
+
+Programming is not a required skill. Whatever you've seen about open source and maintainers or community members  saying "send patches or die" - you will not see that here.
+
+It is more important to the community that you are able to contribute.
+
+For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.

data/lib/logstash/filters/phpipam.rb

@@ -0,0 +1,196 @@
+# frozen_string_literal: true
+
+require 'logstash/filters/base'
+
+require 'ipaddr'
+require 'json'
+require 'net/http'
+require 'openssl'
+require 'uri'
+
+# A Logstash filter that looks up an IP-address, and returns results from phpIPAM
+class LogStash::Filters::Phpipam < LogStash::Filters::Base
+  config_name 'phpipam'
+
+  # Full host path to connect to, e.g. 'https://phpipam.domain.local:3000'
+  config :host, validate: :string, required: true
+
+  # Application id of the API application (Administration -> API)
+  config :app_id, validate: :string, required: true
+
+  # Username and password to use for the connection
+  config :username, validate: :string, default: ''
+  config :password, validate: :string, default: ''
+
+  # Whether to use authentication or not
+  config :auth, validate: :boolean, required: true, default: true
+
+  # IP-address field to look up
+  config :source, validate: :string, required: true
+
+  # Target field to place all values
+  config :target, validate: :string, default: 'phpipam'
+
+  def register
+    # Validate auth
+    raise LogStash::ConfigurationError, 'Authentication was enabled, but no user/pass found' if @auth && (@username.empty? || @password.empty?)
+
+    # Get a session token
+    @token = send_rest_request('POST', "api/#{@app_id}/user/")['token'] if @auth
+
+    @target = normalize_target(@target)
+  end
+
+  def filter(event)
+    ip = event.get(@source)
+
+    return unless valid_ip?(ip, event)
+
+    # Get data from phpIPAM
+    event_data = phpipam_data(ip)
+
+    return if !event_data['error'].nil? && event_data['error']
+
+    # Set the data to the target path
+    event.set(@target, event_data)
+
+    # filter_matched should go in the last line of our successful code
+    filter_matched(event)
+  end
+
+  # make sure @target is in the format [field name] if defined,
+  # i.e. not empty and surrounded by brakets
+  # @param target: the target to normalize
+  # @return [string]
+  def normalize_target(target)
+    target = "[#{target}]" if target && target !~ %r{^\[[^\[\]]+\]$}
+    target
+  end
+
+  # Validates a IP-address
+  # @param ip: an IP-address
+  # @param event: The Logstash event variable
+  # @return [bool]
+  def valid_ip?(ip, event)
+    IPAddr.new(ip)
+
+    @logger.debug? && @logger.debug('Valid IP', ip: ip)
+
+    # Return true. Rescue would take over if a non-valid IP was parsed
+    true
+  rescue StandardError
+    @logger.debug? && @logger.debug('NOT a valid IP', ip: ip)
+    event.tag('_phpipam_invalid_ip')
+    false
+  end
+
+  # Sends a GET method REST request.
+  # @param method: which HTTP method to use (POST, GET)
+  # @param url_path: path to connect to
+  # @param basic_auth: whether to use basic_auth or not
+  # @return [hash]
+  def send_rest_request(method, url_path)
+    @logger.debug? && @logger.debug('Sending request', host: @host, path: url_path)
+
+    url = URI("#{@host}/#{url_path}")
+
+    http             = Net::HTTP.new(url.host, url.port)
+    http.use_ssl     = url.scheme == 'https'
+    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+    request = case method
+              when 'POST' then Net::HTTP::Post.new(url)
+              when 'GET' then Net::HTTP::Get.new(url)
+              end
+
+    request['accept']        = 'application/json'
+    request['content-type']  = 'application/json'
+    request['phpipam-token'] = @token unless @token.nil?
+    request.basic_auth(@username, @password) if @token.nil? && @auth
+
+    begin
+      response = http.request(request)
+    rescue StandardError
+      raise LogStash::ConfigurationError, I18n.t(
+        'logstash.runner.configuration.invalid_plugin_register',
+        plugin: 'filter',
+        type:   'phpipam',
+        error:  'Could not connect to configured host',
+      )
+    end
+
+    # Parse the body
+    rsp = JSON.parse(response.body)
+
+    # Raise an error if not a code 200 is returned
+    raise LogStash::ConfigurationError, "#{rsp['code']}:#{rsp['message']}" if rsp['code'] != 200
+
+    # Return error if no data field is present, else return the data
+    rsp = if rsp['data'].nil?
+            { 'error' => true }
+          else
+            rsp['data'].is_a?(Array) ? rsp['data'][0] : rsp['data']
+          end
+
+    @logger.debug? && @logger.debug('Got response', body: response.body, data: rsp)
+    rsp
+  end
+
+  # Checks whether the value is nil or empty
+  # @param value: a value to check
+  # @return [bool]
+  def nil_or_empty?(value)
+    value.nil? || value.empty?
+  end
+
+  # Queries phpIPAM and formats the data
+  # @param ip: an IP-address to query
+  # @return [hash]
+  def phpipam_data(ip)
+    # Fetch base data needed from phpIPAM
+    ip_data = send_rest_request('GET', "api/#{@app_id}/addresses/search/#{ip}/")
+
+    # If the IP wasn't found, return and do nuthin'
+    return { 'error' => true } if !ip_data['error'].nil? && ip_data['error']
+
+    subnet_data = send_rest_request('GET', "api/#{@app_id}/subnets/#{ip_data['subnetId']}/") unless nil_or_empty?(ip_data['subnetId'])
+    vlan_data   = send_rest_request('GET', "api/#{@app_id}/vlans/#{subnet_data['vlanId']}/") unless nil_or_empty?(subnet_data['vlanId'])
+
+    # Base hash to format data in
+    base = {
+      'ip' => {},
+    }
+
+    # IP information
+    base['ip']['id']          = ip_data['id'].to_i
+    base['ip']['address']     = ip_data['ip']
+    base['ip']['description'] = ip_data['description'] unless nil_or_empty?(ip_data['description'])
+    base['ip']['hostname']    = ip_data['hostname'] unless nil_or_empty?(ip_data['hostname'])
+    base['ip']['mac']         = ip_data['mac'] unless nil_or_empty?(ip_data['mac'])
+    base['ip']['note']        = ip_data['note'] unless nil_or_empty?(ip_data['note'])
+    base['ip']['owner']       = ip_data['owner'] unless nil_or_empty?(ip_data['owner'])
+
+    # Subnet information
+    if !defined?(subnet_data).nil? && subnet_data['error'].nil?
+      base['subnet']               = {}
+      base['subnet']['id']         = ip_data['subnetId'].to_i
+      base['subnet']['section_id'] = subnet_data['sectionId'].to_i
+      base['subnet']['bitmask']    = subnet_data['calculation']['Subnet bitmask'].to_i
+      base['subnet']['wildcard']   = subnet_data['calculation']['Subnet wildcard']
+      base['subnet']['netmask']    = subnet_data['calculation']['Subnet netmask']
+      base['subnet']['network']    = subnet_data['calculation']['Network']
+    end
+
+    # VLAN information
+    if !defined?(vlan_data).nil? && vlan_data['error'].nil?
+      base['vlan']                = {}
+      base['vlan']['id']          = subnet_data['vlanId'].to_i
+      base['vlan']['number']      = vlan_data['number'].to_i unless nil_or_empty?(vlan_data['number'])
+      base['vlan']['name']        = vlan_data['name'] unless nil_or_empty?(vlan_data['name'])
+      base['vlan']['description'] = vlan_data['description'] unless nil_or_empty?(vlan_data['description'])
+    end
+
+    # all your base are belong to us
+    base
+  end
+end

data/logstash-filter-phpipam.gemspec

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |s|
+  s.name          = 'logstash-filter-phpipam'
+  s.version       = '0.5.1'
+  s.licenses      = ['Apache-2.0']
+  s.summary       = 'A Logstash filter that returns results from phpIPAM'
+  s.description   = 'A Logstash filter that looks up an IP-address, and returns results from phpIPAM'
+  s.homepage      = 'https://github.com/magnuslarsen/logstash-filter-phpipam'
+  s.authors       = ['magnuslarsen']
+  s.email         = ''
+  s.require_paths = ['lib']
+
+  # Files
+  s.files = Dir['lib/**/*', 'spec/**/*', 'vendor/**/*', '*.gemspec', '*.md', 'CONTRIBUTORS', 'Gemfile', 'LICENSE', 'NOTICE.TXT']
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { 'logstash_plugin' => 'true', 'logstash_group' => 'filter' }
+
+  # Gem dependencies
+  s.add_runtime_dependency 'logstash-core-plugin-api', '~> 2.0'
+  s.add_development_dependency 'logstash-devutils'
+end

data/spec/filters/phpipam_spec.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+# I don't know how to rspec this...

data/spec/spec_helper.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'logstash/devutils/rspec/spec_helper'

metadata

@@ -0,0 +1,85 @@
+--- !ruby/object:Gem::Specification
+name: logstash-filter-phpipam
+version: !ruby/object:Gem::Version
+  version: 0.5.1
+platform: ruby
+authors:
+- magnuslarsen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-07-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: logstash-core-plugin-api
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: logstash-devutils
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A Logstash filter that looks up an IP-address, and returns results from
+  phpIPAM
+email: ''
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- CONTRIBUTORS
+- DEVELOPER.md
+- Gemfile
+- LICENSE
+- README.md
+- lib/logstash/filters/phpipam.rb
+- logstash-filter-phpipam.gemspec
+- spec/filters/phpipam_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/magnuslarsen/logstash-filter-phpipam
+licenses:
+- Apache-2.0
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: filter
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.4
+signing_key: 
+specification_version: 4
+summary: A Logstash filter that returns results from phpIPAM
+test_files:
+- spec/filters/phpipam_spec.rb
+- spec/spec_helper.rb