logstash-filter-request_parser 0.2.11

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 1295ed7c348d2ccb8db0f48d465ee5434fa0358f4b825c361191065fddcafcc0
4
+ data.tar.gz: c3f8ecbe5afbb2192e685489e97d230ca20d00fe53bce4d937bcfd1dad72ea03
5
+ SHA512:
6
+ metadata.gz: 3e309a1d827e445c350f1640ff9a5cf2d7784d998aae9b6ba87816d3d9b7865bd0c8aee460837b6b64dd0577b6971edc54039347a75d9faaa3448f19b26e568e
7
+ data.tar.gz: 4128161876a365d4c4b7ca0363bf1954440408dafd26d6d747481453e86a64a158cae39d7c5b85d926f76ff944a03285624a7e7d40ad3804622f088e735010fa
data/CHANGELOG.md ADDED
@@ -0,0 +1,13 @@
1
+ ## 1.0.0
2
+ - Updated for GA release of native support for Java plugins. Includes:
3
+ - Improved Gradle task wrappers
4
+ - Removal of auto-generated Ruby source files
5
+
6
+ ## 0.2.0
7
+ - Updated for beta version of native support for Java plugins. Includes:
8
+ - Gradle task wrappers
9
+ - Updated plugin API
10
+ - Full feature parity with Ruby plugins
11
+
12
+ ## 0.0.1
13
+ - Initial version for experimental v0 of native support for Java plugins.
data/Gemfile ADDED
@@ -0,0 +1,12 @@
1
+ # AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
2
+ source 'https://rubygems.org'
3
+
4
+ gemspec
5
+
6
+ logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
7
+ use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
8
+
9
+ if Dir.exist?(logstash_path) && use_logstash_source
10
+ gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
11
+ gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
12
+ end
data/README.md ADDED
@@ -0,0 +1,62 @@
1
+ # Logstash Request Parser
2
+
3
+ The `request_parser` plugin parses the `request` field from the access log or F5 ASM or LTM log. It extracts the `path`, `query` and `parameters` and decodes it. With this deeper parsing, it can be analyzed further, and is easy to read for humans.
4
+
5
+ It is fully free and fully open source. The license is Apache 2.0, meaning you are free to use it however you want.
6
+
7
+ This is a Request Parser plugin for [Logstash](https://github.com/elastic/logstash).
8
+
9
+ ## Sample
10
+
11
+ ```logstash
12
+ input { stdin { } }
13
+
14
+ # '1.1.1.1 - - [09/Jul/2019:11:41:32 +0200] "GET /api/v4/projects/4/merge_requests?page=1&per_page=100&state=opened HTTP/2.0" 304 0 "" "Mozilla/5.0"'
15
+
16
+ filter {
17
+ grok {
18
+ match => { "message" => "%{COMBINEDAPACHELOG}" }
19
+ }
20
+ date {
21
+ match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
22
+ }
23
+ }
24
+
25
+ filter {
26
+ request_parser {
27
+ request => "request"
28
+ target_path => "url.path"
29
+ target_query => "url.query"
30
+ target_query_parameters => "url.parameters"
31
+ parse_query_parameters => true # requires ES mapping as non-indexed object
32
+ }
33
+ }
34
+
35
+ output {
36
+ elasticsearch { hosts => ["localhost:9200"] }
37
+ stdout { codec => json }
38
+ }
39
+
40
+ # {
41
+ # "request": "/api/v4/projects/4/merge_requests?page=1&per_page=100&state=opened",
42
+ # "url.path": "/api/v4/projects/4/merge_requests",
43
+ # "url.query": "page=1&per_page=100&state=opened",
44
+ # "prameters": {
45
+ # "page": "1",
46
+ # "per_page": "100",
47
+ # "state": "opened"
48
+ # }
49
+ # }
50
+ ```
51
+
52
+ ## Options
53
+
54
+ | Setting | Input type | Required | Default |
55
+ | ---------------------- | ---------- | -------- | -------------- |
56
+ | request | string | No | request |
57
+ | separate_query_field | boolean | No | false |
58
+ | query | string | No | query |
59
+ | target_path | string | No | path |
60
+ | target_query | string | No | query |
61
+ | target_query_parameters| string | No | parameters |
62
+ | parse_query_parameters | boolean | No | true |
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.2.11
@@ -0,0 +1,87 @@
1
+ :plugin: example
2
+ :type: filter
3
+ // Update header with plugin name
4
+
5
+ ///////////////////////////////////////////
6
+ START - GENERATED VARIABLES, DO NOT EDIT!
7
+ ///////////////////////////////////////////
8
+ :version: %VERSION%
9
+ :release_date: %RELEASE_DATE%
10
+ :changelog_url: %CHANGELOG_URL%
11
+ :include_path: ../../../../logstash/docs/include
12
+ ///////////////////////////////////////////
13
+ END - GENERATED VARIABLES, DO NOT EDIT!
14
+ ///////////////////////////////////////////
15
+
16
+ [id="plugins-{type}s-{plugin}"]
17
+
18
+ === Example filter plugin
19
+
20
+ include::{include_path}/plugin_header.asciidoc[]
21
+
22
+ ==== Description
23
+
24
+ Add plugin description here
25
+
26
+ // Format anchors and links to support generated ids for versioning
27
+ // Sample anchor: [id="plugins-{type}s-{plugin}-setting_name"]
28
+ // Sample link: <<plugins-{type}s-{plugin}-setting_name>>
29
+
30
+ [id="plugins-{type}s-{plugin}-options"]
31
+ ==== Example Filter Configuration Options
32
+
33
+ [cols="<,<,<",options="header",]
34
+ |=======================================================================
35
+ |Setting |Input type|Required
36
+ | <<plugins-{type}s-{plugin}-a_setting_name>> |<<boolean,boolean>>|No
37
+ | <<plugins-{type}s-{plugin}-another_setting_name>> |<<hash,hash>>|No
38
+ | <<plugins-{type}s-{plugin}-setting_name_3>> |<<string,string>>|No
39
+ | <<plugins-{type}s-{plugin}-setting_name_4>> |<<number,number>>|No
40
+ | <<plugins-{type}s-{plugin}-setting_name_5>> |<<array,array>>|No
41
+ |=======================================================================
42
+
43
+ [id="plugins-{type}s-{plugin}-a_setting_name"]
44
+ ===== `a_setting_name`
45
+
46
+ * Value type is <<boolean,boolean>>
47
+ * Default value is `true`
48
+
49
+ Add description here
50
+
51
+ [id="plugins-{type}s-{plugin}-another_setting_name"]
52
+ ===== `another_setting_name`
53
+
54
+ * Value type is <<hash,hash>>
55
+ * Default value is `{}`
56
+
57
+ Add description here
58
+
59
+ [id="plugins-{type}s-{plugin}-setting_name_3"]
60
+ ===== `setting_name_3`
61
+
62
+ * Value type is <<string,string>>
63
+ * Default value is `{}`
64
+
65
+ Add description here
66
+
67
+ [id="plugins-{type}s-{plugin}-setting_name_4"]
68
+ ===== `setting_name_4`
69
+
70
+ * Value type is <<number,number>>
71
+ * Default value is `0`
72
+
73
+ Add description here
74
+
75
+ [id="plugins-{type}s-{plugin}-setting_name_5"]
76
+ ===== `setting_name_5`
77
+
78
+ * Value type is <<array,array>>
79
+ * Default value is {}
80
+
81
+ Add description here
82
+
83
+ // The full list of Value Types is here:
84
+ // https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html
85
+
86
+ [id="plugins-{type}s-{plugin}-common-options"]
87
+ include::{include_path}/{type}.asciidoc[]
@@ -0,0 +1,5 @@
1
+ # AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
2
+ # encoding: utf-8
3
+
4
+ require 'jar_dependencies'
5
+ require_jar('org.logstashplugins', 'logstash-filter-request_parser', '0.2.11')
@@ -0,0 +1,12 @@
1
+ # AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
2
+ # encoding: utf-8
3
+ require "logstash/filters/base"
4
+ require "logstash/namespace"
5
+ require "logstash-filter-request_parser_jars"
6
+ require "java"
7
+
8
+ class LogStash::Filters::RequestParser < LogStash::Filters::Base
9
+ config_name "request_parser"
10
+
11
+ def self.javaClass() Java::org.logstashplugins.RequestParser.java_class; end
12
+ end
@@ -0,0 +1,22 @@
1
+ # AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
2
+ Gem::Specification.new do |s|
3
+ s.name = 'logstash-filter-request_parser'
4
+ s.version = ::File.read('VERSION').split('\n').first
5
+ s.licenses = ['Apache-2.0']
6
+ s.summary = 'Parse access logs and ADC logs in a structured format'
7
+ s.description = 'This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program'
8
+ s.authors = ['Securely']
9
+ s.email = ['dev@securely.ai']
10
+ s.homepage = 'https://logstash.securely.ai/requestparser'
11
+ s.require_paths = ['lib', 'vendor/jar-dependencies']
12
+
13
+ s.files = Dir["lib/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
14
+
15
+ # Special flag to let us know this is actually a logstash plugin
16
+ s.metadata = { 'logstash_plugin' => 'true', 'logstash_group' => 'filter', 'java_plugin' => 'true'}
17
+
18
+ # Gem dependencies
19
+ s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
20
+ s.add_runtime_dependency 'jar-dependencies'
21
+ s.add_development_dependency 'logstash-devutils'
22
+ end
metadata ADDED
@@ -0,0 +1,107 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: logstash-filter-request_parser
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.2.11
5
+ platform: ruby
6
+ authors:
7
+ - Securely
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-08-29 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ requirement: !ruby/object:Gem::Requirement
15
+ requirements:
16
+ - - ">="
17
+ - !ruby/object:Gem::Version
18
+ version: '1.60'
19
+ - - "<="
20
+ - !ruby/object:Gem::Version
21
+ version: '2.99'
22
+ name: logstash-core-plugin-api
23
+ prerelease: false
24
+ type: :runtime
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ version: '1.60'
30
+ - - "<="
31
+ - !ruby/object:Gem::Version
32
+ version: '2.99'
33
+ - !ruby/object:Gem::Dependency
34
+ requirement: !ruby/object:Gem::Requirement
35
+ requirements:
36
+ - - ">="
37
+ - !ruby/object:Gem::Version
38
+ version: '0'
39
+ name: jar-dependencies
40
+ prerelease: false
41
+ type: :runtime
42
+ version_requirements: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ - !ruby/object:Gem::Dependency
48
+ requirement: !ruby/object:Gem::Requirement
49
+ requirements:
50
+ - - ">="
51
+ - !ruby/object:Gem::Version
52
+ version: '0'
53
+ name: logstash-devutils
54
+ prerelease: false
55
+ type: :development
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ version: '0'
61
+ description: This gem is a Logstash plugin required to be installed on top of the
62
+ Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
63
+ gem is not a stand-alone program
64
+ email:
65
+ - dev@securely.ai
66
+ executables: []
67
+ extensions: []
68
+ extra_rdoc_files: []
69
+ files:
70
+ - CHANGELOG.md
71
+ - Gemfile
72
+ - README.md
73
+ - VERSION
74
+ - docs/index.asciidoc
75
+ - lib/logstash-filter-request_parser_jars.rb
76
+ - lib/logstash/filters/request_parser.rb
77
+ - logstash-filter-request_parser.gemspec
78
+ - vendor/jar-dependencies/org/logstashplugins/logstash-filter-request_parser/0.2.11/logstash-filter-request_parser-0.2.11.jar
79
+ homepage: https://logstash.securely.ai/requestparser
80
+ licenses:
81
+ - Apache-2.0
82
+ metadata:
83
+ logstash_plugin: 'true'
84
+ logstash_group: filter
85
+ java_plugin: 'true'
86
+ post_install_message:
87
+ rdoc_options: []
88
+ require_paths:
89
+ - lib
90
+ - vendor/jar-dependencies
91
+ required_ruby_version: !ruby/object:Gem::Requirement
92
+ requirements:
93
+ - - ">="
94
+ - !ruby/object:Gem::Version
95
+ version: '0'
96
+ required_rubygems_version: !ruby/object:Gem::Requirement
97
+ requirements:
98
+ - - ">="
99
+ - !ruby/object:Gem::Version
100
+ version: '0'
101
+ requirements: []
102
+ rubyforge_project:
103
+ rubygems_version: 2.7.9
104
+ signing_key:
105
+ specification_version: 4
106
+ summary: Parse access logs and ADC logs in a structured format
107
+ test_files: []