logstash-filter-weblookup 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/logstash/filters/weblookup.rb +22 -18
- data/logstash-filter-weblookup.gemspec +1 -1
- metadata +6 -8
- data/Gemfile +0 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 28f608d4e3d04d7a3fccc21f2b237e1182dbe4f4af676853a4e993104d279a81
|
4
|
+
data.tar.gz: de90d0df100ad50d61c031edc1c6f8edaa0ddc71e351180963a56701cf7e7824
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1c98cf09977da2c452bcedb26f2e414a608a6bc3d8c328a006edb18a12143817b36bd36c0d4b5a75221dc4b711c409af5f8d93364eabf2316a9f75fab3c8c35e
|
7
|
+
data.tar.gz: 6ba19a93935316954bbdd24a11bf13f097c6a221a5aac16a9ddfe7031708036a01d85423b8344e4b667725c15820f1f33202e8b65f284daf4667a3210bb4255e
|
@@ -66,7 +66,7 @@ def register
|
|
66
66
|
@is_one_destination=false
|
67
67
|
if destinations.size == 1
|
68
68
|
@logger.info("one destination found, it is #{destinations[0]}")
|
69
|
-
|
69
|
+
@is_one_destination=true
|
70
70
|
else
|
71
71
|
if destinations.size != fields.size
|
72
72
|
@logger.error("Configuration error, there must be an equal amount of destinations and fields, defaulting to using the field as a root for the new values. e.g. if the lookup is done on the value of [\"ClientIP\"] the destination will be [\"ClientIP\"][\"Key\"]")
|
@@ -86,8 +86,8 @@ def register
|
|
86
86
|
@params.each do |key, value|
|
87
87
|
if value == "\<item\>"
|
88
88
|
@ip=key
|
89
|
-
|
90
|
-
|
89
|
+
@params.delete(key)
|
90
|
+
logger.info("the ip key in the uri is #{@ip}")
|
91
91
|
end
|
92
92
|
end
|
93
93
|
@connpool = ConnectionPool.new(size: 4, timeout: 180) {
|
@@ -98,21 +98,25 @@ end # def register
|
|
98
98
|
def filter(event)
|
99
99
|
if destinations[0] == "srcdst"
|
100
100
|
# ... do special sauce
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
101
|
+
begin
|
102
|
+
src = parse(event.get(fields[0]).to_s)
|
103
|
+
dst = parse(event.get(fields[1]).to_s)
|
104
|
+
srcdst = { :srcnet => src["netname"], :srchost => src["hostname"], :dstnet => dst["netname"], :dsthost => dst["hostname"] }
|
105
|
+
event.set("srcdst", srcdst)
|
106
|
+
event.get("[srcdst]").each {|k, v| event.set(k, v) }
|
107
|
+
event.remove("[srcdst]")
|
108
|
+
@logger.trace("processed: #{event.get(fields[0]).to_s} #{src} #{event.get(fields[1]).to_s} #{dst} #{srcdst}")
|
109
|
+
rescue Exception => e
|
110
|
+
@logger.error(" caught: #{e.message}")
|
111
|
+
end
|
108
112
|
else
|
109
113
|
fields.each_with_index do |field, index|
|
110
|
-
|
114
|
+
# @logger.info(event.get("["+field+"]"))
|
111
115
|
begin
|
112
|
-
|
113
|
-
|
116
|
+
json = parse(event.get(field).to_s)
|
117
|
+
event.set("["+destinations[index]+"]", json)
|
114
118
|
rescue Exception => e
|
115
|
-
|
119
|
+
@logger.error(" caught: #{e.message}")
|
116
120
|
end
|
117
121
|
end
|
118
122
|
end
|
@@ -146,7 +150,7 @@ def find(item)
|
|
146
150
|
# Is item in redis?
|
147
151
|
unless @red.nil?
|
148
152
|
res = @red.get(item)
|
149
|
-
|
153
|
+
unless res.nil?
|
150
154
|
return res
|
151
155
|
end
|
152
156
|
end
|
@@ -157,11 +161,11 @@ def find(item)
|
|
157
161
|
#logger.info(@uri.to_s)
|
158
162
|
@connpool.with do |conn|
|
159
163
|
http_response = conn.request_get(current_uri)
|
160
|
-
|
161
|
-
|
164
|
+
res = http_response.read_body if http_response.is_a?(Net::HTTPSuccess)
|
165
|
+
if res.eql? "null"
|
162
166
|
res = "{}"
|
163
167
|
end
|
164
|
-
|
168
|
+
#logger.info(res.to_s)
|
165
169
|
unless @red.nil?
|
166
170
|
@red.set(item, res)
|
167
171
|
@red.expire(item,redis_expiry)
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'logstash-filter-weblookup'
|
3
|
-
s.version = '0.1.
|
3
|
+
s.version = '0.1.4'
|
4
4
|
s.licenses = ['Apache-2.0']
|
5
5
|
s.summary = 'This logstash filter plugin takes one or more fields and enriches with a lookup value from a list, redis cache or webservice'
|
6
6
|
s.description = <<-EOF
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-filter-weblookup
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jan Geertsma
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-05-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -17,8 +17,8 @@ dependencies:
|
|
17
17
|
- !ruby/object:Gem::Version
|
18
18
|
version: '2.1'
|
19
19
|
name: logstash-core-plugin-api
|
20
|
-
prerelease: false
|
21
20
|
type: :runtime
|
21
|
+
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
@@ -31,8 +31,8 @@ dependencies:
|
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: '2.2'
|
33
33
|
name: connection_pool
|
34
|
-
prerelease: false
|
35
34
|
type: :runtime
|
35
|
+
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
@@ -45,8 +45,8 @@ dependencies:
|
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: '0'
|
47
47
|
name: logstash-devutils
|
48
|
-
prerelease: false
|
49
48
|
type: :development
|
49
|
+
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
@@ -67,7 +67,6 @@ files:
|
|
67
67
|
- CHANGELOG.md
|
68
68
|
- CONTRIBUTORS
|
69
69
|
- DEVELOPER.md
|
70
|
-
- Gemfile
|
71
70
|
- LICENSE
|
72
71
|
- README.md
|
73
72
|
- lib/logstash/filters/weblookup.rb
|
@@ -96,8 +95,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
96
95
|
- !ruby/object:Gem::Version
|
97
96
|
version: '0'
|
98
97
|
requirements: []
|
99
|
-
|
100
|
-
rubygems_version: 2.7.9
|
98
|
+
rubygems_version: 3.0.6
|
101
99
|
signing_key:
|
102
100
|
specification_version: 4
|
103
101
|
summary: This logstash filter plugin takes one or more fields and enriches with a
|
data/Gemfile
DELETED