logstash-input-beats 6.1.6-java → 6.2.3-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -0
- data/VERSION +1 -1
- data/docs/index.asciidoc +24 -12
- data/lib/logstash/inputs/beats/message_listener.rb +12 -14
- data/lib/logstash/inputs/beats.rb +9 -5
- data/lib/logstash-input-beats_jars.rb +2 -2
- data/logstash-input-beats.gemspec +2 -1
- data/spec/inputs/beats/decoded_event_transform_spec.rb +1 -0
- data/spec/inputs/beats/event_transform_common_spec.rb +1 -0
- data/spec/inputs/beats/message_listener_spec.rb +1 -0
- data/spec/inputs/beats/raw_event_transform_spec.rb +1 -0
- data/spec/inputs/beats_spec.rb +81 -8
- data/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar +0 -0
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.2.3/logstash-input-beats-6.2.3.jar +0 -0
- metadata +35 -21
- data/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar +0 -0
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.6/logstash-input-beats-6.1.6.jar +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 446bfe3611386055b8281c6193e7165bcdaf590b852524126d6d71f656003646
|
4
|
+
data.tar.gz: a7a4c6a404451d755f3ee08709af7110a0b3a78afcb0482dd3e74d03cf971cab
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ccb49c86382f59e90759a1b65cc6d51d84e55c58761de3ae36e000b13fded516a6f25ac2fc654bb3e6e1900a7ba1387fff6962dc19523614a3e17d97f9530a8a
|
7
|
+
data.tar.gz: 8b3751ecca1e985b2e2ed1ef5caae6062b6a7310b2f3fc3a7e3a627537e6e9c1a57f490d2f4f7d325200eb59655a5d4b74cf65fec50829c32d0f30fffb3f3e1f
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,20 @@
|
|
1
|
+
## 6.2.3
|
2
|
+
- Updated log4j dependency to 2.15.0
|
3
|
+
|
4
|
+
## 6.2.2
|
5
|
+
- Fix: update to Gradle 7 [#432](https://github.com/logstash-plugins/logstash-input-beats/pull/432)
|
6
|
+
- [DOC] Edit documentation for `executor_threads` [#435](https://github.com/logstash-plugins/logstash-input-beats/pull/435)
|
7
|
+
|
8
|
+
## 6.2.1
|
9
|
+
- Fix: LS failing with `ssl_peer_metadata => true` [#431](https://github.com/logstash-plugins/logstash-input-beats/pull/431)
|
10
|
+
- [DOC] described `executor_threads` configuration parameter [#421](https://github.com/logstash-plugins/logstash-input-beats/pull/421)
|
11
|
+
|
12
|
+
## 6.2.0
|
13
|
+
- ECS compatibility enablement: Adds alias to support upcoming ECS v8 with the existing ECS v1 implementation
|
14
|
+
|
15
|
+
## 6.1.7
|
16
|
+
- [DOC] Remove limitations topic and link [#428](https://github.com/logstash-plugins/logstash-input-beats/pull/428)
|
17
|
+
|
1
18
|
## 6.1.6
|
2
19
|
- [DOC] Applied more attributes to manage plugin name in doc content, and implemented conditional text processing. [#423](https://github.com/logstash-plugins/logstash-input-http/pull/423)
|
3
20
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
6.
|
1
|
+
6.2.3
|
data/docs/index.asciidoc
CHANGED
@@ -101,15 +101,6 @@ plugin] to handle multiline events. Doing so will result in the failure to start
|
|
101
101
|
Logstash.
|
102
102
|
endif::[]
|
103
103
|
|
104
|
-
//Content for Elastic Agent
|
105
|
-
ifeval::["{plugin}"!="beats"]
|
106
|
-
[id="plugins-{type}s-{plugin}-limitations"]
|
107
|
-
===== Elastic Agent and Fleet limitations
|
108
|
-
|
109
|
-
Early releases of Elastic Agent and Fleet have some limitations, including support for advanced Beats settings like multiline, processors, and so forth.
|
110
|
-
For more information, see {fleet-guide}/fleet-limitations.html[Limitations of this release].
|
111
|
-
endif::[]
|
112
|
-
|
113
104
|
//Content for Beats
|
114
105
|
ifeval::["{plugin}"=="beats"]
|
115
106
|
[id="plugins-{type}s-{plugin}-versioned-indexes"]
|
@@ -150,11 +141,11 @@ output.
|
|
150
141
|
|
151
142
|
[cols="<l,<l,e,<e"]
|
152
143
|
|=======================================================================
|
153
|
-
|ECS disabled |ECS v1 |Availability |Description
|
144
|
+
|ECS `disabled` |ECS `v1`, `v8` |Availability |Description
|
154
145
|
|
155
146
|
|[host] |[@metadata][input][beats][host][name] |Always |Name or address of the {plugin-singular} host
|
156
147
|
|[@metadata][ip_address] |[@metadata][input][beats][host][ip] |Always |IP address of the {plugin-uc} client
|
157
|
-
|[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`
|
148
|
+
|[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`/`v8`
|
158
149
|
|[@metadata][tls_peer][protocol] | [@metadata][input][beats][tls][version_protocol] | When SSL status is "verified" | Contains the TLS version used (e.g. `TLSv1.2`)
|
159
150
|
|[@metadata][tls_peer][subject] | [@metadata][input][beats][tls][client][subject] | When SSL status is "verified" | Contains the identity name of the remote end (e.g. `CN=artifacts-no-kpi.elastic.co`)
|
160
151
|
|[@metadata][tls_peer][cipher_suite] | [@metadata][input][beats][tls][cipher] | When SSL status is "verified" | Contains the name of cipher suite used (e.g. `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`)
|
@@ -172,6 +163,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
172
163
|
| <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|No
|
173
164
|
| <<plugins-{type}s-{plugin}-client_inactivity_timeout>> |<<number,number>>|No
|
174
165
|
| <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
|
166
|
+
| <<plugins-{type}s-{plugin}-executor_threads>> |<<number,number>>|No
|
175
167
|
| <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
|
176
168
|
| <<plugins-{type}s-{plugin}-include_codec_tag>> |<<boolean,boolean>>|No
|
177
169
|
| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
|
@@ -225,13 +217,32 @@ Close Idle clients after X seconds of inactivity.
|
|
225
217
|
* Value type is <<string,string>>
|
226
218
|
* Supported values are:
|
227
219
|
** `disabled`: unstructured connection metadata added at root level
|
228
|
-
** `v1`: structured connection metadata added under ECS compliant namespaces
|
220
|
+
** `v1`: structured connection metadata added under ECS v1 compliant namespaces
|
221
|
+
** `v8`: structured connection metadata added under ECS v8 compliant namespaces
|
229
222
|
* Default value depends on which version of Logstash is running:
|
230
223
|
** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
|
231
224
|
** Otherwise, the default value is `disabled`.
|
232
225
|
|
233
226
|
Refer to <<plugins-{type}s-{plugin}-ecs_metadata,ECS mapping>> for detailed information.
|
234
227
|
|
228
|
+
[id="plugins-{type}s-{plugin}-executor_threads"]
|
229
|
+
===== `executor_threads`
|
230
|
+
|
231
|
+
* Value type is <<number,number>>
|
232
|
+
* Default value is 1 executor thread per CPU core
|
233
|
+
|
234
|
+
The number of threads to be used to process incoming beats requests.
|
235
|
+
By default the Beats input creates a number of threads equal to 2*CPU cores.
|
236
|
+
These threads handle incoming connections, reading from established sockets, and executing most of the tasks related to network connection management.
|
237
|
+
Parsing the Lumberjack protocol is offloaded to a dedicated thread pool.
|
238
|
+
|
239
|
+
Generally you don't need to touch this setting.
|
240
|
+
In case you are sending very large events and observing "OutOfDirectMemory" exceptions,
|
241
|
+
you may want to reduce this number to half or 1/4 of the CPU cores.
|
242
|
+
This change reduces the number of threads decompressing batches of data into direct memory.
|
243
|
+
However, this will only be a mitigating tweak, as the proper solution may require resizing your Logstash deployment,
|
244
|
+
either by increasing number of Logstash nodes or increasing the JVM's Direct Memory.
|
245
|
+
|
235
246
|
[id="plugins-{type}s-{plugin}-host"]
|
236
247
|
===== `host`
|
237
248
|
|
@@ -363,3 +374,4 @@ The minimum TLS version allowed for the encrypted connections. The value must be
|
|
363
374
|
include::{include_path}/{type}.asciidoc[]
|
364
375
|
|
365
376
|
:default_codec!:
|
377
|
+
|
@@ -15,6 +15,8 @@ module LogStash module Inputs class Beats
|
|
15
15
|
|
16
16
|
attr_reader :logger, :input, :connections_list
|
17
17
|
|
18
|
+
attr_reader :event_factory
|
19
|
+
|
18
20
|
def initialize(queue, input)
|
19
21
|
@connections_list = ThreadSafe::Hash.new
|
20
22
|
@queue = queue
|
@@ -25,6 +27,7 @@ module LogStash module Inputs class Beats
|
|
25
27
|
|
26
28
|
@nocodec_transformer = RawEventTransform.new(@input)
|
27
29
|
@codec_transformer = DecodedEventTransform.new(@input)
|
30
|
+
@event_factory = input.event_factory
|
28
31
|
end
|
29
32
|
|
30
33
|
def onNewMessage(ctx, message)
|
@@ -39,7 +42,7 @@ module LogStash module Inputs class Beats
|
|
39
42
|
extract_tls_peer(hash, ctx)
|
40
43
|
|
41
44
|
if target_field.nil?
|
42
|
-
event =
|
45
|
+
event = event_factory.new_event(hash)
|
43
46
|
@nocodec_transformer.transform(event)
|
44
47
|
@queue << event
|
45
48
|
else
|
@@ -129,7 +132,7 @@ module LogStash module Inputs class Beats
|
|
129
132
|
tls_session = ctx.channel().pipeline().get("ssl-handler").engine().getSession()
|
130
133
|
tls_verified = true
|
131
134
|
|
132
|
-
|
135
|
+
unless @input.client_authentication_required?
|
133
136
|
# throws SSLPeerUnverifiedException if unverified
|
134
137
|
begin
|
135
138
|
tls_session.getPeerCertificates()
|
@@ -141,18 +144,16 @@ module LogStash module Inputs class Beats
|
|
141
144
|
end
|
142
145
|
end
|
143
146
|
|
147
|
+
meta_data = hash['@metadata'] ||= {}
|
148
|
+
|
144
149
|
if tls_verified
|
145
|
-
|
146
|
-
set_nested(hash, @field_tls_peer_subject, tls_session.getPeerPrincipal().getName())
|
147
|
-
set_nested(hash, @field_tls_cipher, tls_session.getCipherSuite())
|
150
|
+
meta_data['tls_peer'] = { :status => "verified" }
|
148
151
|
|
149
|
-
hash
|
150
|
-
|
151
|
-
|
152
|
+
set_nested(hash, input.field_tls_protocol_version, tls_session.getProtocol())
|
153
|
+
set_nested(hash, input.field_tls_peer_subject, tls_session.getPeerPrincipal().getName())
|
154
|
+
set_nested(hash, input.field_tls_cipher, tls_session.getCipherSuite())
|
152
155
|
else
|
153
|
-
|
154
|
-
:status => "unverified"
|
155
|
-
}
|
156
|
+
meta_data['tls_peer'] = { :status => "unverified" }
|
156
157
|
end
|
157
158
|
end
|
158
159
|
end
|
@@ -163,9 +164,6 @@ module LogStash module Inputs class Beats
|
|
163
164
|
field_ref = Java::OrgLogstash::FieldReference.from(field_name)
|
164
165
|
# create @metadata sub-hash if needed
|
165
166
|
if field_ref.type == Java::OrgLogstash::FieldReference::META_CHILD
|
166
|
-
unless hash.key?("@metadata")
|
167
|
-
hash["@metadata"] = {}
|
168
|
-
end
|
169
167
|
nesting_hash = hash["@metadata"]
|
170
168
|
else
|
171
169
|
nesting_hash = hash
|
@@ -6,6 +6,7 @@ require "logstash/codecs/multiline"
|
|
6
6
|
require "logstash/util"
|
7
7
|
require "logstash-input-beats_jars"
|
8
8
|
require "logstash/plugin_mixins/ecs_compatibility_support"
|
9
|
+
require 'logstash/plugin_mixins/event_support/event_factory_adapter'
|
9
10
|
require_relative "beats/patch"
|
10
11
|
|
11
12
|
# This input plugin enables Logstash to receive events from the
|
@@ -51,7 +52,9 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
51
52
|
require "logstash/inputs/beats/tls"
|
52
53
|
|
53
54
|
# adds ecs_compatibility config which could be :disabled or :v1
|
54
|
-
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled,:v1)
|
55
|
+
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled,:v1, :v8 => :v1)
|
56
|
+
|
57
|
+
include LogStash::PluginMixins::EventSupport::EventFactoryAdapter
|
55
58
|
|
56
59
|
config_name "beats"
|
57
60
|
|
@@ -126,6 +129,7 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
126
129
|
config :executor_threads, :validate => :number, :default => LogStash::Config::CpuCoreStrategy.maximum
|
127
130
|
|
128
131
|
attr_reader :field_hostname, :field_hostip
|
132
|
+
attr_reader :field_tls_protocol_version, :field_tls_peer_subject, :field_tls_cipher
|
129
133
|
|
130
134
|
def register
|
131
135
|
# For Logstash 2.4 we need to make sure that the logger is correctly set for the
|
@@ -164,10 +168,10 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
164
168
|
|
165
169
|
# define ecs name mapping
|
166
170
|
@field_hostname = ecs_select[disabled: "host", v1: "[@metadata][input][beats][host][name]"]
|
167
|
-
@field_hostip
|
168
|
-
@field_tls_protocol_version
|
169
|
-
@field_tls_peer_subject
|
170
|
-
@field_tls_cipher
|
171
|
+
@field_hostip = ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][beats][host][ip]"]
|
172
|
+
@field_tls_protocol_version = ecs_select[disabled: "[@metadata][tls_peer][protocol]", v1: "[@metadata][input][beats][tls][version_protocol]"]
|
173
|
+
@field_tls_peer_subject = ecs_select[disabled: "[@metadata][tls_peer][subject]", v1: "[@metadata][input][beats][tls][client][subject]"]
|
174
|
+
@field_tls_cipher = ecs_select[disabled: "[@metadata][tls_peer][cipher_suite]", v1: "[@metadata][input][beats][tls][cipher]"]
|
171
175
|
|
172
176
|
@logger.info("Starting input listener", :address => "#{@host}:#{@port}")
|
173
177
|
|
@@ -7,5 +7,5 @@ require_jar('com.fasterxml.jackson.core', 'jackson-core', '2.9.10')
|
|
7
7
|
require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.10')
|
8
8
|
require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.8')
|
9
9
|
require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.10')
|
10
|
-
require_jar('org.apache.logging.log4j', 'log4j-api', '2.
|
11
|
-
require_jar('org.logstash.beats', 'logstash-input-beats', '6.
|
10
|
+
require_jar('org.apache.logging.log4j', 'log4j-api', '2.15.0')
|
11
|
+
require_jar('org.logstash.beats', 'logstash-input-beats', '6.2.3')
|
@@ -27,7 +27,8 @@ Gem::Specification.new do |s|
|
|
27
27
|
s.add_runtime_dependency "thread_safe", "~> 0.3.5"
|
28
28
|
s.add_runtime_dependency "logstash-codec-multiline", ">= 2.0.5"
|
29
29
|
s.add_runtime_dependency 'jar-dependencies', '~> 0.3', '>= 0.3.4'
|
30
|
-
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.
|
30
|
+
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.3'
|
31
|
+
s.add_runtime_dependency 'logstash-mixin-event_support', '~>1.0'
|
31
32
|
|
32
33
|
s.add_development_dependency "flores", "~>0.0.6"
|
33
34
|
s.add_development_dependency "rspec"
|
@@ -31,6 +31,7 @@ describe LogStash::Inputs::Beats::DecodedEventTransform do
|
|
31
31
|
|
32
32
|
include_examples "Common Event Transformation", :disabled, "host"
|
33
33
|
include_examples "Common Event Transformation", :v1, "[@metadata][input][beats][host][name]"
|
34
|
+
include_examples "Common Event Transformation", :v8, "[@metadata][input][beats][host][name]"
|
34
35
|
|
35
36
|
it "tags the event" do
|
36
37
|
expect(subject.get("tags")).to include("beats_input_codec_plain_applied")
|
@@ -9,4 +9,5 @@ describe LogStash::Inputs::Beats::EventTransformCommon do
|
|
9
9
|
|
10
10
|
include_examples "Common Event Transformation", :disabled, "host"
|
11
11
|
include_examples "Common Event Transformation", :v1, "[@metadata][input][beats][host][name]"
|
12
|
+
include_examples "Common Event Transformation", :v8, "[@metadata][input][beats][host][name]"
|
12
13
|
end
|
@@ -211,6 +211,7 @@ describe LogStash::Inputs::Beats::MessageListener do
|
|
211
211
|
|
212
212
|
it_behaves_like "when the message is from any libbeat", :disabled, "[@metadata][ip_address]"
|
213
213
|
it_behaves_like "when the message is from any libbeat", :v1, "[@metadata][input][beats][host][ip]"
|
214
|
+
it_behaves_like "when the message is from any libbeat", :v8, "[@metadata][input][beats][host][ip]"
|
214
215
|
end
|
215
216
|
|
216
217
|
context "onException" do
|
@@ -20,6 +20,7 @@ describe LogStash::Inputs::Beats::RawEventTransform do
|
|
20
20
|
|
21
21
|
include_examples "Common Event Transformation", :disabled, "host"
|
22
22
|
include_examples "Common Event Transformation", :v1, "[@metadata][input][beats][host][name]"
|
23
|
+
include_examples "Common Event Transformation", :v8, "[@metadata][input][beats][host][name]"
|
23
24
|
|
24
25
|
it "tags the event" do
|
25
26
|
expect(subject.get("tags")).to include("beats_input_raw_event")
|
data/spec/inputs/beats_spec.rb
CHANGED
@@ -12,26 +12,28 @@ describe LogStash::Inputs::Beats do
|
|
12
12
|
let(:connection) { double("connection") }
|
13
13
|
let(:certificate) { BeatsInputTest.certificate }
|
14
14
|
let(:port) { BeatsInputTest.random_port }
|
15
|
+
let(:client_inactivity_timeout) { 400 }
|
16
|
+
let(:threads) { 1 + rand(9) }
|
15
17
|
let(:queue) { Queue.new }
|
16
18
|
let(:config) do
|
17
19
|
{
|
18
|
-
"port" =>
|
20
|
+
"port" => port,
|
19
21
|
"ssl_certificate" => certificate.ssl_cert,
|
20
22
|
"ssl_key" => certificate.ssl_key,
|
23
|
+
"client_inactivity_timeout" => client_inactivity_timeout,
|
24
|
+
"executor_threads" => threads,
|
21
25
|
"type" => "example",
|
22
26
|
"tags" => "beats"
|
23
27
|
}
|
24
28
|
end
|
25
29
|
|
30
|
+
subject(:plugin) { LogStash::Inputs::Beats.new(config) }
|
31
|
+
|
26
32
|
context "#register" do
|
27
33
|
context "host related configuration" do
|
28
|
-
let(:config) { super().merge("host" => host, "port" => port
|
34
|
+
let(:config) { super().merge("host" => host, "port" => port) }
|
29
35
|
let(:host) { "192.168.1.20" }
|
30
|
-
let(:port) {
|
31
|
-
let(:client_inactivity_timeout) { 400 }
|
32
|
-
let(:threads) { 10 }
|
33
|
-
|
34
|
-
subject(:plugin) { LogStash::Inputs::Beats.new(config) }
|
36
|
+
let(:port) { 9001 }
|
35
37
|
|
36
38
|
it "sends the required options to the server" do
|
37
39
|
expect(org.logstash.beats.Server).to receive(:new).with(host, port, client_inactivity_timeout, threads)
|
@@ -158,9 +160,80 @@ describe LogStash::Inputs::Beats do
|
|
158
160
|
|
159
161
|
it "raise a ConfigurationError when multiline codec is set" do
|
160
162
|
plugin = LogStash::Inputs::Beats.new(config)
|
161
|
-
expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "Multiline codec with beats input is not supported. Please refer to the beats documentation for how to best manage multiline data. See https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html")
|
163
|
+
expect { plugin.register }.to raise_error(LogStash::ConfigurationError, "Multiline codec with beats input is not supported. Please refer to the beats documentation for how to best manage multiline data. See https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html")
|
164
|
+
end
|
165
|
+
end
|
166
|
+
end
|
167
|
+
|
168
|
+
context "tls meta-data" do
|
169
|
+
let(:config) { super().merge("host" => host, "ssl_peer_metadata" => true, "ssl_certificate_authorities" => [ certificate.ssl_cert ]) }
|
170
|
+
let(:host) { "192.168.1.20" }
|
171
|
+
let(:port) { 9002 }
|
172
|
+
|
173
|
+
let(:queue) { Queue.new }
|
174
|
+
let(:event) { LogStash::Event.new }
|
175
|
+
|
176
|
+
subject(:plugin) { LogStash::Inputs::Beats.new(config) }
|
177
|
+
|
178
|
+
before do
|
179
|
+
@server = org.logstash.beats.Server.new(host, port, client_inactivity_timeout, threads)
|
180
|
+
expect( org.logstash.beats.Server ).to receive(:new).with(host, port, client_inactivity_timeout, threads).and_return @server
|
181
|
+
expect( @server ).to receive(:listen)
|
182
|
+
|
183
|
+
subject.register
|
184
|
+
subject.run(queue) # listen does nothing
|
185
|
+
@message_listener = @server.getMessageListener
|
186
|
+
|
187
|
+
allow( ssl_engine = double('ssl_engine') ).to receive(:getSession).and_return ssl_session
|
188
|
+
allow( ssl_handler = double('ssl-handler') ).to receive(:engine).and_return ssl_engine
|
189
|
+
allow( pipeline = double('pipeline') ).to receive(:get).and_return ssl_handler
|
190
|
+
allow( @channel = double('channel') ).to receive(:pipeline).and_return pipeline
|
191
|
+
end
|
192
|
+
|
193
|
+
let(:ctx) do
|
194
|
+
Java::io.netty.channel.ChannelHandlerContext.impl do |method, *args|
|
195
|
+
fail("unexpected #{method}( #{args} )") unless method.eql?(:channel)
|
196
|
+
@channel
|
162
197
|
end
|
163
198
|
end
|
199
|
+
|
200
|
+
let(:ssl_session) do
|
201
|
+
Java::javax.net.ssl.SSLSession.impl do |method, *args|
|
202
|
+
case method
|
203
|
+
when :getPeerCertificates
|
204
|
+
[].to_java(java.security.cert.Certificate)
|
205
|
+
when :getProtocol
|
206
|
+
'TLS-Mock'
|
207
|
+
when :getCipherSuite
|
208
|
+
'SSL_NULL_WITH_TEST_SPEC'
|
209
|
+
when :getPeerPrincipal
|
210
|
+
javax.security.auth.x500.X500Principal.new('CN=TEST, OU=RSpec, O=Logstash, C=NL', {})
|
211
|
+
else
|
212
|
+
fail("unexpected #{method}( #{args} )")
|
213
|
+
end
|
214
|
+
end
|
215
|
+
end
|
216
|
+
|
217
|
+
let(:ssl_session_peer_principal) do
|
218
|
+
javax.security.auth.x500.X500Principal
|
219
|
+
end
|
220
|
+
|
221
|
+
let(:message) do
|
222
|
+
org.logstash.beats.Message.new(0, java.util.HashMap.new('foo' => 'bar'))
|
223
|
+
end
|
224
|
+
|
225
|
+
it 'sets tls fields' do
|
226
|
+
@message_listener.onNewMessage(ctx, message)
|
227
|
+
|
228
|
+
expect( queue.size ).to be 1
|
229
|
+
expect( event = queue.pop ).to be_a LogStash::Event
|
230
|
+
|
231
|
+
expect( event.get('[@metadata][tls_peer][status]') ).to eql 'verified'
|
232
|
+
|
233
|
+
expect( event.get('[@metadata][tls_peer][protocol]') ).to eql 'TLS-Mock'
|
234
|
+
expect( event.get('[@metadata][tls_peer][cipher_suite]') ).to eql 'SSL_NULL_WITH_TEST_SPEC'
|
235
|
+
expect( event.get('[@metadata][tls_peer][subject]') ).to eql 'CN=TEST,OU=RSpec,O=Logstash,C=NL'
|
236
|
+
end
|
164
237
|
end
|
165
238
|
|
166
239
|
context "when interrupting the plugin" do
|
Binary file
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-beats
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.2.3
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-12-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -20,8 +20,8 @@ dependencies:
|
|
20
20
|
- !ruby/object:Gem::Version
|
21
21
|
version: '2.99'
|
22
22
|
name: logstash-core-plugin-api
|
23
|
-
type: :runtime
|
24
23
|
prerelease: false
|
24
|
+
type: :runtime
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
26
26
|
requirements:
|
27
27
|
- - ">="
|
@@ -37,8 +37,8 @@ dependencies:
|
|
37
37
|
- !ruby/object:Gem::Version
|
38
38
|
version: '0'
|
39
39
|
name: logstash-codec-plain
|
40
|
-
type: :runtime
|
41
40
|
prerelease: false
|
41
|
+
type: :runtime
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
43
43
|
requirements:
|
44
44
|
- - ">="
|
@@ -51,8 +51,8 @@ dependencies:
|
|
51
51
|
- !ruby/object:Gem::Version
|
52
52
|
version: '1.0'
|
53
53
|
name: concurrent-ruby
|
54
|
-
type: :runtime
|
55
54
|
prerelease: false
|
55
|
+
type: :runtime
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
57
57
|
requirements:
|
58
58
|
- - "~>"
|
@@ -65,8 +65,8 @@ dependencies:
|
|
65
65
|
- !ruby/object:Gem::Version
|
66
66
|
version: 0.3.5
|
67
67
|
name: thread_safe
|
68
|
-
type: :runtime
|
69
68
|
prerelease: false
|
69
|
+
type: :runtime
|
70
70
|
version_requirements: !ruby/object:Gem::Requirement
|
71
71
|
requirements:
|
72
72
|
- - "~>"
|
@@ -79,8 +79,8 @@ dependencies:
|
|
79
79
|
- !ruby/object:Gem::Version
|
80
80
|
version: 2.0.5
|
81
81
|
name: logstash-codec-multiline
|
82
|
-
type: :runtime
|
83
82
|
prerelease: false
|
83
|
+
type: :runtime
|
84
84
|
version_requirements: !ruby/object:Gem::Requirement
|
85
85
|
requirements:
|
86
86
|
- - ">="
|
@@ -96,8 +96,8 @@ dependencies:
|
|
96
96
|
- !ruby/object:Gem::Version
|
97
97
|
version: 0.3.4
|
98
98
|
name: jar-dependencies
|
99
|
-
type: :runtime
|
100
99
|
prerelease: false
|
100
|
+
type: :runtime
|
101
101
|
version_requirements: !ruby/object:Gem::Requirement
|
102
102
|
requirements:
|
103
103
|
- - "~>"
|
@@ -111,15 +111,29 @@ dependencies:
|
|
111
111
|
requirements:
|
112
112
|
- - "~>"
|
113
113
|
- !ruby/object:Gem::Version
|
114
|
-
version: '1.
|
114
|
+
version: '1.3'
|
115
115
|
name: logstash-mixin-ecs_compatibility_support
|
116
|
+
prerelease: false
|
116
117
|
type: :runtime
|
118
|
+
version_requirements: !ruby/object:Gem::Requirement
|
119
|
+
requirements:
|
120
|
+
- - "~>"
|
121
|
+
- !ruby/object:Gem::Version
|
122
|
+
version: '1.3'
|
123
|
+
- !ruby/object:Gem::Dependency
|
124
|
+
requirement: !ruby/object:Gem::Requirement
|
125
|
+
requirements:
|
126
|
+
- - "~>"
|
127
|
+
- !ruby/object:Gem::Version
|
128
|
+
version: '1.0'
|
129
|
+
name: logstash-mixin-event_support
|
117
130
|
prerelease: false
|
131
|
+
type: :runtime
|
118
132
|
version_requirements: !ruby/object:Gem::Requirement
|
119
133
|
requirements:
|
120
134
|
- - "~>"
|
121
135
|
- !ruby/object:Gem::Version
|
122
|
-
version: '1.
|
136
|
+
version: '1.0'
|
123
137
|
- !ruby/object:Gem::Dependency
|
124
138
|
requirement: !ruby/object:Gem::Requirement
|
125
139
|
requirements:
|
@@ -127,8 +141,8 @@ dependencies:
|
|
127
141
|
- !ruby/object:Gem::Version
|
128
142
|
version: 0.0.6
|
129
143
|
name: flores
|
130
|
-
type: :development
|
131
144
|
prerelease: false
|
145
|
+
type: :development
|
132
146
|
version_requirements: !ruby/object:Gem::Requirement
|
133
147
|
requirements:
|
134
148
|
- - "~>"
|
@@ -141,8 +155,8 @@ dependencies:
|
|
141
155
|
- !ruby/object:Gem::Version
|
142
156
|
version: '0'
|
143
157
|
name: rspec
|
144
|
-
type: :development
|
145
158
|
prerelease: false
|
159
|
+
type: :development
|
146
160
|
version_requirements: !ruby/object:Gem::Requirement
|
147
161
|
requirements:
|
148
162
|
- - ">="
|
@@ -155,8 +169,8 @@ dependencies:
|
|
155
169
|
- !ruby/object:Gem::Version
|
156
170
|
version: '0'
|
157
171
|
name: stud
|
158
|
-
type: :development
|
159
172
|
prerelease: false
|
173
|
+
type: :development
|
160
174
|
version_requirements: !ruby/object:Gem::Requirement
|
161
175
|
requirements:
|
162
176
|
- - ">="
|
@@ -169,8 +183,8 @@ dependencies:
|
|
169
183
|
- !ruby/object:Gem::Version
|
170
184
|
version: '0'
|
171
185
|
name: pry
|
172
|
-
type: :development
|
173
186
|
prerelease: false
|
187
|
+
type: :development
|
174
188
|
version_requirements: !ruby/object:Gem::Requirement
|
175
189
|
requirements:
|
176
190
|
- - ">="
|
@@ -183,8 +197,8 @@ dependencies:
|
|
183
197
|
- !ruby/object:Gem::Version
|
184
198
|
version: '0'
|
185
199
|
name: rspec-wait
|
186
|
-
type: :development
|
187
200
|
prerelease: false
|
201
|
+
type: :development
|
188
202
|
version_requirements: !ruby/object:Gem::Requirement
|
189
203
|
requirements:
|
190
204
|
- - ">="
|
@@ -197,8 +211,8 @@ dependencies:
|
|
197
211
|
- !ruby/object:Gem::Version
|
198
212
|
version: '0'
|
199
213
|
name: logstash-devutils
|
200
|
-
type: :development
|
201
214
|
prerelease: false
|
215
|
+
type: :development
|
202
216
|
version_requirements: !ruby/object:Gem::Requirement
|
203
217
|
requirements:
|
204
218
|
- - ">="
|
@@ -211,8 +225,8 @@ dependencies:
|
|
211
225
|
- !ruby/object:Gem::Version
|
212
226
|
version: '0'
|
213
227
|
name: logstash-codec-json
|
214
|
-
type: :development
|
215
228
|
prerelease: false
|
229
|
+
type: :development
|
216
230
|
version_requirements: !ruby/object:Gem::Requirement
|
217
231
|
requirements:
|
218
232
|
- - ">="
|
@@ -225,8 +239,8 @@ dependencies:
|
|
225
239
|
- !ruby/object:Gem::Version
|
226
240
|
version: '0'
|
227
241
|
name: childprocess
|
228
|
-
type: :development
|
229
242
|
prerelease: false
|
243
|
+
type: :development
|
230
244
|
version_requirements: !ruby/object:Gem::Requirement
|
231
245
|
requirements:
|
232
246
|
- - ">="
|
@@ -283,9 +297,9 @@ files:
|
|
283
297
|
- vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.10.8/jackson-databind-2.9.10.8.jar
|
284
298
|
- vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.10/jackson-module-afterburner-2.9.10.jar
|
285
299
|
- vendor/jar-dependencies/io/netty/netty-all/4.1.65.Final/netty-all-4.1.65.Final.jar
|
286
|
-
- vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.
|
300
|
+
- vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar
|
287
301
|
- vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
|
288
|
-
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.
|
302
|
+
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.2.3/logstash-input-beats-6.2.3.jar
|
289
303
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
290
304
|
licenses:
|
291
305
|
- Apache License (2.0)
|
@@ -308,7 +322,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
308
322
|
- !ruby/object:Gem::Version
|
309
323
|
version: '0'
|
310
324
|
requirements: []
|
311
|
-
rubygems_version: 3.
|
325
|
+
rubygems_version: 3.1.6
|
312
326
|
signing_key:
|
313
327
|
specification_version: 4
|
314
328
|
summary: Receives events from the Elastic Beats framework
|
Binary file
|