logstash-input-beats 6.2.4-java → 6.3.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/README.md +8 -1
- data/VERSION +1 -1
- data/docs/index.asciidoc +13 -7
- data/lib/logstash/inputs/beats/tls.rb +2 -1
- data/lib/logstash-input-beats_jars.rb +1 -2
- data/lib/tasks/test.rake +2 -2
- data/spec/inputs/beats/tls_spec.rb +2 -2
- data/spec/inputs/beats_spec.rb +8 -1
- data/spec/integration/filebeat_spec.rb +57 -22
- data/spec/support/file_helpers.rb +1 -1
- data/spec/support/integration_shared_context.rb +1 -0
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.3.0/logstash-input-beats-6.3.0.jar +0 -0
- metadata +3 -4
- data/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.17.0/log4j-api-2.17.0.jar +0 -0
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.2.4/logstash-input-beats-6.2.4.jar +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e50f7332c2cc7d230b49310fd987ff4ed575b0d8eb4e62526899af20bfabe0d5
|
4
|
+
data.tar.gz: dfeb260b1a5c7866b624c769abc2c780efa194dbadd5c18d1f2cb282ff58537b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e4be1cf87358e1e02479c7692d8317382ffe96e497f9ea658ce2774f6583253ce9a05fb7ab322722eea0c59ca06cad09718f95ffce6b7b5a53dcfa9b8b4c24d7
|
7
|
+
data.tar.gz: dcb8dae4e25448aec7105bea439c7c04bfcdc49752c99624fc26722d2f056024cb8942f7af926b486f1c9eb00fb6b0b80ae636bdf3fb164084125b4636681b28
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,13 @@
|
|
1
|
+
## 6.3.0
|
2
|
+
- Added support for TLSv1.3. [#447](https://github.com/logstash-plugins/logstash-input-beats/pull/447)
|
3
|
+
|
4
|
+
## 6.2.6
|
5
|
+
- Update guidance regarding the private key format and encoding [#445](https://github.com/logstash-plugins/logstash-input-beats/pull/445)
|
6
|
+
|
7
|
+
## 6.2.5
|
8
|
+
- Build: do not package log4j-api dependency [#441](https://github.com/logstash-plugins/logstash-input-beats/pull/441).
|
9
|
+
Logstash provides the log4j framework and the dependency is not needed except testing and compiling.
|
10
|
+
|
1
11
|
## 6.2.4
|
2
12
|
- Updated log4j dependency to 2.17.0
|
3
13
|
|
data/README.md
CHANGED
@@ -45,6 +45,13 @@ bundle install
|
|
45
45
|
bundle exec rspec
|
46
46
|
```
|
47
47
|
|
48
|
+
- Run integration tests
|
49
|
+
|
50
|
+
```sh
|
51
|
+
bundle exec rake test:integration:setup
|
52
|
+
bundle exec rspec spec --tag integration -fd
|
53
|
+
```
|
54
|
+
|
48
55
|
### 2. Running your unpublished Plugin in Logstash
|
49
56
|
|
50
57
|
#### 2.1 Run in a local Logstash clone
|
@@ -95,4 +102,4 @@ Programming is not a required skill. Whatever you've seen about open source and
|
|
95
102
|
|
96
103
|
It is more important to the community that you are able to contribute.
|
97
104
|
|
98
|
-
For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
|
105
|
+
For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
6.
|
1
|
+
6.3.0
|
data/docs/index.asciidoc
CHANGED
@@ -199,9 +199,10 @@ Flag to determine whether to add `host` field to event using the value supplied
|
|
199
199
|
===== `cipher_suites`
|
200
200
|
|
201
201
|
* Value type is <<array,array>>
|
202
|
-
* Default value is `java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
|
202
|
+
* Default value is `java.lang.String[TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
|
203
203
|
|
204
204
|
The list of ciphers suite to use, listed by priorities.
|
205
|
+
The default values applies for OpenJDK 11.0.14 and higher, for older versions the list does not include suites not supported by the JDK, such as the ChaCha20 family of ciphers.
|
205
206
|
|
206
207
|
[id="plugins-{type}s-{plugin}-client_inactivity_timeout"]
|
207
208
|
===== `client_inactivity_timeout`
|
@@ -313,8 +314,14 @@ Time in milliseconds for an incomplete ssl handshake to timeout
|
|
313
314
|
* There is no default value for this setting.
|
314
315
|
|
315
316
|
SSL key to use.
|
316
|
-
|
317
|
-
|
317
|
+
This key must be in the PKCS8 format and PEM encoded.
|
318
|
+
You can use the https://www.openssl.org/docs/man1.1.1/man1/openssl-pkcs8.html[openssl pkcs8] command to complete the conversion.
|
319
|
+
For example, the command to convert a PEM encoded PKCS1 private key to a PEM encoded, non-encrypted PKCS8 key is:
|
320
|
+
|
321
|
+
[source,sh]
|
322
|
+
-----
|
323
|
+
openssl pkcs8 -inform PEM -in path/to/logstash.key -topk8 -nocrypt -outform PEM -out path/to/logstash.pkcs8.key
|
324
|
+
-----
|
318
325
|
|
319
326
|
[id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
|
320
327
|
===== `ssl_key_passphrase`
|
@@ -354,10 +361,10 @@ This option is only valid when `ssl_verify_mode` is set to `peer` or `force_peer
|
|
354
361
|
===== `tls_max_version`
|
355
362
|
|
356
363
|
* Value type is <<number,number>>
|
357
|
-
* Default value is `1.
|
364
|
+
* Default value is `1.3`
|
358
365
|
|
359
366
|
The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
|
360
|
-
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
|
367
|
+
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
|
361
368
|
|
362
369
|
[id="plugins-{type}s-{plugin}-tls_min_version"]
|
363
370
|
===== `tls_min_version`
|
@@ -366,7 +373,7 @@ The maximum TLS version allowed for the encrypted connections. The value must be
|
|
366
373
|
* Default value is `1`
|
367
374
|
|
368
375
|
The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
|
369
|
-
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
|
376
|
+
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
|
370
377
|
|
371
378
|
|
372
379
|
|
@@ -374,4 +381,3 @@ The minimum TLS version allowed for the encrypted connections. The value must be
|
|
374
381
|
include::{include_path}/{type}.asciidoc[]
|
375
382
|
|
376
383
|
:default_codec!:
|
377
|
-
|
@@ -7,5 +7,4 @@ require_jar('com.fasterxml.jackson.core', 'jackson-core', '2.9.10')
|
|
7
7
|
require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.10')
|
8
8
|
require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.8')
|
9
9
|
require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.10')
|
10
|
-
require_jar('org.
|
11
|
-
require_jar('org.logstash.beats', 'logstash-input-beats', '6.2.4')
|
10
|
+
require_jar('org.logstash.beats', 'logstash-input-beats', '6.3.0')
|
data/lib/tasks/test.rake
CHANGED
@@ -4,9 +4,9 @@ VENDOR_PATH = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "ve
|
|
4
4
|
|
5
5
|
#TODO: Figure out better means to keep this version in sync
|
6
6
|
if OS_PLATFORM == "linux"
|
7
|
-
FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.
|
7
|
+
FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.0-linux-x86_64.tar.gz"
|
8
8
|
elsif OS_PLATFORM == "darwin"
|
9
|
-
FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.
|
9
|
+
FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.0-darwin-x86_64.tar.gz"
|
10
10
|
end
|
11
11
|
|
12
12
|
LSF_URL = "https://download.elastic.co/logstash-forwarder/binaries/logstash-forwarder_#{OS_PLATFORM}_amd64"
|
@@ -10,8 +10,8 @@ describe LogStash::Inputs::Beats::TLS do
|
|
10
10
|
end
|
11
11
|
|
12
12
|
it "returns the maximum supported tls" do
|
13
|
-
expect(subject.max.version).to eq(1.
|
14
|
-
expect(subject.max.name).to eq("TLSv1.
|
13
|
+
expect(subject.max.version).to eq(1.3)
|
14
|
+
expect(subject.max.name).to eq("TLSv1.3")
|
15
15
|
end
|
16
16
|
|
17
17
|
describe ".get_supported" do
|
data/spec/inputs/beats_spec.rb
CHANGED
@@ -166,7 +166,14 @@ describe LogStash::Inputs::Beats do
|
|
166
166
|
end
|
167
167
|
|
168
168
|
context "tls meta-data" do
|
169
|
-
let(:config)
|
169
|
+
let(:config) do
|
170
|
+
super().merge(
|
171
|
+
"host" => host,
|
172
|
+
"ssl_peer_metadata" => true,
|
173
|
+
"ssl_certificate_authorities" => [ certificate.ssl_cert ],
|
174
|
+
"ecs_compatibility" => 'disabled'
|
175
|
+
)
|
176
|
+
end
|
170
177
|
let(:host) { "192.168.1.20" }
|
171
178
|
let(:port) { 9002 }
|
172
179
|
|
@@ -37,7 +37,7 @@ describe "Filebeat", :integration => true do
|
|
37
37
|
let(:filebeat_config) do
|
38
38
|
{
|
39
39
|
"filebeat" => {
|
40
|
-
"
|
40
|
+
"inputs" => [{ "paths" => [log_file], "type" => "log" }],
|
41
41
|
"scan_frequency" => "1s"
|
42
42
|
},
|
43
43
|
"output" => {
|
@@ -174,30 +174,65 @@ describe "Filebeat", :integration => true do
|
|
174
174
|
end
|
175
175
|
end
|
176
176
|
|
177
|
+
context "with TLSv1.3 client" do
|
178
|
+
let(:filebeat_config) do
|
179
|
+
super().merge({
|
180
|
+
"output" => {
|
181
|
+
"logstash" => {
|
182
|
+
"hosts" => ["#{host}:#{port}"],
|
183
|
+
"ssl" => {
|
184
|
+
"certificate_authorities" => certificate_authorities,
|
185
|
+
"versions" => ["TLSv1.3"],
|
186
|
+
}
|
187
|
+
}
|
188
|
+
},
|
189
|
+
"logging" => { "level" => "debug" }
|
190
|
+
})
|
191
|
+
end
|
192
|
+
include_examples "send events"
|
193
|
+
|
194
|
+
context "when TLSv1.3 enforced in plugin" do
|
195
|
+
let(:input_config) {
|
196
|
+
super().merge({
|
197
|
+
"tls_min_version" => "1.3"
|
198
|
+
})
|
199
|
+
}
|
200
|
+
|
201
|
+
include_examples "send events"
|
202
|
+
end
|
203
|
+
end
|
204
|
+
|
177
205
|
# Refactor this to use Flores's PKI instead of openssl command line
|
178
206
|
# see: https://github.com/jordansissel/ruby-flores/issues/7
|
179
207
|
context "with a passphrase" do
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
208
|
+
|
209
|
+
before(:all) do
|
210
|
+
@passphrase = "foobar".freeze
|
211
|
+
|
212
|
+
FileUtils.mkdir_p temporary_directory = Stud::Temporary.pathname
|
213
|
+
|
214
|
+
cert_key = ::File.join(temporary_directory, "certificate.key")
|
215
|
+
@cert_pub = ::File.join(temporary_directory, "certificate.crt")
|
216
|
+
@cert_key_pkcs8 = ::File.join(temporary_directory, "certificate.key.pkcs8")
|
217
|
+
|
218
|
+
cmd = "openssl req -x509 -batch -newkey rsa:2048 -keyout #{cert_key} -out #{@cert_pub} -passout pass:#{@passphrase} -subj \"/C=EU/O=Logstash/CN=localhost\""
|
219
|
+
unless system(cmd)
|
220
|
+
fail "failed to run openssl command: #{$?} \n#{cmd}"
|
221
|
+
end
|
222
|
+
|
223
|
+
# NOTE: CentOS 7 base image (LS < 7.17) uses OpenSSL 1.0 while later is using Ubuntu 20.04 with OpenSSL 1.1.1
|
224
|
+
# the default algorithm for `openssl pkcs8 -topk8` changed to -v2 which Java does not support (see GH-443)
|
225
|
+
cmd = "openssl pkcs8 -topk8 -in #{cert_key} -out #{@cert_key_pkcs8} -v1 PBE-SHA1-RC2-128 -passin pass:#{@passphrase} -passout pass:#{@passphrase}"
|
226
|
+
unless system(cmd)
|
227
|
+
fail "failed to run openssl command: #{$?} \n#{cmd}"
|
228
|
+
end
|
229
|
+
end
|
230
|
+
|
231
|
+
let(:certificate_authorities) { [ @cert_pub ] }
|
232
|
+
|
233
|
+
let(:input_config) do
|
234
|
+
super().merge("ssl_key_passphrase" => @passphrase, "ssl_key" => @cert_key_pkcs8, "ssl_certificate" => @cert_pub)
|
235
|
+
end
|
201
236
|
|
202
237
|
include_examples "send events"
|
203
238
|
end
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-beats
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.3.0
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-03-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -297,9 +297,8 @@ files:
|
|
297
297
|
- vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.10.8/jackson-databind-2.9.10.8.jar
|
298
298
|
- vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.10/jackson-module-afterburner-2.9.10.jar
|
299
299
|
- vendor/jar-dependencies/io/netty/netty-all/4.1.65.Final/netty-all-4.1.65.Final.jar
|
300
|
-
- vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.17.0/log4j-api-2.17.0.jar
|
301
300
|
- vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
|
302
|
-
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.
|
301
|
+
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.3.0/logstash-input-beats-6.3.0.jar
|
303
302
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
304
303
|
licenses:
|
305
304
|
- Apache License (2.0)
|
Binary file
|