logstash-input-beats 6.2.4-java → 6.3.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/README.md +8 -1
- data/VERSION +1 -1
- data/docs/index.asciidoc +13 -7
- data/lib/logstash/inputs/beats/tls.rb +2 -1
- data/lib/logstash-input-beats_jars.rb +1 -2
- data/lib/tasks/test.rake +2 -2
- data/spec/inputs/beats/tls_spec.rb +2 -2
- data/spec/inputs/beats_spec.rb +8 -1
- data/spec/integration/filebeat_spec.rb +57 -22
- data/spec/support/file_helpers.rb +1 -1
- data/spec/support/integration_shared_context.rb +1 -0
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.3.0/logstash-input-beats-6.3.0.jar +0 -0
- metadata +3 -4
- data/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.17.0/log4j-api-2.17.0.jar +0 -0
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.2.4/logstash-input-beats-6.2.4.jar +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e50f7332c2cc7d230b49310fd987ff4ed575b0d8eb4e62526899af20bfabe0d5
|
4
|
+
data.tar.gz: dfeb260b1a5c7866b624c769abc2c780efa194dbadd5c18d1f2cb282ff58537b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e4be1cf87358e1e02479c7692d8317382ffe96e497f9ea658ce2774f6583253ce9a05fb7ab322722eea0c59ca06cad09718f95ffce6b7b5a53dcfa9b8b4c24d7
|
7
|
+
data.tar.gz: dcb8dae4e25448aec7105bea439c7c04bfcdc49752c99624fc26722d2f056024cb8942f7af926b486f1c9eb00fb6b0b80ae636bdf3fb164084125b4636681b28
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,13 @@
|
|
1
|
+
## 6.3.0
|
2
|
+
- Added support for TLSv1.3. [#447](https://github.com/logstash-plugins/logstash-input-beats/pull/447)
|
3
|
+
|
4
|
+
## 6.2.6
|
5
|
+
- Update guidance regarding the private key format and encoding [#445](https://github.com/logstash-plugins/logstash-input-beats/pull/445)
|
6
|
+
|
7
|
+
## 6.2.5
|
8
|
+
- Build: do not package log4j-api dependency [#441](https://github.com/logstash-plugins/logstash-input-beats/pull/441).
|
9
|
+
Logstash provides the log4j framework and the dependency is not needed except testing and compiling.
|
10
|
+
|
1
11
|
## 6.2.4
|
2
12
|
- Updated log4j dependency to 2.17.0
|
3
13
|
|
data/README.md
CHANGED
@@ -45,6 +45,13 @@ bundle install
|
|
45
45
|
bundle exec rspec
|
46
46
|
```
|
47
47
|
|
48
|
+
- Run integration tests
|
49
|
+
|
50
|
+
```sh
|
51
|
+
bundle exec rake test:integration:setup
|
52
|
+
bundle exec rspec spec --tag integration -fd
|
53
|
+
```
|
54
|
+
|
48
55
|
### 2. Running your unpublished Plugin in Logstash
|
49
56
|
|
50
57
|
#### 2.1 Run in a local Logstash clone
|
@@ -95,4 +102,4 @@ Programming is not a required skill. Whatever you've seen about open source and
|
|
95
102
|
|
96
103
|
It is more important to the community that you are able to contribute.
|
97
104
|
|
98
|
-
For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
|
105
|
+
For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
6.
|
1
|
+
6.3.0
|
data/docs/index.asciidoc
CHANGED
@@ -199,9 +199,10 @@ Flag to determine whether to add `host` field to event using the value supplied
|
|
199
199
|
===== `cipher_suites`
|
200
200
|
|
201
201
|
* Value type is <<array,array>>
|
202
|
-
* Default value is `java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
|
202
|
+
* Default value is `java.lang.String[TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
|
203
203
|
|
204
204
|
The list of ciphers suite to use, listed by priorities.
|
205
|
+
The default values applies for OpenJDK 11.0.14 and higher, for older versions the list does not include suites not supported by the JDK, such as the ChaCha20 family of ciphers.
|
205
206
|
|
206
207
|
[id="plugins-{type}s-{plugin}-client_inactivity_timeout"]
|
207
208
|
===== `client_inactivity_timeout`
|
@@ -313,8 +314,14 @@ Time in milliseconds for an incomplete ssl handshake to timeout
|
|
313
314
|
* There is no default value for this setting.
|
314
315
|
|
315
316
|
SSL key to use.
|
316
|
-
|
317
|
-
|
317
|
+
This key must be in the PKCS8 format and PEM encoded.
|
318
|
+
You can use the https://www.openssl.org/docs/man1.1.1/man1/openssl-pkcs8.html[openssl pkcs8] command to complete the conversion.
|
319
|
+
For example, the command to convert a PEM encoded PKCS1 private key to a PEM encoded, non-encrypted PKCS8 key is:
|
320
|
+
|
321
|
+
[source,sh]
|
322
|
+
-----
|
323
|
+
openssl pkcs8 -inform PEM -in path/to/logstash.key -topk8 -nocrypt -outform PEM -out path/to/logstash.pkcs8.key
|
324
|
+
-----
|
318
325
|
|
319
326
|
[id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
|
320
327
|
===== `ssl_key_passphrase`
|
@@ -354,10 +361,10 @@ This option is only valid when `ssl_verify_mode` is set to `peer` or `force_peer
|
|
354
361
|
===== `tls_max_version`
|
355
362
|
|
356
363
|
* Value type is <<number,number>>
|
357
|
-
* Default value is `1.
|
364
|
+
* Default value is `1.3`
|
358
365
|
|
359
366
|
The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
|
360
|
-
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
|
367
|
+
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
|
361
368
|
|
362
369
|
[id="plugins-{type}s-{plugin}-tls_min_version"]
|
363
370
|
===== `tls_min_version`
|
@@ -366,7 +373,7 @@ The maximum TLS version allowed for the encrypted connections. The value must be
|
|
366
373
|
* Default value is `1`
|
367
374
|
|
368
375
|
The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
|
369
|
-
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
|
376
|
+
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
|
370
377
|
|
371
378
|
|
372
379
|
|
@@ -374,4 +381,3 @@ The minimum TLS version allowed for the encrypted connections. The value must be
|
|
374
381
|
include::{include_path}/{type}.asciidoc[]
|
375
382
|
|
376
383
|
:default_codec!:
|
377
|
-
|
@@ -7,5 +7,4 @@ require_jar('com.fasterxml.jackson.core', 'jackson-core', '2.9.10')
|
|
7
7
|
require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.10')
|
8
8
|
require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.8')
|
9
9
|
require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.10')
|
10
|
-
require_jar('org.
|
11
|
-
require_jar('org.logstash.beats', 'logstash-input-beats', '6.2.4')
|
10
|
+
require_jar('org.logstash.beats', 'logstash-input-beats', '6.3.0')
|
data/lib/tasks/test.rake
CHANGED
@@ -4,9 +4,9 @@ VENDOR_PATH = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "ve
|
|
4
4
|
|
5
5
|
#TODO: Figure out better means to keep this version in sync
|
6
6
|
if OS_PLATFORM == "linux"
|
7
|
-
FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.
|
7
|
+
FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.0-linux-x86_64.tar.gz"
|
8
8
|
elsif OS_PLATFORM == "darwin"
|
9
|
-
FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.
|
9
|
+
FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.0-darwin-x86_64.tar.gz"
|
10
10
|
end
|
11
11
|
|
12
12
|
LSF_URL = "https://download.elastic.co/logstash-forwarder/binaries/logstash-forwarder_#{OS_PLATFORM}_amd64"
|
@@ -10,8 +10,8 @@ describe LogStash::Inputs::Beats::TLS do
|
|
10
10
|
end
|
11
11
|
|
12
12
|
it "returns the maximum supported tls" do
|
13
|
-
expect(subject.max.version).to eq(1.
|
14
|
-
expect(subject.max.name).to eq("TLSv1.
|
13
|
+
expect(subject.max.version).to eq(1.3)
|
14
|
+
expect(subject.max.name).to eq("TLSv1.3")
|
15
15
|
end
|
16
16
|
|
17
17
|
describe ".get_supported" do
|
data/spec/inputs/beats_spec.rb
CHANGED
@@ -166,7 +166,14 @@ describe LogStash::Inputs::Beats do
|
|
166
166
|
end
|
167
167
|
|
168
168
|
context "tls meta-data" do
|
169
|
-
let(:config)
|
169
|
+
let(:config) do
|
170
|
+
super().merge(
|
171
|
+
"host" => host,
|
172
|
+
"ssl_peer_metadata" => true,
|
173
|
+
"ssl_certificate_authorities" => [ certificate.ssl_cert ],
|
174
|
+
"ecs_compatibility" => 'disabled'
|
175
|
+
)
|
176
|
+
end
|
170
177
|
let(:host) { "192.168.1.20" }
|
171
178
|
let(:port) { 9002 }
|
172
179
|
|
@@ -37,7 +37,7 @@ describe "Filebeat", :integration => true do
|
|
37
37
|
let(:filebeat_config) do
|
38
38
|
{
|
39
39
|
"filebeat" => {
|
40
|
-
"
|
40
|
+
"inputs" => [{ "paths" => [log_file], "type" => "log" }],
|
41
41
|
"scan_frequency" => "1s"
|
42
42
|
},
|
43
43
|
"output" => {
|
@@ -174,30 +174,65 @@ describe "Filebeat", :integration => true do
|
|
174
174
|
end
|
175
175
|
end
|
176
176
|
|
177
|
+
context "with TLSv1.3 client" do
|
178
|
+
let(:filebeat_config) do
|
179
|
+
super().merge({
|
180
|
+
"output" => {
|
181
|
+
"logstash" => {
|
182
|
+
"hosts" => ["#{host}:#{port}"],
|
183
|
+
"ssl" => {
|
184
|
+
"certificate_authorities" => certificate_authorities,
|
185
|
+
"versions" => ["TLSv1.3"],
|
186
|
+
}
|
187
|
+
}
|
188
|
+
},
|
189
|
+
"logging" => { "level" => "debug" }
|
190
|
+
})
|
191
|
+
end
|
192
|
+
include_examples "send events"
|
193
|
+
|
194
|
+
context "when TLSv1.3 enforced in plugin" do
|
195
|
+
let(:input_config) {
|
196
|
+
super().merge({
|
197
|
+
"tls_min_version" => "1.3"
|
198
|
+
})
|
199
|
+
}
|
200
|
+
|
201
|
+
include_examples "send events"
|
202
|
+
end
|
203
|
+
end
|
204
|
+
|
177
205
|
# Refactor this to use Flores's PKI instead of openssl command line
|
178
206
|
# see: https://github.com/jordansissel/ruby-flores/issues/7
|
179
207
|
context "with a passphrase" do
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
208
|
+
|
209
|
+
before(:all) do
|
210
|
+
@passphrase = "foobar".freeze
|
211
|
+
|
212
|
+
FileUtils.mkdir_p temporary_directory = Stud::Temporary.pathname
|
213
|
+
|
214
|
+
cert_key = ::File.join(temporary_directory, "certificate.key")
|
215
|
+
@cert_pub = ::File.join(temporary_directory, "certificate.crt")
|
216
|
+
@cert_key_pkcs8 = ::File.join(temporary_directory, "certificate.key.pkcs8")
|
217
|
+
|
218
|
+
cmd = "openssl req -x509 -batch -newkey rsa:2048 -keyout #{cert_key} -out #{@cert_pub} -passout pass:#{@passphrase} -subj \"/C=EU/O=Logstash/CN=localhost\""
|
219
|
+
unless system(cmd)
|
220
|
+
fail "failed to run openssl command: #{$?} \n#{cmd}"
|
221
|
+
end
|
222
|
+
|
223
|
+
# NOTE: CentOS 7 base image (LS < 7.17) uses OpenSSL 1.0 while later is using Ubuntu 20.04 with OpenSSL 1.1.1
|
224
|
+
# the default algorithm for `openssl pkcs8 -topk8` changed to -v2 which Java does not support (see GH-443)
|
225
|
+
cmd = "openssl pkcs8 -topk8 -in #{cert_key} -out #{@cert_key_pkcs8} -v1 PBE-SHA1-RC2-128 -passin pass:#{@passphrase} -passout pass:#{@passphrase}"
|
226
|
+
unless system(cmd)
|
227
|
+
fail "failed to run openssl command: #{$?} \n#{cmd}"
|
228
|
+
end
|
229
|
+
end
|
230
|
+
|
231
|
+
let(:certificate_authorities) { [ @cert_pub ] }
|
232
|
+
|
233
|
+
let(:input_config) do
|
234
|
+
super().merge("ssl_key_passphrase" => @passphrase, "ssl_key" => @cert_key_pkcs8, "ssl_certificate" => @cert_pub)
|
235
|
+
end
|
201
236
|
|
202
237
|
include_examples "send events"
|
203
238
|
end
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-beats
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.3.0
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-03-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -297,9 +297,8 @@ files:
|
|
297
297
|
- vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.10.8/jackson-databind-2.9.10.8.jar
|
298
298
|
- vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.10/jackson-module-afterburner-2.9.10.jar
|
299
299
|
- vendor/jar-dependencies/io/netty/netty-all/4.1.65.Final/netty-all-4.1.65.Final.jar
|
300
|
-
- vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.17.0/log4j-api-2.17.0.jar
|
301
300
|
- vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
|
302
|
-
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.
|
301
|
+
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.3.0/logstash-input-beats-6.3.0.jar
|
303
302
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
304
303
|
licenses:
|
305
304
|
- Apache License (2.0)
|
Binary file
|