logstash-input-beats 3.1.7-java → 3.1.8-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/VERSION +1 -1
- data/lib/logstash-input-beats_jars.rb +2 -2
- data/lib/logstash/inputs/beats.rb +15 -1
- data/lib/tasks/test.rake +2 -2
- data/spec/inputs/beats_spec.rb +41 -0
- data/spec/integration/filebeat_spec.rb +45 -0
- data/spec/support/integration_shared_context.rb +0 -8
- data/vendor/jar-dependencies/io/netty/netty-tcnative-boringssl-static/1.1.33.Fork23/netty-tcnative-boringssl-static-1.1.33.Fork23.jar +0 -0
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/{3.1.7/logstash-input-beats-3.1.7.jar → 3.1.8/logstash-input-beats-3.1.8.jar} +0 -0
- metadata +4 -4
- data/vendor/jar-dependencies/io/netty/netty-tcnative-boringssl-static/1.1.33.Fork17/netty-tcnative-boringssl-static-1.1.33.Fork17.jar +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7f61bf44bb58b65cd4824bfe25ce81730c1d99cf
|
4
|
+
data.tar.gz: 77846db87b2f4269f35e1e5cb928b082642829cd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 373b8e4f362389c414de7c847b6ea7604abb7b1c147952688940771bd8f1ffe51bd941efe06861c4a97426db99ad3d743eb455abf50c76670a5d089bcf8de8cc
|
7
|
+
data.tar.gz: 56f197051770a9fd49a0146000015d2fa83f894706ccb6e8773e8938d2e37201d3bd2073ad23fb4f27517d2a10d84b1457ca45084e5ca018edbe61e436df8737
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
## 3.1.8
|
2
|
+
- Fix a typo in the default ciphers suite, added validations for the configured ciphers #156
|
3
|
+
- validate the presence of `ssl_certificate_authorities` when `verify_mode` is set to FORCE_PEER or peer #155
|
4
|
+
|
1
5
|
## 3.1.7
|
2
6
|
- Fix an issue when only the first CA found in the certificate authorities was taking into consideration to verify clients #153
|
3
7
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.1.
|
1
|
+
3.1.8
|
@@ -2,11 +2,11 @@
|
|
2
2
|
|
3
3
|
require 'jar_dependencies'
|
4
4
|
require_jar('io.netty', 'netty-all', '4.1.3.Final')
|
5
|
-
require_jar('io.netty', 'netty-tcnative-boringssl-static', '1.1.33.
|
5
|
+
require_jar('io.netty', 'netty-tcnative-boringssl-static', '1.1.33.Fork23')
|
6
6
|
require_jar('org.javassist', 'javassist', '3.20.0-GA')
|
7
7
|
require_jar('com.fasterxml.jackson.core', 'jackson-core', '2.7.5')
|
8
8
|
require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.7.5')
|
9
9
|
require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.7.5')
|
10
10
|
require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.7.5')
|
11
11
|
require_jar('log4j', 'log4j', '1.2.17')
|
12
|
-
require_jar('org.logstash.beats', 'logstash-input-beats', '3.1.
|
12
|
+
require_jar('org.logstash.beats', 'logstash-input-beats', '3.1.8')
|
@@ -10,6 +10,7 @@ require "logstash-input-beats_jars"
|
|
10
10
|
import "org.logstash.beats.Server"
|
11
11
|
import "org.logstash.netty.SslSimpleBuilder"
|
12
12
|
import "java.io.FileInputStream"
|
13
|
+
java_import "io.netty.handler.ssl.OpenSsl"
|
13
14
|
|
14
15
|
# This input plugin enables Logstash to receive events from the
|
15
16
|
# https://www.elastic.co/products/beats[Elastic Beats] framework.
|
@@ -152,6 +153,10 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
152
153
|
raise LogStash::ConfigurationError, "Certificate or Certificate Key not configured"
|
153
154
|
end
|
154
155
|
|
156
|
+
if @ssl && require_certificate_authorities? && !client_authentification?
|
157
|
+
raise LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`"
|
158
|
+
end
|
159
|
+
|
155
160
|
@logger.info("Beats inputs: Starting input listener", :address => "#{@host}:#{@port}")
|
156
161
|
|
157
162
|
# wrap the configured codec to support identity stream
|
@@ -169,9 +174,14 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
169
174
|
def create_server
|
170
175
|
server = org.logstash.beats.Server.new(@host, @port)
|
171
176
|
if @ssl
|
177
|
+
|
178
|
+
begin
|
172
179
|
ssl_builder = org.logstash.netty.SslSimpleBuilder.new(@ssl_certificate, @ssl_key, @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value)
|
173
180
|
.setProtocols(convert_protocols)
|
174
181
|
.setCipherSuites(normalized_ciphers)
|
182
|
+
rescue java.lang.IllegalArgumentException => e
|
183
|
+
raise LogStash::ConfigurationError, e
|
184
|
+
end
|
175
185
|
|
176
186
|
ssl_builder.setHandshakeTimeoutMilliseconds(@ssl_handshake_timeout)
|
177
187
|
|
@@ -203,7 +213,7 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
203
213
|
end # def run
|
204
214
|
|
205
215
|
def stop
|
206
|
-
@server.stop
|
216
|
+
@server.stop unless @server.nil?
|
207
217
|
end
|
208
218
|
|
209
219
|
def need_identity_map?
|
@@ -214,6 +224,10 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
214
224
|
@ssl_certificate_authorities && @ssl_certificate_authorities.size > 0
|
215
225
|
end
|
216
226
|
|
227
|
+
def require_certificate_authorities?
|
228
|
+
@ssl_verify_mode == "force_peer" || @ssl_verify_mode == "peer"
|
229
|
+
end
|
230
|
+
|
217
231
|
def normalized_ciphers
|
218
232
|
@cipher_suites.map(&:upcase)
|
219
233
|
end
|
data/lib/tasks/test.rake
CHANGED
@@ -3,9 +3,9 @@ OS_PLATFORM = RbConfig::CONFIG["host_os"]
|
|
3
3
|
VENDOR_PATH = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "vendor"))
|
4
4
|
|
5
5
|
if OS_PLATFORM == "linux"
|
6
|
-
FILEBEAT_URL = "https://
|
6
|
+
FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.0.0-linux-x86_64.tar.gz"
|
7
7
|
elsif OS_PLATFORM == "darwin"
|
8
|
-
FILEBEAT_URL = "https://
|
8
|
+
FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.0.0-darwin-x86_64.tar.gz"
|
9
9
|
end
|
10
10
|
|
11
11
|
LSF_URL = "https://download.elastic.co/logstash-forwarder/binaries/logstash-forwarder_#{OS_PLATFORM}_amd64"
|
data/spec/inputs/beats_spec.rb
CHANGED
@@ -61,6 +61,47 @@ describe LogStash::Inputs::Beats do
|
|
61
61
|
expect {plugin.register}.to raise_error(LogStash::ConfigurationError)
|
62
62
|
end
|
63
63
|
end
|
64
|
+
|
65
|
+
context "with invalid ciphers" do
|
66
|
+
let(:config) { { "port" => 0, "ssl" => true, "ssl_certificate" => certificate.ssl_cert, "type" => "example", "tags" => "Beats", "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38"} }
|
67
|
+
|
68
|
+
it "should raise a configuration error" do
|
69
|
+
plugin = LogStash::Inputs::Beats.new(config)
|
70
|
+
expect { plugin.register }.to raise_error(LogStash::ConfigurationError)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
context "verify_mode" do
|
75
|
+
context "verify_mode configured to PEER" do
|
76
|
+
let(:config) { { "port" => 0, "ssl" => true, "ssl_verify_mode" => "peer", "ssl_certificate" => certificate.ssl_cert, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "Beats"} }
|
77
|
+
|
78
|
+
it "raise a ConfigurationError when certificate_authorities is not set" do
|
79
|
+
plugin = LogStash::Inputs::Beats.new(config)
|
80
|
+
expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`")
|
81
|
+
end
|
82
|
+
|
83
|
+
it "doesn't raise a configuration error when certificate_authorities is set" do
|
84
|
+
config.merge!({ "ssl_certificate_authorities" => [certificate.ssl_cert]})
|
85
|
+
plugin = LogStash::Inputs::Beats.new(config)
|
86
|
+
expect {plugin.register}.not_to raise_error
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
context "verify_mode configured to FORCE_PEER" do
|
91
|
+
let(:config) { { "port" => 0, "ssl" => true, "ssl_verify_mode" => "force_peer", "ssl_certificate" => certificate.ssl_cert, "ssl_key" => certificate.ssl_key, "type" => "example", "tags" => "Beats"} }
|
92
|
+
|
93
|
+
it "raise a ConfigurationError when certificate_authorities is not set" do
|
94
|
+
plugin = LogStash::Inputs::Beats.new(config)
|
95
|
+
expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`")
|
96
|
+
end
|
97
|
+
|
98
|
+
it "doesn't raise a configuration error when certificate_authorities is set" do
|
99
|
+
config.merge!({ "ssl_certificate_authorities" => [certificate.ssl_cert]})
|
100
|
+
plugin = LogStash::Inputs::Beats.new(config)
|
101
|
+
expect {plugin.register}.not_to raise_error
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
64
105
|
end
|
65
106
|
|
66
107
|
context "with ssl disabled" do
|
@@ -111,6 +111,51 @@ describe "Filebeat", :integration => true do
|
|
111
111
|
context "self signed certificate" do
|
112
112
|
include_examples "send events"
|
113
113
|
|
114
|
+
context "when specifying a cipher" do
|
115
|
+
let(:filebeat_config) do
|
116
|
+
super.merge({
|
117
|
+
"output" => {
|
118
|
+
"logstash" => {
|
119
|
+
"hosts" => ["#{host}:#{port}"],
|
120
|
+
"ssl" => {
|
121
|
+
"certificate_authorities" => certificate_authorities,
|
122
|
+
"versions" => ["TLSv1.2"],
|
123
|
+
"cipher_suites" => [beats_cipher]
|
124
|
+
}
|
125
|
+
},
|
126
|
+
"logging" => { "level" => "debug" }
|
127
|
+
}})
|
128
|
+
end
|
129
|
+
|
130
|
+
let(:input_config) {
|
131
|
+
super.merge({
|
132
|
+
"cipher_suites" => [logstash_cipher],
|
133
|
+
"tls_min_version" => "1.2"
|
134
|
+
})
|
135
|
+
}
|
136
|
+
|
137
|
+
context "when the cipher is supported" do
|
138
|
+
{
|
139
|
+
#Not Working? "ECDHE-ECDSA-AES-256-GCM-SHA384" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
|
140
|
+
"ECDHE-RSA-AES-256-GCM-SHA384" => "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
141
|
+
#Not working? "ECDHE-ECDSA-AES-128-GCM-SHA256" => "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
|
142
|
+
"ECDHE-RSA-AES-128-GCM-SHA256" => "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
143
|
+
}.each do |b_cipher, l_cipher|
|
144
|
+
context "with protocol: `TLSv1.2` and cipher: beats: #{b_cipher}, logstash: #{l_cipher}" do
|
145
|
+
let(:beats_cipher) { b_cipher }
|
146
|
+
let(:logstash_cipher) { l_cipher }
|
147
|
+
include_examples "send events"
|
148
|
+
end
|
149
|
+
end
|
150
|
+
|
151
|
+
context "when the cipher is not supported" do
|
152
|
+
let(:beats_cipher) { "ECDHE-RSA-AES-128-GCM-SHA256" }
|
153
|
+
let(:logstash_cipher) { "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}
|
154
|
+
|
155
|
+
include_examples "doesn't send events"
|
156
|
+
end
|
157
|
+
end
|
158
|
+
end
|
114
159
|
|
115
160
|
# Refactor this to use Flores's PKI instead of openssl command line
|
116
161
|
# see: https://github.com/jordansissel/ruby-flores/issues/7
|
@@ -48,14 +48,6 @@ shared_context "beats configuration" do
|
|
48
48
|
|
49
49
|
@server = Thread.new do
|
50
50
|
begin
|
51
|
-
# use to know what lumberjack is actually doing
|
52
|
-
if ENV["DEBUG"]
|
53
|
-
logger = Logger.new(STDOUT)
|
54
|
-
beats.logger = Cabin::Channel.new
|
55
|
-
beats.logger.subscribe(logger)
|
56
|
-
beats.logger.level = :debug
|
57
|
-
end
|
58
|
-
|
59
51
|
beats.run(queue)
|
60
52
|
rescue => e
|
61
53
|
retry unless beats.stop?
|
Binary file
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-beats
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.1.
|
4
|
+
version: 3.1.8
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-11-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -265,10 +265,10 @@ files:
|
|
265
265
|
- vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.7.5/jackson-databind-2.7.5.jar
|
266
266
|
- vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.7.5/jackson-module-afterburner-2.7.5.jar
|
267
267
|
- vendor/jar-dependencies/io/netty/netty-all/4.1.3.Final/netty-all-4.1.3.Final.jar
|
268
|
-
- vendor/jar-dependencies/io/netty/netty-tcnative-boringssl-static/1.1.33.
|
268
|
+
- vendor/jar-dependencies/io/netty/netty-tcnative-boringssl-static/1.1.33.Fork23/netty-tcnative-boringssl-static-1.1.33.Fork23.jar
|
269
269
|
- vendor/jar-dependencies/log4j/log4j/1.2.17/log4j-1.2.17.jar
|
270
270
|
- vendor/jar-dependencies/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
|
271
|
-
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/3.1.
|
271
|
+
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/3.1.8/logstash-input-beats-3.1.8.jar
|
272
272
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
273
273
|
licenses:
|
274
274
|
- Apache License (2.0)
|