logstash-input-beats 5.0.16-java → 5.1.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/VERSION +1 -1
- data/docs/index.asciidoc +28 -17
- data/lib/logstash-input-beats_jars.rb +1 -1
- data/lib/logstash/inputs/beats.rb +18 -0
- data/lib/logstash/inputs/beats/message_listener.rb +35 -0
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/{5.0.16/logstash-input-beats-5.0.16.jar → 5.1.0/logstash-input-beats-5.1.0.jar} +0 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4b4133fa8d543e1581183df174b98370c4d146e46c1930d8c88b3802dc8ccffd
|
|
4
|
+
data.tar.gz: 8c6b3eaf5a1d30d06c3bf77dc6c23b95a6190e5c914fce41cdc684bf9a91b0d7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 348964c7e65129fd4619104546e8f8d24ea8e0050c7479428698af85a8422090e6069bdaa8ad79b0c31586ec2996af8180066281985b5eca2b83535afc03710a
|
|
7
|
+
data.tar.gz: bb4a1e2b5fc2cfa516420695d44b4a79d2dacf00d028076f29ba3192a65e9792e1a18d65ba71e4b988a079c0350cc3462248e2c5a633496e967bf7935ba186a7
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
## 5.1.0
|
|
2
|
+
- Added ssl_peer_metadata option. [#327](https://github.com/logstash-plugins/logstash-input-beats/pull/327)
|
|
3
|
+
- Fixed ssl_verify_mode => peer. [#326](https://github.com/logstash-plugins/logstash-input-beats/pull/326)
|
|
4
|
+
|
|
1
5
|
## 5.0.16
|
|
2
6
|
- [#289](https://github.com/logstash-plugins/logstash-input-beats/pull/289#issuecomment-394072063) Re-initialise Netty worker group on plugin restart
|
|
3
7
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
5.0
|
|
1
|
+
5.1.0
|
data/docs/index.asciidoc
CHANGED
|
@@ -78,6 +78,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
|
78
78
|
| <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
|
|
79
79
|
| <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
|
|
80
80
|
| <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|No
|
|
81
|
+
| <<plugins-{type}s-{plugin}-ssl_peer_metadata>> |<<boolean,boolean>>|No
|
|
81
82
|
| <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|No
|
|
82
83
|
| <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|No
|
|
83
84
|
|=======================================================================
|
|
@@ -88,7 +89,7 @@ input plugins.
|
|
|
88
89
|
|
|
89
90
|
|
|
90
91
|
[id="plugins-{type}s-{plugin}-cipher_suites"]
|
|
91
|
-
===== `cipher_suites`
|
|
92
|
+
===== `cipher_suites`
|
|
92
93
|
|
|
93
94
|
* Value type is <<array,array>>
|
|
94
95
|
* Default value is `java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
|
|
@@ -96,7 +97,7 @@ input plugins.
|
|
|
96
97
|
The list of ciphers suite to use, listed by priorities.
|
|
97
98
|
|
|
98
99
|
[id="plugins-{type}s-{plugin}-client_inactivity_timeout"]
|
|
99
|
-
===== `client_inactivity_timeout`
|
|
100
|
+
===== `client_inactivity_timeout`
|
|
100
101
|
|
|
101
102
|
* Value type is <<number,number>>
|
|
102
103
|
* Default value is `60`
|
|
@@ -104,7 +105,7 @@ The list of ciphers suite to use, listed by priorities.
|
|
|
104
105
|
Close Idle clients after X seconds of inactivity.
|
|
105
106
|
|
|
106
107
|
[id="plugins-{type}s-{plugin}-host"]
|
|
107
|
-
===== `host`
|
|
108
|
+
===== `host`
|
|
108
109
|
|
|
109
110
|
* Value type is <<string,string>>
|
|
110
111
|
* Default value is `"0.0.0.0"`
|
|
@@ -112,7 +113,7 @@ Close Idle clients after X seconds of inactivity.
|
|
|
112
113
|
The IP address to listen on.
|
|
113
114
|
|
|
114
115
|
[id="plugins-{type}s-{plugin}-include_codec_tag"]
|
|
115
|
-
===== `include_codec_tag`
|
|
116
|
+
===== `include_codec_tag`
|
|
116
117
|
|
|
117
118
|
* Value type is <<boolean,boolean>>
|
|
118
119
|
* Default value is `true`
|
|
@@ -120,7 +121,7 @@ The IP address to listen on.
|
|
|
120
121
|
|
|
121
122
|
|
|
122
123
|
[id="plugins-{type}s-{plugin}-port"]
|
|
123
|
-
===== `port`
|
|
124
|
+
===== `port`
|
|
124
125
|
|
|
125
126
|
* This is a required setting.
|
|
126
127
|
* Value type is <<number,number>>
|
|
@@ -129,7 +130,7 @@ The IP address to listen on.
|
|
|
129
130
|
The port to listen on.
|
|
130
131
|
|
|
131
132
|
[id="plugins-{type}s-{plugin}-ssl"]
|
|
132
|
-
===== `ssl`
|
|
133
|
+
===== `ssl`
|
|
133
134
|
|
|
134
135
|
* Value type is <<boolean,boolean>>
|
|
135
136
|
* Default value is `false`
|
|
@@ -139,7 +140,7 @@ enable encryption by setting `ssl` to true and configuring
|
|
|
139
140
|
the `ssl_certificate` and `ssl_key` options.
|
|
140
141
|
|
|
141
142
|
[id="plugins-{type}s-{plugin}-ssl_certificate"]
|
|
142
|
-
===== `ssl_certificate`
|
|
143
|
+
===== `ssl_certificate`
|
|
143
144
|
|
|
144
145
|
* Value type is <<path,path>>
|
|
145
146
|
* There is no default value for this setting.
|
|
@@ -147,19 +148,19 @@ the `ssl_certificate` and `ssl_key` options.
|
|
|
147
148
|
SSL certificate to use.
|
|
148
149
|
|
|
149
150
|
[id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
|
|
150
|
-
===== `ssl_certificate_authorities`
|
|
151
|
+
===== `ssl_certificate_authorities`
|
|
151
152
|
|
|
152
153
|
* Value type is <<array,array>>
|
|
153
154
|
* Default value is `[]`
|
|
154
155
|
|
|
155
|
-
Validate client certificates against these authorities.
|
|
156
|
+
Validate client certificates against these authorities.
|
|
156
157
|
You can define multiple files or paths. All the certificates will
|
|
157
158
|
be read and added to the trust store. You need to configure the `ssl_verify_mode`
|
|
158
159
|
to `peer` or `force_peer` to enable the verification.
|
|
159
160
|
|
|
160
161
|
|
|
161
162
|
[id="plugins-{type}s-{plugin}-ssl_handshake_timeout"]
|
|
162
|
-
===== `ssl_handshake_timeout`
|
|
163
|
+
===== `ssl_handshake_timeout`
|
|
163
164
|
|
|
164
165
|
* Value type is <<number,number>>
|
|
165
166
|
* Default value is `10000`
|
|
@@ -167,7 +168,7 @@ to `peer` or `force_peer` to enable the verification.
|
|
|
167
168
|
Time in milliseconds for an incomplete ssl handshake to timeout
|
|
168
169
|
|
|
169
170
|
[id="plugins-{type}s-{plugin}-ssl_key"]
|
|
170
|
-
===== `ssl_key`
|
|
171
|
+
===== `ssl_key`
|
|
171
172
|
|
|
172
173
|
* Value type is <<path,path>>
|
|
173
174
|
* There is no default value for this setting.
|
|
@@ -177,7 +178,7 @@ NOTE: This key need to be in the PKCS8 format, you can convert it with https://w
|
|
|
177
178
|
for more information.
|
|
178
179
|
|
|
179
180
|
[id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
|
|
180
|
-
===== `ssl_key_passphrase`
|
|
181
|
+
===== `ssl_key_passphrase`
|
|
181
182
|
|
|
182
183
|
* Value type is <<password,password>>
|
|
183
184
|
* There is no default value for this setting.
|
|
@@ -185,14 +186,14 @@ for more information.
|
|
|
185
186
|
SSL key passphrase to use.
|
|
186
187
|
|
|
187
188
|
[id="plugins-{type}s-{plugin}-ssl_verify_mode"]
|
|
188
|
-
===== `ssl_verify_mode`
|
|
189
|
+
===== `ssl_verify_mode`
|
|
189
190
|
|
|
190
191
|
* Value can be any of: `none`, `peer`, `force_peer`
|
|
191
192
|
* Default value is `"none"`
|
|
192
193
|
|
|
193
194
|
By default the server doesn't do any client verification.
|
|
194
195
|
|
|
195
|
-
`peer` will make the server ask the client to provide a certificate.
|
|
196
|
+
`peer` will make the server ask the client to provide a certificate.
|
|
196
197
|
If the client provides a certificate, it will be validated.
|
|
197
198
|
|
|
198
199
|
`force_peer` will make the server ask the client to provide a certificate.
|
|
@@ -200,8 +201,18 @@ If the client doesn't provide a certificate, the connection will be closed.
|
|
|
200
201
|
|
|
201
202
|
This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
|
|
202
203
|
|
|
204
|
+
[id="plugins-{type}s-{plugin}-ssl_peer_metadata"]
|
|
205
|
+
===== `ssl_peer_metadata`
|
|
206
|
+
|
|
207
|
+
* Value type is <<boolean,boolean>>
|
|
208
|
+
* Default value is `false`
|
|
209
|
+
|
|
210
|
+
Enables storing client certificate information in event's metadata.
|
|
211
|
+
|
|
212
|
+
This option is only valid when `ssl_verify_mode` is set to `peer` or `force_peer`.
|
|
213
|
+
|
|
203
214
|
[id="plugins-{type}s-{plugin}-tls_max_version"]
|
|
204
|
-
===== `tls_max_version`
|
|
215
|
+
===== `tls_max_version`
|
|
205
216
|
|
|
206
217
|
* Value type is <<number,number>>
|
|
207
218
|
* Default value is `1.2`
|
|
@@ -210,7 +221,7 @@ The maximum TLS version allowed for the encrypted connections. The value must be
|
|
|
210
221
|
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
|
|
211
222
|
|
|
212
223
|
[id="plugins-{type}s-{plugin}-tls_min_version"]
|
|
213
|
-
===== `tls_min_version`
|
|
224
|
+
===== `tls_min_version`
|
|
214
225
|
|
|
215
226
|
* Value type is <<number,number>>
|
|
216
227
|
* Default value is `1`
|
|
@@ -223,4 +234,4 @@ The minimum TLS version allowed for the encrypted connections. The value must be
|
|
|
223
234
|
[id="plugins-{type}s-{plugin}-common-options"]
|
|
224
235
|
include::{include_path}/{type}.asciidoc[]
|
|
225
236
|
|
|
226
|
-
:default_codec!:
|
|
237
|
+
:default_codec!:
|
|
@@ -9,4 +9,4 @@ require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.5')
|
|
|
9
9
|
require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.5')
|
|
10
10
|
require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.5')
|
|
11
11
|
require_jar('org.apache.logging.log4j', 'log4j-api', '2.6.2')
|
|
12
|
-
require_jar('org.logstash.beats', 'logstash-input-beats', '5.0
|
|
12
|
+
require_jar('org.logstash.beats', 'logstash-input-beats', '5.1.0')
|
|
@@ -93,6 +93,10 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
|
93
93
|
# This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
|
|
94
94
|
config :ssl_verify_mode, :validate => ["none", "peer", "force_peer"], :default => "none"
|
|
95
95
|
|
|
96
|
+
# Enables storing client certificate information in event's metadata. You need
|
|
97
|
+
# to configure the `ssl_verify_mode` to `peer` or `force_peer` to enable this.
|
|
98
|
+
config :ssl_peer_metadata, :validate => :boolean, :default => false
|
|
99
|
+
|
|
96
100
|
config :include_codec_tag, :validate => :boolean, :default => true
|
|
97
101
|
|
|
98
102
|
# Time in milliseconds for an incomplete ssl handshake to timeout
|
|
@@ -148,6 +152,10 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
|
148
152
|
raise LogStash::ConfigurationError, "Using `verify_mode` set to PEER or FORCE_PEER, requires the configuration of `certificate_authorities`"
|
|
149
153
|
end
|
|
150
154
|
|
|
155
|
+
if client_authentication_metadata? && !require_certificate_authorities?
|
|
156
|
+
raise LogStash::ConfigurationError, "Enabling `peer_metadata` requires using `verify_mode` set to PEER or FORCE_PEER"
|
|
157
|
+
end
|
|
158
|
+
|
|
151
159
|
# Logstash 6.x breaking change (introduced with 4.0.0 of this gem)
|
|
152
160
|
if @codec.kind_of? LogStash::Codecs::Multiline
|
|
153
161
|
raise LogStash::ConfigurationError, "Multiline codec with beats input is not supported. Please refer to the beats documentation for how to best manage multiline data. See https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html"
|
|
@@ -175,6 +183,8 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
|
175
183
|
if client_authentification?
|
|
176
184
|
if @ssl_verify_mode.upcase == "FORCE_PEER"
|
|
177
185
|
ssl_builder.setVerifyMode(org.logstash.netty.SslSimpleBuilder::SslClientVerifyMode::FORCE_PEER)
|
|
186
|
+
elsif @ssl_verify_mode.upcase == "PEER"
|
|
187
|
+
ssl_builder.setVerifyMode(org.logstash.netty.SslSimpleBuilder::SslClientVerifyMode::VERIFY_PEER)
|
|
178
188
|
end
|
|
179
189
|
ssl_builder.setCertificateAuthorities(@ssl_certificate_authorities)
|
|
180
190
|
end
|
|
@@ -206,6 +216,14 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
|
|
|
206
216
|
@ssl_certificate_authorities && @ssl_certificate_authorities.size > 0
|
|
207
217
|
end
|
|
208
218
|
|
|
219
|
+
def client_authentication_metadata?
|
|
220
|
+
@ssl_peer_metadata && ssl_configured? && client_authentification?
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
def client_authentication_required?
|
|
224
|
+
@ssl_verify_mode == "force_peer"
|
|
225
|
+
end
|
|
226
|
+
|
|
209
227
|
def require_certificate_authorities?
|
|
210
228
|
@ssl_verify_mode == "force_peer" || @ssl_verify_mode == "peer"
|
|
211
229
|
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# encoding: utf-8
|
|
2
2
|
require "thread_safe"
|
|
3
3
|
require "logstash-input-beats_jars"
|
|
4
|
+
import "javax.net.ssl.SSLPeerUnverifiedException"
|
|
4
5
|
import "org.logstash.beats.MessageListener"
|
|
5
6
|
|
|
6
7
|
module LogStash module Inputs class Beats
|
|
@@ -33,6 +34,8 @@ module LogStash module Inputs class Beats
|
|
|
33
34
|
hash['@metadata']['ip_address'] = ip_address unless ip_address.nil? || hash['@metadata'].nil?
|
|
34
35
|
target_field = extract_target_field(hash)
|
|
35
36
|
|
|
37
|
+
extract_tls_peer(hash, ctx)
|
|
38
|
+
|
|
36
39
|
if target_field.nil?
|
|
37
40
|
event = LogStash::Event.new(hash)
|
|
38
41
|
@nocodec_transformer.transform(event)
|
|
@@ -119,6 +122,38 @@ module LogStash module Inputs class Beats
|
|
|
119
122
|
end
|
|
120
123
|
end
|
|
121
124
|
|
|
125
|
+
def extract_tls_peer(hash, ctx)
|
|
126
|
+
if @input.client_authentication_metadata?
|
|
127
|
+
tls_session = ctx.channel().pipeline().get("ssl-handler").engine().getSession()
|
|
128
|
+
tls_verified = true
|
|
129
|
+
|
|
130
|
+
if not @input.client_authentication_required?
|
|
131
|
+
# throws SSLPeerUnverifiedException if unverified
|
|
132
|
+
begin
|
|
133
|
+
tls_session.getPeerCertificates()
|
|
134
|
+
rescue SSLPeerUnverifiedException => e
|
|
135
|
+
tls_verified = false
|
|
136
|
+
if input.logger.debug?
|
|
137
|
+
input.logger.debug("SSL peer unverified. This is normal with 'peer' verification and client does not presents a certificate.", :exception => e)
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
if tls_verified
|
|
143
|
+
hash['@metadata']['tls_peer'] = {
|
|
144
|
+
:status => "verified",
|
|
145
|
+
:protocol => tls_session.getProtocol(),
|
|
146
|
+
:subject => tls_session.getPeerPrincipal().getName(),
|
|
147
|
+
:cipher_suite => tls_session.getCipherSuite()
|
|
148
|
+
}
|
|
149
|
+
else
|
|
150
|
+
hash['@metadata']['tls_peer'] = {
|
|
151
|
+
:status => "unverified"
|
|
152
|
+
}
|
|
153
|
+
end
|
|
154
|
+
end
|
|
155
|
+
end
|
|
156
|
+
|
|
122
157
|
def extract_target_field(hash)
|
|
123
158
|
if from_filebeat?(hash)
|
|
124
159
|
hash.delete(FILEBEAT_LOG_LINE_FIELD).to_s
|
|
Binary file
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-input-beats
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.0
|
|
4
|
+
version: 5.1.0
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-06-
|
|
11
|
+
date: 2018-06-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -266,7 +266,7 @@ files:
|
|
|
266
266
|
- vendor/jar-dependencies/io/netty/netty-tcnative-boringssl-static/2.0.7.Final/netty-tcnative-boringssl-static-2.0.7.Final.jar
|
|
267
267
|
- vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar
|
|
268
268
|
- vendor/jar-dependencies/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
|
|
269
|
-
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/5.0
|
|
269
|
+
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/5.1.0/logstash-input-beats-5.1.0.jar
|
|
270
270
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
|
271
271
|
licenses:
|
|
272
272
|
- Apache License (2.0)
|