logstash-input-sdee 0.7.1 → 0.7.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -1
- data/README.md +2 -1
- data/examples/20-filter.conf +1 -2
- data/examples/{patterns/cisco.dictionary → dict/cisco.dictionary.yaml} +0 -0
- data/examples/{patterns/cisco.facility → dict/cisco.facility.yaml} +0 -0
- data/logstash-input-sdee.gemspec +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 460035a2184f46b87a7fb80c50cbcc34f17448e2
|
|
4
|
+
data.tar.gz: bea63d705eda5f26ff80c217b1b82f8f98853a4b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b7d8c9dc088e97fad2de9c83918d9cf7036560b521c2cf41ccf4c8bd940d90b4a069d816a2591736b09d6400432d4e6bbf46af2d3f1de641353abf0f3d83f0d2
|
|
7
|
+
data.tar.gz: c28ec76ff7ca0ad2d25f7f94b3ba8c762bae97f6704f71327be7535387c1ec4116fd3e780b9853cb47204c166ec6eeb2bda0ba9e63a22f6fe42c4c96e7d1c9ca
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
* 0.7.1
|
|
2
|
-
- something seriously broken in rubysl-rexml gem
|
|
2
|
+
- something seriously broken in rubysl-rexml 2.0.4 gem
|
|
3
|
+
it's trying to install without success even if already installed
|
|
4
|
+
so, install it manually
|
|
3
5
|
* 0.7.0
|
|
4
6
|
- logstash configuration examples, inputs and filter
|
|
5
7
|
- pattern file and dictioanries for Cisco IPS messages
|
data/README.md
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# Logstash Cisco SDEE/CIDEE input plugin
|
|
2
|
+
[](https://badge.fury.io/rb/logstash-input-sdee)
|
|
2
3
|
|
|
3
4
|
This plugin is based off [logstash-input-http_poller](https://github.com/logstash-plugins/logstash-input-http_poller) by @maximede.
|
|
4
5
|
|
|
@@ -9,7 +10,7 @@ The idea behind this plugins came from a need to gather events from Cisco securi
|
|
|
9
10
|
This plugin is tested on:
|
|
10
11
|
* Hardware: Cisco ASA 5585-X IPS SSP-10
|
|
11
12
|
* IPS Version: 7.3(2)E4
|
|
12
|
-
* logstash 2.
|
|
13
|
+
* logstash 2.3.4
|
|
13
14
|
* Java JRE 1.8.0-60
|
|
14
15
|
|
|
15
16
|
It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
|
data/examples/20-filter.conf
CHANGED
|
@@ -29,7 +29,7 @@ filter {
|
|
|
29
29
|
translate {
|
|
30
30
|
field => "cisco_facility"
|
|
31
31
|
destination => "facility"
|
|
32
|
-
dictionary_path => [ "/etc/logstash/
|
|
32
|
+
dictionary_path => [ "/etc/logstash/dict/cisco.facility.yaml" ]
|
|
33
33
|
override => true
|
|
34
34
|
remove_field => [cisco_facility]
|
|
35
35
|
}
|
|
@@ -54,4 +54,3 @@ filter {
|
|
|
54
54
|
|
|
55
55
|
}
|
|
56
56
|
}
|
|
57
|
-
|
|
File without changes
|
|
File without changes
|
data/logstash-input-sdee.gemspec
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-input-sdee'
|
|
3
|
-
s.version = '0.7.
|
|
3
|
+
s.version = '0.7.2'
|
|
4
4
|
s.date = '2016-08-14'
|
|
5
5
|
s.summary = "Logstah SDEE input from Cisco ASA"
|
|
6
6
|
s.description = "This Logstash input plugin allows you to call a Cisco SDEE/CIDEE HTTP API, decode the output of it into event(s), and send them on their merry way."
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-input-sdee
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- rootik
|
|
@@ -85,9 +85,9 @@ files:
|
|
|
85
85
|
- examples/10-inputs.conf
|
|
86
86
|
- examples/20-filter.conf
|
|
87
87
|
- examples/30-outputs.conf
|
|
88
|
+
- examples/dict/cisco.dictionary.yaml
|
|
89
|
+
- examples/dict/cisco.facility.yaml
|
|
88
90
|
- examples/patterns/cisco
|
|
89
|
-
- examples/patterns/cisco.dictionary
|
|
90
|
-
- examples/patterns/cisco.facility
|
|
91
91
|
- lib/logstash/inputs/sdee.rb
|
|
92
92
|
- logstash-input-sdee.gemspec
|
|
93
93
|
homepage: http://rubygems.org/gems/logstash-input-sdee
|