logstash-input-snmp 1.2.8 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4bcb5f73151249317b6f7b36c028a3f863e7d4a88ba6da977fbc88d255355364
4
- data.tar.gz: 85ef765af5f93aefb92a8f40d9738101ada3b5173bb9b4b8de3d4ec21a406578
3
+ metadata.gz: 747dbf68d6a90a7ab937bf8c64edef786b7d0c4c0ac2f97088401d1e842c2616
4
+ data.tar.gz: e53514a31810159796b3e80ee56f7aa6d66eba23ac781744fd9fbf0be83d4d9a
5
5
  SHA512:
6
- metadata.gz: 423f10e23a58b04a72c47d70beb06053dedc8d07e1ec1e36c835ca783c6791bb6ccd12d701d3e50bd4ebe173185a4240ae21a93c36d7ecdf38bf4e2ae6d58f25
7
- data.tar.gz: f452759e6c453d088b002721ae1520b1c22291e16ff609d8f308e57c3e9aa9dc29b008c809a9a6a76e76b00e68c0399fc96b63f23dc066aa403a682f19712f2e
6
+ metadata.gz: fa84badc45e056d01ca6a8668e3b5a2ddf89348339f49524b60b77843753cb7eb51fe2fcfe40d2d61dfc95523988f1fa6e11cc430692bbbe38d0014371c62278
7
+ data.tar.gz: 9e8e9895750a23892e99b2c198eef3e66f75de885e700dcea020d00356e843a022bd5dae6894a390f9f64faea40ea0f15310dbc7b34ef1fa96947b15d9d1a45b
data/CHANGELOG.md CHANGED
@@ -1,8 +1,12 @@
1
+ ## 1.3.0
2
+ - Feat: ECS compliance + optional target [#99](https://github.com/logstash-plugins/logstash-input-snmp/pull/99)
3
+ - Internal: update to Gradle 7 [#102](https://github.com/logstash-plugins/logstash-input-snmp/pull/102)
4
+
1
5
  ## 1.2.8
2
- - Fixed interval handling to only sleep off the _remainder_ of the interval (if any), and to log a helpful warning when crawling the hosts takes longer than the configured interval [#61](https://github.com/logstash-plugins/logstash-input-snmp/issues/61)
6
+ - Fixed interval handling to only sleep off the _remainder_ of the interval (if any), and to log a helpful warning when crawling the hosts takes longer than the configured interval [#100](https://github.com/logstash-plugins/logstash-input-snmp/pull/100). Fixes [#61](https://github.com/logstash-plugins/logstash-input-snmp/issues/61).
3
7
 
4
8
  ## 1.2.7
5
- - Added integration tests to ensure SNMP server and IPv6 connections [#87](https://github.com/logstash-plugins/logstash-input-snmp/pull/87)
9
+ - Added integration tests to ensure SNMP server and IPv6 connections [#90](https://github.com/logstash-plugins/logstash-input-snmp/issues/90). Fixes[#87](https://github.com/logstash-plugins/logstash-input-snmp/issues/87).
6
10
 
7
11
  ## 1.2.6
8
12
  - Docs: example on setting IPv6 hosts [#89](https://github.com/logstash-plugins/logstash-input-snmp/pull/89)
data/CONTRIBUTORS CHANGED
@@ -4,6 +4,7 @@ reports, or in general have helped logstash along its way.
4
4
  Contributors:
5
5
  * Colin Surprenant - colin.surprenant@gmail.com
6
6
  * Dan Major - axrayn@gmail.com
7
+ * Patrick Prugger - pprugger@gmx.at
7
8
 
8
9
  Note: If you've sent us patches, bug reports, or otherwise contributed to
9
10
  Logstash, and you aren't on the list above and want to be, please let us know
data/docs/index.asciidoc CHANGED
@@ -26,6 +26,22 @@ to gather information related to the current state of the devices operation.
26
26
 
27
27
  The SNMP input plugin supports SNMP v1, v2c, and v3 over UDP and TCP transport protocols.
28
28
 
29
+ [id="plugins-{type}s-{plugin}-ecs"]
30
+ ==== Compatibility with the Elastic Common Schema (ECS)
31
+
32
+ Because SNMP data has specific field names based on OIDs, we recommend setting a <<plugins-{type}s-{plugin}-target>>.
33
+ Metadata fields follow a specific naming convention when <<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> is enabled.
34
+
35
+ [cols="<l,<l,e,<e"]
36
+ |=======================================================================
37
+ |ECS disabled |ECS v1, v8 |Description
38
+ |[@metadata][host_protocol] |[@metadata][input][snmp][host][protocol] |The protocol used to retrieve data e.g. "udp"
39
+ |[@metadata][host_address] |[@metadata][input][snmp][host][address] |The host IP e.g. "192.168.1.1"
40
+ |[@metadata][host_port] |[@metadata][input][snmp][host][port] |The host's port e.g. "161"
41
+ |[@metadata][host_community] |[@metadata][input][snmp][host][community] |The configured community e.g. "public"
42
+ |[host] |[host][ip] |Same as `[@metadata][host_address]`, host's IP address
43
+ |=======================================================================
44
+
29
45
  [id="plugins-{type}s-{plugin}-import-mibs"]
30
46
  ==== Importing MIBs
31
47
 
@@ -55,6 +71,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
55
71
  [cols="<,<,<",options="header",]
56
72
  |=======================================================================
57
73
  |Setting |Input type|Required
74
+ | <<plugins-{type}s-{plugin}-ecs_compatibility>> |<<string,string>>|No
58
75
  | <<plugins-{type}s-{plugin}-get>> |<<array,array>>|No
59
76
  | <<plugins-{type}s-{plugin}-hosts>> |<<array,array>>|No
60
77
  | <<plugins-{type}s-{plugin}-interval>> |<<number,number>>|No
@@ -63,6 +80,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
63
80
  | <<plugins-{type}s-{plugin}-oid_path_length>> |<<number,number>>|No
64
81
  | <<plugins-{type}s-{plugin}-walk>> |<<array,array>>|No
65
82
  | <<plugins-{type}s-{plugin}-tables>> |<<array,array>>|No
83
+ | <<plugins-{type}s-{plugin}-target>> |<<string,string>>|No
66
84
  |=======================================================================
67
85
 
68
86
  ==== SNMPv3 Authentication Options
@@ -86,14 +104,14 @@ Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options suppo
86
104
  input plugins.
87
105
 
88
106
  [id="plugins-{type}s-{plugin}-get"]
89
- ===== `get`
107
+ ===== `get`
108
+
109
+ * Value type is <<array,array>>
110
+ * There is no default value for this setting
90
111
 
91
112
  Use the `get` option to query for scalar values for the given OID(s).
92
113
  One or more OID(s) are specified as an array of strings of OID(s).
93
114
 
94
- * Value type is <<array,array>>
95
- * There is no default value for this setting
96
-
97
115
  Example
98
116
  [source,ruby]
99
117
  -----
@@ -108,14 +126,14 @@ input {
108
126
  [id="plugins-{type}s-{plugin}-hosts"]
109
127
  ===== `hosts`
110
128
 
129
+ * Value type is <<array,array>>
130
+ * There is no default value for this setting
131
+
111
132
  The `hosts` option specifies the list of hosts to query the configured `get` and `walk` options.
112
133
 
113
134
  Each host definition is a hash and must define the `host` key and value.
114
135
  `host` must use the format `{tcp|udp}:{ip address}/{port}`, for example `host => "udp:127.0.0.1/161"`
115
136
 
116
- * Value type is <<array,array>>
117
- * There is no default value for this setting
118
-
119
137
  Each host definition can optionally include the following keys and values:
120
138
 
121
139
  * `community` the community string, default is `public`.
@@ -160,57 +178,58 @@ input {
160
178
  -----
161
179
 
162
180
  [id="plugins-{type}s-{plugin}-interval"]
163
- ===== `interval`
181
+ ===== `interval`
182
+
183
+ * Value type is <<number,number>>
184
+ * Default value is `30`
164
185
 
165
186
  The `interval` option specifies the polling interval in seconds.
166
187
  If polling all configured hosts takes longer than this interval, a warning will be emitted to the logs.
167
188
 
168
- * Value type is <<number,number>>
169
- * Default value is `30`
170
-
171
189
  [id="plugins-{type}s-{plugin}-mib_paths"]
172
- ===== `mib_paths`
190
+ ===== `mib_paths`
173
191
 
174
- The `mib_paths` option specifies the location of one or more imported MIB files. The value can be either a dir path containing
175
- the imported MIB `.dic` files or a file path to a single MIB `.dic` file.
192
+ * Value type is <<path,path>>
193
+ * There is no default value for this setting
176
194
 
177
- * Value type is <<path,path>>
178
- * There is no default value for this setting
195
+ The `mib_paths` option specifies the location of one or more imported MIB files.
196
+ The value can be either a dir path containing the imported MIB `.dic` files or a
197
+ file path to a single MIB `.dic` file.
179
198
 
180
199
  This plugin includes the IETF MIBs.
181
200
  If you require other MIBs, you need to import them. See <<plugins-{type}s-{plugin}-import-mibs>>.
182
201
 
183
202
  [id="plugins-{type}s-{plugin}-oid_root_skip"]
184
- ===== `oid_root_skip`
203
+ ===== `oid_root_skip`
204
+
205
+ * Value type is <<number,number>>
206
+ * Default value is `0`
185
207
 
186
208
  The `oid_root_skip` option specifies the number of OID root digits to ignore in the event field name.
187
209
  For example, in a numeric OID like "1.3.6.1.2.1.1.1.0" the first 5 digits could be ignored by setting `oid_root_skip => 5`
188
210
  which would result in a field name "1.1.1.0". Similarly when a MIB is used an OID such
189
211
  "1.3.6.1.2.mib-2.system.sysDescr.0" would become "mib-2.system.sysDescr.0"
190
212
 
191
- * Value type is <<number,number>>
192
- * Default value is `0`
193
-
194
213
  [id="plugins-{type}s-{plugin}-oid_path_length"]
195
214
  ===== `oid_path_length`
196
215
 
216
+ * Value type is <<number,number>>
217
+ * Default value is `0`
218
+
197
219
  The `oid_path_length` option specifies the number of OID root digits to retain in the event field name.
198
220
  For example, in a numeric OID like "1.3.6.1.2.1.1.1.0" the last 2 digits could be retained by setting `oid_path_length => 2`
199
221
  which would result in a field name "1.0". Similarly when a MIB is used an OID such
200
222
  "1.3.6.1.2.mib-2.system.sysDescr.0" would become "sysDescr.0"
201
223
 
202
- * Value type is <<number,number>>
203
- * Default value is `0`
204
-
205
224
  [id="plugins-{type}s-{plugin}-walk"]
206
225
  ===== `walk`
207
226
 
227
+ * Value type is <<array,array>>
228
+ * There is no default value for this setting
229
+
208
230
  Use the `walk` option to retrieve the subtree of information for the given OID(s).
209
231
  One or more OID(s) are specified as an array of strings of OID(s).
210
232
 
211
- * Value type is <<array,array>>
212
- * There is no default value for this setting
213
-
214
233
  Queries the subtree of information starting at the given OID(s).
215
234
 
216
235
  Example
@@ -226,14 +245,14 @@ Example
226
245
  [id="plugins-{type}s-{plugin}-tables"]
227
246
  ===== `tables`
228
247
 
248
+ * Value type is <<array,array>>
249
+ * There is no default value for this setting
250
+ * Results are returned under a field using the table name
251
+
229
252
  The `tables` option is used to query for tabular values for the given column OID(s).
230
253
 
231
254
  Each table definition is a hash and must define the name key and value and the columns to return.
232
255
 
233
- * Value type is <<array,array>>
234
- * There is no default value for this setting
235
- * Results are returned under a field using the table name
236
-
237
256
  *Specifying a single table*
238
257
 
239
258
  [source,ruby]
@@ -267,10 +286,10 @@ These options are required only if you are using SNMPv3.
267
286
  [id="plugins-{type}s-{plugin}-auth_pass"]
268
287
  ===== `auth_pass`
269
288
 
270
- The `auth_pass` option specifies the SNMPv3 authentication passphrase or password
289
+ * Value type is <<password,password>>
290
+ * There is no default value for this setting
271
291
 
272
- * Value type is <<password,password>>
273
- * There is no default value for this setting
292
+ The `auth_pass` option specifies the SNMPv3 authentication passphrase or password.
274
293
 
275
294
  [id="plugins-{type}s-{plugin}-auth_protocol"]
276
295
  ===== `auth_protocol`
@@ -280,38 +299,66 @@ The `auth_protocol` option specifies the SNMPv3 authentication protocol or type
280
299
  * Value can be any of: `md5`, `sha`, `sha2`, `hmac128sha224`, `hmac192sha256`, `hmac256sha384`, `hmac384sha512`
281
300
  * There is no default value for this setting
282
301
 
302
+ [id="plugins-{type}s-{plugin}-ecs_compatibility"]
303
+ ===== `ecs_compatibility`
304
+
305
+ * Value type is <<string,string>>
306
+ * Supported values are:
307
+ ** `disabled`: does not use ECS-compatible field names (fields might be set at the root of the event)
308
+ ** `v1`, `v8`: avoids field names that might conflict with Elastic Common Schema (for example, the `host` field)
309
+ * Default value depends on which version of Logstash is running:
310
+ ** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
311
+ ** Otherwise, the default value is `disabled`.
312
+
313
+ Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)].
314
+
283
315
  [id="plugins-{type}s-{plugin}-priv_pass"]
284
316
  ===== `priv_pass`
285
317
 
286
- The `priv_pass` option specifies the SNMPv3 encryption password
318
+ * Value type is <<password,password>>
319
+ * There is no default value for this setting
287
320
 
288
- * Value type is <<password,password>>
289
- * There is no default value for this setting
321
+ The `priv_pass` option specifies the SNMPv3 encryption password.
290
322
 
291
323
  [id="plugins-{type}s-{plugin}-priv_protocol"]
292
324
  ===== `priv_protocol`
293
325
 
294
- The `priv_protocol` option specifies the SNMPv3 privacy/encryption protocol.
326
+ * Value can be any of: `des`, `3des`, `aes`, `aes128`, `aes192`, `aes256`
327
+ * Note that `aes` and `aes128` are equivalent
328
+ * There is no default value for this setting
295
329
 
296
- * Value can be any of: `des`, `3des`, `aes`, `aes128`, `aes192`, `aes256`
297
- * Note that `aes` and `aes128` are equivalent
298
- * There is no default value for this setting
330
+ The `priv_protocol` option specifies the SNMPv3 privacy/encryption protocol.
299
331
 
300
332
  [id="plugins-{type}s-{plugin}-security_name"]
301
333
  ===== `security_name`
302
334
 
303
- The `security_name` option specifies the SNMPv3 security name or user name
335
+ * Value type is <<string,string>>
336
+ * There is no default value for this setting
304
337
 
305
- * Value type is <<string,string>>
306
- * There is no default value for this setting
338
+ The `security_name` option specifies the SNMPv3 security name or user name.
307
339
 
308
340
  [id="plugins-{type}s-{plugin}-security_level"]
309
341
  ===== `security_level`
310
342
 
311
- The `security_level` option specifies the SNMPv3 security level between Authentication, No Privacy; Authentication, Privacy; or no Authentication, no Privacy
343
+ * Value can be any of: `noAuthNoPriv`, `authNoPriv`, `authPriv`
344
+ * There is no default value for this setting
312
345
 
313
- * Value can be any of: `noAuthNoPriv`, `authNoPriv`, `authPriv`
314
- * There is no default value for this setting
346
+ The `security_level` option specifies the SNMPv3 security level between
347
+ Authentication, No Privacy; Authentication, Privacy; or no Authentication, no Privacy.
348
+
349
+ [id="plugins-{type}s-{plugin}-target"]
350
+ ===== `target`
351
+
352
+ * Value type is <<string,string>>
353
+ * There is no default value for this setting
354
+
355
+ The name of the field under which SNMP payloads are assigned.
356
+ If not specified data will be stored in the root of the event.
357
+
358
+ Setting a target is recommended when <<plugins-{type}s-{plugin}-ecs_compatibility>> is enabled.
359
+
360
+ [id="plugins-{type}s-{plugin}-examples"]
361
+ ==== Configuration examples
315
362
 
316
363
  *Specifying SNMPv3 settings*
317
364
 
@@ -332,8 +379,6 @@ input {
332
379
 
333
380
  -----
334
381
 
335
- ==== More configuration examples
336
-
337
382
  *Using both `get` and `walk` in the same poll cycle for each host(s)*
338
383
 
339
384
  [source,ruby]
@@ -7,11 +7,24 @@ require_relative "snmp/client"
7
7
  require_relative "snmp/clientv3"
8
8
  require_relative "snmp/mib"
9
9
 
10
+ require 'logstash/plugin_mixins/ecs_compatibility_support'
11
+ require 'logstash/plugin_mixins/ecs_compatibility_support/target_check'
12
+ require 'logstash/plugin_mixins/event_support/event_factory_adapter'
13
+ require 'logstash/plugin_mixins/validator_support/field_reference_validation_adapter'
14
+
10
15
  # Generate a repeating message.
11
16
  #
12
17
  # This plugin is intented only as an example.
13
18
 
14
19
  class LogStash::Inputs::Snmp < LogStash::Inputs::Base
20
+
21
+ include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
22
+ include LogStash::PluginMixins::ECSCompatibilitySupport::TargetCheck
23
+
24
+ include LogStash::PluginMixins::EventSupport::EventFactoryAdapter
25
+
26
+ extend LogStash::PluginMixins::ValidatorSupport::FieldReferenceValidationAdapter
27
+
15
28
  config_name "snmp"
16
29
 
17
30
  # List of OIDs for which we want to retrieve the scalar value
@@ -67,9 +80,6 @@ class LogStash::Inputs::Snmp < LogStash::Inputs::Base
67
80
  # The default, `30`, means poll each host every 30 seconds.
68
81
  config :interval, :validate => :number, :default => 30
69
82
 
70
- # Add the default "host" field to the event.
71
- config :add_field, :validate => :hash, :default => { "host" => "%{[@metadata][host_address]}" }
72
-
73
83
  # SNMPv3 Credentials
74
84
  #
75
85
  # A single user can be configured and will be used for all defined SNMPv3 hosts.
@@ -94,9 +104,29 @@ class LogStash::Inputs::Snmp < LogStash::Inputs::Base
94
104
  # The SNMPv3 security level can be Authentication, No Privacy; Authentication, Privacy; or no Authentication, no Privacy
95
105
  config :security_level, :validate => ["noAuthNoPriv", "authNoPriv", "authPriv"]
96
106
 
107
+ # Defines a target field for placing fields.
108
+ # If this setting is omitted, data gets stored at the root (top level) of the event.
109
+ # The target is only relevant while decoding data into a new event.
110
+ config :target, :validate => :field_reference
111
+
97
112
  BASE_MIB_PATH = ::File.join(__FILE__, "..", "..", "..", "mibs")
98
113
  PROVIDED_MIB_PATHS = [::File.join(BASE_MIB_PATH, "logstash"), ::File.join(BASE_MIB_PATH, "ietf")].map { |path| ::File.expand_path(path) }
99
114
 
115
+ def initialize(params={})
116
+ super(params)
117
+
118
+ @host_protocol_field = ecs_select[disabled: '[@metadata][host_protocol]', v1: '[@metadata][input][snmp][host][protocol]']
119
+ @host_address_field = ecs_select[disabled: '[@metadata][host_address]', v1: '[@metadata][input][snmp][host][address]']
120
+ @host_port_field = ecs_select[disabled: '[@metadata][host_port]', v1: '[@metadata][input][snmp][host][port]']
121
+ @host_community_field = ecs_select[disabled: '[@metadata][host_community]', v1: '[@metadata][input][snmp][host][community]']
122
+
123
+ # Add the default "host" field to the event, for backwards compatibility, or host.ip in ecs mode
124
+ unless params.key?('add_field')
125
+ host_ip_field = ecs_select[disabled: "host", v1: "[host][ip]"]
126
+ @add_field = { host_ip_field => "%{#{@host_address_field}}" }
127
+ end
128
+ end
129
+
100
130
  def register
101
131
  validate_oids!
102
132
  validate_hosts!
@@ -165,46 +195,49 @@ class LogStash::Inputs::Snmp < LogStash::Inputs::Base
165
195
  # each run. each run polls all the defined hosts for the get and walk options.
166
196
  stoppable_interval_runner.every(@interval, "polling hosts") do
167
197
  @client_definitions.each do |definition|
198
+ client = definition[:client]
168
199
  result = {}
169
200
  if !definition[:get].empty?
201
+ oids = definition[:get]
170
202
  begin
171
- result = result.merge(definition[:client].get(definition[:get], @oid_root_skip, @oid_path_length))
203
+ result = result.merge(client.get(oids, @oid_root_skip, @oid_path_length))
172
204
  rescue => e
173
- logger.error("error invoking get operation on #{definition[:host_address]} for OIDs: #{definition[:get]}, ignoring", :exception => e, :backtrace => e.backtrace)
205
+ logger.error("error invoking get operation for OIDs: #{oids}, ignoring",
206
+ host: definition[:host_address], exception: e, backtrace: e.backtrace)
174
207
  end
175
208
  end
176
- if !definition[:walk].empty?
209
+ if !definition[:walk].empty?
177
210
  definition[:walk].each do |oid|
178
211
  begin
179
- result = result.merge(definition[:client].walk(oid, @oid_root_skip, @oid_path_length))
212
+ result = result.merge(client.walk(oid, @oid_root_skip, @oid_path_length))
180
213
  rescue => e
181
- logger.error("error invoking walk operation on OID: #{oid}, ignoring", :exception => e, :backtrace => e.backtrace)
214
+ logger.error("error invoking walk operation on OID: #{oid}, ignoring",
215
+ host: definition[:host_address], exception: e, backtrace: e.backtrace)
182
216
  end
183
217
  end
184
218
  end
185
219
 
186
- if !Array(@tables).empty?
220
+ if !Array(@tables).empty?
187
221
  @tables.each do |table_entry|
188
222
  begin
189
- result = result.merge(definition[:client].table(table_entry, @oid_root_skip, @oid_path_length))
223
+ result = result.merge(client.table(table_entry, @oid_root_skip, @oid_path_length))
190
224
  rescue => e
191
- logger.error("error invoking table operation on OID: #{table_entry['name']}, ignoring", :exception => e, :backtrace => e.backtrace)
225
+ logger.error("error invoking table operation on OID: #{table_entry['name']}, ignoring",
226
+ host: definition[:host_address], exception: e, backtrace: e.backtrace)
192
227
  end
193
228
  end
194
229
  end
195
230
 
196
231
  unless result.empty?
197
- metadata = {
198
- "host_protocol" => definition[:host_protocol],
199
- "host_address" => definition[:host_address],
200
- "host_port" => definition[:host_port],
201
- "host_community" => definition[:host_community],
202
- }
203
- result["@metadata"] = metadata
204
-
205
- event = LogStash::Event.new(result)
232
+ event = targeted_event_factory.new_event(result)
233
+ event.set(@host_protocol_field, definition[:host_protocol])
234
+ event.set(@host_address_field, definition[:host_address])
235
+ event.set(@host_port_field, definition[:host_port])
236
+ event.set(@host_community_field, definition[:host_community])
206
237
  decorate(event)
207
238
  queue << event
239
+ else
240
+ logger.debug? && logger.debug("no snmp data retrieved", host: definition[:host_address])
208
241
  end
209
242
  end
210
243
  end
@@ -230,7 +263,7 @@ class LogStash::Inputs::Snmp < LogStash::Inputs::Base
230
263
  private
231
264
 
232
265
  OID_REGEX = /^\.?([0-9\.]+)$/
233
- HOST_REGEX = /^(?<host_protocol>udp|tcp):(?<host_address>.+)\/(?<host_port>\d+)$/i
266
+ HOST_REGEX = /^(?<host_protocol>\w+):(?<host_address>.+)\/(?<host_port>\d+)$/i
234
267
  VERSION_REGEX =/^1|2c|3$/
235
268
 
236
269
  def validate_oids!
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-input-snmp'
3
- s.version = '1.2.8'
3
+ s.version = '1.3.0'
4
4
  s.licenses = ['Apache-2.0']
5
5
  s.summary = "SNMP input plugin"
6
6
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -20,8 +20,12 @@ Gem::Specification.new do |s|
20
20
 
21
21
  # Gem dependencies
22
22
  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
23
- s.add_runtime_dependency 'stud', '>= 0.0.22', '< 0.1.0'
23
+ s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~> 1.3'
24
+ s.add_runtime_dependency 'logstash-mixin-event_support', '~> 1.0'
25
+ s.add_runtime_dependency 'logstash-mixin-validator_support', '~> 1.0'
24
26
  s.add_runtime_dependency 'logstash-codec-plain'
27
+ s.add_runtime_dependency 'stud', '>= 0.0.22', '< 0.1.0'
28
+
25
29
  s.add_development_dependency 'logstash-devutils'
26
30
  s.add_development_dependency 'rspec-wait'
27
31
  end
@@ -1,9 +1,11 @@
1
1
  # encoding: utf-8
2
2
  require "logstash/devutils/rspec/spec_helper"
3
3
  require "logstash/devutils/rspec/shared_examples"
4
+ require 'logstash/plugin_mixins/ecs_compatibility_support/spec_helper'
4
5
  require "logstash/inputs/snmp"
5
6
 
6
- describe LogStash::Inputs::Snmp do
7
+ describe LogStash::Inputs::Snmp, :ecs_compatibility_support do
8
+
7
9
  let(:mock_client) { double("LogStash::SnmpClient") }
8
10
 
9
11
  it_behaves_like "an interruptible input plugin" do
@@ -130,7 +132,12 @@ describe LogStash::Inputs::Snmp do
130
132
  end
131
133
  end
132
134
 
133
- context "@metadata" do
135
+ ecs_compatibility_matrix(:disabled, :v1, :v8) do |ecs_select|
136
+
137
+ before(:each) do
138
+ allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
139
+ end
140
+
134
141
  before do
135
142
  expect(LogStash::SnmpClient).to receive(:new).and_return(mock_client)
136
143
  expect(mock_client).to receive(:get).and_return({"foo" => "bar"})
@@ -143,25 +150,33 @@ describe LogStash::Inputs::Snmp do
143
150
  input {
144
151
  snmp {
145
152
  get => ["1.3.6.1.2.1.1.1.0"]
146
- hosts => [{host => "udp:127.0.0.1/161" community => "public"}]
153
+ hosts => [{ host => "udp:127.0.0.1/161" community => "public" }]
147
154
  }
148
155
  }
149
156
  CONFIG
150
157
  event = input(config) { |_, queue| queue.pop }
151
158
 
152
- expect(event.get("[@metadata][host_protocol]")).to eq("udp")
153
- expect(event.get("[@metadata][host_address]")).to eq("127.0.0.1")
154
- expect(event.get("[@metadata][host_port]")).to eq("161")
155
- expect(event.get("[@metadata][host_community]")).to eq("public")
156
- expect(event.get("host")).to eq("127.0.0.1")
159
+ if ecs_select.active_mode == :disabled
160
+ expect(event.get("[@metadata][host_protocol]")).to eq("udp")
161
+ expect(event.get("[@metadata][host_address]")).to eq("127.0.0.1")
162
+ expect(event.get("[@metadata][host_port]")).to eq("161")
163
+ expect(event.get("[@metadata][host_community]")).to eq("public")
164
+ expect(event.get("host")).to eql("127.0.0.1")
165
+ else
166
+ expect(event.get("[@metadata][input][snmp][host][protocol]")).to eq("udp")
167
+ expect(event.get("[@metadata][input][snmp][host][address]")).to eq("127.0.0.1")
168
+ expect(event.get("[@metadata][input][snmp][host][port]")).to eq('161')
169
+ expect(event.get("[@metadata][input][snmp][host][community]")).to eq("public")
170
+ expect(event.get("host")).to eql('ip' => "127.0.0.1")
171
+ end
157
172
  end
158
173
 
159
- it "shoud add custom host field" do
174
+ it "should add custom host field (legacy metadata)" do
160
175
  config = <<-CONFIG
161
176
  input {
162
177
  snmp {
163
178
  get => ["1.3.6.1.2.1.1.1.0"]
164
- hosts => [{host => "udp:127.0.0.1/161" community => "public"}]
179
+ hosts => [{ host => "udp:127.0.0.1/161" community => "public" }]
165
180
  add_field => { host => "%{[@metadata][host_protocol]}:%{[@metadata][host_address]}/%{[@metadata][host_port]},%{[@metadata][host_community]}" }
166
181
  }
167
182
  }
@@ -169,6 +184,37 @@ describe LogStash::Inputs::Snmp do
169
184
  event = input(config) { |_, queue| queue.pop }
170
185
 
171
186
  expect(event.get("host")).to eq("udp:127.0.0.1/161,public")
187
+ end if ecs_select.active_mode == :disabled
188
+
189
+ it "should add custom host field (ECS mode)" do
190
+ config = <<-CONFIG
191
+ input {
192
+ snmp {
193
+ get => ["1.3.6.1.2.1.1.1.0"]
194
+ hosts => [{ host => "tcp:192.168.1.11/1161" }]
195
+ add_field => { "[host][formatted]" => "%{[@metadata][input][snmp][host][protocol]}://%{[@metadata][input][snmp][host][address]}:%{[@metadata][input][snmp][host][port]}" }
196
+ }
197
+ }
198
+ CONFIG
199
+ event = input(config) { |_, queue| queue.pop }
200
+
201
+ expect(event.get("host")).to eq('formatted' => "tcp://192.168.1.11:1161")
202
+ end if ecs_select.active_mode != :disabled
203
+
204
+ it "should target event data" do
205
+ config = <<-CONFIG
206
+ input {
207
+ snmp {
208
+ get => ["1.3.6.1.2.1.1.1.0"]
209
+ hosts => [{ host => "udp:127.0.0.1/161" community => "public" }]
210
+ target => "snmp_data"
211
+ }
212
+ }
213
+ CONFIG
214
+ event = input(config) { |_, queue| queue.pop }
215
+
216
+ expect( event.include?('foo') ).to be false
217
+ expect( event.get('[snmp_data]') ).to eql 'foo' => 'bar'
172
218
  end
173
219
  end
174
220
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-snmp
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.8
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elasticsearch
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-15 00:00:00.000000000 Z
11
+ date: 2021-11-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -33,23 +33,45 @@ dependencies:
33
33
  - !ruby/object:Gem::Dependency
34
34
  requirement: !ruby/object:Gem::Requirement
35
35
  requirements:
36
- - - ">="
36
+ - - "~>"
37
37
  - !ruby/object:Gem::Version
38
- version: 0.0.22
39
- - - "<"
38
+ version: '1.3'
39
+ name: logstash-mixin-ecs_compatibility_support
40
+ prerelease: false
41
+ type: :runtime
42
+ version_requirements: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - "~>"
40
45
  - !ruby/object:Gem::Version
41
- version: 0.1.0
42
- name: stud
46
+ version: '1.3'
47
+ - !ruby/object:Gem::Dependency
48
+ requirement: !ruby/object:Gem::Requirement
49
+ requirements:
50
+ - - "~>"
51
+ - !ruby/object:Gem::Version
52
+ version: '1.0'
53
+ name: logstash-mixin-event_support
43
54
  prerelease: false
44
55
  type: :runtime
45
56
  version_requirements: !ruby/object:Gem::Requirement
46
57
  requirements:
47
- - - ">="
58
+ - - "~>"
48
59
  - !ruby/object:Gem::Version
49
- version: 0.0.22
50
- - - "<"
60
+ version: '1.0'
61
+ - !ruby/object:Gem::Dependency
62
+ requirement: !ruby/object:Gem::Requirement
63
+ requirements:
64
+ - - "~>"
51
65
  - !ruby/object:Gem::Version
52
- version: 0.1.0
66
+ version: '1.0'
67
+ name: logstash-mixin-validator_support
68
+ prerelease: false
69
+ type: :runtime
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - "~>"
73
+ - !ruby/object:Gem::Version
74
+ version: '1.0'
53
75
  - !ruby/object:Gem::Dependency
54
76
  requirement: !ruby/object:Gem::Requirement
55
77
  requirements:
@@ -64,6 +86,26 @@ dependencies:
64
86
  - - ">="
65
87
  - !ruby/object:Gem::Version
66
88
  version: '0'
89
+ - !ruby/object:Gem::Dependency
90
+ requirement: !ruby/object:Gem::Requirement
91
+ requirements:
92
+ - - ">="
93
+ - !ruby/object:Gem::Version
94
+ version: 0.0.22
95
+ - - "<"
96
+ - !ruby/object:Gem::Version
97
+ version: 0.1.0
98
+ name: stud
99
+ prerelease: false
100
+ type: :runtime
101
+ version_requirements: !ruby/object:Gem::Requirement
102
+ requirements:
103
+ - - ">="
104
+ - !ruby/object:Gem::Version
105
+ version: 0.0.22
106
+ - - "<"
107
+ - !ruby/object:Gem::Version
108
+ version: 0.1.0
67
109
  - !ruby/object:Gem::Dependency
68
110
  requirement: !ruby/object:Gem::Requirement
69
111
  requirements:
@@ -416,10 +458,8 @@ files:
416
458
  - spec/fixtures/collision.dic
417
459
  - spec/inputs/integration/it_spec.rb
418
460
  - spec/inputs/snmp/base_client_spec.rb
419
- - spec/inputs/snmp/interval_runner_spec.rb
420
461
  - spec/inputs/snmp/mib_spec.rb
421
462
  - spec/inputs/snmp_spec.rb
422
- - vendor/jar-dependencies/org/snmp4j/snmp4j/2.5.11/snmp4j-2.5.11.jar
423
463
  - vendor/jar-dependencies/org/snmp4j/snmp4j/2.8.4/snmp4j-2.8.4.jar
424
464
  homepage: http://www.elastic.co/guide/en/logstash/current/index.html
425
465
  licenses:
@@ -452,6 +492,5 @@ test_files:
452
492
  - spec/fixtures/collision.dic
453
493
  - spec/inputs/integration/it_spec.rb
454
494
  - spec/inputs/snmp/base_client_spec.rb
455
- - spec/inputs/snmp/interval_runner_spec.rb
456
495
  - spec/inputs/snmp/mib_spec.rb
457
496
  - spec/inputs/snmp_spec.rb
File without changes