Sha256: a948373070a91447c9176ed7c3c2e2d8d13bec24e8ededd49ee318f98d399048
Contents?: true
Size: 1.98 KB
Versions: 1
Compression:
Stored size: 1.98 KB
Contents
# encoding: utf-8
require "logstash/filters/base"
require "logstash/namespace"
require "ipaddr"
# The CIDR filter is for checking IP addresses in events against a list of
# network blocks that might contain it. Multiple addresses can be checked
# against multiple networks, any match succeeds. Upon success additional tags
# and/or fields can be added to the event.
class LogStash::Filters::CIDR < LogStash::Filters::Base
config_name "cidr"
milestone 1
# The IP address(es) to check with. Example:
#
# filter {
# %PLUGIN% {
# add_tag => [ "testnet" ]
# address => [ "%{src_ip}", "%{dst_ip}" ]
# network => [ "192.0.2.0/24" ]
# }
# }
config :address, :validate => :array, :default => []
# The IP network(s) to check against. Example:
#
# filter {
# %PLUGIN% {
# add_tag => [ "linklocal" ]
# address => [ "%{clientip}" ]
# network => [ "169.254.0.0/16", "fe80::/64" ]
# }
# }
config :network, :validate => :array, :default => []
public
def register
# Nothing
end # def register
public
def filter(event)
return unless filter?(event)
address = @address.collect do |a|
begin
IPAddr.new(event.sprintf(a))
rescue ArgumentError => e
@logger.warn("Invalid IP address, skipping", :address => a, :event => event)
nil
end
end
address.compact!
network = @network.collect do |n|
begin
IPAddr.new(event.sprintf(n))
rescue ArgumentError => e
@logger.warn("Invalid IP network, skipping", :network => n, :event => event)
nil
end
end
network.compact!
# Try every combination of address and network, first match wins
address.product(network).each do |a, n|
@logger.debug("Checking IP inclusion", :address => a, :network => n)
if n.include?(a)
filter_matched(event)
return
end
end
end # def filter
end # class LogStash::Filters::CIDR
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| logstash-lib-1.3.2 | lib/logstash/filters/cidr.rb |