Class: LogStash::Filters::CIDR

Inherits:
Base
  • Object
show all
Defined in:
lib/logstash/filters/cidr.rb

Overview

The CIDR filter is for checking IP addresses in events against a list of network blocks that might contain it. Multiple addresses can be checked against multiple networks, any match succeeds. Upon success additional tags and/or fields can be added to the event.

Instance Method Summary collapse

Instance Method Details

#filter(event) ⇒ Object 



44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'lib/logstash/filters/cidr.rb', line 44

def filter(event)
  

  address = @address.collect do |a|
    begin
      IPAddr.new(event.sprintf(a))
    rescue ArgumentError => e
      @logger.warn("Invalid IP address, skipping", :address => a, :event => event)
      nil
    end
  end
  address.compact!

  network = @network.collect do |n|
    begin
      IPAddr.new(event.sprintf(n))
    rescue ArgumentError => e
      @logger.warn("Invalid IP network, skipping", :network => n, :event => event)
      nil
    end
  end
  network.compact!

  # Try every combination of address and network, first match wins
  address.product(network).each do |a, n|
    @logger.debug("Checking IP inclusion", :address => a, :network => n)
    if n.include?(a)
      filter_matched(event)
      return
    end
  end
end

#registerObject 



39
40
41
 
# File 'lib/logstash/filters/cidr.rb', line 39

def register
  # Nothing
end