Class: LogStash::Filters::DNS

Inherits:
Base show all
Defined in:
lib/logstash/filters/dns.rb

Overview

The DNS filter performs a lookup (either an A record/CNAME record lookup or a reverse lookup at the PTR record) on records specified under the “reverse” and “resolve” arrays.

The config should look like this:

filter {
  dns {
    type => 'type'
    reverse => [ "source_host", "field_with_address" ]
    resolve => [ "field_with_fqdn" ]
    action => "replace"
  }
}

Caveats: at the moment, there’s no way to tune the timeout with the ‘resolv’ core library. It does seem to be fixed in here:

http://redmine.ruby-lang.org/issues/5100

but isn’t currently in JRuby.

Constant Summary

Constants inherited from Base

Base::RESERVED

Constants included from Config::Mixin

Config::Mixin::CONFIGSORT

Instance Attribute Summary

Attributes included from Config::Mixin

#config, #original_params

Attributes inherited from Plugin

#logger, #params

Instance Method Summary collapse

Methods inherited from Base

#execute, #initialize, #threadsafe?

Methods included from Config::Mixin

#config_init, included

Methods inherited from Plugin

#eql?, #finished, #finished?, #hash, #initialize, #inspect, lookup, #reload, #running?, #shutdown, #teardown, #terminating?, #to_s

Constructor Details

This class inherits a constructor from LogStash::Filters::Base

Instance Method Details

#filter(event) ⇒ Object 



70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/logstash/filters/dns.rb', line 70

def filter(event)
  return unless filter?(event)

  if @resolve
    begin
      status = Timeout::timeout(@timeout) { 
        resolve(event)
      }
    rescue Timeout::Error
      @logger.debug("DNS: resolve action timed out")
      return
    end
  end

  if @reverse
    begin
      status = Timeout::timeout(@timeout) { 
        reverse(event)
      }
    rescue Timeout::Error
      @logger.debug("DNS: reverse action timed out")
      return
    end
  end

  filter_matched(event)
end

#registerObject 



57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/logstash/filters/dns.rb', line 57

def register
  require "resolv"
  require "timeout"
  if @nameserver.nil?
    @resolv = Resolv.new
  else
    @resolv = Resolv.new(resolvers=[::Resolv::Hosts.new, ::Resolv::DNS.new(:nameserver => [@nameserver], :search => [], :ndots => 1)])
  end

  @ip_validator = Resolv::AddressRegex
end