use of org.graylog.plugins.map.config.GeoIpResolverConfig in project graylog2-server by Graylog2.
the class V20211221144300_GeoIpResolverConfigMigration method upgrade.
/**
* This code change modifies {@link GeoIpResolverConfig} by removing the field <b>db_type</b> and adding the field <b>database_vendor_type</b>.
*
* <p>
* The objective of this migration is to add the new field (with value {@link DatabaseVendorType#MAXMIND}) if not already present, and to remove the old field.
* </p>
*/
@Override
public void upgrade() {
MigrationCompletion completion = clusterConfigService.get(MigrationCompletion.class);
if (completion != null) {
LOG.debug("Migration was already completed");
return;
}
final MongoCollection<Document> collection = mongoConnection.getMongoDatabase().getCollection(COLLECTION_NAME);
LOG.info("Updating '{}' collection.", COLLECTION_NAME);
Bson geoConfFilter = Filters.eq("type", GeoIpResolverConfig.class.getCanonicalName());
Bson noColumnFilter = Filters.exists(FIELD_DB_VENDOR, false);
// set default value for 'enforce_graylog_schema'
Bson setEnforceSchema = Updates.set(FIELD_ENFORCE, false);
// set blank asn db path
Bson setAsnPath = Updates.set(FIELD_ASN_DB_PATH, "");
// rename db type field to db vendor type
Bson renameDbTypeToVendor = Updates.rename(FIELD_DB_TYPE, FIELD_DB_VENDOR);
// rename existing db_path field to city_db_path
Bson renameDbPath = Updates.rename(FIELD_DB_PATH, FIELD_CITY_DB_PATH);
Bson updates = Updates.combine(setEnforceSchema, renameDbTypeToVendor, renameDbPath, setAsnPath);
LOG.info("Planned Updates: {}", updates);
final UpdateResult updateResult = collection.updateOne(Filters.and(geoConfFilter, noColumnFilter), updates);
LOG.info("Update Result: {}", updateResult);
Bson setDefaultVendor = Updates.set(FIELD_DB_VENDOR, DatabaseVendorType.MAXMIND.name());
LOG.info("Setting default vendor: {}", setDefaultVendor);
final UpdateResult updateVendorResult = collection.updateOne(geoConfFilter, setDefaultVendor);
LOG.info("Default Vendor Update Result: {}", updateVendorResult);
clusterConfigService.write(MigrationCompletion.create());
}
use of org.graylog.plugins.map.config.GeoIpResolverConfig in project graylog2-server by Graylog2.
the class GeoIpResolverEngineTest method testGetIpAddressFieldsEnforceGraylogSchema.
@Test
public void testGetIpAddressFieldsEnforceGraylogSchema() {
GeoIpResolverConfig conf = config.toBuilder().enforceGraylogSchema(true).build();
final GeoIpResolverEngine engine = new GeoIpResolverEngine(geoIpVendorResolverService, conf, metricRegistry);
Map<String, Object> fields = new HashMap<>();
fields.put("_id", java.util.UUID.randomUUID().toString());
fields.put("source_ip", "127.0.0.1");
fields.put("src_ip", "127.0.0.1");
fields.put("destination_ip", "127.0.0.1");
fields.put("dest_ip", "127.0.0.1");
fields.put("gl2_test", "127.0.0.1");
Message message = new Message(fields);
List<String> ipFields = engine.getIpAddressFields(message);
// with the Graylog Schema enforced, only the source_ip and destination_ip should be returned
Assertions.assertEquals(2, ipFields.size());
Assertions.assertTrue(ipFields.contains("source_ip"));
Assertions.assertTrue(ipFields.contains("destination_ip"));
}
use of org.graylog.plugins.map.config.GeoIpResolverConfig in project graylog2-server by Graylog2.
the class GeoIpResolverEngineTest method testGetIpAddressFieldsEnforceGraylogSchemaFalse.
@Test
public void testGetIpAddressFieldsEnforceGraylogSchemaFalse() {
GeoIpResolverConfig conf = config.toBuilder().enforceGraylogSchema(false).build();
final GeoIpResolverEngine engine = new GeoIpResolverEngine(geoIpVendorResolverService, conf, metricRegistry);
Map<String, Object> fields = new HashMap<>();
fields.put("_id", java.util.UUID.randomUUID().toString());
fields.put("source_ip", "127.0.0.1");
fields.put("src_ip", "127.0.0.1");
fields.put("destination_ip", "127.0.0.1");
fields.put("dest_ip", "127.0.0.1");
fields.put("gl2_test", "127.0.0.1");
Message message = new Message(fields);
List<String> ipFields = engine.getIpAddressFields(message);
// without enforcing the Graylog Schema, all but the gl2_* fields should be returned.
Assertions.assertEquals(5, ipFields.size());
}
use of org.graylog.plugins.map.config.GeoIpResolverConfig in project graylog2-server by Graylog2.
the class GeoIpProcessor method reload.
private void reload() {
final GeoIpResolverConfig newConfig = clusterConfigService.getOrDefault(GeoIpResolverConfig.class, GeoIpResolverConfig.defaultConfig());
LOG.debug("Updating GeoIP resolver engine - {}", newConfig);
filterEngine.set(new GeoIpResolverEngine(geoIpVendorResolverService, newConfig, metricRegistry));
}
use of org.graylog.plugins.map.config.GeoIpResolverConfig in project graylog2-server by Graylog2.
the class GeoIpResolverEngineTest method testFilterIpInfo.
@Test
public void testFilterIpInfo() {
when(ipInfoAsnResolver.isEnabled()).thenReturn(true);
when(ipInfoAsnResolver.getGeoIpData(publicIp)).thenReturn(Optional.of(ipInfoAsnInfo));
when(ipInfoCityResolver.isEnabled()).thenReturn(true);
when(ipInfoCityResolver.getGeoIpData(publicIp)).thenReturn(Optional.of(ipInfoLocationInfo));
when(geoIpVendorResolverService.createCityResolver(any(GeoIpResolverConfig.class), any(Timer.class))).thenReturn(ipInfoCityResolver);
when(geoIpVendorResolverService.createAsnResolver(any(GeoIpResolverConfig.class), any(Timer.class))).thenReturn(ipInfoAsnResolver);
GeoIpResolverConfig conf = config.toBuilder().databaseVendorType(DatabaseVendorType.IPINFO).build();
final GeoIpResolverEngine engine = new GeoIpResolverEngine(geoIpVendorResolverService, conf, metricRegistry);
Map<String, Object> fields = new HashMap<>();
fields.put("_id", java.util.UUID.randomUUID().toString());
fields.put("source_ip", publicIp.getHostAddress());
Message message = new Message(fields);
engine.filter(message);
String expectedGeoName = ipInfoLocationInfo.cityName() + ", " + ipInfoLocationInfo.countryIsoCode();
Assertions.assertEquals(expectedGeoName, message.getField("source_geo_name"));
Assertions.assertEquals(ipInfoLocationInfo.region(), message.getField("source_geo_region"));
Assertions.assertEquals(ipInfoLocationInfo.cityName(), message.getField("source_geo_city"));
Assertions.assertEquals(ipInfoLocationInfo.timeZone(), message.getField("source_geo_timezone"));
Assertions.assertFalse(message.hasField("source_geo_country"));
Assertions.assertEquals(ipInfoLocationInfo.countryIsoCode(), message.getField("source_geo_country_iso"));
Assertions.assertEquals(ipInfoAsnInfo.organization(), message.getField("source_as_organization"));
Assertions.assertEquals(ipInfoAsnInfo.asn(), message.getField("source_as_number"));
}
Aggregations