-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add IP-addresses and MAC-addresses to event #6878
Changes from 11 commits
215b308
06c1a3d
bf696b1
70bf057
5bd56a1
5538abf
65463ab
3e438f8
959e2f6
5c20a52
df58825
1b09cd6
1cba03f
dfef568
1ef240d
7c44e2a
e909f81
dde24f7
993b2bc
014f5d5
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -31,3 +31,12 @@ | |
type: keyword | ||
description: > | ||
OS family (e.g. redhat, debian, freebsd, windows). | ||
- name: ip | ||
type: ip | ||
description: > | ||
List of IP-addresses. | ||
- name: mac | ||
type: keyword | ||
description: > | ||
List of hardware-addresses, usually MAC-addresses. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I assume the type here would be There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, I'll fix that |
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,12 @@ | ||
package add_host_metadata | ||
|
||
import ( | ||
"fmt" | ||
"net" | ||
"time" | ||
|
||
"github.com/pkg/errors" | ||
|
||
"github.com/elastic/beats/libbeat/beat" | ||
"github.com/elastic/beats/libbeat/common" | ||
"github.com/elastic/beats/libbeat/processors" | ||
|
@@ -18,19 +22,27 @@ type addHostMetadata struct { | |
info types.HostInfo | ||
lastUpdate time.Time | ||
data common.MapStr | ||
config Config | ||
} | ||
|
||
const ( | ||
processorName = "add_host_metadata" | ||
cacheExpiration = time.Minute * 5 | ||
) | ||
|
||
func newHostMetadataProcessor(_ *common.Config) (processors.Processor, error) { | ||
func newHostMetadataProcessor(cfg *common.Config) (processors.Processor, error) { | ||
config := defaultConfig() | ||
if err := cfg.Unpack(&config); err != nil { | ||
return nil, errors.Wrapf(err, "fail to unpack the %v configuration", processorName) | ||
} | ||
|
||
h, err := sysinfo.Host() | ||
if err != nil { | ||
return nil, err | ||
} | ||
p := &addHostMetadata{ | ||
info: h.Info(), | ||
info: h.Info(), | ||
config: config, | ||
} | ||
return p, nil | ||
} | ||
|
@@ -71,10 +83,57 @@ func (p *addHostMetadata) loadData() { | |
if p.info.OS.Build != "" { | ||
p.data.Put("host.os.build", p.info.OS.Build) | ||
} | ||
|
||
if p.config.NetInfoEnabled { | ||
// IP-address and MAC-address | ||
var ipList, hwList = p.getNetInfo() | ||
p.data.Put("host.ip", ipList) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Reviewing the code below and the possibility that ipList and hwList can be empty, we should check for There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, I'll fix that |
||
p.data.Put("host.mac", hwList) | ||
} | ||
|
||
p.lastUpdate = time.Now() | ||
} | ||
} | ||
|
||
func (p addHostMetadata) getNetInfo() ([]string, []string) { | ||
var ipList []string | ||
var hwList []string | ||
|
||
// Get all interfaces and loop through them | ||
ifaces, err := net.Interfaces() | ||
if err != nil { | ||
return ipList, hwList | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Instead or returning the empty lists could we return here the error? Meaning it would return There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Sure, do you have a code example of logging, that I could look at? |
||
} | ||
for _, i := range ifaces { | ||
// Skip loopback interfaces | ||
if i.Flags&net.FlagLoopback == net.FlagLoopback { | ||
continue | ||
} | ||
|
||
hw := i.HardwareAddr.String() | ||
// Skip empty hardware addresses | ||
if hw != "" { | ||
hwList = append(hwList, hw) | ||
} | ||
|
||
addrs, err := i.Addrs() | ||
if err != nil { | ||
return ipList, hwList | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Similar question as above. I wonder if in case of an error we should just log it but continue trying to collect the addresses from the interfaces instead of returning. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It is a matter of taste, I prefer to fail fast. You decide. |
||
} | ||
for _, addr := range addrs { | ||
switch v := addr.(type) { | ||
case *net.IPNet: | ||
ipList = append(ipList, v.IP.String()) | ||
case *net.IPAddr: | ||
ipList = append(ipList, v.IP.String()) | ||
} | ||
} | ||
} | ||
|
||
return ipList, hwList | ||
} | ||
|
||
func (p addHostMetadata) String() string { | ||
return "add_host_metadata=[]" | ||
return fmt.Sprintf("%v=[netinfo.enabled=[%v]]", | ||
processorName, p.config.NetInfoEnabled) | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
package add_host_metadata | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. don't use an underscore in package name |
||
|
||
//import ( | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. leftover? |
||
// "github.com/elastic/beats/libbeat/processors" | ||
//) | ||
|
||
// Config for add_host_metadata processor. | ||
type Config struct { | ||
NetInfoEnabled bool `config:"netinfo.enabled"` // Add IP and MAC to event | ||
} | ||
|
||
func defaultConfig() Config { | ||
return Config{ | ||
NetInfoEnabled: false, | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can use the type
ip
here: https://www.elastic.co/guide/en/elasticsearch/reference/6.2/ip.htmlThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, of course! I'll fix that too.