Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ip2location/logstash-filter-ip2proxy
IP2Proxy filter plugin for Logstash enables Logstash's users to query an IP address if it was being used as open proxy, web proxy, VPN servers and TOR exits. It also appends country, state, city and ISP information of the server.
https://github.com/ip2location/logstash-filter-ip2proxy
ip2location ip2proxy ip2proxy-bin-database ip2proxy-filter-plugin logstash open-proxies proxy-checker proxy-database proxy-information tor-exits vpn-servers
Last synced: 24 days ago
JSON representation
IP2Proxy filter plugin for Logstash enables Logstash's users to query an IP address if it was being used as open proxy, web proxy, VPN servers and TOR exits. It also appends country, state, city and ISP information of the server.
- Host: GitHub
- URL: https://github.com/ip2location/logstash-filter-ip2proxy
- Owner: ip2location
- License: other
- Created: 2023-11-24T06:27:55.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-10-21T00:26:45.000Z (2 months ago)
- Last Synced: 2024-10-21T03:53:55.805Z (2 months ago)
- Topics: ip2location, ip2proxy, ip2proxy-bin-database, ip2proxy-filter-plugin, logstash, open-proxies, proxy-checker, proxy-database, proxy-information, tor-exits, vpn-servers
- Language: Ruby
- Homepage: https://www.ip2location.com
- Size: 291 KB
- Stars: 2
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# IP2Proxy Filter Plugin
This is IP2Proxy filter plugin for Logstash that enables Logstash's users to reverse search of IP address to detect VPN servers, open proxies, web proxies, Tor exit nodes, search engine robots, data center ranges, residential proxies, consumer privacy networks, and enterprise private networks using IP2Proxy BIN database. Other information available includes proxy type, country, state, city, ISP, domain name, usage type, AS number, AS name, threats, last seen date and provider names. The library took the proxy IP address from **IP2Proxy BIN Data** file and **IP2Location.io** data.For the methods to use IP2Proxy filter plugin with Elastic Stack (Elasticsearch, Filebeat, Logstash, and Kibana), please take a look on this [tutorial](https://blog.ip2location.com/knowledge-base/how-to-use-ip2proxy-filter-plugin-with-elastic-stack).
*Note: This plugin works in Logstash 7 and Logstash 8.*
## Dependencies (IP2PROXY BIN DATA FILE)
This plugin requires IP2Proxy BIN data file to function. You may download the BIN data file at
* IP2Proxy LITE BIN Data (Free): https://lite.ip2location.com
* IP2Proxy Commercial BIN Data (Commercial): https://www.ip2location.com## Dependencies (IP2LOCATION.IO DATA)
This plugin requires API key to function. You may sign up for a free API key at https://www.ip2location.io/pricing.## Installation
Install this plugin by the following code:
```
bin/logstash-plugin install logstash-filter-ip2proxy
```## Config File Example
```
input {
beats {
port => "5043"
}
}filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
ip2proxy {
source => "[source][address]"
}
}output {
elasticsearch {
hosts => [ "localhost:9200" ]
}
}
```## Config File Example using IP2Location.io
```
input {
beats {
port => "5043"
}
}filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
ip2proxy {
source => "[source][address]"
lookup_type => "ws"
api_key => "YOUR_API_KEY"
}
}output {
elasticsearch {
hosts => [ "localhost:9200" ]
}
}
```## IP2Proxy Filter Configuration
|Setting|Input type|Required|
|---|---|---|
|source|string|Yes|
|database|a valid filesystem path|No|
|use_memory_mapped|boolean|No|
|use_cache|boolean|No|
|lookup_type|string|No|
|api_key|string|No|
|hide_unsupported_fields|boolean|No|* **source** field is a required setting that containing the IP address or hostname to get the ip information.
* **database** field is an optional setting that containing the path to the IP2Proxy BIN database file.
* **use_memory_mapped** field is an optional setting that used to allow user to enable the use of memory mapped file. Default value is false.
* **use_cache** field is an optional setting that used to allow user to enable the use of cache. Default value is true.
* **lookup_type** field is an optional setting that used to allow user to decide the lookup method either using IP2Proxy BIN database file(db) or IP2Location.io data(ws). Default value is db.
* **api_key** field is an optional setting that used to allow user to set the API Key of the IP2Location.io lookup.
* **hide_unsupported_fields** field is an optional setting that used to allow user to hide unsupported fields. Default value is false.## Sample Output
|Field|Description|
|---|---|
|ip2proxy.as|the autonomous system (AS) name of proxy's IP address or domain name|
|ip2proxy.asn|the autonomous system number (ASN) of proxy's IP address or domain name|
|ip2proxy.city|the city name of the proxy|
|ip2proxy.country_long|the ISO3166-1 country name of the proxy|
|ip2proxy.country_short|the ISO3166-1 country code (two-characters) of the proxy|
|ip2proxy.domain|the domain name of proxy's IP address or domain name|
|ip2proxy.is_proxy|Check whether if an IP address was a proxy. Returned value:
- -1 : errors
- 0 : not a proxy
- 1 : a proxy
- 2 : a data center IP address
|ip2proxy.isp|the ISP name of the proxy|
|ip2proxy.last_seen|the last seen days ago value of proxy's IP address or domain name|
|ip2proxy.provider|the VPN service provider name if available|
|ip2proxy.proxy_type|the proxy type. Please visit IP2Location for the list of proxy types supported|
|ip2proxy.region|the ISO3166-2 region name of the proxy. Please visit ISO3166-2 Subdivision Code for the information of ISO3166-2 supported|
|ip2proxy.thread|the threat type of the proxy|
|ip2proxy.usage_type|the usage type classification of the proxy. Please visit IP2Location for the list of usage types supported|
## Support
Email: [email protected]
URL: [https://www.ip2location.com](https://www.ip2location.com)