Class: LogStash::Filters::DNS

Inherits:

Base

• Object
• Base
• LogStash::Filters::DNS

Defined in:

lib/logstash/filters/dns.rb

Overview

The DNS filter performs a lookup (either an A record/CNAME record lookup or a reverse lookup at the PTR record) on records specified under the ‘reverse` arrays or respectively under the `resolve` arrays.

The config should look like this:

source,ruby

filter {

dns {
  reverse => [ "source_host", "field_with_address" ]
  resolve => [ "field_with_fqdn" ]
  action => "replace"
}

}

This filter, like all filters, only processes 1 event at a time, so the use of this plugin can significantly slow down your pipeline’s throughput if you have a high latency network. By way of example, if each DNS lookup takes 2 milliseconds, the maximum throughput you can achieve with a single filter worker is 500 events per second (1000 milliseconds / 2 milliseconds).

Instance Attribute Summary

• #failed_cache ⇒ Object readonly

  Returns the value of attribute failed_cache.

• #hit_cache ⇒ Object readonly

  Returns the value of attribute hit_cache.

Instance Method Summary

• #filter(event) ⇒ Object
• #register ⇒ Object

Instance Attribute Details

#failed_cache ⇒ Object (readonly)

Returns the value of attribute failed_cache.

# File 'lib/logstash/filters/dns.rb', line 90

def failed_cache
  @failed_cache
end

#hit_cache ⇒ Object (readonly)

Returns the value of attribute hit_cache.

# File 'lib/logstash/filters/dns.rb', line 89

def hit_cache
  @hit_cache
end

Instance Method Details

#filter(event) ⇒ Object

# File 'lib/logstash/filters/dns.rb', line 112

def filter(event)
  if @resolve
    return if resolve(event).nil?
  end

  if @reverse
    return if reverse(event).nil?
  end

  filter_matched(event)
end

#register ⇒ Object

# File 'lib/logstash/filters/dns.rb', line 93

def register
  if @nameserver.nil? && @hostsfile.nil?
    @resolv = Resolv.new(default_resolvers)
  else
    @resolv = Resolv.new(build_resolvers)
  end

  if @hit_cache_size > 0
    @hit_cache = LruRedux::TTL::ThreadSafeCache.new(@hit_cache_size, @hit_cache_ttl)
  end

  if @failed_cache_size > 0
    @failed_cache = LruRedux::TTL::ThreadSafeCache.new(@failed_cache_size, @failed_cache_ttl)
  end

  @ip_validator = Resolv::AddressRegex
end