Enable the use of MaxMind GeoIP2-Domain databases

logstash-plugins · Feb 7, 2020 · 024cc29 · 024cc29
1 parent eff8697
commit 024cc29
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/src/main/java/org/logstash/filters/Fields.java b/src/main/java/org/logstash/filters/Fields.java
@@ -32,6 +32,7 @@ enum Fields {
   CONTINENT_NAME("continent_name"),
   COUNTRY_CODE2("country_code2"),
   COUNTRY_CODE3("country_code3"),
+  DOMAIN("domain"),
   IP("ip"),
   ISP("isp"),
   POSTAL_CODE("postal_code"),
@@ -70,6 +71,8 @@ public String fieldName() {
   static final EnumSet<Fields> DEFAULT_ASN_LITE_FIELDS = EnumSet.of(Fields.IP, Fields.AUTONOMOUS_SYSTEM_NUMBER,
       Fields.AUTONOMOUS_SYSTEM_ORGANIZATION);
 
+  static final EnumSet<Fields> DEFAULT_DOMAIN_FIELDS = EnumSet.of(Fields.DOMAIN);
+
   public static Fields parseField(String value) {
     try {
       return valueOf(value.toUpperCase(Locale.ROOT));

diff --git a/src/main/java/org/logstash/filters/GeoIPFilter.java b/src/main/java/org/logstash/filters/GeoIPFilter.java
@@ -25,6 +25,7 @@
 import com.maxmind.geoip2.model.AsnResponse;
 import com.maxmind.geoip2.model.CityResponse;
 import com.maxmind.geoip2.model.CountryResponse;
+import com.maxmind.geoip2.model.DomainResponse;
 import com.maxmind.geoip2.model.IspResponse;
 import com.maxmind.geoip2.record.*;
 import org.apache.logging.log4j.LogManager;
@@ -56,6 +57,7 @@ public class GeoIPFilter {
   private static final String CITY_SOUTH_AMERICA_DB_TYPE = "GeoIP2-City-South-America";
   private static final String COUNTRY_DB_TYPE = "GeoIP2-Country";
   private static final String ISP_DB_TYPE = "GeoIP2-ISP";
+  private static final String DOMAIN_DB_TYPE = "GeoIP2-Domain";
 
   private final String sourceField;
   private final String targetField;
@@ -99,6 +101,8 @@ private Set<Fields> createDesiredFields(List<String> fields) {
         case ASN_LITE_DB_TYPE:
           desiredFields = Fields.DEFAULT_ASN_LITE_FIELDS;
           break;
+        case DOMAIN_DB_TYPE:
+          desiredFields = Fields.DEFAULT_DOMAIN_FIELDS;
       }
     } else {
       for (String fieldName : fields) {
@@ -153,6 +157,9 @@ public boolean handleEvent(RubyEvent rubyEvent) {
         case ISP_DB_TYPE:
           geoData = retrieveIspGeoData(ipAddress);
           break;
+        case DOMAIN_DB_TYPE:
+          geoData = retrieveDomainGeoData(ipAddress);
+          break;
         default:
           throw new IllegalStateException("Unsupported database type " + databaseReader.getMetadata().getDatabaseType() + "");
       }
@@ -401,4 +408,19 @@ private Map<String, Object> retrieveAsnGeoData(InetAddress ipAddress) throws Geo
 
     return geoData;
   }
+
+  private Map<String, Object> retrieveDomainGeoData(InetAddress ipAddress) throws GeoIp2Exception, IOException {
+    DomainResponse response = databaseReader.domain(ipAddress);
+    Map<String, Object> geoData = new HashMap<>();
+    for (Fields desiredField : this.desiredFields) {
+      switch (desiredField) {
+        case DOMAIN:
+          String domain = response.getDomain();
+          geoData.put(Fields.DOMAIN.fieldName(), domain);
+          break;
+      }
+    }
+
+    return geoData;
+  }
 }