Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

logstash-filter-ip2proxy

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

logstash-filter-ip2proxy

  • 2.4.0
  • Rubygems
  • Socket score
Version published
Maintainers
1
Created
Source

IP2Proxy Filter Plugin

This is IP2Proxy filter plugin for Logstash that enables Logstash's users to reverse search of IP address to detect VPN servers, open proxies, web proxies, Tor exit nodes, search engine robots, data center ranges, residential proxies, consumer privacy networks, and enterprise private networks using IP2Proxy BIN database. Other information available includes proxy type, country, state, city, ISP, domain name, usage type, AS number, AS name, threats, last seen date and provider names. The library took the proxy IP address from IP2Proxy BIN Data file and IP2Location.io data.

For the methods to use IP2Proxy filter plugin with Elastic Stack (Elasticsearch, Filebeat, Logstash, and Kibana), please take a look on this tutorial.

Note: This plugin works in Logstash 7 and Logstash 8.

Dependencies (IP2PROXY BIN DATA FILE)

This plugin requires IP2Proxy BIN data file to function. You may download the BIN data file at

Dependencies (IP2LOCATION.IO DATA)

This plugin requires API key to function. You may sign up for a free API key at https://www.ip2location.io/pricing.

Installation

Install this plugin by the following code:

bin/logstash-plugin install logstash-filter-ip2proxy

Config File Example

input {
  beats {
    port => "5043"
  }
}

filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}"}
  }
  ip2proxy {
    source => "[source][address]"
  }
}

output {
  elasticsearch {
    hosts => [ "localhost:9200" ]
  }
}

Config File Example using IP2Location.io

input {
  beats {
    port => "5043"
  }
}

filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}"}
  }
  ip2proxy {
    source => "[source][address]"
    lookup_type => "ws"
    api_key => "YOUR_API_KEY"
  }
}

output {
  elasticsearch {
    hosts => [ "localhost:9200" ]
  }
}

IP2Proxy Filter Configuration

SettingInput typeRequired
sourcestringYes
databasea valid filesystem pathNo
use_memory_mappedbooleanNo
use_cachebooleanNo
lookup_typestringNo
api_keystringNo
hide_unsupported_fieldsbooleanNo
  • source field is a required setting that containing the IP address or hostname to get the ip information.
  • database field is an optional setting that containing the path to the IP2Proxy BIN database file.
  • use_memory_mapped field is an optional setting that used to allow user to enable the use of memory mapped file. Default value is false.
  • use_cache field is an optional setting that used to allow user to enable the use of cache. Default value is true.
  • lookup_type field is an optional setting that used to allow user to decide the lookup method either using IP2Proxy BIN database file(db) or IP2Location.io data(ws). Default value is db.
  • api_key field is an optional setting that used to allow user to set the API Key of the IP2Location.io lookup.
  • hide_unsupported_fields field is an optional setting that used to allow user to hide unsupported fields. Default value is false.

Sample Output

FieldDescription
ip2proxy.asthe autonomous system (AS) name of proxy's IP address or domain name
ip2proxy.asnthe autonomous system number (ASN) of proxy's IP address or domain name
ip2proxy.citythe city name of the proxy
ip2proxy.country_longthe ISO3166-1 country name of the proxy
ip2proxy.country_shortthe ISO3166-1 country code (two-characters) of the proxy
ip2proxy.domainthe domain name of proxy's IP address or domain name
ip2proxy.is_proxyCheck whether if an IP address was a proxy. Returned value:
  • -1 : errors
  • 0 : not a proxy
  • 1 : a proxy
  • 2 : a data center IP address
ip2proxy.ispthe ISP name of the proxy
ip2proxy.last_seenthe last seen days ago value of proxy's IP address or domain name
ip2proxy.providerthe VPN service provider name if available
ip2proxy.proxy_typethe proxy type. Please visit IP2Location for the list of proxy types supported
ip2proxy.regionthe ISO3166-2 region name of the proxy. Please visit ISO3166-2 Subdivision Code for the information of ISO3166-2 supported
ip2proxy.threadthe threat type of the proxy
ip2proxy.usage_typethe usage type classification of the proxy. Please visit IP2Location for the list of usage types supported

Support

Email: support@ip2location.com

URL: https://www.ip2location.com

FAQs

Package last updated on 21 Oct 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

Security News

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.

By Sarah Gooding  -  Nov 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc