logstash-filter-ip2proxy
Advanced tools
This is IP2Proxy filter plugin for Logstash that enables Logstash's users to reverse search of IP address to detect VPN servers, open proxies, web proxies, Tor exit nodes, search engine robots, data center ranges, residential proxies, consumer privacy networks, and enterprise private networks using IP2Proxy BIN database. Other information available includes proxy type, country, state, city, ISP, domain name, usage type, AS number, AS name, threats, last seen date and provider names. The library took the proxy IP address from IP2Proxy BIN Data file and IP2Location.io data.
For the methods to use IP2Proxy filter plugin with Elastic Stack (Elasticsearch, Filebeat, Logstash, and Kibana), please take a look on this tutorial.
Note: This plugin works in Logstash 7 and Logstash 8.
This plugin requires IP2Proxy BIN data file to function. You may download the BIN data file at
This plugin requires API key to function. You may sign up for a free API key at https://www.ip2location.io/pricing.
Install this plugin by the following code:
bin/logstash-plugin install logstash-filter-ip2proxy
input {
beats {
port => "5043"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
ip2proxy {
source => "[source][address]"
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
}
}
input {
beats {
port => "5043"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
ip2proxy {
source => "[source][address]"
lookup_type => "ws"
api_key => "YOUR_API_KEY"
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
}
}
| Setting | Input type | Required |
|---|---|---|
| source | string | Yes |
| database | a valid filesystem path | No |
| use_memory_mapped | boolean | No |
| use_cache | boolean | No |
| lookup_type | string | No |
| api_key | string | No |
| hide_unsupported_fields | boolean | No |
| Field | Description |
|---|---|
| ip2proxy.as | the autonomous system (AS) name of proxy's IP address or domain name |
| ip2proxy.asn | the autonomous system number (ASN) of proxy's IP address or domain name |
| ip2proxy.city | the city name of the proxy |
| ip2proxy.country_long | the ISO3166-1 country name of the proxy |
| ip2proxy.country_short | the ISO3166-1 country code (two-characters) of the proxy |
| ip2proxy.domain | the domain name of proxy's IP address or domain name |
| ip2proxy.is_proxy | Check whether if an IP address was a proxy. Returned value:
|
| ip2proxy.isp | the ISP name of the proxy |
| ip2proxy.last_seen | the last seen days ago value of proxy's IP address or domain name |
| ip2proxy.provider | the VPN service provider name if available |
| ip2proxy.proxy_type | the proxy type. Please visit IP2Location for the list of proxy types supported |
| ip2proxy.region | the ISO3166-2 region name of the proxy. Please visit ISO3166-2 Subdivision Code for the information of ISO3166-2 supported |
| ip2proxy.thread | the threat type of the proxy |
| ip2proxy.usage_type | the usage type classification of the proxy. Please visit IP2Location for the list of usage types supported |
Email: support@ip2location.com
FAQs
Unknown package
We found that logstash-filter-ip2proxy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
Security News
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.
Security News
A clarification on our recent research investigating 60 malicious Ruby gems.