[ANNOUNCEMENT] Logstash ipcat filter

athoune · January 25, 2016, 9:33am

ipcat is a project for classifying IP : "Datacenter or not", and which provider.

Here is the optimized filter for logstash :

warkolm · January 25, 2016, 10:10am

Interesting, can you provide a config example?

athoune · January 25, 2016, 2:32pm

Same usage as geoip.

You can use something like that :

input {
    # get some apache log
}

filter {

    ipcat {
       source => "clientip"
       #default target is "ipcat"
    }

}

output {
    if [ipcat] {
        file {
            path => "/var/log/logstash/ipcat.log"
        }
    }
}

Topic		Replies	Views
Logstash - création d'index en fonction de l'IP de provenance Discussions en français	27	9044	March 16, 2017
Logstash query for IPs and GeoData Logstash	2	365	November 7, 2018
Compare IP's in netflow to Reputational List Logstash	2	872	July 6, 2017
Convert site name to IP address in Logstash Logstash	5	1669	July 6, 2017
Using cidr plugin for tagging logs Logstash	28	7198	February 24, 2017

[ANNOUNCEMENT] Logstash ipcat filter

Related topics