[INFO ][logstash.codecs.nmap] Using version 0.1.x codec plugin 'nmap'. This plugin isn't well supported by the community and likely has no maintainer

Elastic Stack Logstash
1

Hello elastic-team,

There is something odd with my Logstash when I am using logstash-codec-nmap.
What I mean:

  1. According to blog https://www.elastic.co/blog/using-nmap-logstash-to-gain-insight-into-your-network, I configured my Logstash to parse nmap-data in xml files.
  2. All input xml files are in /home/elastic directory with full permission for user=elastic, from whom I start Logstash.
  3. Both config-files (simple, without filter{} ):
    input {
    file {
    path => "/home/elastic/*.xml"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    codec => nmap
    }
    }
    output {
    elasticsearch {hosts => ["10.132.0.6:9200"]}
    stdout {codec => rubydebug}
    }
    and (more complex + filter{}, is available via link https://drive.google.com/open?id=0BxPCBwFCZ9StUFN6NDZtdFItblE) with Elasticsearch mapping give the same result ->
    [INFO ][logstash.codecs.nmap] Using version 0.1.x codec plugin 'nmap'. This plugin isn't well supported by the community and likely has no maintainer.
    For start pipeline, I used:
    in case simple conf-file: $sudo bin/logstash -f simple-file.conf --log.level=debug --path.settings=/etc/logstash
    in case complex conf-file: $sudo bin/logstash -f complex-file.conf --log.level=debug --path.settings=/etc/logstash
    All conf-files and json-template are in directory /usr/share/logstash, from which I start these commands too.
    I don't see nmap-logs in Kibana. For other log-types everything is okay (samba, psad for example).
    Logstahs-log file with log.level=debug and nmap-xml file are available via link https://drive.google.com/open?id=0BxPCBwFCZ9StUFN6NDZtdFItblE.

ODD thing:
also I visited https://github.com/logstash-plugins/logstash-codec-nmap/releases and at first remove plugin logstash-codec-nmap from Logstash ant than install it with command:
$sudo bin/logstash-plugin install --version=0.0.18 logstash-codec-nmap
ressult was success installed nmap-codec, but nothing was changed and I have the same ->
[INFO ][logstash.codecs.nmap] Using version 0.1.x codec plugin 'nmap'. This plugin isn't well supported by the community and likely has no maintainer.

Logstash machine:
$ sudo bin/logstash --version
logstash 5.4.0

Elasticsearch machine:
$ sudo bin/elasticsearch --version
Version: 5.4.0, Build: 780f8c4/2017-04-28T17:43:27.229Z, JVM: 1.8.0_131

Kibana machine:
$ sudo bin/kibana --version
5.4.0

Please, help me to understand how can I fix nmap parsing.

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.