class LogStash::Filters::Cipher

This filter parses a source and apply a cipher or decipher before storing it in the target.

Public Instance Methods

filter(event) click to toggle source
# File lib/logstash/filters/cipher.rb, line 91
def filter(event)
  return unless filter?(event)


  #If decrypt or encrypt fails, we keep it it intact.
  begin
    #@logger.debug("Event to filter", :event => event)
    data = event[@source]
    if @mode == "decrypt"
      data =  Base64.decode64(data) if @base64 == true
    end
    result = @cipher.update(data) + @cipher.final
    if @mode == "encrypt"
      data =  Base64.encode64(data) if @base64 == true
    end
  rescue => e
    @logger.warn("Exception catch on cipher filter", :event => event, :error => e)
  else
    event[@target]= result
    #Is it necessary to add 'if !result.nil?' ? exception have been already catched.
    #In doubt, I keep it.
    filter_matched(event) if !result.nil?
    #Too much bad result can be a problem, reinit cipher prevent this.
    init_cipher
  end
end
init_cipher() click to toggle source
# File lib/logstash/filters/cipher.rb, line 118
def init_cipher

  @cipher = OpenSSL::Cipher.new(@algorithm)
  if @mode == "encrypt"
    @cipher.encrypt
  elsif @mode == "decrypt"
    @cipher.decrypt
  else
    @logger.error("Invalid cipher mode. Valid values are \"encrypt\" or \"decrypt\"", :mode => @mode)
    raise "Bad configuration, aborting."
  end

  if @key.length != @key_size
    @logger.debug("key length is " + @key.length.to_s + ", padding it to " + @key_size.to_s + " with '" + @key_pad.to_s + "'")
    @key = @key[0,@key_size].ljust(@key_size,@key_pad)
  end

  @cipher.key = @key

  @cipher.iv = @iv if @iv

  @cipher.padding = @cipher_padding if @cipher_padding

  @logger.debug("Cipher initialisation done", :mode => @mode, :key => @key, :iv => @iv, :cipher_padding => @cipher_padding)
end
register() click to toggle source
# File lib/logstash/filters/cipher.rb, line 85
def register
  require 'base64' if @base64
  init_cipher
end