Repository: metron Updated Branches: refs/heads/master fc6614b18 -> 7cd39316a
METRON-1027 Errant Log Message When No GeoIP Hit on Valid, External IPv4 Address (nickwallen) closes apache/metron#644 Project: http://git-wip-us.apache.org/repos/asf/metron/repo Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/7cd39316 Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/7cd39316 Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/7cd39316 Branch: refs/heads/master Commit: 7cd39316a4e7587c84efbfa2d8da503d1a6640a7 Parents: fc6614b Author: nickwallen <[email protected]> Authored: Tue Jul 11 10:10:24 2017 -0400 Committer: nickallen <[email protected]> Committed: Tue Jul 11 10:10:24 2017 -0400 ---------------------------------------------------------------------- .../metron/enrichment/adapters/geo/GeoAdapter.java | 1 - .../metron/enrichment/adapters/geo/GeoLiteDatabase.java | 8 +++++--- .../enrichment/stellar/GeoEnrichmentFunctions.java | 3 +++ .../enrichment/adapters/geo/GeoLiteDatabaseTest.java | 11 ++++++++++- 4 files changed, 18 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/metron/blob/7cd39316/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/adapters/geo/GeoAdapter.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/adapters/geo/GeoAdapter.java b/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/adapters/geo/GeoAdapter.java index afd5f97..370faa0 100644 --- a/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/adapters/geo/GeoAdapter.java +++ b/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/adapters/geo/GeoAdapter.java @@ -46,7 +46,6 @@ public class GeoAdapter implements EnrichmentAdapter<CacheKey>, Serializable { JSONObject enriched = new JSONObject(); Optional<HashMap<String, String>> result = GeoLiteDatabase.INSTANCE.get(value.coerceValue(String.class)); if(!result.isPresent()) { - _LOG.error("GEO Enrichment failure: {}", value.coerceValue(String.class)); return new JSONObject(); } http://git-wip-us.apache.org/repos/asf/metron/blob/7cd39316/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/adapters/geo/GeoLiteDatabase.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/adapters/geo/GeoLiteDatabase.java b/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/adapters/geo/GeoLiteDatabase.java index d40d980..174f165 100644 --- a/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/adapters/geo/GeoLiteDatabase.java +++ b/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/adapters/geo/GeoLiteDatabase.java @@ -19,6 +19,7 @@ package org.apache.metron.enrichment.adapters.geo; import com.maxmind.db.CHMCache; import com.maxmind.geoip2.DatabaseReader; +import com.maxmind.geoip2.exception.AddressNotFoundException; import com.maxmind.geoip2.exception.GeoIp2Exception; import com.maxmind.geoip2.model.CityResponse; import com.maxmind.geoip2.record.City; @@ -127,7 +128,8 @@ public enum GeoLiteDatabase { return Optional.empty(); } if (isIneligibleAddress(ip, addr)) { - return Optional.of(new HashMap()); + LOG.debug("[Metron] IP ineligible for GeoLite2 lookup {}", ip); + return Optional.empty(); } try { @@ -162,8 +164,8 @@ public enum GeoLiteDatabase { } return Optional.of(geoInfo); - } catch (UnknownHostException e) { - LOG.warn("[Metron] No result found for IP {}", ip); + } catch (UnknownHostException | AddressNotFoundException e) { + LOG.debug("[Metron] No result found for IP {}", ip); } catch (GeoIp2Exception | IOException e) { LOG.warn("[Metron] GeoLite2 DB encountered an error", e); } finally { http://git-wip-us.apache.org/repos/asf/metron/blob/7cd39316/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/stellar/GeoEnrichmentFunctions.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/stellar/GeoEnrichmentFunctions.java b/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/stellar/GeoEnrichmentFunctions.java index 0dea61c..b99b34f 100644 --- a/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/stellar/GeoEnrichmentFunctions.java +++ b/metron-platform/metron-enrichment/src/main/java/org/apache/metron/enrichment/stellar/GeoEnrichmentFunctions.java @@ -24,6 +24,7 @@ import org.apache.metron.stellar.dsl.Stellar; import org.apache.metron.stellar.dsl.StellarFunction; import org.apache.metron.enrichment.adapters.geo.GeoLiteDatabase; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -63,6 +64,8 @@ public class GeoEnrichmentFunctions { Optional<HashMap<String, String>> result = GeoLiteDatabase.INSTANCE.get(ip); if(result.isPresent()) { return result.get(); + } else { + return Collections.EMPTY_MAP; } } else if (args.size() == 2 && args.get(1) instanceof List) { // If fields are provided, return just those fields. http://git-wip-us.apache.org/repos/asf/metron/blob/7cd39316/metron-platform/metron-enrichment/src/test/java/org/apache/metron/enrichment/adapters/geo/GeoLiteDatabaseTest.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-enrichment/src/test/java/org/apache/metron/enrichment/adapters/geo/GeoLiteDatabaseTest.java b/metron-platform/metron-enrichment/src/test/java/org/apache/metron/enrichment/adapters/geo/GeoLiteDatabaseTest.java index 913c661..9a29e3d 100644 --- a/metron-platform/metron-enrichment/src/test/java/org/apache/metron/enrichment/adapters/geo/GeoLiteDatabaseTest.java +++ b/metron-platform/metron-enrichment/src/test/java/org/apache/metron/enrichment/adapters/geo/GeoLiteDatabaseTest.java @@ -108,7 +108,16 @@ public class GeoLiteDatabaseTest { GeoLiteDatabase.INSTANCE.update(geoHdfsFile.getAbsolutePath()); Optional<HashMap<String, String>> result = GeoLiteDatabase.INSTANCE.get("192.168.0.1"); - Assert.assertEquals("Local IP should return empty map", new HashMap<String, String>(), result.get()); + Assert.assertFalse("Local address result should be empty", result.isPresent()); + } + + @Test + public void testExternalAddressNotFound() throws Exception { + GeoLiteDatabase.INSTANCE.update(geoHdfsFile.getAbsolutePath()); + + // the range 203.0.113.0/24 is assigned as "TEST-NET-3" and should never be locatable + Optional<HashMap<String, String>> result = GeoLiteDatabase.INSTANCE.get("203.0.113.1"); + Assert.assertFalse("External address not found", result.isPresent()); } @Test
