filter
filter {
ruby {
path => '/home/tmp/logstash-6.8.1/enc_base64.rb'
script_params => {
'b64_fields' => ['ip_addr', 'pc_mac']
}
}
ruby {
path => '/home/tmp/logstash-6.8.1/dec_base64.rb'
}
}
enc_base64.rb
def register(params)
require 'base64'
@b64_fields = params["b64_fields"]
end
def filter(event)
@b64_fields.each do |k|
v = event.get(k)
puts("==> k: #{k}, v: #{v}")
if !v.nil?
event.set("#{k}_enc64", Base64.strict_encode64(v))
event.remove(k)
end
end
return [event]
end
dec_base64.rb
def register(params)
require 'base64'
end
def filter(event)
event.to_hash.each do |k, v|
if k.end_with?("_enc64") and !v.nil?
puts("==> k: #{k}, v: #{v}")
event.set(k[0..-7], Base64.strict_decode64(v))
event.remove(k)
end
end
return [event]
end