JarCasting
JarCasting JarCasting

graylog-plugin-glpi

Graylog plugin which add pipeline function into Graylog to request GLPI API.

License

License
Categories

Categories

Security Graylog Application Layer Libs Logging
GroupId

GroupId

com.airbus-cyber-security.graylog
ArtifactId

ArtifactId

graylog-plugin-glpi
Last Version

Last Version

1.4.0
Release Date

Release Date
Type

Type

jar
Description

Description

graylog-plugin-glpi
Graylog plugin which add pipeline function into Graylog to request GLPI API.
Project URL

Project URL

https://github.com/airbus-cyber/graylog-plugin-glpi
Project Organization

Project Organization

Graylog, Inc.
Source Code Management

Source Code Management

https://github.com/airbus-cyber/graylog-plugin-glpi

Download graylog-plugin-glpi

Filename Size
graylog-plugin-glpi-1.4.0.pom
graylog-plugin-glpi-1.4.0.jar 7 MB
graylog-plugin-glpi-1.4.0-sources.jar 4 MB
graylog-plugin-glpi-1.4.0-javadoc.jar 85 KB
Browse

How to add to project

<!-- https://jarcasting.com/artifacts/com.airbus-cyber-security.graylog/graylog-plugin-glpi/ -->
<dependency>
    <groupId>com.airbus-cyber-security.graylog</groupId>
    <artifactId>graylog-plugin-glpi</artifactId>
    <version>1.4.0</version>
</dependency>
// https://jarcasting.com/artifacts/com.airbus-cyber-security.graylog/graylog-plugin-glpi/
implementation 'com.airbus-cyber-security.graylog:graylog-plugin-glpi:1.4.0'
// https://jarcasting.com/artifacts/com.airbus-cyber-security.graylog/graylog-plugin-glpi/
implementation ("com.airbus-cyber-security.graylog:graylog-plugin-glpi:1.4.0")
'com.airbus-cyber-security.graylog:graylog-plugin-glpi:jar:1.4.0'
<dependency org="com.airbus-cyber-security.graylog" name="graylog-plugin-glpi" rev="1.4.0">
  <artifact name="graylog-plugin-glpi" type="jar" />
</dependency>
@Grapes(
@Grab(group='com.airbus-cyber-security.graylog', module='graylog-plugin-glpi', version='1.4.0')
)
libraryDependencies += "com.airbus-cyber-security.graylog" % "graylog-plugin-glpi" % "1.4.0"
[com.airbus-cyber-security.graylog/graylog-plugin-glpi "1.4.0"]

Dependencies

compile (2)

Group / Artifact Type Version
org.glassfish : javax.json jar 1.1.4
org.ehcache : ehcache jar 3.8.1

provided (4)

Group / Artifact Type Version
org.graylog2 : graylog2-server jar 3.2.2
org.graylog.plugins : graylog-plugin-pipeline-processor jar 1.1.1
com.google.auto.value : auto-value jar 1.6.2
com.google.auto.service : auto-service jar 1.0-rc4

test (2)

Group / Artifact Type Version
junit : junit jar 4.12
org.mockito : mockito-core jar 2.8.9

Project Modules

There are no modules declared in this project.

GLPI Connector Pipelines functions

Build Status License GitHub Release

Version Compatibility

Plugin Version Graylog Version
1.4.x 3.2.x
>= 1.3.x 3.0.x

Installation

Download the plugin and place the .jar file in your Graylog plugin directory. The plugin directory is the plugins/ folder relative from your graylog-server directory by default and can be configured in your graylog.conf file.

Restart graylog-server and you are done.

Configuration

In the configuration tab of Graylog, you will have to provide:

  • GLPI API URL
  • GLPI User API Token
  • GLPI APP Token
  • Cache Heap Size
  • Cache TTL

You may have to change the order into "Message Processors Configuration". Just switch between "Message Filter Chain" and "Pipeline Processor"

Usage

To search into the Computer category for the source field and display all fields, create a pipeline function like:

rule "GLPIComputer"
when
  has_field("source")
then
  let computer = GLPI(to_string($message.source), "Computer", "");
  let computer_fieds = key_value(computer);
  set_fields(computer_fieds, "Computer-");
end

If you want to do the same search but displaying only the field called OSName, create a pipeline function like:

rule "GLPIComputer"
when
  has_field("source")
then
  let computer = GLPI(to_string($message.source), "Computer", "OSName");
  let computer_fieds = key_value(computer);
  set_fields(computer_fieds, "Computer-");
end

Build

This project is using Maven 3 and requires Java 8 or higher.

  • Clone this repository.
  • Run mvn package to build a JAR file.
  • Optional: Run mvn jdeb:jdeb and mvn rpm:rpm to create a DEB and RPM package respectively.
  • Copy generated JAR file in target directory to your Graylog plugin directory.
  • Restart the Graylog.

License

This plugin is released under version 3.0 of the GNU General Public License.

com.airbus-cyber-security.graylog

Airbus CyberSecurity

Airbus CyberSecurity protects governments, military, organisations and critical national infrastructure from cyber threats.

Versions

Version
1.4.0
1.3.0
1.2.1
1.2.0
1.1.0
1.0.0