Added ipv4_network and murmur3 algorithms to the anonymize filter

lib/logstash/filters/anonymize.rb

@@ -13,12 +13,22 @@ class LogStash::Filters::Anonymize < LogStash::Filters::Base
   config :key, :validate => :string, :required => true
 
   # digest type
-  config :algorithm, :validate => ['SHA', 'SHA1', 'SHA224', 'SHA256', 'SHA384', 'SHA512', 'MD4', 'MD5'], :required => true, :default => 'SHA1'
+  config :algorithm, :validate => ['SHA', 'SHA1', 'SHA224', 'SHA256', 'SHA384', 'SHA512', 'MD4', 'MD5', "MURMUR3", "IPV4_NETWORK"], :required => true, :default => 'SHA1'
 
   public
   def register
-    # require any library
-    require 'openssl'
+    # require any library and set the anonymize function
+    case @algorithm
+    when "IPV4_NETWORK"
+      require "ipaddress"
+      class << self; alias_method :anonymize, :anonymize_ipv4_network; end
+    when "MURMUR3"
+      require "murmurhash3"
+      class << self; alias_method :anonymize, :anonymize_murmur3; end
+    else
+      require 'openssl'
+      class << self; alias_method :anonymize, :anonymize_openssl; end
+    end
   end # def register
 
   public
@@ -30,12 +40,29 @@ class LogStash::Filters::Anonymize < LogStash::Filters::Base
   end # def filter
 
   private
-  def anonymize(data)
+  def anonymize_ipv4_network(ip_string)
+    warn "ipv4"
+    ip = IPAddress::IPv4.new(ip_string)
+    ip.prefix = @key
+    ip.network.to_s
+  end  
+
+  def anonymize_openssl(data)
+    warn "openssl"
     digest = algorithm()
     OpenSSL::HMAC.hexdigest(digest, @key, data)
   end
 
-  private
+  def anonymize_murmur3(value)
+    warn "murmur3"
+    case value
+    when Fixnum
+      MurmurHash3::V32.int_hash(value)
+    when String
+      MurmurHash3::V32.str_hash(value)
+    end
+  end
+
   def algorithm
  
    case @algorithm
@@ -59,5 +86,5 @@ class LogStash::Filters::Anonymize < LogStash::Filters::Base
         @logger.error("Unknown algorithm")
     end
   end
-
+      
 end # class LogStash::Filters::Anonymize

logstash.gemspec

@@ -58,6 +58,8 @@ Gem::Specification.new do |gem|
   gem.add_runtime_dependency "geoip", [">= 1.1.0"]
   gem.add_runtime_dependency "beefcake", "0.3.7"
   gem.add_runtime_dependency "php-serialize" # For input drupal_dblog
+  gem.add_runtime_dependency "ipaddress"
+  gem.add_runtime_dependency "murmurhash3"
 
   if RUBY_PLATFORM == 'java'
     gem.platform = RUBY_PLATFORM

spec/filters/anonymize.rb

@@ -21,6 +21,40 @@ describe LogStash::Filters::Anonymize do
       insist { subject["clientip"] } == "0d01b2191194d261fa1a2e7c18a38d44953ab4e2"
     end
   end
+
+  describe "anonymize ipaddress with IPV4_NETWORK algorithm" do
+    # The logstash config goes here.
+    # At this time, only filters are supported.
+    config <<-CONFIG
+      filter {
+        anonymize {
+          fields => ["clientip"]
+          algorithm => "IPV4_NETWORK"
+          key => 24
+        }
+      }
+    CONFIG
+
+    sample "@fields" => {"clientip" => "233.255.13.44"} do
+      insist { subject["clientip"] } == "233.255.13.0"
+    end
+  end
+
+  describe "anonymize string with MURMUR3 algorithm" do
+    config <<-CONFIG
+      filter { 
+        anonymize { 
+          fields => ["clientip"]
+          algorithm => "MURMUR3"
+          key => ""
+        }
+      }
+    CONFIG
+
+    sample "@fields" => {"clientip" => "123.52.122.33"} do
+      insist { subject["clientip"] } == 1541804874
+    end
+  end
  
    describe "anonymize string with SHA1 alogrithm" do
     # The logstash config goes here.