diff --git a/filter-plugin/logstash-filter-milvus-guardium/README.md b/filter-plugin/logstash-filter-milvus-guardium/README.md index bcb7eef30..e20c01b15 100644 --- a/filter-plugin/logstash-filter-milvus-guardium/README.md +++ b/filter-plugin/logstash-filter-milvus-guardium/README.md @@ -45,8 +45,7 @@ Guardium uses the Filebeat input plugin to ingest access logs from Milvus. For m 3. In the `filebeat.yml` file, navigate to the `filebeat.inputs` section and add the following parameters. Make sure to add the ``milvus`` tag to identify the Milvus events from other data. ``` filebeat.inputs: - - type: filestream - - id: + - type: log enabled: true paths: - diff --git a/filter-plugin/logstash-filter-milvus-guardium/src/main/java/com/ibm/guardium/milvus/Constants.java b/filter-plugin/logstash-filter-milvus-guardium/src/main/java/com/ibm/guardium/milvus/Constants.java index fc4dcb8e9..1f91d239d 100644 --- a/filter-plugin/logstash-filter-milvus-guardium/src/main/java/com/ibm/guardium/milvus/Constants.java +++ b/filter-plugin/logstash-filter-milvus-guardium/src/main/java/com/ibm/guardium/milvus/Constants.java @@ -7,11 +7,9 @@ public class Constants { static final String INVALID_MSG = "EVENT_IS_INVALID"; static final String EMPTY = ""; static final String SQL_ERROR = "SQL_ERROR"; - static final String LOGIN_FAILED = "LOGIN_FAILED"; static final String ERROR_MSG = "exception_desc"; static final String EVENT_ID = "event_id"; static final String USER_ADDR = "client"; static final String DB_PROTOCOL = "MILVUS GRPC"; - static final String METHOD_STATUS = "method_status"; } diff --git a/filter-plugin/logstash-filter-milvus-guardium/src/main/java/com/ibm/guardium/milvus/Parser.java b/filter-plugin/logstash-filter-milvus-guardium/src/main/java/com/ibm/guardium/milvus/Parser.java index f358bf775..9d0bdaed8 100644 --- a/filter-plugin/logstash-filter-milvus-guardium/src/main/java/com/ibm/guardium/milvus/Parser.java +++ b/filter-plugin/logstash-filter-milvus-guardium/src/main/java/com/ibm/guardium/milvus/Parser.java @@ -85,16 +85,7 @@ protected String getExceptionTypeId(String payload) { String value = getValue(payload, EXCEPTION_TYPE_ID); if (value == null || value.equals("0")) return DEFAULT_STRING; - - // Check if this is a login failure - String eventId = getValue(payload, EVENT_ID); - String methodStatus = getValue(payload, METHOD_STATUS); - - // Identify login failures by checking multiple indicators - boolean isLoginFailure = (eventId != null && eventId.contains("Connect-GrpcUnauthenticated")) - || (methodStatus != null && methodStatus.equals("GrpcUnauthenticated")); - - return isLoginFailure ? LOGIN_FAILED : SQL_ERROR; + return SQL_ERROR; } @Override diff --git a/filter-plugin/logstash-filter-milvus-guardium/src/test/java/com/ibm/guardium/milvus/ParserTest.java b/filter-plugin/logstash-filter-milvus-guardium/src/test/java/com/ibm/guardium/milvus/ParserTest.java index 2dfe6d4e5..fe4a59f06 100644 --- a/filter-plugin/logstash-filter-milvus-guardium/src/test/java/com/ibm/guardium/milvus/ParserTest.java +++ b/filter-plugin/logstash-filter-milvus-guardium/src/test/java/com/ibm/guardium/milvus/ParserTest.java @@ -54,7 +54,7 @@ void test2() { assertEquals("Unknown", record.getAccessor().getDbUser()); assertEquals("Milvus", record.getAccessor().getServerType()); assertEquals("Time{timstamp=1738876805353, minOffsetFromGMT=0, minDst=0}", record.getTime().toString()); - assertEquals("LOGIN_FAILED", record.getException().getExceptionTypeId()); + assertEquals("SQL_ERROR", record.getException().getExceptionTypeId()); try { String expected = new String(Files.readAllBytes(Paths.get("src/test/resources/milvusGRPCMessage_test2.txt"))); assertEquals(expected, record.getData().getOriginalSqlCommand()); @@ -102,17 +102,7 @@ void testMoreLogs() { assertEquals("Milvus", record.getAccessor().getServerType()); assertNotEquals("", record.getTime().toString()); if (!payload.contains("errorCode=0")) { - // Check that exception type is either SQL_ERROR or LOGIN_FAILED - String exceptionTypeId = record.getException().getExceptionTypeId(); - assertTrue(exceptionTypeId.equals("SQL_ERROR") || exceptionTypeId.equals("LOGIN_FAILED"), - "Exception type should be either SQL_ERROR or LOGIN_FAILED, but was: " + exceptionTypeId); - - // For login failures, verify it's correctly classified - if (payload.contains("Connect-GrpcUnauthenticated") && - payload.contains("auth check failure")) { - assertEquals("LOGIN_FAILED", exceptionTypeId); - } - + assertEquals("SQL_ERROR", record.getException().getExceptionTypeId()); assertNotEquals("", record.getException().getSqlString()); assertNotEquals("", record.getException().getDescription()); } else { @@ -125,27 +115,6 @@ void testMoreLogs() { } } - @Test - void testLoginFailure() { - // Test case with api key error - String payload1 = "LEEF:1.0|Zilliz|Milvus|1.0|Connect-GrpcUnauthenticated|devTime=2025/09/16 17:04:39.489 +00:00\tdevTimeFormat=yyyy/MM/dd HH:mm:ss.SSS xxx\tuserName=Unknown\tuserAddress=tcp-127.0.0.1:47050\tdatabaseName=Unknown\tcollectionName=Unknown\tpartitionName=Unknown\tqueryExpression=Unknown\terrorCode=65535\terrorMessage=rpc error: code = Unauthenticated desc = auth check failure, please check api key is correct\ttraceId=72267fad5d0a8f303744ae9949f8763f\tresponseSize=Unknown\ttimeCost=28.475187ms\ttimeStart=2025/09/16 17:04:39.460 +00:00\ttimeEnd=2025/09/16 17:04:39.489 +00:00\tsdkVersion=Python-2.4.3\tmethodName=Connect\tmethodStatus=GrpcUnauthenticated"; - Record record1 = parser.parseRecord(payload1); - assertNotNull(record1); - assertEquals("LOGIN_FAILED", record1.getException().getExceptionTypeId()); - - // Test case with username/password error - String payload2 = "LEEF:1.0|Zilliz|Milvus|1.0|Connect-GrpcUnauthenticated|devTime=2025/09/16 17:08:12.241 +00:00\tdevTimeFormat=yyyy/MM/dd HH:mm:ss.SSS xxx\tuserName=k8s\tuserAddress=tcp-127.0.0.1:44614\tdatabaseName=Unknown\tcollectionName=Unknown\tpartitionName=Unknown\tqueryExpression=Unknown\terrorCode=65535\terrorMessage=rpc error: code = Unauthenticated desc = auth check failure, please check username and password are correct\ttraceId=ec1684550ed89dbf55ae62364bf39304\tresponseSize=Unknown\ttimeCost=308.881µs\ttimeStart=2025/09/16 17:08:12.241 +00:00\ttimeEnd=2025/09/16 17:08:12.241 +00:00\tsdkVersion=Python-2.4.3\tmethodName=Connect\tmethodStatus=GrpcUnauthenticated"; - Record record2 = parser.parseRecord(payload2); - assertNotNull(record2); - assertEquals("LOGIN_FAILED", record2.getException().getExceptionTypeId()); - - // Test case with successful login (should not be classified as an error) - String payload3 = "LEEF:1.0|Zilliz|Milvus|1.0|Connect-Successful|devTime=2025/09/16 17:07:02.880 +00:00\tdevTimeFormat=yyyy/MM/dd HH:mm:ss.SSS xxx\tuserName=k8s\tuserAddress=tcp-127.0.0.1:44614\tdatabaseName=Unknown\tcollectionName=Unknown\tpartitionName=Unknown\tqueryExpression=Unknown\terrorCode=0\terrorMessage=\ttraceId=88fdf6f03b4427a1db1aa703c463cf65\tresponseSize=107\ttimeCost=5.415566ms\ttimeStart=2025/09/16 17:07:02.873 +00:00\ttimeEnd=2025/09/16 17:07:02.879 +00:00\tsdkVersion=Python-2.4.3\tmethodName=Connect\tmethodStatus=Successful"; - Record record3 = parser.parseRecord(payload3); - assertNotNull(record3); - assertNull(record3.getException()); - } - private void assertJsonEquals(String expectedJson, String actualJson) throws Exception { ObjectMapper objectMapper = new ObjectMapper(); Map expectedMap = objectMapper.readValue(expectedJson, Map.class); @@ -153,6 +122,5 @@ private void assertJsonEquals(String expectedJson, String actualJson) throws Exc assertEquals(expectedMap, actualMap, "JSON content does not match!"); } -} -// Made with Bob +}