Add support for GeoIP2 anonymous database

src/main/java/org/logstash/filters/Fields.java

@@ -26,6 +26,11 @@
 enum Fields {
   AUTONOMOUS_SYSTEM_NUMBER("asn"),
   AUTONOMOUS_SYSTEM_ORGANIZATION("as_org"),
+  ANONYMOUS_IS_ANONYMOUS("is_anonymous"),
+  ANONYMOUS_IS_VPN("is_anonymous_vpn"),
+  ANONYMOUS_IS_HOSTING_PROVIDER("is_hosting_provider"),
+  ANONYMOUS_IS_PUBLIC_PROXY("is_public_proxy"),
+  ANONYMOUS_IS_TOR_EXIT_NODE("is_tor_exit_node"),
   CITY_NAME("city_name"),
   COUNTRY_NAME("country_name"),
   CONTINENT_CODE("continent_code"),
@@ -70,6 +75,10 @@ public String fieldName() {
   static final EnumSet<Fields> DEFAULT_ASN_LITE_FIELDS = EnumSet.of(Fields.IP, Fields.AUTONOMOUS_SYSTEM_NUMBER,
       Fields.AUTONOMOUS_SYSTEM_ORGANIZATION);
 
+  static final EnumSet<Fields> DEFAULT_ANONYMOUS_FIELDS = EnumSet.of(Fields.IP, Fields.ANONYMOUS_IS_ANONYMOUS,
+      Fields.ANONYMOUS_IS_VPN, Fields.ANONYMOUS_IS_HOSTING_PROVIDER, Fields.ANONYMOUS_IS_PUBLIC_PROXY,
+      Fields.ANONYMOUS_IS_TOR_EXIT_NODE);
+
   public static Fields parseField(String value) {
     try {
       return valueOf(value.toUpperCase(Locale.ROOT));

src/main/java/org/logstash/filters/GeoIPFilter.java

@@ -26,6 +26,7 @@
 import com.maxmind.geoip2.model.CityResponse;
 import com.maxmind.geoip2.model.CountryResponse;
 import com.maxmind.geoip2.model.IspResponse;
+import com.maxmind.geoip2.model.AnonymousIpResponse;
 import com.maxmind.geoip2.record.*;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -56,6 +57,7 @@ public class GeoIPFilter {
   private static final String CITY_SOUTH_AMERICA_DB_TYPE = "GeoIP2-City-South-America";
   private static final String COUNTRY_DB_TYPE = "GeoIP2-Country";
   private static final String ISP_DB_TYPE = "GeoIP2-ISP";
+  private static final String ANONYMOUS_DB_TYPE = "GeoIP2-Anonymous-IP";
 
   private final String sourceField;
   private final String targetField;
@@ -99,6 +101,9 @@ private Set<Fields> createDesiredFields(List<String> fields) {
         case ASN_LITE_DB_TYPE:
           desiredFields = Fields.DEFAULT_ASN_LITE_FIELDS;
           break;
+        case ANONYMOUS_DB_TYPE:
+          desiredFields = Fields.DEFAULT_ANONYMOUS_FIELDS;
+          break;
       }
     } else {
       for (String fieldName : fields) {
@@ -153,6 +158,8 @@ public boolean handleEvent(RubyEvent rubyEvent) {
         case ISP_DB_TYPE:
           geoData = retrieveIspGeoData(ipAddress);
           break;
+        case ANONYMOUS_DB_TYPE:
+          geoData = retrieveAnonymousData(ipAddress);
         default:
           throw new IllegalStateException("Unsupported database type " + databaseReader.getMetadata().getDatabaseType() + "");
       }
@@ -401,4 +408,48 @@ private Map<String, Object> retrieveAsnGeoData(InetAddress ipAddress) throws Geo
 
     return geoData;
   }
+
+  private Map<String, Object> retrieveAnonymousData(InetAddress ipAddress) throws GeoIp2Exception, IOException {
+    AnonymousIpResponse response = databaseReader.anonymousIp(ipAddress);
+    Map<String, Object> geoData = new HashMap<>();
+    for (Fields desiredField : this.desiredFields) {
+      switch (desiredField) {
+        case IP:
+          geoData.put(Fields.IP.fieldName(), ipAddress.getHostAddress());
+          break;
+        case ANONYMOUS_IS_ANONYMOUS:
+          Boolean is_anonoymous = response.isAnonymous();
+          if (is_anonoymous != null) {
+            geoData.put(Fields.ANONYMOUS_IS_ANONYMOUS.fieldName(), is_anonoymous);
+          }
+          break;
+        case ANONYMOUS_IS_VPN:
+          Boolean is_vpn = response.isAnonymousVpn();
+          if (is_vpn != null) {
+            geoData.put(Fields.ANONYMOUS_IS_VPN.fieldName(), is_vpn);
+          }
+          break;
+        case ANONYMOUS_IS_HOSTING_PROVIDER:
+          Boolean is_hosting_provider = response.isHostingProvider();
+          if (is_hosting_provider != null) {
+            geoData.put(Fields.ANONYMOUS_IS_HOSTING_PROVIDER.fieldName(), is_hosting_provider);
+          }
+          break;
+        case ANONYMOUS_IS_PUBLIC_PROXY:
+          Boolean is_public_proxy = response.isPublicProxy();
+          if (is_public_proxy != null) {
+            geoData.put(Fields.ANONYMOUS_IS_PUBLIC_PROXY.fieldName(), is_public_proxy);
+          }
+          break;
+        case ANONYMOUS_IS_TOR_EXIT_NODE:
+          Boolean is_tor_exit_node = response.isTorExitNode();
+          if (is_tor_exit_node != null) {
+            geoData.put(Fields.ANONYMOUS_IS_TOR_EXIT_NODE.fieldName(), is_tor_exit_node);
+          }
+          break;
+      }
+    }
+
+    return geoData;
+  }
 }

vendor.json

@@ -1,7 +1,7 @@
 [
     {
         "url": "http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz",
-        "sha1": "faccb3c92fd5bee0261e6e7640a79c7e37624d16"
+        "sha1": "6e9bcfac392052725463550b3bbaafc91920caba"
     },
     {
         "url": "https://s3.amazonaws.com/download.elasticsearch.org/logstash/maxmind/GeoLite2-ASN.mmdb",