feat(correlation): add include_dest_ports filter + README/arch update (v1.1.12)

- feat: new config directive include_dest_ports ([]int) in correlation section - feat: if non-empty, only events with a matching dst_port are correlated - feat: filtered events are silently ignored (not correlated, not emitted as orphan) - feat: new metric failed_dest_port_filtered tracked in ProcessEvent - feat: DEBUG log 'event excluded by dest port filter: source=A dst_port=22' - test: TestCorrelationService_IncludeDestPorts_AllowedPort - test: TestCorrelationService_IncludeDestPorts_FilteredPort - test: TestCorrelationService_IncludeDestPorts_EmptyAllowsAll - docs(readme): full rewrite to match current code (v1.1.12) - docs(readme): add include_dest_ports section, fix version refs, clean outdated sections - docs(arch): add dest_port_filtering section, failed_dest_port_filtered metric, debug log example - fix(config.example): remove obsolete stdout.level field - chore: bump version to 1.1.12 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-05 13:51:20 +01:00
parent ba9e0ab477
commit a8e024105d
9 changed files with 454 additions and 544 deletions
--- a/packaging/rpm/logcorrelator.spec
+++ b/packaging/rpm/logcorrelator.spec
@ -141,6 +141,16 @@ exit 0
 %config(noreplace) /etc/logrotate.d/logcorrelator

 %changelog
+* Thu Mar 05 2026 logcorrelator <dev@example.com> - 1.1.12-1
+- Feat: New config directive include_dest_ports - restrict correlation to specific destination ports
+- Feat: If include_dest_ports is non-empty, events on unlisted ports are silently ignored (not correlated, not emitted as orphan)
+- Feat: New metric failed_dest_port_filtered for monitoring filtered traffic
+- Feat: Debug log for filtered events: "event excluded by dest port filter: source=A dst_port=22"
+- Test: New unit tests for include_dest_ports (allowed port, filtered port, empty=all)
+- Docs: README.md updated with include_dest_ports section and current version references
+- Docs: architecture.yml updated with include_dest_ports
+- Fix: config.example.yml - removed obsolete stdout.level field
+
 * Thu Mar 05 2026 logcorrelator <dev@example.com> - 1.1.11-1
 - Fix: StdoutSink no longer writes correlated/orphan JSON to stdout
 - Fix: stdout sink is now a no-op for data; operational logs go to stderr via logger