audit_log_parser 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/lib/audit_log_parser.rb +10 -7
- data/lib/audit_log_parser/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b79811edb6e035a7c7f18b10d18af4aa4890e8145c2e1d9cf5eec201be1f726d
|
4
|
+
data.tar.gz: b7b419a26369302d25090b5765b4eb3963da454ec66586ee9f551672059b6e4d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dac50613c28ada1e66597000cd13aef9b99491be04de9d620027b50b96bb6866ea1a63b729a3c30a5d1631845f02ecaf2150e6788798a0e2ac94d36f72cfe5b8
|
7
|
+
data.tar.gz: 0200a435ddc53e2a718c9e72b9e0dd6777863ec58368a3a96a4b772e939e795762940a70e92eeea9f650cb695aeebac11e78b6f54a21dc652a7dbae4ce5af43a
|
data/README.md
CHANGED
@@ -4,6 +4,7 @@ It is a library for parsing [linux's audit log](https://github.com/linux-audit/a
|
|
4
4
|
|
5
5
|
[![Gem Version](https://badge.fury.io/rb/audit_log_parser.svg)](http://badge.fury.io/rb/audit_log_parser)
|
6
6
|
[![Build Status](https://travis-ci.org/winebarrel/audit_log_parser.svg?branch=master)](https://travis-ci.org/winebarrel/audit_log_parser)
|
7
|
+
[![](https://img.shields.io/badge/rubydoc-reference-blue.svg)](https://www.rubydoc.info/gems/audit_log_parser)
|
7
8
|
|
8
9
|
## Installation
|
9
10
|
|
data/lib/audit_log_parser.rb
CHANGED
@@ -13,14 +13,15 @@ class AuditLogParser
|
|
13
13
|
def self.parse_line(line, flatten: false)
|
14
14
|
line = line.strip
|
15
15
|
|
16
|
-
if line !~ /type=\w+ msg=audit\([\d.:]+\):
|
17
|
-
raise Error, "Invalid audit log header: #{line}"
|
16
|
+
if line !~ /type=\w+ msg=audit\([\d.:]+\): */
|
17
|
+
raise Error, "Invalid audit log header: #{line.inspect}"
|
18
18
|
end
|
19
19
|
|
20
|
-
header, body = line.split(
|
21
|
-
header
|
20
|
+
header, body = line.split(/\): */, 2)
|
21
|
+
header << ')'
|
22
|
+
header.sub!(/: *\z/, '')
|
22
23
|
header = parse_header(header)
|
23
|
-
body = parse_body(body)
|
24
|
+
body = parse_body(body.strip)
|
24
25
|
result = {'header' => header, 'body' => body}
|
25
26
|
flatten ? flatten_hash(result) : result
|
26
27
|
end
|
@@ -38,8 +39,10 @@ class AuditLogParser
|
|
38
39
|
private_class_method :parse_header
|
39
40
|
|
40
41
|
def self.parse_body(body)
|
41
|
-
|
42
|
-
|
42
|
+
if body.empty?
|
43
|
+
return {}
|
44
|
+
elsif !body.include?('=')
|
45
|
+
raise Error, "Invalid audit log body: #{body.inspect}"
|
43
46
|
end
|
44
47
|
|
45
48
|
result = {}
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: audit_log_parser
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- winebarrel
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-11-
|
11
|
+
date: 2018-11-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|