bro_ids-http-log 0.0.1

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/README.md

@@ -0,0 +1,58 @@
+# bro_ids-dns-log
+
+This gem will parse the DNS log files created by BRO IDS (http://www.bro-ids.org/) and prepare the fields to be called by name in your scripts.
+
+
+## Installation
+To install the bro_ids-http-log parsing gem simply run the following command:
+
+`gem install bro_ids-http-log`
+
+## Usage
+
+`require 'bro_ids/http/log'`
+`BroIds::Http:Log.parse('YOUR HTTP LOG LOCATION HERE')`
+
+## Example 1:
+
+	require 'bro_ids/http/log'
+
+	dns_log = File.open("http.log")
+	BroIds::Http::Log.parse(http_log) do |parsed|
+	  puts 
+	end
+
+
+## Example 2:
+
+	load 'lib/parse_http.rb'
+
+	http_log = File.open("http.log")
+	BroIds::Http::Log.parse(http_log) do |parsed|
+	   puts parsed[:timestamp]
+	   puts parsed[:uid]
+	   puts parsed[:id_orig_h]
+	   puts parsed[:id_orig_p]
+	   puts parsed[:id_resp_h]
+	   puts parsed[:id_resp_p]
+	   puts parsed[:trans_depth]
+	   puts parsed[:method]
+	   puts parsed[:host]
+	   puts parsed[:uri]
+	   puts parsed[:referrer]
+	   puts parsed[:request_body_len]
+	   puts parsed[:response_body_len]
+	   puts parsed[:status_code]
+	   puts parsed[:status_msg]
+	   puts parsed[:info_code]
+	   puts parsed[:info_msg]
+	   puts parsed[:filename]
+	   puts parsed[:tags]
+	   puts parsed[:username]
+	   puts parsed[:password]
+	   puts parsed[:proxied]
+	   puts parsed[:mime_type]
+	   puts parsed[:md5]
+	   puts parsed[:extraction_file]
+	end
+

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bro_ids-http-log.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require 'bro_ids/http/log/version'
+
+Gem::Specification.new do |s|
+  s.name        = "bro_ids-http-log"
+  s.version     = BroIds::Http::Log::VERSION
+  s.authors     = ["Elliott Cutright"]
+  s.email       = ["elliott.cutright@gmail.com"]
+  s.homepage    = ""
+  s.summary     = %q{Ruby Gem for Parsing Bro IDS HTTP Logs}
+  s.description = %q{Ruby Gem for Parsing Bro IDS HTTP Logs}
+
+  s.rubyforge_project = "bro_ids-http-log"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  # specify any dependencies here; for example:
+  # s.add_development_dependency "rspec"
+  # s.add_runtime_dependency "rest-client"
+end

data/lib/bro_ids/http/log.rb

@@ -0,0 +1,2 @@
+require 'bro_ids/http/log/log'
+require 'bro_ids/http/log/version'

data/lib/bro_ids/http/log/log.rb

@@ -0,0 +1,55 @@
+require "bro_ids/http/log/version"
+
+module BroIds
+  module Http
+    module Log
+      def self.parse(filename, &block)
+        parse_file(filename, &block)
+      end
+
+      private
+        def self.parse_line(line)
+          m =  line.split(' ')
+          if m
+          {:timestamp           => m[0],
+           :uid                 => m[1],
+           :id_orig_h           => m[2],
+           :id_orig_p           => m[3],
+           :id_resp_h           => m[4],
+           :id_resp_p           => m[5],
+           :trans_depth         => m[6],
+           :method              => m[7],
+           :host                => m[8],
+           :uri                 => m[9],
+           :referrer            => m[10],
+           :request_body_len    => m[11],
+           :response_body_len   => m[12],
+           :status_code         => m[13],
+           :status_msg          => m[14],
+           :info_code           => m[15],
+           :info_msg            => m[16],
+           :filename            => m[17],
+           :tags                => m[18],
+           :username            => m[19],
+           :password            => m[20],
+           :proxied             => m[21],
+           :mime_type           => m[22],
+           :md5                 => m[23],
+           :extraction_file     => m[24]}
+          else
+          {}
+        end
+      end
+
+      def self.parse_file(filename, &block)
+        File.foreach(filename) do |line|
+          unless line =~ /^\#/
+            parsed = parse_line(line)
+            yield parsed
+          end
+        end
+      end
+    end
+  end
+end
+

data/lib/bro_ids/http/log/version.rb

@@ -0,0 +1,7 @@
+module BroIds
+  module Http
+    module Log
+      VERSION = "0.0.1"
+    end
+  end
+end

metadata

@@ -0,0 +1,52 @@
+--- !ruby/object:Gem::Specification
+name: bro_ids-http-log
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Elliott Cutright
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-02-02 00:00:00.000000000Z
+dependencies: []
+description: Ruby Gem for Parsing Bro IDS HTTP Logs
+email:
+- elliott.cutright@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- README.md
+- Rakefile
+- bro_ids-http-log.gemspec
+- lib/bro_ids/http/log.rb
+- lib/bro_ids/http/log/log.rb
+- lib/bro_ids/http/log/version.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: bro_ids-http-log
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: Ruby Gem for Parsing Bro IDS HTTP Logs
+test_files: []