cef 0.8.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +18 -0
- data/.rspec +1 -1
- data/Gemfile +2 -13
- data/Guardfile +15 -0
- data/Rakefile +1 -54
- data/VERSION +1 -1
- data/cef.gemspec +30 -67
- data/lib/cef.rb +9 -8
- data/lib/cef/constants.rb +6 -5
- data/lib/cef/event.rb +84 -63
- data/lib/cef/version.rb +3 -0
- data/spec/lib/cef/event_spec.rb +32 -0
- data/spec/lib/cef_spec.rb +14 -0
- data/spec/spec_helper.rb +4 -44
- metadata +135 -115
- data/spec/cef_spec.rb +0 -36
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: a5c18c726620c28b573ae7eb85cc84052f4039a7
|
4
|
+
data.tar.gz: 23f318734a39e5f1e4638efaba8b6baa36d755cf
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 0ff31a6a533775eba16570a6637154e3a584152bcb46ff67004f1b0d408faa26648351b8597b0dd47972f66c7b62e8787c745094f5fc037357db05d24305f7ec
|
7
|
+
data.tar.gz: b06eaa392dc7ed43dd9b2849ac7bd1de151665c225ba69e568f50e291709ffd41532eaa4203699918b43c73b165dcfd467efbf6bf6d2004fb016ed9a3e4bc509
|
data/.gitignore
ADDED
data/.rspec
CHANGED
@@ -1 +1 @@
|
|
1
|
-
--color
|
1
|
+
--color --format documentation --backtrace --warnings -I lib -r ./lib/cef.rb
|
data/Gemfile
CHANGED
@@ -1,13 +1,2 @@
|
|
1
|
-
source "
|
2
|
-
|
3
|
-
# Example:
|
4
|
-
# gem "activesupport", ">= 2.3.5"
|
5
|
-
|
6
|
-
# Add dependencies to develop your gem here.
|
7
|
-
# Include everything needed to run rake, tests, features, etc.
|
8
|
-
group :development do
|
9
|
-
gem "rspec", "~> 2.3.0"
|
10
|
-
gem "bundler", "~> 1.0.0"
|
11
|
-
gem "jeweler", "~> 1.5.2"
|
12
|
-
gem "rcov", ">= 0"
|
13
|
-
end
|
1
|
+
source "https://rubygems.org"
|
2
|
+
gemspec
|
data/Guardfile
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
# A sample Guardfile
|
2
|
+
# More info at https://github.com/guard/guard#readme
|
3
|
+
|
4
|
+
guard :bundler do
|
5
|
+
watch('Gemfile')
|
6
|
+
# Uncomment next line if your Gemfile contains the `gemspec' command.
|
7
|
+
watch(/^.+\.gemspec/)
|
8
|
+
end
|
9
|
+
|
10
|
+
guard :rspec do
|
11
|
+
watch(%r{^spec/.+_spec\.rb$})
|
12
|
+
watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
|
13
|
+
watch('spec/spec_helper.rb') { "spec" }
|
14
|
+
end
|
15
|
+
|
data/Rakefile
CHANGED
@@ -1,54 +1 @@
|
|
1
|
-
require '
|
2
|
-
require 'bundler'
|
3
|
-
begin
|
4
|
-
Bundler.setup(:default, :development)
|
5
|
-
rescue Bundler::BundlerError => e
|
6
|
-
$stderr.puts e.message
|
7
|
-
$stderr.puts "Run `bundle install` to install missing gems"
|
8
|
-
exit e.status_code
|
9
|
-
end
|
10
|
-
require 'rake'
|
11
|
-
|
12
|
-
require 'jeweler'
|
13
|
-
Jeweler::Tasks.new do |gem|
|
14
|
-
# gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
|
15
|
-
gem.name = "cef"
|
16
|
-
gem.homepage = "http://github.com/ryanbreed/cef"
|
17
|
-
gem.license = "MIT"
|
18
|
-
gem.summary = %Q{ CEF Generation Library and Client }
|
19
|
-
gem.description = %Q{ format/send CEF logs via API+syslog or client program }
|
20
|
-
gem.email = "opensource@breed.org"
|
21
|
-
gem.authors = ["Ryan Breed"]
|
22
|
-
gem.add_development_dependency 'rspec', '~> 2.3.0'
|
23
|
-
gem.files.include('VERSION')
|
24
|
-
end
|
25
|
-
Jeweler::RubygemsDotOrgTasks.new
|
26
|
-
|
27
|
-
require 'rspec/core'
|
28
|
-
require 'rspec/core/rake_task'
|
29
|
-
RSpec::Core::RakeTask.new(:spec) do |spec|
|
30
|
-
spec.pattern = FileList['spec/**/*_spec.rb']
|
31
|
-
end
|
32
|
-
|
33
|
-
RSpec::Core::RakeTask.new(:rcov) do |spec|
|
34
|
-
spec.pattern = 'spec/**/*_spec.rb'
|
35
|
-
spec.rcov = true
|
36
|
-
end
|
37
|
-
|
38
|
-
task :default => :spec
|
39
|
-
|
40
|
-
require 'rake/rdoctask'
|
41
|
-
Rake::RDocTask.new do |rdoc|
|
42
|
-
version = File.exist?('VERSION') ? File.read('VERSION') : ""
|
43
|
-
|
44
|
-
rdoc.rdoc_dir = 'rdoc'
|
45
|
-
rdoc.title = "cef #{version}"
|
46
|
-
rdoc.rdoc_files.include('README*')
|
47
|
-
rdoc.rdoc_files.include('lib/**/*.rb')
|
48
|
-
end
|
49
|
-
|
50
|
-
task 'clean' do |t|
|
51
|
-
FileUtils.rm_f(Dir.glob(('{coverage,pkg}/*')))
|
52
|
-
FileUtils.rm_f(Dir.glob(('Gemfile.lock')))
|
53
|
-
%w{ coverage pkg }.each {|d| Dir.rmdir(d) if File.exists?(d)}
|
54
|
-
end
|
1
|
+
require 'bundler/gem_tasks'
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.8.
|
1
|
+
0.8.1
|
data/cef.gemspec
CHANGED
@@ -1,74 +1,37 @@
|
|
1
|
-
# Generated by jeweler
|
2
|
-
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
-
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
1
|
# -*- encoding: utf-8 -*-
|
5
2
|
|
6
|
-
|
7
|
-
|
8
|
-
|
3
|
+
lib = File.expand_path('../lib', __FILE__)
|
4
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
5
|
+
require 'cef/version'
|
9
6
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
s.default_executable = %q{cef_sender}
|
14
|
-
s.description = %q{ format/send CEF logs via API+syslog or client program }
|
15
|
-
s.email = %q{opensource@breed.org}
|
16
|
-
s.executables = ["cef_sender"]
|
17
|
-
s.extra_rdoc_files = [
|
18
|
-
"LICENSE.txt",
|
19
|
-
"README.rdoc"
|
20
|
-
]
|
21
|
-
s.files = [
|
22
|
-
".document",
|
23
|
-
".rspec",
|
24
|
-
"Gemfile",
|
25
|
-
"LICENSE.txt",
|
26
|
-
"README.rdoc",
|
27
|
-
"Rakefile",
|
28
|
-
"VERSION",
|
29
|
-
"bin/cef_sender",
|
30
|
-
"cef.gemspec",
|
31
|
-
"lib/cef.rb",
|
32
|
-
"lib/cef/constants.rb",
|
33
|
-
"lib/cef/event.rb",
|
34
|
-
"lib/cef/file_logger.rb",
|
35
|
-
"lib/cef/parser.rb",
|
36
|
-
"lib/cef/sender.rb",
|
37
|
-
"spec/cef_spec.rb",
|
38
|
-
"spec/spec_helper.rb"
|
39
|
-
]
|
40
|
-
s.homepage = %q{http://github.com/ryanbreed/cef}
|
41
|
-
s.licenses = ["MIT"]
|
42
|
-
s.require_paths = ["lib"]
|
43
|
-
s.rubygems_version = %q{1.5.2}
|
44
|
-
s.summary = %q{CEF Generation Library and Client}
|
45
|
-
s.test_files = [
|
46
|
-
"spec/cef_spec.rb",
|
47
|
-
"spec/spec_helper.rb"
|
48
|
-
]
|
7
|
+
Gem::Specification.new do |spec|
|
8
|
+
spec.name = "cef"
|
9
|
+
spec.version = CEF::VERSION
|
49
10
|
|
50
|
-
|
51
|
-
|
11
|
+
spec.authors = ["Ryan Breed"]
|
12
|
+
spec.date = "2011-03-30"
|
13
|
+
spec.description = %q{ format/send CEF logs via API+syslog or client program }
|
14
|
+
spec.summary = %q{ CEF Generation Library and Client }
|
15
|
+
spec.email = %q{ opensource@breed.org }
|
52
16
|
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
end
|
17
|
+
spec.extra_rdoc_files = [ "LICENSE.txt", "README.rdoc" ]
|
18
|
+
spec.homepage = "http://github.com/ryanbreed/cef"
|
19
|
+
spec.licenses = ["MIT"]
|
20
|
+
|
21
|
+
spec.files = `git ls-files`.split($/)
|
22
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
23
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
24
|
+
spec.require_paths = ["lib"]
|
25
|
+
|
26
|
+
spec.require_paths = ["lib"]
|
27
|
+
|
28
|
+
spec.add_dependency "chronic"
|
29
|
+
spec.add_development_dependency "rspec"
|
30
|
+
spec.add_development_dependency "bundler"
|
31
|
+
spec.add_development_dependency "simplecov"
|
32
|
+
spec.add_development_dependency "pry"
|
33
|
+
spec.add_development_dependency "guard"
|
34
|
+
spec.add_development_dependency "guard-rspec"
|
35
|
+
spec.add_development_dependency "guard-bundler"
|
73
36
|
end
|
74
37
|
|
data/lib/cef.rb
CHANGED
@@ -1,10 +1,11 @@
|
|
1
|
+
require 'chronic'
|
2
|
+
require 'socket'
|
3
|
+
require 'cef/version'
|
4
|
+
require 'cef/constants'
|
5
|
+
require 'cef/constants'
|
6
|
+
require 'cef/event'
|
7
|
+
require 'cef/sender'
|
8
|
+
require 'cef/file_logger'
|
9
|
+
|
1
10
|
module CEF
|
2
|
-
require 'socket'
|
3
|
-
require 'parsedate'
|
4
|
-
require 'cef/constants'
|
5
|
-
require 'cef/event'
|
6
|
-
require 'cef/sender'
|
7
|
-
require 'cef/file_logger'
|
8
11
|
end
|
9
|
-
|
10
|
-
|
data/lib/cef/constants.rb
CHANGED
@@ -1,17 +1,18 @@
|
|
1
1
|
module CEF
|
2
|
-
|
3
|
-
|
2
|
+
SEVERITY_LOW="1"
|
3
|
+
|
4
|
+
LOG_FORMAT="<%d>%s %s CEF:0|%s|%s"
|
4
5
|
LOG_TIME_FORMAT="%b %d %Y %H:%M:%S"
|
5
6
|
|
6
7
|
# CEF Dictionary
|
7
8
|
# CEF Prefix attributes
|
8
9
|
PREFIX_ATTRIBUTES = {
|
9
10
|
:deviceVendor => "deviceVendor",
|
10
|
-
:deviceVersion => "deviceVersion",
|
11
11
|
:deviceProduct => "deviceProduct",
|
12
|
+
:deviceVersion => "deviceVersion",
|
13
|
+
:deviceEventClassId => "deviceEventClassId",
|
12
14
|
:name => "name",
|
13
|
-
:deviceSeverity => "deviceSeverity"
|
14
|
-
:deviceEventClassId => "deviceEventClassId"
|
15
|
+
:deviceSeverity => "deviceSeverity"
|
15
16
|
}
|
16
17
|
|
17
18
|
# these are the basic extension attributes. implementing others is as
|
data/lib/cef/event.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
module CEF
|
2
2
|
class Event
|
3
|
-
attr_accessor :
|
3
|
+
attr_accessor :syslog_pri, :event_time, :my_hostname
|
4
4
|
# set up accessors for all of the CEF event attributes. ruby meta magic.
|
5
5
|
CEF::ATTRIBUTES.each do |k,v|
|
6
6
|
self.instance_eval do
|
@@ -14,33 +14,36 @@ module CEF
|
|
14
14
|
|
15
15
|
# so we can CEF::Event.new(:foo=>"bar")
|
16
16
|
def initialize( *params )
|
17
|
-
|
18
|
-
|
19
|
-
@
|
17
|
+
@event_time = Time.new
|
18
|
+
@deviceVendor = "breed.org"
|
19
|
+
@deviceProduct = "CEF"
|
20
|
+
@deviceVersion = CEF::VERSION
|
21
|
+
@deviceEventClassId = "0:event"
|
22
|
+
@deviceSeverity = CEF::SEVERITY_LOW
|
23
|
+
@name = "unnamed event"
|
20
24
|
# used to avoid requiring syslog.h on windoze
|
21
25
|
#syslog_pri= Syslog::LOG_LOCAL0 | Syslog::LOG_NOTICE
|
22
|
-
@syslog_pri
|
26
|
+
@syslog_pri = 131
|
27
|
+
@my_hostname = Socket::gethostname
|
23
28
|
@other_attrs={}
|
24
29
|
@additional={}
|
30
|
+
Hash[*params].each { |k,v| self.send("%s="%k,v) }
|
31
|
+
yield self if block_given?
|
32
|
+
self
|
25
33
|
end
|
26
34
|
|
27
35
|
# returns a cef formatted string
|
28
|
-
def
|
29
|
-
log_time=
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
log_time=event_time.strftime(CEF::LOG_TIME_FORMAT)
|
34
|
-
end
|
35
|
-
|
36
|
-
cef_message=CEF::PREFIX_FORMAT % [
|
36
|
+
def to_s
|
37
|
+
log_time=event_time.strftime(CEF::LOG_TIME_FORMAT)
|
38
|
+
|
39
|
+
cef_message=sprintf(
|
40
|
+
CEF::LOG_FORMAT,
|
37
41
|
syslog_pri.to_s,
|
38
|
-
my_hostname,
|
39
42
|
log_time,
|
43
|
+
my_hostname,
|
40
44
|
format_prefix,
|
41
45
|
format_extension
|
42
|
-
|
43
|
-
cef_message
|
46
|
+
)
|
44
47
|
end
|
45
48
|
|
46
49
|
# used for non-schema fields
|
@@ -51,83 +54,101 @@ module CEF
|
|
51
54
|
@additional[k]
|
52
55
|
end
|
53
56
|
|
54
|
-
private
|
57
|
+
#private
|
55
58
|
# make a guess as to how the time was set. parse strings and convert
|
56
59
|
# them to epoch milliseconds, or leave it alone if it looks like a number
|
57
60
|
# bigger than epoch milliseconds when i wrote this.
|
58
61
|
def time_convert(val)
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
begin
|
62
|
+
|
63
|
+
converted=case val
|
64
|
+
when String
|
65
|
+
if val.match(%r{\A[0-9]+\Z})
|
64
66
|
converted=val.to_i
|
65
|
-
|
66
|
-
res=
|
67
|
-
converted=Time.
|
67
|
+
else
|
68
|
+
res=Chronic.parse(val)
|
69
|
+
converted=Time.at(res).to_i * 1000
|
68
70
|
end
|
69
|
-
when
|
71
|
+
when Integer,Bignum
|
70
72
|
if val < 1232589621000 #Wed Jan 21 20:00:21 -0600 2009
|
71
|
-
|
73
|
+
val * 1000
|
72
74
|
else
|
73
|
-
|
75
|
+
val
|
74
76
|
end
|
75
77
|
end
|
76
|
-
|
78
|
+
|
77
79
|
end
|
78
80
|
|
79
81
|
# escape only pipes and backslashes in the prefix. you bet your sweet
|
80
82
|
# ass there's a lot of backslashes in the substitution. you can thank
|
81
83
|
# the three levels of lexical analysis/substitution in the ruby interpreter
|
82
84
|
# for that.
|
83
|
-
|
84
|
-
|
85
|
+
|
86
|
+
def escape_prefix_value(val)
|
87
|
+
escapes={
|
88
|
+
%r{(\||\\)} => '\\\\\&'
|
89
|
+
}
|
90
|
+
escapes.reduce(val) do|memo,replace|
|
91
|
+
memo=memo.gsub(*replace)
|
92
|
+
end
|
85
93
|
end
|
86
94
|
|
87
95
|
# only equals signs need to be escaped in the extension. i think.
|
88
96
|
# TODO: something in the spec about \n and some others.
|
89
|
-
def
|
90
|
-
|
97
|
+
def escape_extension_value(val)
|
98
|
+
escapes = {
|
99
|
+
%r{=} => '\=',
|
100
|
+
%r{\n} => ' ',
|
101
|
+
%r{\\} => '\\'
|
102
|
+
}
|
103
|
+
escapes.reduce(val) do |memo,replace|
|
104
|
+
memo=memo.gsub(*replace)
|
105
|
+
end
|
91
106
|
end
|
92
107
|
|
93
108
|
# returns a pipe-delimeted list of prefix attributes
|
94
109
|
def format_prefix
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
cef_prefix="%s|%s|%s|%s|%s|%s" % [
|
102
|
-
prefix_escape(vendor),
|
103
|
-
prefix_escape(product),
|
104
|
-
prefix_escape(version),
|
105
|
-
prefix_escape(declid),
|
106
|
-
prefix_escape(name),
|
107
|
-
prefix_escape(sev),
|
108
|
-
]
|
110
|
+
values = CEF::PREFIX_ATTRIBUTES.keys.map {|k| self.send(k) }
|
111
|
+
escaped = values.map do |value|
|
112
|
+
escape_prefix_value(value)
|
113
|
+
end
|
114
|
+
escaped.join('|')
|
115
|
+
|
109
116
|
end
|
110
117
|
|
111
118
|
# returns a space-delimeted list of attribute=value pairs for all optionals
|
112
119
|
def format_extension
|
113
|
-
|
114
|
-
CEF::EXTENSION_ATTRIBUTES.
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
end
|
120
|
+
|
121
|
+
extensions=CEF::EXTENSION_ATTRIBUTES.keys.map do |meth|
|
122
|
+
value=self.send(meth)
|
123
|
+
next if value.nil?
|
124
|
+
shortname=CEF::EXTENSION_ATTRIBUTES[meth]
|
125
|
+
[shortname,value].join("=")
|
120
126
|
end
|
121
127
|
|
122
128
|
# make sure time comes out as milliseconds since epoch
|
123
|
-
CEF::TIME_ATTRIBUTES.
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
end
|
129
|
+
times=CEF::TIME_ATTRIBUTES.keys.map do |meth|
|
130
|
+
value=self.send(meth)
|
131
|
+
next if value.nil?
|
132
|
+
shortname = CEF::TIME_ATTRIBUTES[meth]
|
133
|
+
[shortname,value].join("=")
|
129
134
|
end
|
130
|
-
|
135
|
+
(extensions + times).compact.join(" ")
|
131
136
|
end
|
132
137
|
end
|
133
|
-
end
|
138
|
+
end
|
139
|
+
|
140
|
+
# vendor= self.deviceVendor || "Breed"
|
141
|
+
# product= self.deviceProduct || "CEF Sender"
|
142
|
+
# version= self.deviceVersion || CEF::VERSION
|
143
|
+
# declid= self.deviceEventClassId || "generic:0"
|
144
|
+
# name= self.name || "Generic Event"
|
145
|
+
# sev= self.deviceSeverity || "1"
|
146
|
+
# %w{ deviceVendor deviceProduct deviceVersion deviceEvent}
|
147
|
+
# cef_prefix="%s|%s|%s|%s|%s|%s" % [
|
148
|
+
# prefix_escape(vendor),
|
149
|
+
# prefix_escape(product),
|
150
|
+
# prefix_escape(version),
|
151
|
+
# prefix_escape(declid),
|
152
|
+
# prefix_escape(name),
|
153
|
+
# prefix_escape(sev),
|
154
|
+
# ]
|
data/lib/cef/version.rb
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
#event_spec.rb
|
2
|
+
require 'spec_helper'
|
3
|
+
describe CEF::Event do
|
4
|
+
let(:formatted_time) { "Apr 25 1975 12:00:00" }
|
5
|
+
let(:time) { Chronic.parse(formatted_time) }
|
6
|
+
|
7
|
+
context "formatting the syslog message" do
|
8
|
+
let(:formatted) { "<131>Apr 25 1975 12:00:00 cefspec CEF:0|breed.org|CEF|#{CEF::VERSION}|0:event|unnamed event|1|" }
|
9
|
+
let(:escaped) { "<131>Apr 25 1975 12:00:00 cefspec CEF:0|bre\\|ed|CEF|#{CEF::VERSION}|0:event|unnamed event|1|" }
|
10
|
+
end
|
11
|
+
context "formatting the CEF prefix" do
|
12
|
+
let(:formatted) {"breed.org|CEF|#{CEF::VERSION}|0:event|unnamed event|1"}
|
13
|
+
let(:escaped) {"bre\\|ed|CEF|#{CEF::VERSION}|0:event|unnamed event|1"}
|
14
|
+
describe "#format_cef" do
|
15
|
+
it "formats prefix values" do
|
16
|
+
event=CEF::Event.new(
|
17
|
+
event_time: time,
|
18
|
+
my_hostname: "cefspec"
|
19
|
+
)
|
20
|
+
expect(event.format_prefix).to eq(formatted)
|
21
|
+
end
|
22
|
+
it "escapes pipes in the prefix" do
|
23
|
+
event=CEF::Event.new(
|
24
|
+
event_time: time,
|
25
|
+
my_hostname: "cefspec",
|
26
|
+
deviceVendor: "bre|ed"
|
27
|
+
)
|
28
|
+
expect(event.format_prefix).to eq(escaped)
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe "CEF Event Formatter" do
|
4
|
+
describe "Cef Extension" do
|
5
|
+
it "should output an extension"
|
6
|
+
it "should escape newlines"
|
7
|
+
it "should escape equal signs"
|
8
|
+
it "should format time attributes"
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
describe "UDPSender" do
|
13
|
+
|
14
|
+
end
|
data/spec/spec_helper.rb
CHANGED
@@ -1,48 +1,8 @@
|
|
1
|
-
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
2
|
-
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
3
|
-
require 'rspec'
|
4
1
|
require 'cef'
|
5
2
|
|
6
|
-
# Requires supporting files with custom matchers and macros, etc,
|
7
|
-
# in ./support/ and its subdirectories.
|
8
|
-
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
|
9
|
-
|
10
3
|
RSpec.configure do |config|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
test_prefix_vals={
|
16
|
-
:deviceVendor => "breed",
|
17
|
-
:deviceProduct => "CEF Sender",
|
18
|
-
:deviceVersion => "0.1",
|
19
|
-
:deviceEventClassId => "0:debug",
|
20
|
-
:name => "test",
|
21
|
-
:deviceSeverity => "1"
|
22
|
-
}
|
23
|
-
end
|
24
|
-
|
25
|
-
def test_prefix_escape_vals
|
26
|
-
test_prefix_escape_vals={
|
27
|
-
:deviceVendor => "bre|ed",
|
28
|
-
:deviceProduct => "CEF Sender",
|
29
|
-
:deviceVersion => "0.1",
|
30
|
-
:deviceEventClassId => "0:debug",
|
31
|
-
:name => "test",
|
32
|
-
:deviceSeverity => "1"
|
33
|
-
}
|
34
|
-
end
|
35
|
-
|
36
|
-
def test_extension_vals
|
37
|
-
test_extension_vals={
|
38
|
-
:sourceAddress => "192.168.1.1",
|
39
|
-
:destinationAddress => "192.168.1.2"
|
40
|
-
}
|
41
|
-
end
|
42
|
-
|
43
|
-
def test_prefix_string
|
44
|
-
"breed|CEF Sender|0.1|0:debug|test|1"
|
45
|
-
end
|
46
|
-
def test_prefix_escape_string
|
47
|
-
"bre\\|ed|CEF Sender|0.1|0:debug|test|1"
|
4
|
+
config.treat_symbols_as_metadata_keys_with_true_values = true
|
5
|
+
config.run_all_when_everything_filtered = true
|
6
|
+
config.filter_run :focus
|
7
|
+
config.order = 'random'
|
48
8
|
end
|
metadata
CHANGED
@@ -1,114 +1,141 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: cef
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease:
|
6
|
-
segments:
|
7
|
-
- 0
|
8
|
-
- 8
|
9
|
-
- 0
|
10
|
-
version: 0.8.0
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.9.0
|
11
5
|
platform: ruby
|
12
|
-
authors:
|
6
|
+
authors:
|
13
7
|
- Ryan Breed
|
14
8
|
autorequire:
|
15
9
|
bindir: bin
|
16
10
|
cert_chain: []
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
- !ruby/object:Gem::Version
|
28
|
-
hash: 3
|
29
|
-
segments:
|
30
|
-
- 2
|
31
|
-
- 3
|
32
|
-
- 0
|
33
|
-
version: 2.3.0
|
11
|
+
date: 2011-03-30 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: chronic
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '>='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
34
21
|
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '>='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rspec
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - '>='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
35
34
|
type: :development
|
36
|
-
|
37
|
-
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - '>='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
38
42
|
name: bundler
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
segments:
|
46
|
-
- 1
|
47
|
-
- 0
|
48
|
-
- 0
|
49
|
-
version: 1.0.0
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - '>='
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
50
49
|
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - '>='
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: simplecov
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - '>='
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
51
62
|
type: :development
|
52
|
-
requirement: *id002
|
53
|
-
- !ruby/object:Gem::Dependency
|
54
|
-
name: jeweler
|
55
|
-
version_requirements: &id003 !ruby/object:Gem::Requirement
|
56
|
-
none: false
|
57
|
-
requirements:
|
58
|
-
- - ~>
|
59
|
-
- !ruby/object:Gem::Version
|
60
|
-
hash: 7
|
61
|
-
segments:
|
62
|
-
- 1
|
63
|
-
- 5
|
64
|
-
- 2
|
65
|
-
version: 1.5.2
|
66
63
|
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - '>='
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: pry
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - '>='
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
67
76
|
type: :development
|
68
|
-
requirement: *id003
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: rcov
|
71
|
-
version_requirements: &id004 !ruby/object:Gem::Requirement
|
72
|
-
none: false
|
73
|
-
requirements:
|
74
|
-
- - ">="
|
75
|
-
- !ruby/object:Gem::Version
|
76
|
-
hash: 3
|
77
|
-
segments:
|
78
|
-
- 0
|
79
|
-
version: "0"
|
80
77
|
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - '>='
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: guard
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - '>='
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - '>='
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: guard-rspec
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - '>='
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0'
|
81
104
|
type: :development
|
82
|
-
requirement: *id004
|
83
|
-
- !ruby/object:Gem::Dependency
|
84
|
-
name: rspec
|
85
|
-
version_requirements: &id005 !ruby/object:Gem::Requirement
|
86
|
-
none: false
|
87
|
-
requirements:
|
88
|
-
- - ~>
|
89
|
-
- !ruby/object:Gem::Version
|
90
|
-
hash: 3
|
91
|
-
segments:
|
92
|
-
- 2
|
93
|
-
- 3
|
94
|
-
- 0
|
95
|
-
version: 2.3.0
|
96
105
|
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - '>='
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: guard-bundler
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - '>='
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
97
118
|
type: :development
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - '>='
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
description: ' format/send CEF logs via API+syslog or client program '
|
126
|
+
email: ' opensource@breed.org '
|
127
|
+
executables:
|
102
128
|
- cef_sender
|
103
129
|
extensions: []
|
104
|
-
|
105
|
-
extra_rdoc_files:
|
130
|
+
extra_rdoc_files:
|
106
131
|
- LICENSE.txt
|
107
132
|
- README.rdoc
|
108
|
-
files:
|
133
|
+
files:
|
109
134
|
- .document
|
135
|
+
- .gitignore
|
110
136
|
- .rspec
|
111
137
|
- Gemfile
|
138
|
+
- Guardfile
|
112
139
|
- LICENSE.txt
|
113
140
|
- README.rdoc
|
114
141
|
- Rakefile
|
@@ -121,42 +148,35 @@ files:
|
|
121
148
|
- lib/cef/file_logger.rb
|
122
149
|
- lib/cef/parser.rb
|
123
150
|
- lib/cef/sender.rb
|
124
|
-
-
|
151
|
+
- lib/cef/version.rb
|
152
|
+
- spec/lib/cef/event_spec.rb
|
153
|
+
- spec/lib/cef_spec.rb
|
125
154
|
- spec/spec_helper.rb
|
126
|
-
has_rdoc: true
|
127
155
|
homepage: http://github.com/ryanbreed/cef
|
128
|
-
licenses:
|
156
|
+
licenses:
|
129
157
|
- MIT
|
158
|
+
metadata: {}
|
130
159
|
post_install_message:
|
131
160
|
rdoc_options: []
|
132
|
-
|
133
|
-
require_paths:
|
161
|
+
require_paths:
|
134
162
|
- lib
|
135
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
none: false
|
146
|
-
requirements:
|
147
|
-
- - ">="
|
148
|
-
- !ruby/object:Gem::Version
|
149
|
-
hash: 3
|
150
|
-
segments:
|
151
|
-
- 0
|
152
|
-
version: "0"
|
163
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
164
|
+
requirements:
|
165
|
+
- - '>='
|
166
|
+
- !ruby/object:Gem::Version
|
167
|
+
version: '0'
|
168
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
169
|
+
requirements:
|
170
|
+
- - '>='
|
171
|
+
- !ruby/object:Gem::Version
|
172
|
+
version: '0'
|
153
173
|
requirements: []
|
154
|
-
|
155
174
|
rubyforge_project:
|
156
|
-
rubygems_version:
|
175
|
+
rubygems_version: 2.0.14
|
157
176
|
signing_key:
|
158
|
-
specification_version:
|
177
|
+
specification_version: 4
|
159
178
|
summary: CEF Generation Library and Client
|
160
|
-
test_files:
|
161
|
-
- spec/
|
179
|
+
test_files:
|
180
|
+
- spec/lib/cef/event_spec.rb
|
181
|
+
- spec/lib/cef_spec.rb
|
162
182
|
- spec/spec_helper.rb
|
data/spec/cef_spec.rb
DELETED
@@ -1,36 +0,0 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
2
|
-
|
3
|
-
describe "CEF Event Formatter" do
|
4
|
-
describe "CEF Preamble" do
|
5
|
-
it "should output a preamble" do
|
6
|
-
prefix_vals=test_prefix_vals
|
7
|
-
t=Time.new
|
8
|
-
e=CEF::Event.new
|
9
|
-
e.event_time=t
|
10
|
-
prefix_vals.each {|k,v| e.send("%s="%k,v) }
|
11
|
-
preformatted=CEF::PREFIX_FORMAT % [ 131, Socket.gethostname, t.strftime(CEF::LOG_TIME_FORMAT), test_prefix_string, ""]
|
12
|
-
formatted=e.format_cef
|
13
|
-
preformatted.should == formatted
|
14
|
-
end
|
15
|
-
it "should escape pipes in the prefix" do
|
16
|
-
prefix_vals=test_prefix_escape_vals
|
17
|
-
t=Time.new
|
18
|
-
e=CEF::Event.new
|
19
|
-
e.event_time=t
|
20
|
-
prefix_vals.each {|k,v| e.send("%s="%k,v) }
|
21
|
-
preformatted=CEF::PREFIX_FORMAT % [ 131, Socket.gethostname, t.strftime(CEF::LOG_TIME_FORMAT), test_prefix_escape_string, ""]
|
22
|
-
formatted=e.format_cef
|
23
|
-
preformatted.should == formatted
|
24
|
-
end
|
25
|
-
end
|
26
|
-
describe "Cef Extension" do
|
27
|
-
it "should output an extension"
|
28
|
-
it "should escape newlines"
|
29
|
-
it "should escape equal signs"
|
30
|
-
it "should format time attributes"
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
describe "UDPSender" do
|
35
|
-
|
36
|
-
end
|