cef 0.9.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +2 -0
- data/README.rdoc +1 -1
- data/bin/cef_sender +0 -0
- data/cef.gemspec +2 -4
- data/lib/cef.rb +3 -4
- data/lib/cef/event.rb +29 -31
- data/lib/cef/sender.rb +7 -6
- data/lib/cef/version.rb +1 -1
- data/spec/lib/cef/event_spec.rb +15 -3
- data/spec/lib/cef/sender_spec.rb +24 -0
- data/spec/lib/cef_spec.rb +0 -5
- data/spec/spec_helper.rb +0 -1
- metadata +6 -48
- data/Guardfile +0 -15
- data/lib/cef/file_logger.rb +0 -8
- data/lib/cef/parser.rb +0 -56
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cd476b861b26a67ccac0ca120cdb434259fb8d99
|
|
4
|
+
data.tar.gz: 416bac4bbf1bc6749155135ab3df0a0dd5db09c5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1cd74a78d391ad6a5be928e716062caae969f141aea5f87067877aefbb6165436c55b4dcb5fc8e91d282646737a8775aefbb8db1175041a1ab7d1c3af7be2822
|
|
7
|
+
data.tar.gz: bf18931d0e2627a9992f730d47c75cd4e8c96617c4cd85dd75b2360ddba6288742d8c2a646e717ede857c1e77cbdb929a15f8e796166d404083cdf01cbe4a12e
|
data/.gitignore
CHANGED
data/README.rdoc
CHANGED
data/bin/cef_sender
CHANGED
|
File without changes
|
data/cef.gemspec
CHANGED
|
@@ -25,13 +25,11 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
|
|
26
26
|
spec.require_paths = ["lib"]
|
|
27
27
|
|
|
28
|
-
spec.
|
|
28
|
+
spec.add_development_dependency "rake"
|
|
29
29
|
spec.add_development_dependency "rspec"
|
|
30
30
|
spec.add_development_dependency "bundler"
|
|
31
31
|
spec.add_development_dependency "simplecov"
|
|
32
32
|
spec.add_development_dependency "pry"
|
|
33
|
-
|
|
34
|
-
spec.add_development_dependency "guard-rspec"
|
|
35
|
-
spec.add_development_dependency "guard-bundler"
|
|
33
|
+
|
|
36
34
|
end
|
|
37
35
|
|
data/lib/cef.rb
CHANGED
data/lib/cef/event.rb
CHANGED
|
@@ -36,7 +36,7 @@ module CEF
|
|
|
36
36
|
def to_s
|
|
37
37
|
log_time=event_time.strftime(CEF::LOG_TIME_FORMAT)
|
|
38
38
|
|
|
39
|
-
|
|
39
|
+
sprintf(
|
|
40
40
|
CEF::LOG_FORMAT,
|
|
41
41
|
syslog_pri.to_s,
|
|
42
42
|
log_time,
|
|
@@ -58,25 +58,25 @@ module CEF
|
|
|
58
58
|
# make a guess as to how the time was set. parse strings and convert
|
|
59
59
|
# them to epoch milliseconds, or leave it alone if it looks like a number
|
|
60
60
|
# bigger than epoch milliseconds when i wrote this.
|
|
61
|
-
def time_convert(val)
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
end
|
|
61
|
+
# def time_convert(val)
|
|
62
|
+
#
|
|
63
|
+
# converted=case val
|
|
64
|
+
# when String
|
|
65
|
+
# if val.match(%r{\A[0-9]+\Z})
|
|
66
|
+
# converted=val.to_i
|
|
67
|
+
# else
|
|
68
|
+
# res=Chronic.parse(val)
|
|
69
|
+
# converted=Time.at(res).to_i * 1000
|
|
70
|
+
# end
|
|
71
|
+
# when Integer,Bignum
|
|
72
|
+
# if val < 1232589621000 #Wed Jan 21 20:00:21 -0600 2009
|
|
73
|
+
# val * 1000
|
|
74
|
+
# else
|
|
75
|
+
# val
|
|
76
|
+
# end
|
|
77
|
+
# end
|
|
78
|
+
#
|
|
79
|
+
# end
|
|
80
80
|
|
|
81
81
|
# escape only pipes and backslashes in the prefix. you bet your sweet
|
|
82
82
|
# ass there's a lot of backslashes in the substitution. you can thank
|
|
@@ -107,34 +107,32 @@ module CEF
|
|
|
107
107
|
|
|
108
108
|
# returns a pipe-delimeted list of prefix attributes
|
|
109
109
|
def format_prefix
|
|
110
|
-
values
|
|
110
|
+
values = CEF::PREFIX_ATTRIBUTES.keys.map { |k| self.send(k) }
|
|
111
111
|
escaped = values.map do |value|
|
|
112
112
|
escape_prefix_value(value)
|
|
113
113
|
end
|
|
114
114
|
escaped.join('|')
|
|
115
|
-
|
|
116
115
|
end
|
|
117
116
|
|
|
118
117
|
# returns a space-delimeted list of attribute=value pairs for all optionals
|
|
119
118
|
def format_extension
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
value=self.send(meth)
|
|
119
|
+
extensions = CEF::EXTENSION_ATTRIBUTES.keys.map do |meth|
|
|
120
|
+
value = self.send(meth)
|
|
123
121
|
next if value.nil?
|
|
124
|
-
shortname=CEF::EXTENSION_ATTRIBUTES[meth]
|
|
125
|
-
[shortname,value].join("=")
|
|
122
|
+
shortname = CEF::EXTENSION_ATTRIBUTES[meth]
|
|
123
|
+
[shortname, escape_extension_value(value)].join("=")
|
|
126
124
|
end
|
|
127
125
|
|
|
128
126
|
# make sure time comes out as milliseconds since epoch
|
|
129
|
-
times=CEF::TIME_ATTRIBUTES.keys.map do |meth|
|
|
130
|
-
value=self.send(meth)
|
|
127
|
+
times = CEF::TIME_ATTRIBUTES.keys.map do |meth|
|
|
128
|
+
value = self.send(meth)
|
|
131
129
|
next if value.nil?
|
|
132
130
|
shortname = CEF::TIME_ATTRIBUTES[meth]
|
|
133
|
-
[shortname,value].join("=")
|
|
131
|
+
[shortname, escape_extension_value(value)].join("=")
|
|
134
132
|
end
|
|
135
133
|
(extensions + times).compact.join(" ")
|
|
136
134
|
end
|
|
137
|
-
|
|
135
|
+
end
|
|
138
136
|
end
|
|
139
137
|
|
|
140
138
|
# vendor= self.deviceVendor || "Breed"
|
data/lib/cef/sender.rb
CHANGED
|
@@ -13,6 +13,10 @@ module CEF
|
|
|
13
13
|
#TODO: Implement relp/tcp senders
|
|
14
14
|
|
|
15
15
|
class UDPSender < Sender
|
|
16
|
+
def initialize(receiver='127.0.0.1', port=514)
|
|
17
|
+
@receiver = receiver
|
|
18
|
+
@port = port
|
|
19
|
+
end
|
|
16
20
|
|
|
17
21
|
#fire the message off
|
|
18
22
|
def emit(event)
|
|
@@ -24,15 +28,12 @@ module CEF
|
|
|
24
28
|
event.send("%s=" % k,v)
|
|
25
29
|
end
|
|
26
30
|
end
|
|
27
|
-
self.sock.send event.
|
|
31
|
+
self.sock.send event.to_s, 0
|
|
28
32
|
end
|
|
29
33
|
|
|
30
|
-
|
|
31
34
|
def socksetup
|
|
32
35
|
@sock=UDPSocket.new
|
|
33
|
-
|
|
34
|
-
port= self.receiverPort || 514
|
|
35
|
-
@sock.connect(receiver,port)
|
|
36
|
+
@sock.connect(@receiver, @port)
|
|
36
37
|
end
|
|
37
38
|
end
|
|
38
|
-
end
|
|
39
|
+
end
|
data/lib/cef/version.rb
CHANGED
data/spec/lib/cef/event_spec.rb
CHANGED
|
@@ -1,13 +1,14 @@
|
|
|
1
|
-
#event_spec.rb
|
|
2
1
|
require 'spec_helper'
|
|
2
|
+
|
|
3
3
|
describe CEF::Event do
|
|
4
4
|
let(:formatted_time) { "Apr 25 1975 12:00:00" }
|
|
5
|
-
let(:time) {
|
|
5
|
+
let(:time) { DateTime.strptime(formatted_time , '%b %d %Y %H:%M:%S')}
|
|
6
6
|
|
|
7
7
|
context "formatting the syslog message" do
|
|
8
8
|
let(:formatted) { "<131>Apr 25 1975 12:00:00 cefspec CEF:0|breed.org|CEF|#{CEF::VERSION}|0:event|unnamed event|1|" }
|
|
9
9
|
let(:escaped) { "<131>Apr 25 1975 12:00:00 cefspec CEF:0|bre\\|ed|CEF|#{CEF::VERSION}|0:event|unnamed event|1|" }
|
|
10
10
|
end
|
|
11
|
+
|
|
11
12
|
context "formatting the CEF prefix" do
|
|
12
13
|
let(:formatted) {"breed.org|CEF|#{CEF::VERSION}|0:event|unnamed event|1"}
|
|
13
14
|
let(:escaped) {"bre\\|ed|CEF|#{CEF::VERSION}|0:event|unnamed event|1"}
|
|
@@ -29,4 +30,15 @@ describe CEF::Event do
|
|
|
29
30
|
end
|
|
30
31
|
end
|
|
31
32
|
end
|
|
32
|
-
|
|
33
|
+
|
|
34
|
+
context 'formatting the CEF extension' do
|
|
35
|
+
let(:escaped) { "suser=User\\=Name" }
|
|
36
|
+
|
|
37
|
+
it 'escapes equal signs' do
|
|
38
|
+
event = CEF::Event.new(
|
|
39
|
+
sourceUserName: 'User=Name'
|
|
40
|
+
)
|
|
41
|
+
expect(event.format_extension).to eq(escaped)
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe CEF::UDPSender do
|
|
4
|
+
it 'defaults receiver to localhost on port 514' do
|
|
5
|
+
sock_double = double
|
|
6
|
+
expect(UDPSocket).to receive(:new).and_return(sock_double)
|
|
7
|
+
expect(sock_double).to receive(:connect).with('127.0.0.1', 514)
|
|
8
|
+
|
|
9
|
+
sender = CEF::UDPSender.new
|
|
10
|
+
sender.socksetup
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
it 'receives an escaped message when emit is called' do
|
|
14
|
+
event = CEF::Event.new
|
|
15
|
+
|
|
16
|
+
sock_double = double
|
|
17
|
+
expect(UDPSocket).to receive(:new).and_return(sock_double)
|
|
18
|
+
expect(sock_double).to receive(:connect).with('myDomain.org', 4321)
|
|
19
|
+
expect(sock_double).to receive(:send).with(event.to_s, 0)
|
|
20
|
+
|
|
21
|
+
sender = CEF::UDPSender.new('myDomain.org', 4321)
|
|
22
|
+
sender.emit(event)
|
|
23
|
+
end
|
|
24
|
+
end
|
data/spec/lib/cef_spec.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cef
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Breed
|
|
@@ -11,13 +11,13 @@ cert_chain: []
|
|
|
11
11
|
date: 2011-03-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
14
|
+
name: rake
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
17
|
- - '>='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '0'
|
|
20
|
-
type: :
|
|
20
|
+
type: :development
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
@@ -80,48 +80,6 @@ dependencies:
|
|
|
80
80
|
- - '>='
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '0'
|
|
83
|
-
- !ruby/object:Gem::Dependency
|
|
84
|
-
name: guard
|
|
85
|
-
requirement: !ruby/object:Gem::Requirement
|
|
86
|
-
requirements:
|
|
87
|
-
- - '>='
|
|
88
|
-
- !ruby/object:Gem::Version
|
|
89
|
-
version: '0'
|
|
90
|
-
type: :development
|
|
91
|
-
prerelease: false
|
|
92
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
-
requirements:
|
|
94
|
-
- - '>='
|
|
95
|
-
- !ruby/object:Gem::Version
|
|
96
|
-
version: '0'
|
|
97
|
-
- !ruby/object:Gem::Dependency
|
|
98
|
-
name: guard-rspec
|
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
|
100
|
-
requirements:
|
|
101
|
-
- - '>='
|
|
102
|
-
- !ruby/object:Gem::Version
|
|
103
|
-
version: '0'
|
|
104
|
-
type: :development
|
|
105
|
-
prerelease: false
|
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
-
requirements:
|
|
108
|
-
- - '>='
|
|
109
|
-
- !ruby/object:Gem::Version
|
|
110
|
-
version: '0'
|
|
111
|
-
- !ruby/object:Gem::Dependency
|
|
112
|
-
name: guard-bundler
|
|
113
|
-
requirement: !ruby/object:Gem::Requirement
|
|
114
|
-
requirements:
|
|
115
|
-
- - '>='
|
|
116
|
-
- !ruby/object:Gem::Version
|
|
117
|
-
version: '0'
|
|
118
|
-
type: :development
|
|
119
|
-
prerelease: false
|
|
120
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
-
requirements:
|
|
122
|
-
- - '>='
|
|
123
|
-
- !ruby/object:Gem::Version
|
|
124
|
-
version: '0'
|
|
125
83
|
description: ' format/send CEF logs via API+syslog or client program '
|
|
126
84
|
email: ' opensource@breed.org '
|
|
127
85
|
executables:
|
|
@@ -135,7 +93,6 @@ files:
|
|
|
135
93
|
- .gitignore
|
|
136
94
|
- .rspec
|
|
137
95
|
- Gemfile
|
|
138
|
-
- Guardfile
|
|
139
96
|
- LICENSE.txt
|
|
140
97
|
- README.rdoc
|
|
141
98
|
- Rakefile
|
|
@@ -145,11 +102,10 @@ files:
|
|
|
145
102
|
- lib/cef.rb
|
|
146
103
|
- lib/cef/constants.rb
|
|
147
104
|
- lib/cef/event.rb
|
|
148
|
-
- lib/cef/file_logger.rb
|
|
149
|
-
- lib/cef/parser.rb
|
|
150
105
|
- lib/cef/sender.rb
|
|
151
106
|
- lib/cef/version.rb
|
|
152
107
|
- spec/lib/cef/event_spec.rb
|
|
108
|
+
- spec/lib/cef/sender_spec.rb
|
|
153
109
|
- spec/lib/cef_spec.rb
|
|
154
110
|
- spec/spec_helper.rb
|
|
155
111
|
homepage: http://github.com/ryanbreed/cef
|
|
@@ -178,5 +134,7 @@ specification_version: 4
|
|
|
178
134
|
summary: CEF Generation Library and Client
|
|
179
135
|
test_files:
|
|
180
136
|
- spec/lib/cef/event_spec.rb
|
|
137
|
+
- spec/lib/cef/sender_spec.rb
|
|
181
138
|
- spec/lib/cef_spec.rb
|
|
182
139
|
- spec/spec_helper.rb
|
|
140
|
+
has_rdoc:
|
data/Guardfile
DELETED
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
# A sample Guardfile
|
|
2
|
-
# More info at https://github.com/guard/guard#readme
|
|
3
|
-
|
|
4
|
-
guard :bundler do
|
|
5
|
-
watch('Gemfile')
|
|
6
|
-
# Uncomment next line if your Gemfile contains the `gemspec' command.
|
|
7
|
-
watch(/^.+\.gemspec/)
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
guard :rspec do
|
|
11
|
-
watch(%r{^spec/.+_spec\.rb$})
|
|
12
|
-
watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
|
|
13
|
-
watch('spec/spec_helper.rb') { "spec" }
|
|
14
|
-
end
|
|
15
|
-
|
data/lib/cef/file_logger.rb
DELETED
data/lib/cef/parser.rb
DELETED
|
@@ -1,56 +0,0 @@
|
|
|
1
|
-
# COPYRIGHT: Ryan Breed
|
|
2
|
-
# DATE: 3/27/11
|
|
3
|
-
module CEF
|
|
4
|
-
class Parser
|
|
5
|
-
# TODO: deal with escaping delimeters
|
|
6
|
-
|
|
7
|
-
attr_accessor :file_name
|
|
8
|
-
|
|
9
|
-
def initialize(*args)
|
|
10
|
-
# Parser.new(:foo=>"bar)
|
|
11
|
-
Hash[*args].each { |argname, argval| self.send(("%s="%argname), argval) }
|
|
12
|
-
|
|
13
|
-
yield self if block_given?
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def parse_file
|
|
17
|
-
events=[]
|
|
18
|
-
File.open(file_name) do |f|
|
|
19
|
-
f.each_line do |line|
|
|
20
|
-
line.chomp!
|
|
21
|
-
prefix=line.split(/\|/)
|
|
22
|
-
e=Event.new
|
|
23
|
-
extension_string=prefix[7..-1].join("|")
|
|
24
|
-
extension_av_pairs=extension_string.split(/ ([\w\.]+)=/)
|
|
25
|
-
extension_av_pairs.shift
|
|
26
|
-
|
|
27
|
-
begin
|
|
28
|
-
extension=Hash[ *extension_av_pairs.map {|i| i.strip} ]
|
|
29
|
-
extension.each do |k,v|
|
|
30
|
-
next if k.match(/^ad\./)
|
|
31
|
-
methname=CEF::ATTRIBUTES.invert[k].to_s
|
|
32
|
-
#puts "METHNAME: #{k} -> #{methname}"
|
|
33
|
-
e.send("%s=" % methname, v)
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
rescue Exception => except
|
|
37
|
-
puts except.message
|
|
38
|
-
pp extension_av_pairs
|
|
39
|
-
puts line
|
|
40
|
-
next
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
%w{ deviceVendor deviceProduct deviceVersion
|
|
44
|
-
deviceEventClassId name deviceSeverity }.each_with_index {|att,i| e.send("%s="%att,prefix[i+1]) }
|
|
45
|
-
|
|
46
|
-
if block_given?
|
|
47
|
-
yield e
|
|
48
|
-
else
|
|
49
|
-
events.push e
|
|
50
|
-
end
|
|
51
|
-
end
|
|
52
|
-
end
|
|
53
|
-
events
|
|
54
|
-
end
|
|
55
|
-
end
|
|
56
|
-
end
|