cef 1.0.0 → 2.1.1.pre

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cd476b861b26a67ccac0ca120cdb434259fb8d99
-  data.tar.gz: 416bac4bbf1bc6749155135ab3df0a0dd5db09c5
+  metadata.gz: f520020f211fc2d7efb8692d4082c1d596a76801
+  data.tar.gz: cf92ebd98858d0337945f24f08983292d3fac01c
 SHA512:
-  metadata.gz: 1cd74a78d391ad6a5be928e716062caae969f141aea5f87067877aefbb6165436c55b4dcb5fc8e91d282646737a8775aefbb8db1175041a1ab7d1c3af7be2822
-  data.tar.gz: bf18931d0e2627a9992f730d47c75cd4e8c96617c4cd85dd75b2360ddba6288742d8c2a646e717ede857c1e77cbdb929a15f8e796166d404083cdf01cbe4a12e
+  metadata.gz: 64dedb460f9572939c9281916e1a9730ef9449ab68e40b9babda83d7c467bf7e5a9cc7dae309ed9d0269096659917805d6555437560b4f9d4a18b2b0d7c962d0
+  data.tar.gz: 10079daeb4497743b8688490a254f04d8273cc78ee9b579e79fa5e9b575697e352a95674ac5aef92ab2756142d8e979c3f7d0f1df8542a88f8b350b375db97bc

data/.gitignore

@@ -1,3 +1,4 @@
+**/.DS_Store
 .env
 .idea
 *.gem
@@ -6,15 +7,10 @@
 .config
 .yardoc
 Gemfile.lock
-InstalledFiles
 _yardoc
 coverage
 doc/
-lib/bundler/man
 pkg
 rdoc
-spec/reports
-test/tmp
-test/version_tmp
-tmp
-cef.iml
+/vendor/bundle/
+/tmp/

data/.rspec

@@ -1 +1,2 @@
---color --format documentation --backtrace --warnings -I lib -r ./lib/cef.rb
+--format documentation
+--color

data/Guardfile

@@ -0,0 +1,55 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+## Uncomment and set this to only include directories you want to watch
+# directories %w(app lib config test spec features) \
+#  .select{|d| Dir.exists?(d) ? d : UI.warning("Directory #{d} does not exist")}
+
+## Note: if you are using the `directories` clause above and you are not
+## watching the project directory ('.'), then you will want to move
+## the Guardfile to a watched dir and symlink it back, e.g.
+#
+#  $ mkdir config
+#  $ mv Guardfile config/
+#  $ ln -s config/Guardfile .
+#
+# and, you'll have to watch "config/Guardfile" instead of "Guardfile"
+
+guard :bundler do
+  require 'guard/bundler'
+  require 'guard/bundler/verify'
+  helper = Guard::Bundler::Verify.new
+
+  files = ['Gemfile']
+  files += Dir['*.gemspec'] if files.any? { |f| helper.uses_gemspec?(f) }
+
+  # Assume files are symlinked from somewhere
+  files.each { |file| watch(helper.real_path(file)) }
+end
+
+# Note: The cmd option is now required due to the increasing number of ways
+#       rspec may be run, below are examples of the most common uses.
+#  * bundler: 'bundle exec rspec'
+#  * bundler binstubs: 'bin/rspec'
+#  * spring: 'bin/rspec' (This will use spring if running and you have
+#                          installed the spring binstubs per the docs)
+#  * zeus: 'zeus rspec' (requires the server to be started separately)
+#  * 'just' rspec: 'rspec'
+
+guard :rspec, cmd: "bundle exec rspec" do
+  require "guard/rspec/dsl"
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # Feel free to open issues for suggestions and improvements
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+
+end

data/README.rdoc

@@ -1,64 +1,3 @@
-= cef
-
-This is an implementation of the Common Event Formatting standard.
-
-http://www.arcsight.com/solutions/solutions-cef/
-
-
-Included is a library implementing a formatter/emitter and a client program
-that can be called from a shell script or some other external source. The
-library currently hardcodes the syslog format|priority if you choose to send
-vi UDP to a receiver.
-
-Most of the standard dictionary is implemented.
-http://www.arcsight.com/collateral/CEFstandards.pdf
-
-== Example API Usage
-
-
-    # instantiate a sender object
-    sender=CEF::UDPSender.new(
-        :receiver=>"loghost.mycompany.com",
-        :eventDefaults=>{
-            :deviceProduct => "MySnazzyLogger",
-            :deviceVendor  => "My Company"
-        }
-      )
-    # instantiate an event
-    event=CEF::Event.new(
-    :sourceAddress      => "192.168.1.1",
-    :destinationAddress => "192.168.1.2",
-    :name               => "i think something happened"
-    )
-
-    # fire away!
-    sender.emit(e)
-
-== Example client usage
-
-  cef_sender --receiver="myloghost.company.com"\
-            --deviceProduct="MySnazzyLogger"   \
-            --deviceVendor="My Company"        \
-            --sourceAddress="192.168.1.1"      \
-            --destinationAddress="192.168.1.2" \
-            --name="i think something happened"
-
-To see the supported event attributes:
-
-  cef_sender --schema
-
-== Contributing to cef
- 
-* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
-* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
-* Fork the project
-* Start a feature/bugfix branch
-* Commit and push until you are happy with your contribution
-* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
-* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
-
-== Copyright
-
-Copyright (c) 2011 Ryan Breed. See LICENSE.txt for
-further details.
-
+#
+#
+#

data/VERSION

@@ -1 +1 @@
-0.8.1
+1.0.0

data/cef.gemspec

@@ -5,31 +5,33 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'cef/version'
 
 Gem::Specification.new do |spec|
-  spec.name    = "cef"
+  spec.name    = 'cef'
   spec.version = CEF::VERSION
 
-  spec.authors     = ["Ryan Breed"]
-  spec.date        = "2011-03-30"
+  spec.authors     = ['Ryan Breed']
   spec.description = %q{ format/send CEF logs via API+syslog or client program }
   spec.summary     = %q{ CEF Generation Library and Client }
   spec.email       = %q{ opensource@breed.org }
 
-  spec.extra_rdoc_files = [ "LICENSE.txt", "README.rdoc" ]
-  spec.homepage         = "http://github.com/ryanbreed/cef"
-  spec.licenses         = ["MIT"]
+  spec.extra_rdoc_files = [ 'LICENSE.txt', 'README.rdoc' ]
+  spec.homepage         = 'http://github.com/ryanbreed/cef'
+  spec.licenses         = ['MIT']
 
-  spec.files         = `git ls-files`.split($/)
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.require_paths    = ["lib"]
+  spec.require_paths    = ['lib']
 
-  spec.add_development_dependency "rake"
-  spec.add_development_dependency "rspec"
-  spec.add_development_dependency "bundler"
-  spec.add_development_dependency "simplecov"
-  spec.add_development_dependency "pry"
+  spec.add_dependency 'hashie'
 
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'guard'
+  spec.add_development_dependency 'guard-bundler'
+  spec.add_development_dependency 'guard-rspec'
 end
-

data/conf/cef-schema.json

@@ -0,0 +1,251 @@
+{
+  "prefix" : {
+    "name"               : "cef event",
+    "deviceEventClassId" : "cef:0",
+    "deviceProduct"      : "Cef::Event",
+    "deviceVendor"       : "breed.org",
+    "deviceSeverity"     : 1,
+    "deviceVersion"      : "2.0.0"
+  },
+  "types" : {
+    "agentReceiptTime"             : "Time",
+    "baseEventCount"               : "Integer",
+    "bytesIn"                      : "Integer",
+    "bytesOut"                     : "Integer",
+    "destinationAddress"           : "IPAddr",
+    "destinationTranslatedAddress" : "IPAddr",
+    "destinationPort"              : "Integer",
+    "destinationTranslatedPort"    : "Integer",
+    "deviceAddress"                : "IPAddr",
+    "deviceCustomDate1"            : "Time",
+    "deviceCustomDate2"            : "Time",
+    "deviceCustomIPv6Address1"     : "IPAddr",
+    "deviceCustomIPv6Address2"     : "IPAddr",
+    "deviceCustomIPv6Address3"     : "IPAddr",
+    "deviceCustomIPv6Address4"     : "IPAddr",
+    "deviceCustomNumber1"          : "Integer",
+    "deviceCustomNumber2"          : "Integer",
+    "deviceCustomNumber3"          : "Integer",
+    "deviceSeverity"               : "Integer",
+    "deviceTranslatedAddress"      : "IPAddr",
+    "endTime"                      : "Time",
+    "fileCreateTime"               : "Time",
+    "fileModificationTime"         : "Time",
+    "fileSize"                     : "Integer",
+    "managerReceiptTime"           : "Time",
+    "oldFileCreateTime"            : "Time",
+    "oldFileModificationTime"      : "Time",
+    "receiptTime"                  : "Time",
+    "startTime"                    : "Time",
+    "sourceAddress"                : "IPAddr",
+    "sourcePort"                   : "Integer",
+    "sourceTranslatedAddress"      : "IPAddr",
+    "sourceTranslatedPort"         : "Integer"
+  },
+  "key_names" : {
+    "applicationProtocol"          : "app",
+    "agentAddress"                 : "agt",
+    "agentHostName"                : "ahost",
+    "agentId"                      : "aid",
+    "agentReceiptTime"             : "art",
+    "agentType"                    : "at",
+    "agentTimeZone"                : "atz",
+    "agentVersion"                 : "av",
+    "baseEventCount"               : "cnt",
+    "bytesIn"                      : "in",
+    "bytesOut"                     : "out",
+    "deviceAction"                 : "act",
+    "deviceEventCategory"          : "cat",
+    "deviceAddress"                : "dvc",
+    "deviceHostName"               : "dvchost",
+    "deviceTimeZone"               : "dtz",
+    "deviceCustomNumber1"          : "cn1",
+    "deviceCustomNumber2"          : "cn2",
+    "deviceCustomNumber3"          : "cn3",
+    "deviceCustomNumber1Label"     : "cn1Label",
+    "deviceCustomNumber2Label"     : "cn2Label",
+    "deviceCustomNumber3Label"     : "cn3Label",
+    "deviceCustomString1"          : "cs1",
+    "deviceCustomString2"          : "cs2",
+    "deviceCustomString3"          : "cs3",
+    "deviceCustomString4"          : "cs4",
+    "deviceCustomString5"          : "cs5",
+    "deviceCustomString6"          : "cs6",
+    "deviceCustomString1Label"     : "cs1Label",
+    "deviceCustomString2Label"     : "cs2Label",
+    "deviceCustomString3Label"     : "cs3Label",
+    "deviceCustomString4Label"     : "cs4Label",
+    "deviceCustomString5Label"     : "cs5Label",
+    "deviceCustomString6Label"     : "cs6Label",
+    "destinationAddress"           : "dst",
+    "destinationNtDomain"          : "dntdom",
+    "destinationHostName"          : "dhost",
+    "destinationMacAddress"        : "dmac",
+    "destinationPort"              : "dpt",
+    "destinationProcessName"       : "dproc",
+    "destinationUserId"            : "duid",
+    "destinationUserPrivileges"    : "dpriv",
+    "destinationUserName"          : "duser",
+    "eventType"                    : "type",
+    "fileName"                     : "fname",
+    "fileSize"                     : "fsize",
+    "message"                      : "msg",
+    "receiptTime"                  : "rt",
+    "requestURL"                   : "request",
+    "sourceAddress"                : "src",
+    "sourceHostName"               : "shost",
+    "sourceMacAddress"             : "smac",
+    "sourceNtDomain"               : "sntdom",
+    "sourcePort"                   : "spt",
+    "sourceUserPrivileges"         : "spriv",
+    "sourceUserId"                 : "suid",
+    "sourceUserName"               : "suser",
+    "transportProtocol"            : "proto"
+  },
+  "extension" : [
+    "agentAddress",
+    "agentHostName",
+    "agentId",
+    "agentName",
+    "agentReceiptTime",
+    "agentTimeZone",
+    "agentType",
+    "agentVersion",
+    "agentZoneURI",
+    "applicationProtocol",
+    "baseEventCount",
+    "baseEventIds",
+    "bytesIn",
+    "bytesOut",
+    "categoryBehavior",
+    "categoryCustomFormatField",
+    "categoryDeviceType",
+    "categoryDeviceGroup",
+    "categoryObject",
+    "categoryOutcome",
+    "categorySignificance",
+    "categoryTechnique",
+    "destinationAddress",
+    "destinationDnsDomain",
+    "destinationHostName",
+    "destinationMacAddress",
+    "destinationNtDomain",
+    "destinationPort",
+    "destinationProcessId",
+    "destinationProcessName",
+    "destinationServiceName",
+    "destinationTranslatedAddress",
+    "destinationTranslatedPort",
+    "destinationUserId",
+    "destinationUserName",
+    "destinationUserPrivileges",
+    "destinationZoneURI",
+    "deviceAction",
+    "deviceAddress",
+    "deviceCustomDate1",
+    "deviceCustomDate1Label",
+    "deviceCustomDate2",
+    "deviceCustomDate2Label",
+    "deviceCustomFloatingPoint1",
+    "deviceCustomFloatingPoint1Label",
+    "deviceCustomFloatingPoint2",
+    "deviceCustomFloatingPoint2Labe2",
+    "deviceCustomFloatingPoint3",
+    "deviceCustomFloatingPoint3Labe3",
+    "deviceCustomFloatingPoint4",
+    "deviceCustomFloatingPoint4Labe4",
+    "deviceCustomIPv6Address1",
+    "deviceCustomIPv6Address1Label",
+    "deviceCustomIPv6Address2",
+    "deviceCustomIPv6Address2Label",
+    "deviceCustomIPv6Address3",
+    "deviceCustomIPv6Address3Label",
+    "deviceCustomIPv6Address4",
+    "deviceCustomIPv6Address4Label",
+    "deviceCustomNumber1",
+    "deviceCustomNumber1Label",
+    "deviceCustomNumber2",
+    "deviceCustomNumber2Label",
+    "deviceCustomNumber3",
+    "deviceCustomNumber3Label",
+    "deviceCustomString1",
+    "deviceCustomString1Label",
+    "deviceCustomString2",
+    "deviceCustomString2Label",
+    "deviceCustomString3",
+    "deviceCustomString3Label",
+    "deviceCustomString4",
+    "deviceCustomString4Label",
+    "deviceCustomString5",
+    "deviceCustomString5Label",
+    "deviceCustomString6",
+    "deviceCustomString6Label",
+    "deviceDirection",
+    "deviceDnsDomain",
+    "deviceEventCategory",
+    "deviceExternalId",
+    "deviceFacility",
+    "deviceHostName",
+    "deviceInboundInterface",
+    "deviceMacAddress",
+    "deviceNtDomain",
+    "deviceOutboundInterface",
+    "devicePayloadId",
+    "deviceProcessName",
+    "deviceTimeZone",
+    "deviceTranslatedAddress",
+    "deviceTranslatedZoneURI",
+    "deviceZoneURI",
+    "endTime",
+    "eventId",
+    "eventType",
+    "externalId",
+    "fileCreateTime",
+    "fileHash",
+    "fileId",
+    "fileModificationTime",
+    "fileName",
+    "filePath",
+    "filePermission",
+    "fileSize",
+    "fileType",
+    "generatorID",
+    "managerReceiptTime",
+    "message",
+    "oldFilename",
+    "oldFileCreateTime",
+    "oldFileHash",
+    "oldFileId",
+    "oldFileModificationTime",
+    "oldFilePath",
+    "oldFilePermission",
+    "oldFileSize",
+    "oldFileType",
+    "eventOutcome",
+    "reason",
+    "receiptTime",
+    "request",
+    "requestClientApplication",
+    "requestCookies",
+    "requestMethod",
+    "requestURL",
+    "sourceAddress",
+    "sourceDnsDomain",
+    "sourceHostName",
+    "sourceMacAddress",
+    "sourceNtDomain",
+    "sourcePort",
+    "sourceProcessId",
+    "sourceProcessName",
+    "sourceServiceName",
+    "sourceTranslatedAddress",
+    "sourceTranslatedPort",
+    "sourceUserId",
+    "sourceUserName",
+    "sourceUserPrivileges",
+    "sourceZoneURI",
+    "startTime",
+    "transportProtocol",
+    "type"
+  ]
+}