cef 1.0.0 → 2.1.1.pre

data/lib/cef.rb

@@ -1,10 +1,46 @@
+require 'json'
 require 'date'
 require 'socket'
+require 'hashie'
+require 'ipaddr'
+
 require 'cef/version'
-require 'cef/constants'
+require 'cef/time_extensions'
 require 'cef/event'
-require 'cef/sender'
+require 'cef/loggers/cef_file'
+require 'cef/loggers/cef_syslog_udp'
 
 
 module CEF
-end
+  def self.configure(path=File.join(ENV['HOME'],'.cef.json'))
+    configuration=Hashie.symbolize_keys(JSON.parse(File.read(path)))
+    self.logger(configuration)
+  end
+
+  def self.logger(config: {}, type: CEF::Loggers::SyslogUdp)
+    configuration = case config
+      when String
+        JSON.parse(File.read(config))
+      when Hash
+        config
+      when File,IO
+        JSON.parse(config.read)
+      else
+        fail ArgumentError, "#{config} is not a valid CEF configuration"
+    end
+        
+    logger_type = case type
+      when Class
+        type
+      when String
+        Module.const_get(type)
+      else
+        fail ArgumentError, "#{type} is not a valid class"
+    end
+
+    logger_type.new(configuration)
+  end
+  def self.event(*args)
+    CEF::Event.new(*args)
+  end
+end

data/lib/cef/event.rb

@@ -1,152 +1,100 @@
 module CEF
-  class Event
-    attr_accessor :syslog_pri, :event_time, :my_hostname
-    # set up accessors for all of the CEF event attributes. ruby meta magic.
-    CEF::ATTRIBUTES.each do |k,v|
-      self.instance_eval do
-        attr_accessor k
+  class Event < Hashie::Dash
+    include Hashie::Extensions::Coercion
+    LOG_FORMAT      = '<%d>%s %s CEF:0|%s|%s'
+    LOG_TIME_FORMAT = '%b %d %Y %H:%M:%S'
+
+    PREFIX_KEYS = [ :deviceVendor, :deviceProduct, :deviceVersion, :deviceEventClassId, :name, :deviceSeverity]
+    EXTENSION_ESCAPES = {
+      %r{=}  => '\=',
+      %r{\n} => '\n',
+      %r{\r} => '\r',
+      %r{\\} => '\\'
+    }
+
+    PREFIX_ESCAPES = {
+      %r{(\||\\)} => '\\\\\&'
+    }
+
+    SCHEMA_CONFIG_FILE = File.join(File.expand_path(File.dirname(__FILE__)),'..','..','conf','cef-schema.json')
+      @@schema = config = JSON.parse(File.read(SCHEMA_CONFIG_FILE))
+                              .extend(Hashie::Extensions::DeepMerge)
+
+      config['prefix'].each    do |json_key, default_val|
+        self.class_eval do
+          key = json_key.to_sym
+          property key, { default: default_val, required: true }
+        end
+      end
+
+      config['extension'].each do |key|
+        self.class_eval { property key.to_sym }
       end
+
+      config['types'].each do |key,klass_name|
+        self.class_eval { coerce_key key.to_sym, Module.const_get(klass_name) }
+      end
+
+    def self.schema
+      @@schema
     end
 
-    def attrs
-      CEF::ATTRIBUTES
+    def to_cef
+      if extension_data == {}
+        format('%s|',format_prefix)
+      else
+        format('%s|%s',format_prefix,format_extension)
+      end
     end
-  
-    # so we can CEF::Event.new(:foo=>"bar")
-    def initialize( *params )
-      @event_time         = Time.new
-      @deviceVendor       = "breed.org"
-      @deviceProduct      = "CEF"
-      @deviceVersion      = CEF::VERSION
-      @deviceEventClassId = "0:event"
-      @deviceSeverity     = CEF::SEVERITY_LOW
-      @name               = "unnamed event"
-      # used to avoid requiring syslog.h on windoze
-      #syslog_pri= Syslog::LOG_LOCAL0 | Syslog::LOG_NOTICE
-      @syslog_pri         = 131
-      @my_hostname        = Socket::gethostname
-      @other_attrs={}
-      @additional={}
-      Hash[*params].each { |k,v| self.send("%s="%k,v) }
-      yield self if block_given?
-      self
+
+    def format_prefix
+      prefix_values.map { |value| escape_prefix_value(value) }.join('|')
     end
-  
-    # returns a cef formatted string
-    def to_s
-      log_time=event_time.strftime(CEF::LOG_TIME_FORMAT)
-      
-      sprintf(
-        CEF::LOG_FORMAT,
-        syslog_pri.to_s,
-        log_time,
-        my_hostname,
-        format_prefix,
-        format_extension
-      )
+
+    def prefix_values
+      [ 'CEF:0', *PREFIX_KEYS.map {|k| self.send(k) } ]
     end
 
-    # used for non-schema fields
-    def set_additional(k,v)
-      @additional[k]=v
+    def format_extension
+      extension_keys.zip(extension_values)
+                    .map {|k,v| format('%s=%s',k,v)}
+                    .join(' ')
     end
-    def get_additional(k,v)
-      @additional[k]
+
+    def extension_keys
+      extension_data.keys.map {|k| self.class.schema["key_names"].fetch(k.to_s,k.to_s)}
     end
 
-    #private
-      # make a guess as to how the time was set. parse strings and convert
-      # them to epoch milliseconds, or leave it alone if it looks like a number
-      # bigger than epoch milliseconds when i wrote this.
-      # def time_convert(val)
-      #
-      #   converted=case val
-      #     when String
-      #       if val.match(%r{\A[0-9]+\Z})
-      #         converted=val.to_i
-      #       else
-      #         res=Chronic.parse(val)
-      #         converted=Time.at(res).to_i * 1000
-      #       end
-      #     when Integer,Bignum
-      #       if val < 1232589621000 #Wed Jan 21 20:00:21 -0600 2009
-      #         val * 1000
-      #       else
-      #         val
-      #       end
-      #     end
-      #
-      # end
-
-      # escape only pipes and backslashes in the prefix. you bet your sweet
-      # ass there's a lot of backslashes in the substitution. you can thank
-      # the three levels of lexical analysis/substitution in the ruby interpreter
-      # for that.
-
-      def escape_prefix_value(val)
-        escapes={
-          %r{(\||\\)} => '\\\\\&'
-        }
-        escapes.reduce(val) do|memo,replace|
-          memo=memo.gsub(*replace)
-        end
-      end
+    def extension_values
+      extension_data.values.map {|v| escape_extension_value(v)}
+    end
 
-      # only equals signs need to be escaped in the extension. i think.
-      # TODO: something in the spec about \n and some others.
-      def escape_extension_value(val)
-        escapes = {
-          %r{=}  => '\=',
-          %r{\n} => ' ',
-          %r{\\} => '\\'
-        }
-        escapes.reduce(val) do |memo,replace|
-          memo=memo.gsub(*replace)
-        end
-      end
+    def extension_data
+      self.to_h.reject {|k,v| PREFIX_KEYS.include?(k)}
+    end
 
-      # returns a pipe-delimeted list of prefix attributes
-      def format_prefix
-        values = CEF::PREFIX_ATTRIBUTES.keys.map { |k| self.send(k) }
-        escaped = values.map do |value|
-          escape_prefix_value(value)
-        end
-        escaped.join('|')
+    def escape_prefix_value(val)
+      case val
+        when String
+          PREFIX_ESCAPES.reduce(val) do|memo,replace|
+            memo=memo.gsub(*replace)
+          end
+        else
+          val.to_s
       end
+    end
 
-      # returns a space-delimeted list of attribute=value pairs for all optionals
-      def format_extension
-        extensions = CEF::EXTENSION_ATTRIBUTES.keys.map do |meth|
-          value = self.send(meth)
-          next if value.nil?
-          shortname = CEF::EXTENSION_ATTRIBUTES[meth]
-          [shortname, escape_extension_value(value)].join("=")
-        end
-
-        # make sure time comes out as milliseconds since epoch
-        times = CEF::TIME_ATTRIBUTES.keys.map do |meth|
-          value = self.send(meth)
-          next if value.nil?
-          shortname = CEF::TIME_ATTRIBUTES[meth]
-          [shortname, escape_extension_value(value)].join("=")
-        end
-        (extensions + times).compact.join(" ")
+    def escape_extension_value(val)
+      case val
+        when String
+          EXTENSION_ESCAPES.reduce(val) do |memo,replace|
+            memo=memo.gsub(*replace)
+          end
+        when Time
+          val.to_i * 1000
+        else
+          val.to_s
       end
+    end
   end
 end
-
-        # vendor=  self.deviceVendor       || "Breed"
-        # product= self.deviceProduct      || "CEF Sender"
-        # version= self.deviceVersion      || CEF::VERSION
-        # declid=  self.deviceEventClassId || "generic:0"
-        # name=    self.name               || "Generic Event"
-        # sev=     self.deviceSeverity     || "1"
-        # %w{ deviceVendor deviceProduct deviceVersion deviceEvent}
-        # cef_prefix="%s|%s|%s|%s|%s|%s" % [
-        #   prefix_escape(vendor),
-        #   prefix_escape(product),
-        #   prefix_escape(version),
-        #   prefix_escape(declid),
-        #   prefix_escape(name),
-        #   prefix_escape(sev),
-        # ]

data/lib/cef/loggers/cef_file.rb

@@ -0,0 +1,19 @@
+module CEF
+  module Loggers
+    class CefFile
+      attr_accessor :path, :defaults, :append
+      attr_reader   :fh
+      def initialize(*args)
+        Hash[*args].each {|k,v| self.send(format('%s=',k),v)}
+        @defaults ||= {}
+        @path     ||= 'cef.log'
+        @append   = false if @append.nil?
+        @fh = File.open(path, append ? 'w+' : 'w')
+        self
+      end
+      def emit(*events)
+        events.each {|e| fh.puts(e.to_cef)}
+      end
+    end
+  end
+end

data/lib/cef/loggers/cef_syslog_udp.rb

@@ -0,0 +1,40 @@
+module CEF
+  module Loggers
+    class SyslogUdp
+      SYSLOG_TIME_FORMAT = '%b %d %Y %H:%M:%S'
+      SYSLOG_HEADER = '<%d>%s %s'
+
+
+      attr_accessor :receiver, :port, :defaults
+      attr_reader   :sock
+
+      def initialize(*args)
+        Hash[*args].each {|k,v| self.send(format('%s=',k),v)}
+        @receiver ||= '127.0.0.1'
+        @port     ||= 514
+        @defaults ||= {}
+        @sock = UDPSocket.new
+        @sock.connect(@receiver, @port)
+        self
+      end
+
+      def header(facility=0,priority=0)
+        format(SYSLOG_HEADER,
+               131,                                    # facility|priority
+               Time.new.strftime(SYSLOG_TIME_FORMAT),  # now
+               Socket::gethostname)                    # hostname
+      end
+
+      def formatted_message(event)
+        format('%s %s', header, event.to_cef )
+      end
+
+      def emit(*events)
+        events.each do |event|
+          defaults.each {|k,v| event.send(format("%s=",k),v) }
+          sock.send(formatted_message(event),0)
+        end
+      end
+    end
+  end
+end

data/lib/cef/time_extensions.rb

@@ -0,0 +1,15 @@
+module CEF
+  module TimeExtensions
+    def coerce(val)
+      case val
+        when Integer
+          Time.at(val)
+        when String
+          Time.parse(val)
+        else
+          val
+      end
+    end
+  end
+end
+Time.extend(CEF::TimeExtensions)

data/lib/cef/version.rb

@@ -1,3 +1,3 @@
 module CEF
-  VERSION = "1.0.0"
+  VERSION = '2.1.1.pre'
 end

metadata

@@ -1,87 +1,143 @@
 --- !ruby/object:Gem::Specification
 name: cef
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.1.1.pre
 platform: ruby
 authors:
 - Ryan Breed
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-03-30 00:00:00.000000000 Z
+date: 2015-10-20 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: hashie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: ' format/send CEF logs via API+syslog or client program '
-email: ' opensource@breed.org '
+description: " format/send CEF logs via API+syslog or client program "
+email: " opensource@breed.org "
 executables:
 - cef_sender
 extensions: []
@@ -89,25 +145,24 @@ extra_rdoc_files:
 - LICENSE.txt
 - README.rdoc
 files:
-- .document
-- .gitignore
-- .rspec
+- ".document"
+- ".gitignore"
+- ".rspec"
 - Gemfile
+- Guardfile
 - LICENSE.txt
 - README.rdoc
 - Rakefile
 - VERSION
 - bin/cef_sender
 - cef.gemspec
+- conf/cef-schema.json
 - lib/cef.rb
-- lib/cef/constants.rb
 - lib/cef/event.rb
-- lib/cef/sender.rb
+- lib/cef/loggers/cef_file.rb
+- lib/cef/loggers/cef_syslog_udp.rb
+- lib/cef/time_extensions.rb
 - lib/cef/version.rb
-- spec/lib/cef/event_spec.rb
-- spec/lib/cef/sender_spec.rb
-- spec/lib/cef_spec.rb
-- spec/spec_helper.rb
 homepage: http://github.com/ryanbreed/cef
 licenses:
 - MIT
@@ -118,23 +173,18 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.4.5.1
 signing_key: 
 specification_version: 4
 summary: CEF Generation Library and Client
-test_files:
-- spec/lib/cef/event_spec.rb
-- spec/lib/cef/sender_spec.rb
-- spec/lib/cef_spec.rb
-- spec/spec_helper.rb
-has_rdoc: 
+test_files: []