cef 0.6.0 → 0.6.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +46 -1
- data/Rakefile +2 -5
- data/VERSION +1 -1
- data/spec/cef_spec.rb +4 -11
- data/spec/spec_helper.rb +11 -0
- metadata +5 -6
- data/cef.gemspec +0 -69
data/README.rdoc
CHANGED
@@ -1,6 +1,51 @@
|
|
1
1
|
= cef
|
2
2
|
|
3
|
-
|
3
|
+
This is an implementation of the Common Event Formatting standard.
|
4
|
+
|
5
|
+
http://www.arcsight.com/solutions/solutions-cef/
|
6
|
+
|
7
|
+
|
8
|
+
Included is a library implementing a formatter/emitter and a client program
|
9
|
+
that can be called from a shell script or some other external source. The
|
10
|
+
library currently hardcodes the syslog format|priority if you choose to send
|
11
|
+
vi UDP to a receiver.
|
12
|
+
|
13
|
+
Most of the standard dictionary is implemented.
|
14
|
+
http://www.arcsight.com/collateral/CEFstandards.pdf
|
15
|
+
|
16
|
+
== Example API Usage
|
17
|
+
|
18
|
+
|
19
|
+
# instantiate a sender object
|
20
|
+
sender=CEF::Sender.new(
|
21
|
+
:receiver=>"loghost.mycompany.com",
|
22
|
+
:eventDefaults=>{
|
23
|
+
:deviceProduct => "MySnazzyLogger",
|
24
|
+
:deviceVendor => "My Company"
|
25
|
+
}
|
26
|
+
)
|
27
|
+
# instantiate an event
|
28
|
+
event=CEF::Event.new(
|
29
|
+
:sourceAddress => "192.168.1.1",
|
30
|
+
:destinationAddress => "192.168.1.2",
|
31
|
+
:name => "i think something happened"
|
32
|
+
)
|
33
|
+
|
34
|
+
# fire away!
|
35
|
+
sender.emit(e)
|
36
|
+
|
37
|
+
== Example client usage
|
38
|
+
|
39
|
+
cef_sender --receiver="myloghost.company.com"\
|
40
|
+
--deviceProduct="MySnazzyLogger" \
|
41
|
+
--deviceVendor="My Company" \
|
42
|
+
--sourceAddress="192.168.1.1" \
|
43
|
+
--destinationAddress="192.168.1.2" \
|
44
|
+
--name="i think something happened"
|
45
|
+
|
46
|
+
To see the supported event attributes:
|
47
|
+
|
48
|
+
cef_sender --schema
|
4
49
|
|
5
50
|
== Contributing to cef
|
6
51
|
|
data/Rakefile
CHANGED
@@ -15,13 +15,10 @@ Jeweler::Tasks.new do |gem|
|
|
15
15
|
gem.name = "cef"
|
16
16
|
gem.homepage = "http://github.com/ryanbreed/cef"
|
17
17
|
gem.license = "MIT"
|
18
|
-
gem.summary = %Q{CEF Generation }
|
19
|
-
gem.description = %Q{
|
18
|
+
gem.summary = %Q{ CEF Generation Library and Client }
|
19
|
+
gem.description = %Q{ format/send CEF logs via API+syslog or client program }
|
20
20
|
gem.email = "opensource@breed.org"
|
21
21
|
gem.authors = ["Ryan Breed"]
|
22
|
-
# Include your dependencies below. Runtime dependencies are required when using your gem,
|
23
|
-
# and development dependencies are only needed for development (ie running rake tasks, tests, etc)
|
24
|
-
#gem.add_runtime_dependency 'escape', '~> 0.0.4'
|
25
22
|
gem.add_development_dependency 'rspec', '~> 2.3.0'
|
26
23
|
gem.files.include('VERSION')
|
27
24
|
end
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.6.
|
1
|
+
0.6.1
|
data/spec/cef_spec.rb
CHANGED
@@ -2,18 +2,11 @@ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
2
|
|
3
3
|
describe "CEF Event Format" do
|
4
4
|
it "should output a preamble" do
|
5
|
-
test_prefix_vals
|
6
|
-
:deviceVendor => "breed",
|
7
|
-
:deviceProduct => "CEF Sender",
|
8
|
-
:deviceVersion => "0.1",
|
9
|
-
:deviceEventClassId => "0:debug",
|
10
|
-
:name => "test",
|
11
|
-
:deviceSeverity => "1"
|
12
|
-
}
|
5
|
+
prefix_vals=test_prefix_vals
|
13
6
|
e=CEF::Event.new
|
14
|
-
|
7
|
+
prefix_vals.each {|k,v| e.send("%s="%k,v) }
|
15
8
|
s=CEF::Sender.new
|
16
|
-
formatted=CEF::PREFIX_FORMAT % [ 131, *
|
17
|
-
s.format_event(e)
|
9
|
+
formatted=CEF::PREFIX_FORMAT % [ 131, *prefix_vals.values ]
|
10
|
+
s.format_event(e)==formatted
|
18
11
|
end
|
19
12
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -10,3 +10,14 @@ Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
|
|
10
10
|
RSpec.configure do |config|
|
11
11
|
|
12
12
|
end
|
13
|
+
|
14
|
+
def test_prefix_vals
|
15
|
+
test_prefix_vals={
|
16
|
+
:deviceVendor => "breed",
|
17
|
+
:deviceProduct => "CEF Sender",
|
18
|
+
:deviceVersion => "0.1",
|
19
|
+
:deviceEventClassId => "0:debug",
|
20
|
+
:name => "test",
|
21
|
+
:deviceSeverity => "1"
|
22
|
+
}
|
23
|
+
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cef
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 5
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 6
|
9
|
-
-
|
10
|
-
version: 0.6.
|
9
|
+
- 1
|
10
|
+
version: 0.6.1
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Ryan Breed
|
@@ -96,7 +96,7 @@ dependencies:
|
|
96
96
|
prerelease: false
|
97
97
|
type: :development
|
98
98
|
requirement: *id005
|
99
|
-
description: "
|
99
|
+
description: " format/send CEF logs via API+syslog or client program "
|
100
100
|
email: opensource@breed.org
|
101
101
|
executables:
|
102
102
|
- cef_sender
|
@@ -114,7 +114,6 @@ files:
|
|
114
114
|
- Rakefile
|
115
115
|
- VERSION
|
116
116
|
- bin/cef_sender
|
117
|
-
- cef.gemspec
|
118
117
|
- lib/cef.rb
|
119
118
|
- spec/cef_spec.rb
|
120
119
|
- spec/spec_helper.rb
|
@@ -151,7 +150,7 @@ rubyforge_project:
|
|
151
150
|
rubygems_version: 1.5.2
|
152
151
|
signing_key:
|
153
152
|
specification_version: 3
|
154
|
-
summary: CEF Generation
|
153
|
+
summary: CEF Generation Library and Client
|
155
154
|
test_files:
|
156
155
|
- spec/cef_spec.rb
|
157
156
|
- spec/spec_helper.rb
|
data/cef.gemspec
DELETED
@@ -1,69 +0,0 @@
|
|
1
|
-
# Generated by jeweler
|
2
|
-
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
-
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
|
-
# -*- encoding: utf-8 -*-
|
5
|
-
|
6
|
-
Gem::Specification.new do |s|
|
7
|
-
s.name = %q{cef}
|
8
|
-
s.version = "0.6.0"
|
9
|
-
|
10
|
-
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
-
s.authors = ["Ryan Breed"]
|
12
|
-
s.date = %q{2011-02-20}
|
13
|
-
s.default_executable = %q{cef_sender}
|
14
|
-
s.description = %q{Library and client }
|
15
|
-
s.email = %q{opensource@breed.org}
|
16
|
-
s.executables = ["cef_sender"]
|
17
|
-
s.extra_rdoc_files = [
|
18
|
-
"LICENSE.txt",
|
19
|
-
"README.rdoc"
|
20
|
-
]
|
21
|
-
s.files = [
|
22
|
-
".document",
|
23
|
-
".rspec",
|
24
|
-
"Gemfile",
|
25
|
-
"LICENSE.txt",
|
26
|
-
"README.rdoc",
|
27
|
-
"Rakefile",
|
28
|
-
"VERSION",
|
29
|
-
"bin/cef_sender",
|
30
|
-
"cef.gemspec",
|
31
|
-
"lib/cef.rb",
|
32
|
-
"spec/cef_spec.rb",
|
33
|
-
"spec/spec_helper.rb"
|
34
|
-
]
|
35
|
-
s.homepage = %q{http://github.com/ryanbreed/cef}
|
36
|
-
s.licenses = ["MIT"]
|
37
|
-
s.require_paths = ["lib"]
|
38
|
-
s.rubygems_version = %q{1.5.2}
|
39
|
-
s.summary = %q{CEF Generation}
|
40
|
-
s.test_files = [
|
41
|
-
"spec/cef_spec.rb",
|
42
|
-
"spec/spec_helper.rb"
|
43
|
-
]
|
44
|
-
|
45
|
-
if s.respond_to? :specification_version then
|
46
|
-
s.specification_version = 3
|
47
|
-
|
48
|
-
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
49
|
-
s.add_development_dependency(%q<rspec>, ["~> 2.3.0"])
|
50
|
-
s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
|
51
|
-
s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
|
52
|
-
s.add_development_dependency(%q<rcov>, [">= 0"])
|
53
|
-
s.add_development_dependency(%q<rspec>, ["~> 2.3.0"])
|
54
|
-
else
|
55
|
-
s.add_dependency(%q<rspec>, ["~> 2.3.0"])
|
56
|
-
s.add_dependency(%q<bundler>, ["~> 1.0.0"])
|
57
|
-
s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
|
58
|
-
s.add_dependency(%q<rcov>, [">= 0"])
|
59
|
-
s.add_dependency(%q<rspec>, ["~> 2.3.0"])
|
60
|
-
end
|
61
|
-
else
|
62
|
-
s.add_dependency(%q<rspec>, ["~> 2.3.0"])
|
63
|
-
s.add_dependency(%q<bundler>, ["~> 1.0.0"])
|
64
|
-
s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
|
65
|
-
s.add_dependency(%q<rcov>, [">= 0"])
|
66
|
-
s.add_dependency(%q<rspec>, ["~> 2.3.0"])
|
67
|
-
end
|
68
|
-
end
|
69
|
-
|