RubyGems - fluent-plugin-filter-parse-audit-log - Versions diffs - 0.1.0 → 0.1.1 - Mend

fluent-plugin-filter-parse-audit-log 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/README.md +38 -3
data/fluent-plugin-filter-parse-audit-log.gemspec +1 -1
data/lib/fluent/plugin/filter_parse_audit_log.rb +3 -2
data/lib/fluent_plugin_filter_parse_audit_log/version.rb +1 -1
metadata +4 -6
data/gemfiles/fluentd_0.12.gemfile.lock +0 -73
data/gemfiles/fluentd_0.14.gemfile.lock +0 -76

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1dab94129a17f2aeb9eda08c28c95de6c73e0e1fd1953069d9795dba32acbdf2
-  data.tar.gz: e4299fb0a3102f98c6efdd39eee9c0a7f37aa0e37d49f811a5097a3920c7aa5d
+  metadata.gz: 800c1ba3742e0a1fd76864255646610a48f32a4594ddf547731c0450e34f0a21
+  data.tar.gz: 4bc4de38894afb85a510df790072c5f396e15a2be69f8733c10d5d61ea44e013
 SHA512:
-  metadata.gz: 5d794eb895d4335d50aa32ce84d2f35b562f1f8d65890c44984f266bbc9b46bcb917e21a11a8a38df3680aa518201ef4ddc52f2e1638ed4e4181d33f94945576
-  data.tar.gz: e72d244dfc839cb54ee3d0e7ec12c4ba19b1f662af26d48558bc55a8b408fc7bd780e71fbabdda30d05dcf5881b7ce8115ae340818ff43e651b94dd99a8aa9a9
+  metadata.gz: f7c633fc97e6abb3c58be509aac6c7bf23aa94518650ba5716d01464827ca9932c32883ac8486a2e8c2510fd1c4df13093173806e8cd5a22b96b0a4d9393af52
+  data.tar.gz: 9b2a158848040d424b36fec749eed6e10d718293f9ab651b56c37acb167195e60ef48fe950df754da93922465fafd1641fa9fa89777ac72ee4a50c2469a44300

data/.gitignore CHANGED

@@ -8,6 +8,7 @@
 /tmp/
 Gemfile.lock
 /test/
+/gemfiles/*.lock
 # rspec failure tracking
 .rspec_status

data/README.md CHANGED

@@ -26,9 +26,10 @@ Or install it yourself as:
 ```
 @type parse_audit_log
 #key message
+#flatten false
 ```
-## Example
+## Output
 ```
 <source>
@@ -45,11 +46,45 @@ Or install it yourself as:
 ```
 ```sh
-echo '{"message":"type=SYSCALL msg=audit(1364481363.243:24287): arch=c000003e syscall=2 success=no exit=-13 a0=7fffd19c5592 a1=0 a2=7fffd19c4b50 a3=a items=1 ppid=2686 pid=3538 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts0 ses=1 comm=\"cat\" exe=\"/bin/cat\" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=\"sshd_config\""}' | fluent-cat -t audit.log
+echo '{"message":"type=SYSCALL msg=audit(1364481363.243:24287): arch=c000003e syscall=2 success=no exit=-13 a0=7fffd19c5592 a1=0 a2=7fffd19c4b50 a3=a items=1 ppid=2686 pid=3538 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts0 ses=1 comm=\"cat\" exe=\"/bin/cat\" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=\"sshd_config\""}' \
+| fluent-cat -t audit.log
 ```
 ```json
-2018-11-04 11:48:05.000000000 +0900 audit.log: {"header":{"type":"SYSCALL","msg":"audit(1364481363.243:24287)"},"body":{"arch":"c000003e","syscall":"2","success":"no","exit":"-13","a0":"7fffd19c5592","a1":"0","a2":"7fffd19c4b50","a3":"a","items":"1","ppid":"2686","pid":"3538","auid":"500","uid":"500","gid":"500","euid":"500","suid":"500","fsuid":"500","egid":"500","sgid":"500","fsgid":"500","tty":"pts0","ses":"1","comm":"\"cat\"","exe":"\"/bin/cat\"","subj":"unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023","key":"\"sshd_config\""}}
+{
+  "header": {
+    "type": "SYSCALL",
+    "msg": "audit(1364481363.243:24287)"
+  },
+  "body": {
+    "arch": "c000003e",
+    "syscall": "2",
+    "success": "no",
+    "exit": "-13",
+    "a0": "7fffd19c5592",
+    "a1": "0",
+    "a2": "7fffd19c4b50",
+    "a3": "a",
+    "items": "1",
+    "ppid": "2686",
+    "pid": "3538",
+    "auid": "500",
+    "uid": "500",
+    "gid": "500",
+    "euid": "500",
+    "suid": "500",
+    "fsuid": "500",
+    "egid": "500",
+    "sgid": "500",
+    "fsgid": "500",
+    "tty": "pts0",
+    "ses": "1",
+    "comm": "\"cat\"",
+    "exe": "\"/bin/cat\"",
+    "subj": "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023",
+    "key": "\"sshd_config\""
+  }
+}
 ```
 ## Related Links

data/fluent-plugin-filter-parse-audit-log.gemspec CHANGED

@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
   spec.add_dependency 'fluentd'
-  spec.add_dependency 'audit_log_parser'
+  spec.add_dependency 'audit_log_parser', '>= 0.1.2'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec', '~> 3.0'

data/lib/fluent/plugin/filter_parse_audit_log.rb CHANGED

@@ -4,12 +4,13 @@ require 'audit_log_parser'
 class FluentParseAuditLogFilter < Fluent::Filter
   Fluent::Plugin.register_filter('parse_audit_log', self)
-  config_param :key, :string, :default => 'message'
+  config_param :key, :string, default: 'message'
+  config_param :flatten, :bool, default: false
   def filter(tag, time, record)
     line = record[@key]
     return record unless line
-    AuditLogParser.parse_line(line)
+    AuditLogParser.parse_line(line, flatten: @flatten)
   rescue => e
     log.warn "failed to parse a audit log: #{line}", error_class: e.class, error: e.message
     log.warn_backtrace

data/lib/fluent_plugin_filter_parse_audit_log/version.rb CHANGED

@@ -1,3 +1,3 @@
 module FluentPluginFilterParseAuditLog
-  VERSION = '0.1.0'
+  VERSION = '0.1.1'
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-filter-parse-audit-log
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - winebarrel
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-11-04 00:00:00.000000000 Z
+date: 2018-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.1.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.1.2
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -142,9 +142,7 @@ files:
 - fluent-plugin-filter-parse-audit-log.gemspec
 - gemfiles/.bundle/config
 - gemfiles/fluentd_0.12.gemfile
-- gemfiles/fluentd_0.12.gemfile.lock
 - gemfiles/fluentd_0.14.gemfile
-- gemfiles/fluentd_0.14.gemfile.lock
 - lib/fluent/plugin/filter_parse_audit_log.rb
 - lib/fluent_plugin_filter_parse_audit_log/version.rb
 homepage: https://github.com/winebarrel/fluent-plugin-filter-parse-audit-log

data/gemfiles/fluentd_0.12.gemfile.lock DELETED

@@ -1,73 +0,0 @@
-PATH
-  remote: ..
-  specs:
-    fluent-plugin-filter-parse-audit-log (0.1.0)
-      audit_log_parser
-      fluentd
-GEM
-  remote: https://rubygems.org/
-  specs:
-    appraisal (2.2.0)
-      bundler
-      rake
-      thor (>= 0.14.0)
-    audit_log_parser (0.1.1)
-    cool.io (1.5.3)
-    diff-lcs (1.3)
-    fluentd (0.12.43)
-      cool.io (>= 1.2.2, < 2.0.0)
-      http_parser.rb (>= 0.5.1, < 0.7.0)
-      json (>= 1.4.3)
-      msgpack (>= 0.5.11, < 2)
-      sigdump (~> 0.2.2)
-      string-scrub (>= 0.0.3, <= 0.0.5)
-      tzinfo (>= 1.0.0)
-      tzinfo-data (>= 1.0.0)
-      yajl-ruby (~> 1.0)
-    http_parser.rb (0.6.0)
-    json (2.1.0)
-    msgpack (1.2.4)
-    power_assert (1.1.3)
-    rake (12.3.1)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-    sigdump (0.2.4)
-    string-scrub (0.0.5)
-    test-unit (3.2.8)
-      power_assert
-    thor (0.20.0)
-    thread_safe (0.3.6)
-    timecop (0.9.1)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    tzinfo-data (1.2018.7)
-      tzinfo (>= 1.0.0)
-    yajl-ruby (1.4.1)
-PLATFORMS
-  ruby
-DEPENDENCIES
-  appraisal (>= 2.2)
-  bundler
-  fluent-plugin-filter-parse-audit-log!
-  fluentd (>= 0.12, < 0.14)
-  rake
-  rspec (~> 3.0)
-  test-unit (>= 3.1.0)
-  timecop
-BUNDLED WITH
-   1.16.6

data/gemfiles/fluentd_0.14.gemfile.lock DELETED

@@ -1,76 +0,0 @@
-PATH
-  remote: ..
-  specs:
-    fluent-plugin-filter-parse-audit-log (0.1.0)
-      audit_log_parser
-      fluentd
-GEM
-  remote: https://rubygems.org/
-  specs:
-    appraisal (2.2.0)
-      bundler
-      rake
-      thor (>= 0.14.0)
-    audit_log_parser (0.1.1)
-    cool.io (1.5.3)
-    diff-lcs (1.3)
-    dig_rb (1.0.1)
-    fluentd (1.2.6)
-      cool.io (>= 1.4.5, < 2.0.0)
-      dig_rb (~> 1.0.0)
-      http_parser.rb (>= 0.5.1, < 0.7.0)
-      msgpack (>= 0.7.0, < 2.0.0)
-      serverengine (>= 2.0.4, < 3.0.0)
-      sigdump (~> 0.2.2)
-      strptime (>= 0.2.2, < 1.0.0)
-      tzinfo (~> 1.0)
-      tzinfo-data (~> 1.0)
-      yajl-ruby (~> 1.0)
-    http_parser.rb (0.6.0)
-    msgpack (1.2.4)
-    power_assert (1.1.3)
-    rake (12.3.1)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-    serverengine (2.0.7)
-      sigdump (~> 0.2.2)
-    sigdump (0.2.4)
-    strptime (0.2.3)
-    test-unit (3.2.8)
-      power_assert
-    thor (0.20.0)
-    thread_safe (0.3.6)
-    timecop (0.9.1)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    tzinfo-data (1.2018.7)
-      tzinfo (>= 1.0.0)
-    yajl-ruby (1.4.1)
-PLATFORMS
-  ruby
-DEPENDENCIES
-  appraisal (>= 2.2)
-  bundler
-  fluent-plugin-filter-parse-audit-log!
-  fluentd (>= 0.14)
-  rake
-  rspec (~> 3.0)
-  test-unit (>= 3.1.0)
-  timecop
-BUNDLED WITH
-   1.16.6