fluent-plugin-fortigate-log-parser 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "fluent-plugin-fortigate-log-parser"
|
|
7
|
-
spec.version = "0.
|
|
7
|
+
spec.version = "0.2.0"
|
|
8
8
|
spec.authors = ["Yoshinori TERAOKA"]
|
|
9
9
|
spec.email = ["jyobijyoba@gmail.com"]
|
|
10
10
|
spec.summary = %q{fluentd plugin for parse FortiGate log}
|
|
@@ -99,14 +99,18 @@ module Fluent
|
|
|
99
99
|
end
|
|
100
100
|
end
|
|
101
101
|
|
|
102
|
+
# rsyslog workaround (remove the unnecessary white space)
|
|
103
|
+
# rsyslog insert a space (0x20) after first semi-colon
|
|
104
|
+
# (eg. time=12:34:56 -> time=12: 34:56)
|
|
105
|
+
record['time'].gsub!(' ', '')
|
|
106
|
+
|
|
102
107
|
time_str = record['date'] + ' ' + record['time']
|
|
103
108
|
time = nil
|
|
104
109
|
|
|
105
110
|
if @prev_time && time_str == @prev_time_str
|
|
106
111
|
time = @prev_time
|
|
107
112
|
else
|
|
108
|
-
|
|
109
|
-
time = Time.strptime(time_str, '%Y-%m-%d %H: %M:%S').to_i
|
|
113
|
+
time = Time.strptime(time_str, '%Y-%m-%d %H:%M:%S').to_i
|
|
110
114
|
@prev_time = time
|
|
111
115
|
@prev_time_str = time_str
|
|
112
116
|
end
|
|
@@ -57,17 +57,17 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
57
57
|
def test_emit
|
|
58
58
|
d1 = create_driver(CONFIG)
|
|
59
59
|
d1.run do
|
|
60
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
60
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,devname=TEST_NAME,devid=TEST_ID,logid=0000000001'})
|
|
61
61
|
end
|
|
62
62
|
emits = d1.emits
|
|
63
63
|
assert_equal 1, emits.length
|
|
64
64
|
assert_equal '0000000001', emits[0][2]['logid']
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
-
def
|
|
67
|
+
def test_emit_uri_escape
|
|
68
68
|
d1 = create_driver(CONFIG)
|
|
69
69
|
d1.run do
|
|
70
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
70
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,file=あああ,filename=いいい'})
|
|
71
71
|
end
|
|
72
72
|
emits = d1.emits
|
|
73
73
|
assert_equal 1, emits.length
|
|
@@ -78,7 +78,7 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
78
78
|
def test_emit_rewrite_tag
|
|
79
79
|
d1 = create_driver(CONFIG_REWRITE_TAG, 'before.test')
|
|
80
80
|
d1.run do
|
|
81
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
81
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59'})
|
|
82
82
|
end
|
|
83
83
|
emits = d1.emits
|
|
84
84
|
assert_equal 1, emits.length
|
|
@@ -88,7 +88,7 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
88
88
|
def test_emit_message_key
|
|
89
89
|
d1 = create_driver(CONFIG_MESSAGE_KEY)
|
|
90
90
|
d1.run do
|
|
91
|
-
d1.emit({'mykey' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
91
|
+
d1.emit({'mykey' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,key1=value1,key2=value2'})
|
|
92
92
|
end
|
|
93
93
|
emits = d1.emits
|
|
94
94
|
assert_equal 1, emits.length
|
|
@@ -97,6 +97,16 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
97
97
|
end
|
|
98
98
|
|
|
99
99
|
def test_emit_date_parse
|
|
100
|
+
d1 = create_driver()
|
|
101
|
+
d1.run do
|
|
102
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59'})
|
|
103
|
+
end
|
|
104
|
+
emits = d1.emits
|
|
105
|
+
assert_equal 1, emits.length
|
|
106
|
+
assert_equal 1408201199, emits[0][1]
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
def test_rsync_workaround
|
|
100
110
|
d1 = create_driver()
|
|
101
111
|
d1.run do
|
|
102
112
|
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23: 59:59'})
|
|
@@ -109,7 +119,7 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
109
119
|
def test_emit_country_map
|
|
110
120
|
d1 = create_driver(CONFIG_COUNTRY_MAP)
|
|
111
121
|
d1.run do
|
|
112
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
122
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,srccountry=Japan,dstcountry=United States'})
|
|
113
123
|
end
|
|
114
124
|
emits = d1.emits
|
|
115
125
|
assert_equal 1, emits.length
|
|
@@ -122,7 +132,7 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
122
132
|
def test_emit_os_version4
|
|
123
133
|
d1 = create_driver(CONFIG_OS_VERSION4)
|
|
124
134
|
d1.run do
|
|
125
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
135
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,src_country=Japan,dst_country=United States'})
|
|
126
136
|
end
|
|
127
137
|
emits = d1.emits
|
|
128
138
|
assert_equal 1, emits.length
|
|
@@ -135,7 +145,7 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
135
145
|
def test_emit_keys
|
|
136
146
|
d1 = create_driver(CONFIG_KEYS)
|
|
137
147
|
d1.run do
|
|
138
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
148
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,a=A,b=B,c=C,x=X,y=Y,z=Z'})
|
|
139
149
|
end
|
|
140
150
|
expected = {'a' => 'A', 'b' => 'B', 'c' => 'C'}
|
|
141
151
|
emits = d1.emits
|
|
@@ -146,7 +156,7 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
146
156
|
def test_emit_remove_keys
|
|
147
157
|
d1 = create_driver(CONFIG_REMOVE_KEYS)
|
|
148
158
|
d1.run do
|
|
149
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
159
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,a=A,b=B,c=C,x=X,y=Y,z=Z'})
|
|
150
160
|
end
|
|
151
161
|
expected = {'x' => 'X', 'y' => 'Y', 'z' => 'Z'}
|
|
152
162
|
emits = d1.emits
|
metadata
CHANGED
|
@@ -1,32 +1,36 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-fortigate-log-parser
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
|
+
prerelease:
|
|
5
6
|
platform: ruby
|
|
6
7
|
authors:
|
|
7
8
|
- Yoshinori TERAOKA
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: bin
|
|
10
11
|
cert_chain: []
|
|
11
|
-
date:
|
|
12
|
+
date: 2015-03-20 00:00:00.000000000 Z
|
|
12
13
|
dependencies:
|
|
13
14
|
- !ruby/object:Gem::Dependency
|
|
14
15
|
name: fluentd
|
|
15
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
16
18
|
requirements:
|
|
17
|
-
- - '>='
|
|
19
|
+
- - ! '>='
|
|
18
20
|
- !ruby/object:Gem::Version
|
|
19
21
|
version: '0'
|
|
20
22
|
type: :runtime
|
|
21
23
|
prerelease: false
|
|
22
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
23
26
|
requirements:
|
|
24
|
-
- - '>='
|
|
27
|
+
- - ! '>='
|
|
25
28
|
- !ruby/object:Gem::Version
|
|
26
29
|
version: '0'
|
|
27
30
|
- !ruby/object:Gem::Dependency
|
|
28
31
|
name: bundler
|
|
29
32
|
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
none: false
|
|
30
34
|
requirements:
|
|
31
35
|
- - ~>
|
|
32
36
|
- !ruby/object:Gem::Version
|
|
@@ -34,6 +38,7 @@ dependencies:
|
|
|
34
38
|
type: :development
|
|
35
39
|
prerelease: false
|
|
36
40
|
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
+
none: false
|
|
37
42
|
requirements:
|
|
38
43
|
- - ~>
|
|
39
44
|
- !ruby/object:Gem::Version
|
|
@@ -41,6 +46,7 @@ dependencies:
|
|
|
41
46
|
- !ruby/object:Gem::Dependency
|
|
42
47
|
name: rake
|
|
43
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
|
+
none: false
|
|
44
50
|
requirements:
|
|
45
51
|
- - ~>
|
|
46
52
|
- !ruby/object:Gem::Version
|
|
@@ -48,6 +54,7 @@ dependencies:
|
|
|
48
54
|
type: :development
|
|
49
55
|
prerelease: false
|
|
50
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
+
none: false
|
|
51
58
|
requirements:
|
|
52
59
|
- - ~>
|
|
53
60
|
- !ruby/object:Gem::Version
|
|
@@ -74,26 +81,27 @@ files:
|
|
|
74
81
|
homepage: https://github.com/yteraoka/fluent-plugin-fortigate-log-parser
|
|
75
82
|
licenses:
|
|
76
83
|
- MIT
|
|
77
|
-
metadata: {}
|
|
78
84
|
post_install_message:
|
|
79
85
|
rdoc_options: []
|
|
80
86
|
require_paths:
|
|
81
87
|
- lib
|
|
82
88
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
89
|
+
none: false
|
|
83
90
|
requirements:
|
|
84
|
-
- - '>='
|
|
91
|
+
- - ! '>='
|
|
85
92
|
- !ruby/object:Gem::Version
|
|
86
93
|
version: '0'
|
|
87
94
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
95
|
+
none: false
|
|
88
96
|
requirements:
|
|
89
|
-
- - '>='
|
|
97
|
+
- - ! '>='
|
|
90
98
|
- !ruby/object:Gem::Version
|
|
91
99
|
version: '0'
|
|
92
100
|
requirements: []
|
|
93
101
|
rubyforge_project:
|
|
94
|
-
rubygems_version:
|
|
102
|
+
rubygems_version: 1.8.23
|
|
95
103
|
signing_key:
|
|
96
|
-
specification_version:
|
|
104
|
+
specification_version: 3
|
|
97
105
|
summary: fluentd plugin for parse FortiGate log
|
|
98
106
|
test_files:
|
|
99
107
|
- test/helper.rb
|
checksums.yaml
DELETED
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
SHA1:
|
|
3
|
-
metadata.gz: c33c6ce6da8275fca39ff791e778d17585e2a357
|
|
4
|
-
data.tar.gz: c91268bdff674aeb2f50fe2d6274211e2fa62a94
|
|
5
|
-
SHA512:
|
|
6
|
-
metadata.gz: f3c4a395b9f7f71243382e93a875c0e7bb3404382b4e51a79cbd2d790cf99014bac3f805fc74199308f19036b64bfa37ea776487f8ba5d0a67174b335bc7f95e
|
|
7
|
-
data.tar.gz: a15d3d154bc6ed865b5c3e1a44fc35471491bcc335e134e4296cbb3e2f5374e67afb8d3e4c30d8174f44b09406253e4edcf6a7e2ee64e0bdd0529263da06910b
|