fluent-plugin-fortigate-log-parser 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "fluent-plugin-fortigate-log-parser"
|
|
7
|
-
spec.version = "0.
|
|
7
|
+
spec.version = "0.2.0"
|
|
8
8
|
spec.authors = ["Yoshinori TERAOKA"]
|
|
9
9
|
spec.email = ["jyobijyoba@gmail.com"]
|
|
10
10
|
spec.summary = %q{fluentd plugin for parse FortiGate log}
|
|
@@ -99,14 +99,18 @@ module Fluent
|
|
|
99
99
|
end
|
|
100
100
|
end
|
|
101
101
|
|
|
102
|
+
# rsyslog workaround (remove the unnecessary white space)
|
|
103
|
+
# rsyslog insert a space (0x20) after first semi-colon
|
|
104
|
+
# (eg. time=12:34:56 -> time=12: 34:56)
|
|
105
|
+
record['time'].gsub!(' ', '')
|
|
106
|
+
|
|
102
107
|
time_str = record['date'] + ' ' + record['time']
|
|
103
108
|
time = nil
|
|
104
109
|
|
|
105
110
|
if @prev_time && time_str == @prev_time_str
|
|
106
111
|
time = @prev_time
|
|
107
112
|
else
|
|
108
|
-
|
|
109
|
-
time = Time.strptime(time_str, '%Y-%m-%d %H: %M:%S').to_i
|
|
113
|
+
time = Time.strptime(time_str, '%Y-%m-%d %H:%M:%S').to_i
|
|
110
114
|
@prev_time = time
|
|
111
115
|
@prev_time_str = time_str
|
|
112
116
|
end
|
|
@@ -57,17 +57,17 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
57
57
|
def test_emit
|
|
58
58
|
d1 = create_driver(CONFIG)
|
|
59
59
|
d1.run do
|
|
60
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
60
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,devname=TEST_NAME,devid=TEST_ID,logid=0000000001'})
|
|
61
61
|
end
|
|
62
62
|
emits = d1.emits
|
|
63
63
|
assert_equal 1, emits.length
|
|
64
64
|
assert_equal '0000000001', emits[0][2]['logid']
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
-
def
|
|
67
|
+
def test_emit_uri_escape
|
|
68
68
|
d1 = create_driver(CONFIG)
|
|
69
69
|
d1.run do
|
|
70
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
70
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,file=あああ,filename=いいい'})
|
|
71
71
|
end
|
|
72
72
|
emits = d1.emits
|
|
73
73
|
assert_equal 1, emits.length
|
|
@@ -78,7 +78,7 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
78
78
|
def test_emit_rewrite_tag
|
|
79
79
|
d1 = create_driver(CONFIG_REWRITE_TAG, 'before.test')
|
|
80
80
|
d1.run do
|
|
81
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
81
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59'})
|
|
82
82
|
end
|
|
83
83
|
emits = d1.emits
|
|
84
84
|
assert_equal 1, emits.length
|
|
@@ -88,7 +88,7 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
88
88
|
def test_emit_message_key
|
|
89
89
|
d1 = create_driver(CONFIG_MESSAGE_KEY)
|
|
90
90
|
d1.run do
|
|
91
|
-
d1.emit({'mykey' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
91
|
+
d1.emit({'mykey' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,key1=value1,key2=value2'})
|
|
92
92
|
end
|
|
93
93
|
emits = d1.emits
|
|
94
94
|
assert_equal 1, emits.length
|
|
@@ -97,6 +97,16 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
97
97
|
end
|
|
98
98
|
|
|
99
99
|
def test_emit_date_parse
|
|
100
|
+
d1 = create_driver()
|
|
101
|
+
d1.run do
|
|
102
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59'})
|
|
103
|
+
end
|
|
104
|
+
emits = d1.emits
|
|
105
|
+
assert_equal 1, emits.length
|
|
106
|
+
assert_equal 1408201199, emits[0][1]
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
def test_rsync_workaround
|
|
100
110
|
d1 = create_driver()
|
|
101
111
|
d1.run do
|
|
102
112
|
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23: 59:59'})
|
|
@@ -109,7 +119,7 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
109
119
|
def test_emit_country_map
|
|
110
120
|
d1 = create_driver(CONFIG_COUNTRY_MAP)
|
|
111
121
|
d1.run do
|
|
112
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
122
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,srccountry=Japan,dstcountry=United States'})
|
|
113
123
|
end
|
|
114
124
|
emits = d1.emits
|
|
115
125
|
assert_equal 1, emits.length
|
|
@@ -122,7 +132,7 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
122
132
|
def test_emit_os_version4
|
|
123
133
|
d1 = create_driver(CONFIG_OS_VERSION4)
|
|
124
134
|
d1.run do
|
|
125
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
135
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,src_country=Japan,dst_country=United States'})
|
|
126
136
|
end
|
|
127
137
|
emits = d1.emits
|
|
128
138
|
assert_equal 1, emits.length
|
|
@@ -135,7 +145,7 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
135
145
|
def test_emit_keys
|
|
136
146
|
d1 = create_driver(CONFIG_KEYS)
|
|
137
147
|
d1.run do
|
|
138
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
148
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,a=A,b=B,c=C,x=X,y=Y,z=Z'})
|
|
139
149
|
end
|
|
140
150
|
expected = {'a' => 'A', 'b' => 'B', 'c' => 'C'}
|
|
141
151
|
emits = d1.emits
|
|
@@ -146,7 +156,7 @@ class FortigateSyslogParserOutputTest < Test::Unit::TestCase
|
|
|
146
156
|
def test_emit_remove_keys
|
|
147
157
|
d1 = create_driver(CONFIG_REMOVE_KEYS)
|
|
148
158
|
d1.run do
|
|
149
|
-
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:
|
|
159
|
+
d1.emit({'message' => 'Aug 17 00:00:00 fortigate date=2014-08-16,time=23:59:59,a=A,b=B,c=C,x=X,y=Y,z=Z'})
|
|
150
160
|
end
|
|
151
161
|
expected = {'x' => 'X', 'y' => 'Y', 'z' => 'Z'}
|
|
152
162
|
emits = d1.emits
|
metadata
CHANGED
|
@@ -1,32 +1,36 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-fortigate-log-parser
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
|
+
prerelease:
|
|
5
6
|
platform: ruby
|
|
6
7
|
authors:
|
|
7
8
|
- Yoshinori TERAOKA
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: bin
|
|
10
11
|
cert_chain: []
|
|
11
|
-
date:
|
|
12
|
+
date: 2015-03-20 00:00:00.000000000 Z
|
|
12
13
|
dependencies:
|
|
13
14
|
- !ruby/object:Gem::Dependency
|
|
14
15
|
name: fluentd
|
|
15
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
16
18
|
requirements:
|
|
17
|
-
- - '>='
|
|
19
|
+
- - ! '>='
|
|
18
20
|
- !ruby/object:Gem::Version
|
|
19
21
|
version: '0'
|
|
20
22
|
type: :runtime
|
|
21
23
|
prerelease: false
|
|
22
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
23
26
|
requirements:
|
|
24
|
-
- - '>='
|
|
27
|
+
- - ! '>='
|
|
25
28
|
- !ruby/object:Gem::Version
|
|
26
29
|
version: '0'
|
|
27
30
|
- !ruby/object:Gem::Dependency
|
|
28
31
|
name: bundler
|
|
29
32
|
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
none: false
|
|
30
34
|
requirements:
|
|
31
35
|
- - ~>
|
|
32
36
|
- !ruby/object:Gem::Version
|
|
@@ -34,6 +38,7 @@ dependencies:
|
|
|
34
38
|
type: :development
|
|
35
39
|
prerelease: false
|
|
36
40
|
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
+
none: false
|
|
37
42
|
requirements:
|
|
38
43
|
- - ~>
|
|
39
44
|
- !ruby/object:Gem::Version
|
|
@@ -41,6 +46,7 @@ dependencies:
|
|
|
41
46
|
- !ruby/object:Gem::Dependency
|
|
42
47
|
name: rake
|
|
43
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
|
+
none: false
|
|
44
50
|
requirements:
|
|
45
51
|
- - ~>
|
|
46
52
|
- !ruby/object:Gem::Version
|
|
@@ -48,6 +54,7 @@ dependencies:
|
|
|
48
54
|
type: :development
|
|
49
55
|
prerelease: false
|
|
50
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
+
none: false
|
|
51
58
|
requirements:
|
|
52
59
|
- - ~>
|
|
53
60
|
- !ruby/object:Gem::Version
|
|
@@ -74,26 +81,27 @@ files:
|
|
|
74
81
|
homepage: https://github.com/yteraoka/fluent-plugin-fortigate-log-parser
|
|
75
82
|
licenses:
|
|
76
83
|
- MIT
|
|
77
|
-
metadata: {}
|
|
78
84
|
post_install_message:
|
|
79
85
|
rdoc_options: []
|
|
80
86
|
require_paths:
|
|
81
87
|
- lib
|
|
82
88
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
89
|
+
none: false
|
|
83
90
|
requirements:
|
|
84
|
-
- - '>='
|
|
91
|
+
- - ! '>='
|
|
85
92
|
- !ruby/object:Gem::Version
|
|
86
93
|
version: '0'
|
|
87
94
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
95
|
+
none: false
|
|
88
96
|
requirements:
|
|
89
|
-
- - '>='
|
|
97
|
+
- - ! '>='
|
|
90
98
|
- !ruby/object:Gem::Version
|
|
91
99
|
version: '0'
|
|
92
100
|
requirements: []
|
|
93
101
|
rubyforge_project:
|
|
94
|
-
rubygems_version:
|
|
102
|
+
rubygems_version: 1.8.23
|
|
95
103
|
signing_key:
|
|
96
|
-
specification_version:
|
|
104
|
+
specification_version: 3
|
|
97
105
|
summary: fluentd plugin for parse FortiGate log
|
|
98
106
|
test_files:
|
|
99
107
|
- test/helper.rb
|
checksums.yaml
DELETED
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
SHA1:
|
|
3
|
-
metadata.gz: c33c6ce6da8275fca39ff791e778d17585e2a357
|
|
4
|
-
data.tar.gz: c91268bdff674aeb2f50fe2d6274211e2fa62a94
|
|
5
|
-
SHA512:
|
|
6
|
-
metadata.gz: f3c4a395b9f7f71243382e93a875c0e7bb3404382b4e51a79cbd2d790cf99014bac3f805fc74199308f19036b64bfa37ea776487f8ba5d0a67174b335bc7f95e
|
|
7
|
-
data.tar.gz: a15d3d154bc6ed865b5c3e1a44fc35471491bcc335e134e4296cbb3e2f5374e67afb8d3e4c30d8174f44b09406253e4edcf6a7e2ee64e0bdd0529263da06910b
|