fluent-plugin-osquery 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.gitignore +2 -0
- data/README.md +13 -8
- data/fluent-plugin-osquery.gemspec +5 -5
- data/lib/fluent/plugin/in_osquery.rb +6 -1
- metadata +14 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: d0eee74f674f51a61e811a4a4dfc9f3ed05226b8b41d0807abae73d5bb9c8413
|
|
4
|
+
data.tar.gz: 51f5a3ea8a323afc2ce53835e5fe2a9393371cc50a44c71145b55f20467a0fa1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8a7baf95ffc9dfb8ecabb0da1fae0e7b4a02c1a80e341887b766692b05b7b62c33784ad1f7fd5fbde85f759c1057483cc98013ef88b78646325551ada3f72420
|
|
7
|
+
data.tar.gz: 8eb2e871b33cbcf426f76cc0e64729cff91f7a25a00e90e83ea20f438b2ea9e120320a3f24e9ea7f1960efeb6f22f1b4a1ec6e7d5fe24cfb0914430bbd1db258
|
data/README.md
CHANGED
|
@@ -16,24 +16,29 @@ Or install it yourself as:
|
|
|
16
16
|
|
|
17
17
|
$ gem install fluent-plugin-osquery
|
|
18
18
|
|
|
19
|
+
When you use with td-agent, install it as below:
|
|
20
|
+
|
|
21
|
+
$ sudo /opt/td-agent/embedded/bin/fluent-gem install fluent-plugin-osquery
|
|
22
|
+
|
|
23
|
+
Create home directory: (It could be unnecessary)
|
|
24
|
+
|
|
25
|
+
$ sudo mkdir -p /home/td-agent/.osquery
|
|
26
|
+
$ sudo chown td-agent /home/td-agent/.osquery
|
|
27
|
+
|
|
19
28
|
## Configuration
|
|
20
29
|
|
|
21
30
|
### Example
|
|
22
31
|
|
|
23
32
|
<source>
|
|
24
|
-
type osquery
|
|
33
|
+
@type osquery
|
|
25
34
|
tag osquery
|
|
26
35
|
interval 60
|
|
27
36
|
query select * from processes
|
|
28
37
|
</source>
|
|
29
38
|
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
2. Create your feature branch (`git checkout -b my-new-feature`)
|
|
34
|
-
3. Commit your changes (`git commit -am 'Add some feature'`)
|
|
35
|
-
4. Push to the branch (`git push origin my-new-feature`)
|
|
36
|
-
5. Create new [Pull Request](../../pull/new/master)
|
|
39
|
+
<match osquery>
|
|
40
|
+
@type stdout
|
|
41
|
+
</match>
|
|
37
42
|
|
|
38
43
|
## Copyright
|
|
39
44
|
|
|
@@ -4,12 +4,12 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = 'fluent-plugin-osquery'
|
|
7
|
-
spec.version = '0.0.
|
|
7
|
+
spec.version = '0.0.2'
|
|
8
8
|
spec.authors = ['Hidenori Suzuki']
|
|
9
9
|
spec.email = ['hidenori.suzuki@yahoo.com']
|
|
10
10
|
spec.summary = 'a fluent plugin'
|
|
11
11
|
spec.description = 'osquery input plugin'
|
|
12
|
-
spec.homepage = 'https://github.com/
|
|
12
|
+
spec.homepage = 'https://github.com/niyonmaruz/fluent-plugin-osquery'
|
|
13
13
|
spec.license = 'MIT'
|
|
14
14
|
|
|
15
15
|
spec.files = `git ls-files -z`.split("\x0")
|
|
@@ -17,10 +17,10 @@ Gem::Specification.new do |spec|
|
|
|
17
17
|
spec.test_files = spec.files.grep(/^(test|spec|features)\//)
|
|
18
18
|
spec.require_paths = ['lib']
|
|
19
19
|
|
|
20
|
-
spec.add_runtime_dependency 'fluentd', '~>
|
|
20
|
+
spec.add_runtime_dependency 'fluentd', '~> 1.2.6'
|
|
21
21
|
|
|
22
|
-
spec.add_development_dependency 'bundler'
|
|
23
|
-
spec.add_development_dependency 'rake'
|
|
22
|
+
spec.add_development_dependency 'bundler'
|
|
23
|
+
spec.add_development_dependency 'rake'
|
|
24
24
|
spec.add_development_dependency 'test-unit'
|
|
25
25
|
spec.add_development_dependency 'rspec'
|
|
26
26
|
end
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# coding: utf-8
|
|
2
|
+
require 'fluent/input'
|
|
2
3
|
module Fluent
|
|
3
4
|
class OsqueryInput < Fluent::Input
|
|
4
5
|
Fluent::Plugin.register_input('osquery', self)
|
|
@@ -6,6 +7,10 @@ module Fluent
|
|
|
6
7
|
config_param :interval, :integer, default: 60
|
|
7
8
|
config_param :query, :string, default: 'select * from processes'
|
|
8
9
|
|
|
10
|
+
unless method_defined?(:router)
|
|
11
|
+
define_method("router") { Fluent::Engine }
|
|
12
|
+
end
|
|
13
|
+
|
|
9
14
|
def initialize
|
|
10
15
|
super
|
|
11
16
|
require 'json'
|
|
@@ -45,7 +50,7 @@ module Fluent
|
|
|
45
50
|
jsonrec = JSON.parse(record)
|
|
46
51
|
jsonrec.each do |line|
|
|
47
52
|
@log.debug(line)
|
|
48
|
-
|
|
53
|
+
router.emit(@tag, @time, line)
|
|
49
54
|
end
|
|
50
55
|
rescue => e
|
|
51
56
|
@log.error('faild to run', error: e.to_s, error_class: e.class.to_s)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-osquery
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hidenori Suzuki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-10-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|
|
@@ -16,42 +16,42 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 1.2.6
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 1.2.6
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - "
|
|
31
|
+
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
33
|
+
version: '0'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - "
|
|
38
|
+
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
40
|
+
version: '0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rake
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- - "
|
|
45
|
+
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '
|
|
47
|
+
version: '0'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- - "
|
|
52
|
+
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '
|
|
54
|
+
version: '0'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: test-unit
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -97,7 +97,7 @@ files:
|
|
|
97
97
|
- lib/fluent/plugin/in_osquery.rb
|
|
98
98
|
- spec/fluent/plugin/in_osquery_spec.rb
|
|
99
99
|
- spec/spec_helper.rb
|
|
100
|
-
homepage: https://github.com/
|
|
100
|
+
homepage: https://github.com/niyonmaruz/fluent-plugin-osquery
|
|
101
101
|
licenses:
|
|
102
102
|
- MIT
|
|
103
103
|
metadata: {}
|
|
@@ -117,7 +117,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
117
117
|
version: '0'
|
|
118
118
|
requirements: []
|
|
119
119
|
rubyforge_project:
|
|
120
|
-
rubygems_version: 2.
|
|
120
|
+
rubygems_version: 2.7.6
|
|
121
121
|
signing_key:
|
|
122
122
|
specification_version: 4
|
|
123
123
|
summary: a fluent plugin
|