fluent-plugin-parser-winevt_xml 0.1.1 → 0.2.3.rc1

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,79 @@
1
+ require_relative '../helper'
2
+
3
+ class WinevtSAXparserTest < Test::Unit::TestCase
4
+
5
+ def setup
6
+ Fluent::Test.setup
7
+ end
8
+
9
+ CONFIG = %[]
10
+ XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml") )
11
+
12
+ def create_driver(conf = CONFIG)
13
+ Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtSAXparser).configure(conf)
14
+ end
15
+
16
+ def test_parse
17
+ d = create_driver
18
+ xml = XMLLOG
19
+ expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
20
+ "ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
21
+ "EventID" => "4624",
22
+ "Qualifiers" => nil,
23
+ "Level" => "0",
24
+ "Task" => "12544",
25
+ "Opcode" => "0",
26
+ "Keywords" => "0x8020000000000000",
27
+ "TimeCreated" => "2019-06-13T09:21:23.345889600Z",
28
+ "EventRecordID" => "80688",
29
+ "ActivityID" => "{587F0743-1F71-0006-5007-7F58711FD501}",
30
+ "RelatedActivityID" => nil,
31
+ "ProcessID" => "912",
32
+ "ThreadID" => "24708",
33
+ "Channel" => "Security",
34
+ "Computer" => "Fluentd-Developing-Windows",
35
+ "UserID" => nil,
36
+ "Version" => "2",}
37
+ d.instance.parse(xml) do |time, record|
38
+ assert_equal(expected, record)
39
+ end
40
+
41
+ assert_true(d.instance.winevt_xml?)
42
+ end
43
+
44
+ class QualifiersTest < self
45
+ def setup
46
+ @xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
47
+ end
48
+
49
+ def teardown
50
+ @xml.close
51
+ end
52
+
53
+ def test_parse_without_qualifiers
54
+ d = create_driver CONFIG + %[preserve_qualifiers false]
55
+ expected = {"ActivityID" => nil,
56
+ "Channel" => "Application",
57
+ "Computer" => "DESKTOP-G457RDR",
58
+ "EventID" => "3221241866",
59
+ "EventRecordID" => "150731",
60
+ "Keywords" => "0x80000000000000",
61
+ "Level" => "4",
62
+ "Opcode" => "0",
63
+ "ProcessID" => "0",
64
+ "ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
65
+ "ProviderName" => "Microsoft-Windows-Security-SPP",
66
+ "RelatedActivityID" => nil,
67
+ "Task" => "0",
68
+ "ThreadID" => "0",
69
+ "TimeCreated" => "2020-01-16T09:57:18.013693700Z",
70
+ "UserID" => nil,
71
+ "Version" => "0"}
72
+ d.instance.parse(@xml) do |time, record|
73
+ assert_equal(expected, record)
74
+ end
75
+
76
+ assert_true(d.instance.winevt_xml?)
77
+ end
78
+ end
79
+ end
@@ -1,41 +1,80 @@
1
- require 'helper'
2
-
3
- class WinevtXMLparserTest < Test::Unit::TestCase
4
-
5
- def setup
6
- Fluent::Test.setup
7
- end
8
-
9
- CONFIG = %[]
10
- XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml") )
11
-
12
- def create_driver(conf = CONFIG)
13
- Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtXMLparser).configure(conf)
14
- end
15
-
16
- def test_parse
17
- d = create_driver
18
- xml = XMLLOG
19
- expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
20
- "ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
21
- "EventID" => "4624",
22
- "Qualifiers" => nil,
23
- "Level" => "0",
24
- "Task" => "12544",
25
- "Opcode" => "0",
26
- "Keywords" => "0x8020000000000000",
27
- "TimeCreated" => "2019-06-13T09:21:23.345889600Z",
28
- "EventRecordID" => "80688",
29
- "ActivityID" => "",
30
- "RelatedActivityID" => "{587F0743-1F71-0006-5007-7F58711FD501}",
31
- "ThreadID" => "24708",
32
- "Channel" => "Security",
33
- "Computer" => "Fluentd-Developing-Windows",
34
- "UserID" => nil,
35
- "Version" => "2",
36
- "InsertStrings" => []}
37
- d.instance.parse(xml) do |time, record|
38
- assert_equal(expected, record)
39
- end
40
- end
41
- end
1
+ require_relative '../helper'
2
+
3
+ class WinevtXMLparserTest < Test::Unit::TestCase
4
+
5
+ def setup
6
+ Fluent::Test.setup
7
+ end
8
+
9
+ CONFIG = %[]
10
+ XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml"))
11
+
12
+ def create_driver(conf = CONFIG)
13
+ Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtXMLparser).configure(conf)
14
+ end
15
+
16
+ def test_parse
17
+ d = create_driver
18
+ xml = XMLLOG
19
+ expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
20
+ "ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
21
+ "EventID" => "4624",
22
+ "Qualifiers" => nil,
23
+ "Level" => "0",
24
+ "Task" => "12544",
25
+ "Opcode" => "0",
26
+ "Keywords" => "0x8020000000000000",
27
+ "TimeCreated" => "2019-06-13T09:21:23.345889600Z",
28
+ "EventRecordID" => "80688",
29
+ "ActivityID" => "{587F0743-1F71-0006-5007-7F58711FD501}",
30
+ "RelatedActivityID" => nil,
31
+ "ProcessID" => "912",
32
+ "ThreadID" => "24708",
33
+ "Channel" => "Security",
34
+ "Computer" => "Fluentd-Developing-Windows",
35
+ "UserID" => nil,
36
+ "Version" => "2",}
37
+ d.instance.parse(xml) do |time, record|
38
+ assert_equal(expected, record)
39
+ end
40
+ xml.close
41
+
42
+ assert_true(d.instance.winevt_xml?)
43
+ end
44
+
45
+ class QualifiersTest < self
46
+ def setup
47
+ @xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
48
+ end
49
+
50
+ def teardown
51
+ @xml.close
52
+ end
53
+
54
+ def test_without_qualifiers
55
+ d = create_driver CONFIG + %[preserve_qualifiers false]
56
+ expected = {"ActivityID" => nil,
57
+ "Channel" => "Application",
58
+ "Computer" => "DESKTOP-G457RDR",
59
+ "EventID" => "3221241866",
60
+ "EventRecordID" => "150731",
61
+ "Keywords" => "0x80000000000000",
62
+ "Level" => "4",
63
+ "Opcode" => "0",
64
+ "ProcessID" => "0",
65
+ "ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
66
+ "ProviderName" => "Microsoft-Windows-Security-SPP",
67
+ "RelatedActivityID" => nil,
68
+ "Task" => "0",
69
+ "ThreadID" => "0",
70
+ "TimeCreated" => "2020-01-16T09:57:18.013693700Z",
71
+ "UserID" => nil,
72
+ "Version" => "0"}
73
+ d.instance.parse(@xml) do |time, record|
74
+ assert_equal(expected, record)
75
+ end
76
+
77
+ assert_true(d.instance.winevt_xml?)
78
+ end
79
+ end
80
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-parser-winevt_xml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.3.rc1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Hiroshi Hatake
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2019-10-10 00:00:00.000000000 Z
12
+ date: 2020-06-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler
@@ -77,16 +77,22 @@ dependencies:
77
77
  name: nokogiri
78
78
  requirement: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - "~>"
80
+ - - ">="
81
81
  - !ruby/object:Gem::Version
82
- version: '1.10'
82
+ version: 1.11.pre
83
+ - - "<"
84
+ - !ruby/object:Gem::Version
85
+ version: '1.12'
83
86
  type: :runtime
84
87
  prerelease: false
85
88
  version_requirements: !ruby/object:Gem::Requirement
86
89
  requirements:
87
- - - "~>"
90
+ - - ">="
91
+ - !ruby/object:Gem::Version
92
+ version: 1.11.pre
93
+ - - "<"
88
94
  - !ruby/object:Gem::Version
89
- version: '1.10'
95
+ version: '1.12'
90
96
  description: Fluentd Parser plugin to parse XML rendered windows event log.
91
97
  email:
92
98
  - cosmo0920.oucc@gmail.com
@@ -103,9 +109,13 @@ files:
103
109
  - Rakefile
104
110
  - appveyor.yml
105
111
  - fluent-plugin-parser-winevt_xml.gemspec
112
+ - lib/fluent/plugin/parser_winevt_sax.rb
106
113
  - lib/fluent/plugin/parser_winevt_xml.rb
114
+ - lib/fluent/plugin/winevt_sax_document.rb
115
+ - test/data/eventlog-with-qualifiers.xml
107
116
  - test/data/eventlog.xml
108
117
  - test/helper.rb
118
+ - test/plugin/test_parser_winevt_sax.rb
109
119
  - test/plugin/test_parser_winevt_xml.rb
110
120
  homepage: https://github.com/fluent/fluent-plugin-parser-winevt_xml
111
121
  licenses:
@@ -122,15 +132,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
122
132
  version: '0'
123
133
  required_rubygems_version: !ruby/object:Gem::Requirement
124
134
  requirements:
125
- - - ">="
135
+ - - ">"
126
136
  - !ruby/object:Gem::Version
127
- version: '0'
137
+ version: 1.3.1
128
138
  requirements: []
129
- rubygems_version: 3.0.3
139
+ rubyforge_project:
140
+ rubygems_version: 2.7.6.2
130
141
  signing_key:
131
142
  specification_version: 4
132
143
  summary: Fluentd Parser plugin to parse XML rendered windows event log.
133
144
  test_files:
145
+ - test/data/eventlog-with-qualifiers.xml
134
146
  - test/data/eventlog.xml
135
147
  - test/helper.rb
148
+ - test/plugin/test_parser_winevt_sax.rb
136
149
  - test/plugin/test_parser_winevt_xml.rb