fluent-plugin-parser-winevt_xml 0.2.0 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/linux-test.yaml +34 -0
- data/.github/workflows/macos-test.yaml +28 -0
- data/.github/workflows/windows-test.yaml +28 -0
- data/README.md +10 -0
- data/appveyor.yml +7 -2
- data/fluent-plugin-parser-winevt_xml.gemspec +3 -3
- data/lib/fluent/plugin/parser_winevt_sax.rb +7 -1
- data/lib/fluent/plugin/parser_winevt_xml.rb +27 -2
- data/lib/fluent/plugin/winevt_sax_document.rb +28 -5
- data/test/data/eventlog-with-qualifiers.xml +1 -0
- data/test/plugin/test_parser_winevt_sax.rb +38 -2
- data/test/plugin/test_parser_winevt_xml.rb +39 -2
- metadata +20 -10
- data/.travis.yml +0 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cf661a22efc8f59fea1349378dd616e3492f8f744a4b2828ca92bcaa07104ee8
|
4
|
+
data.tar.gz: 225be6df196b003016e6ff05ecba7d0860e154ee5e666d8361dd48ea9f40536d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8cfb8dd8e674678fcda0d78f56b6ed782e36aae204039d895525905438ad4b2c6fbb0156e439694af778ebd34ba9e2d3028e12871582cbc50c44b06a953a047c
|
7
|
+
data.tar.gz: f7092485efbcc4ccf2e45448c604f4cc63663922567aa48200a091fc7e92f14ad4b12fd384d6a760df250574c25643d95624963ca482cc0120e9bd52a36ec049
|
@@ -0,0 +1,34 @@
|
|
1
|
+
name: Testing on Ubuntu
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches: [master]
|
6
|
+
pull_request:
|
7
|
+
branches: [master]
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
test:
|
11
|
+
runs-on: ${{ matrix.os }}
|
12
|
+
continue-on-error: ${{ matrix.experimental }}
|
13
|
+
strategy:
|
14
|
+
fail-fast: false
|
15
|
+
matrix:
|
16
|
+
ruby: ['3.0', '2.7', '2.6']
|
17
|
+
os: [ubuntu-latest]
|
18
|
+
experimental: [false]
|
19
|
+
include:
|
20
|
+
- ruby: head
|
21
|
+
os: ubuntu-latest
|
22
|
+
experimental: true
|
23
|
+
|
24
|
+
name: Unit testing with Ruby ${{ matrix.ruby }} on ${{ matrix.os }}
|
25
|
+
steps:
|
26
|
+
- uses: actions/checkout@v2
|
27
|
+
- name: Set up Ruby
|
28
|
+
uses: ruby/setup-ruby@v1
|
29
|
+
with:
|
30
|
+
ruby-version: ${{ matrix.ruby }}
|
31
|
+
- name: Install dependencies
|
32
|
+
run: bundle install
|
33
|
+
- name: Run tests
|
34
|
+
run: bundle exec rake test
|
@@ -0,0 +1,28 @@
|
|
1
|
+
name: Testing on macOS
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches: [master]
|
6
|
+
pull_request:
|
7
|
+
branches: [master]
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
test:
|
11
|
+
runs-on: ${{ matrix.os }}
|
12
|
+
strategy:
|
13
|
+
fail-fast: false
|
14
|
+
matrix:
|
15
|
+
ruby: ['3.0', '2.7', '2.6']
|
16
|
+
os: [macos-latest]
|
17
|
+
|
18
|
+
name: Unit testing with Ruby ${{ matrix.ruby }} on ${{ matrix.os }}
|
19
|
+
steps:
|
20
|
+
- uses: actions/checkout@v2
|
21
|
+
- name: Set up Ruby
|
22
|
+
uses: ruby/setup-ruby@v1
|
23
|
+
with:
|
24
|
+
ruby-version: ${{ matrix.ruby }}
|
25
|
+
- name: Install dependencies
|
26
|
+
run: bundle install
|
27
|
+
- name: Run tests
|
28
|
+
run: bundle exec rake test
|
@@ -0,0 +1,28 @@
|
|
1
|
+
name: Testing on Windows
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches: [master]
|
6
|
+
pull_request:
|
7
|
+
branches: [master]
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
test:
|
11
|
+
runs-on: ${{ matrix.os }}
|
12
|
+
strategy:
|
13
|
+
fail-fast: false
|
14
|
+
matrix:
|
15
|
+
ruby: ['3.0', '2.7', '2.6']
|
16
|
+
os:
|
17
|
+
- windows-latest
|
18
|
+
name: Unit testing with Ruby ${{ matrix.ruby }} on ${{ matrix.os }}
|
19
|
+
steps:
|
20
|
+
- uses: actions/checkout@v2
|
21
|
+
- name: Set up Ruby
|
22
|
+
uses: ruby/setup-ruby@v1
|
23
|
+
with:
|
24
|
+
ruby-version: ${{ matrix.ruby }}
|
25
|
+
- name: Install dependencies
|
26
|
+
run: ridk exec bundle install
|
27
|
+
- name: Run tests
|
28
|
+
run: bundle exec rake test
|
data/README.md
CHANGED
@@ -22,9 +22,14 @@ gem install fluent-plugin-parser-winevt_xml
|
|
22
22
|
```aconf
|
23
23
|
<parse>
|
24
24
|
@type winevt_xml
|
25
|
+
preserve_qualifiers true
|
25
26
|
</parse>
|
26
27
|
```
|
27
28
|
|
29
|
+
#### preserve_qualifiers
|
30
|
+
|
31
|
+
Preserve Qualifiers key instead of calculating actual EventID with Qualifiers. Default is `true`.
|
32
|
+
|
28
33
|
### parser_winevt_sax
|
29
34
|
|
30
35
|
This plugin is a bit faster than `winevt_xml`.
|
@@ -32,9 +37,14 @@ This plugin is a bit faster than `winevt_xml`.
|
|
32
37
|
```aconf
|
33
38
|
<parse>
|
34
39
|
@type winevt_sax
|
40
|
+
preserve_qualifiers true
|
35
41
|
</parse>
|
36
42
|
```
|
37
43
|
|
44
|
+
#### preserve_qualifiers
|
45
|
+
|
46
|
+
Preserve Qualifiers key instead of calculating actual EventID with Qualifiers. Default is `true`.
|
47
|
+
|
38
48
|
## Copyright
|
39
49
|
|
40
50
|
### Copyright
|
data/appveyor.yml
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
version: '{build}'
|
2
|
+
image: Visual Studio 2019
|
2
3
|
|
3
4
|
# init:
|
4
5
|
# - ps: iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
|
@@ -20,5 +21,9 @@ branches:
|
|
20
21
|
# https://www.appveyor.com/docs/installed-software/#ruby
|
21
22
|
environment:
|
22
23
|
matrix:
|
23
|
-
- ruby_version: "
|
24
|
-
- ruby_version: "
|
24
|
+
- ruby_version: "30-x64"
|
25
|
+
- ruby_version: "30"
|
26
|
+
- ruby_version: "27-x64"
|
27
|
+
- ruby_version: "27"
|
28
|
+
- ruby_version: "26-x64"
|
29
|
+
- ruby_version: "26"
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = "fluent-plugin-parser-winevt_xml"
|
7
|
-
spec.version = "0.2.
|
7
|
+
spec.version = "0.2.3"
|
8
8
|
spec.authors = ["Hiroshi Hatake", "Masahiro Nakagawa"]
|
9
9
|
spec.email = ["cosmo0920.oucc@gmail.com", "repeatedly@gmail.com"]
|
10
10
|
spec.summary = %q{Fluentd Parser plugin to parse XML rendered windows event log.}
|
@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
|
|
19
19
|
|
20
20
|
spec.add_development_dependency "bundler"
|
21
21
|
spec.add_development_dependency "rake"
|
22
|
-
spec.add_development_dependency "test-unit", "~> 3.
|
22
|
+
spec.add_development_dependency "test-unit", "~> 3.4.0"
|
23
23
|
spec.add_runtime_dependency "fluentd", [">= 0.14.12", "< 2"]
|
24
|
-
spec.add_runtime_dependency "nokogiri", "
|
24
|
+
spec.add_runtime_dependency "nokogiri", [">= 1.12.5", "< 1.13"]
|
25
25
|
end
|
@@ -6,12 +6,18 @@ module Fluent::Plugin
|
|
6
6
|
class WinevtSAXparser < Parser
|
7
7
|
Fluent::Plugin.register_parser('winevt_sax', self)
|
8
8
|
|
9
|
+
config_param :preserve_qualifiers, :bool, default: true
|
10
|
+
|
9
11
|
def winevt_xml?
|
10
12
|
true
|
11
13
|
end
|
12
14
|
|
15
|
+
def preserve_qualifiers?
|
16
|
+
@preserve_qualifiers
|
17
|
+
end
|
18
|
+
|
13
19
|
def parse(text)
|
14
|
-
evtxml = WinevtXMLDocument.new
|
20
|
+
evtxml = WinevtXMLDocument.new(@preserve_qualifiers)
|
15
21
|
parser = Nokogiri::XML::SAX::Parser.new(evtxml)
|
16
22
|
parser.parse(text)
|
17
23
|
time = @estimate_current_event ? Fluent::EventTime.now : nil
|
@@ -5,18 +5,43 @@ module Fluent::Plugin
|
|
5
5
|
class WinevtXMLparser < Parser
|
6
6
|
Fluent::Plugin.register_parser('winevt_xml', self)
|
7
7
|
|
8
|
+
config_param :preserve_qualifiers, :bool, default: true
|
9
|
+
|
8
10
|
def winevt_xml?
|
9
11
|
true
|
10
12
|
end
|
11
13
|
|
14
|
+
def preserve_qualifiers?
|
15
|
+
@preserve_qualifiers
|
16
|
+
end
|
17
|
+
|
18
|
+
def MAKELONG(low, high)
|
19
|
+
(low & 0xffff) | (high & 0xffff) << 16
|
20
|
+
end
|
21
|
+
|
22
|
+
def event_id(system_elem)
|
23
|
+
return (system_elem/'EventID').text rescue nil if @preserve_qualifiers
|
24
|
+
|
25
|
+
qualifiers = (system_elem/'EventID').attribute("Qualifiers").text rescue nil
|
26
|
+
if qualifiers
|
27
|
+
event_id = (system_elem/'EventID').text
|
28
|
+
event_id = MAKELONG(event_id.to_i, qualifiers.to_i)
|
29
|
+
event_id.to_s
|
30
|
+
else
|
31
|
+
(system_elem/'EventID').text rescue nil
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
12
35
|
def parse(text)
|
13
36
|
record = {}
|
14
37
|
doc = Nokogiri::XML(text)
|
15
38
|
system_elem = doc/'Event'/'System'
|
16
39
|
record["ProviderName"] = (system_elem/"Provider").attribute("Name").text rescue nil
|
17
40
|
record["ProviderGUID"] = (system_elem/"Provider").attribute("Guid").text rescue nil
|
18
|
-
|
19
|
-
|
41
|
+
if @preserve_qualifiers
|
42
|
+
record["Qualifiers"] = (system_elem/'EventID').attribute("Qualifiers").text rescue nil
|
43
|
+
end
|
44
|
+
record["EventID"] = event_id(system_elem)
|
20
45
|
record["Level"] = (system_elem/'Level').text rescue nil
|
21
46
|
record["Task"] = (system_elem/'Task').text rescue nil
|
22
47
|
record["Opcode"] = (system_elem/'Opcode').text rescue nil
|
@@ -1,12 +1,35 @@
|
|
1
1
|
require 'nokogiri'
|
2
2
|
|
3
3
|
class WinevtXMLDocument < Nokogiri::XML::SAX::Document
|
4
|
-
|
5
|
-
|
6
|
-
def initialize
|
4
|
+
def initialize(preserve_qualifiers)
|
7
5
|
@stack = []
|
8
6
|
@result = {}
|
9
|
-
|
7
|
+
@preserve_qualifiers = preserve_qualifiers
|
8
|
+
super()
|
9
|
+
end
|
10
|
+
|
11
|
+
def MAKELONG(low, high)
|
12
|
+
(low & 0xffff) | (high & 0xffff) << 16
|
13
|
+
end
|
14
|
+
|
15
|
+
def event_id
|
16
|
+
if @result.has_key?("Qualifiers")
|
17
|
+
qualifiers = @result.delete("Qualifiers")
|
18
|
+
event_id = @result['EventID']
|
19
|
+
event_id = MAKELONG(event_id.to_i, qualifiers.to_i)
|
20
|
+
@result['EventID'] = event_id.to_s
|
21
|
+
else
|
22
|
+
@result['EventID']
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def result
|
27
|
+
return @result if @preserve_qualifiers
|
28
|
+
|
29
|
+
if @result
|
30
|
+
@result['EventID'] = event_id
|
31
|
+
end
|
32
|
+
@result
|
10
33
|
end
|
11
34
|
|
12
35
|
def start_document
|
@@ -16,7 +39,7 @@ class WinevtXMLDocument < Nokogiri::XML::SAX::Document
|
|
16
39
|
@stack << name
|
17
40
|
|
18
41
|
if name == "Provider"
|
19
|
-
@result["
|
42
|
+
@result["ProviderName"] = attributes[0][1] rescue nil
|
20
43
|
@result["ProviderGUID"] = attributes[1][1] rescue nil
|
21
44
|
elsif name == "EventID"
|
22
45
|
@result["Qualifiers"] = attributes[0][1] rescue nil
|
@@ -0,0 +1 @@
|
|
1
|
+
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Security-SPP' Guid='{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}' EventSourceName='Software Protection Platform Service'/><EventID Qualifiers='49152'>16394</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2020-01-16T09:57:18.013693700Z'/><EventRecordID>150731</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>DESKTOP-G457RDR</Computer><Security/></System><EventData></EventData></Event>
|
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
require_relative '../helper'
|
2
2
|
|
3
3
|
class WinevtSAXparserTest < Test::Unit::TestCase
|
4
4
|
|
@@ -16,7 +16,7 @@ class WinevtSAXparserTest < Test::Unit::TestCase
|
|
16
16
|
def test_parse
|
17
17
|
d = create_driver
|
18
18
|
xml = XMLLOG
|
19
|
-
expected = {"
|
19
|
+
expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
|
20
20
|
"ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
|
21
21
|
"EventID" => "4624",
|
22
22
|
"Qualifiers" => nil,
|
@@ -40,4 +40,40 @@ class WinevtSAXparserTest < Test::Unit::TestCase
|
|
40
40
|
|
41
41
|
assert_true(d.instance.winevt_xml?)
|
42
42
|
end
|
43
|
+
|
44
|
+
class QualifiersTest < self
|
45
|
+
def setup
|
46
|
+
@xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
|
47
|
+
end
|
48
|
+
|
49
|
+
def teardown
|
50
|
+
@xml.close
|
51
|
+
end
|
52
|
+
|
53
|
+
def test_parse_without_qualifiers
|
54
|
+
d = create_driver CONFIG + %[preserve_qualifiers false]
|
55
|
+
expected = {"ActivityID" => nil,
|
56
|
+
"Channel" => "Application",
|
57
|
+
"Computer" => "DESKTOP-G457RDR",
|
58
|
+
"EventID" => "3221241866",
|
59
|
+
"EventRecordID" => "150731",
|
60
|
+
"Keywords" => "0x80000000000000",
|
61
|
+
"Level" => "4",
|
62
|
+
"Opcode" => "0",
|
63
|
+
"ProcessID" => "0",
|
64
|
+
"ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
|
65
|
+
"ProviderName" => "Microsoft-Windows-Security-SPP",
|
66
|
+
"RelatedActivityID" => nil,
|
67
|
+
"Task" => "0",
|
68
|
+
"ThreadID" => "0",
|
69
|
+
"TimeCreated" => "2020-01-16T09:57:18.013693700Z",
|
70
|
+
"UserID" => nil,
|
71
|
+
"Version" => "0"}
|
72
|
+
d.instance.parse(@xml) do |time, record|
|
73
|
+
assert_equal(expected, record)
|
74
|
+
end
|
75
|
+
|
76
|
+
assert_true(d.instance.winevt_xml?)
|
77
|
+
end
|
78
|
+
end
|
43
79
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
require_relative '../helper'
|
2
2
|
|
3
3
|
class WinevtXMLparserTest < Test::Unit::TestCase
|
4
4
|
|
@@ -7,7 +7,7 @@ class WinevtXMLparserTest < Test::Unit::TestCase
|
|
7
7
|
end
|
8
8
|
|
9
9
|
CONFIG = %[]
|
10
|
-
XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml")
|
10
|
+
XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml"))
|
11
11
|
|
12
12
|
def create_driver(conf = CONFIG)
|
13
13
|
Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtXMLparser).configure(conf)
|
@@ -37,7 +37,44 @@ class WinevtXMLparserTest < Test::Unit::TestCase
|
|
37
37
|
d.instance.parse(xml) do |time, record|
|
38
38
|
assert_equal(expected, record)
|
39
39
|
end
|
40
|
+
xml.close
|
40
41
|
|
41
42
|
assert_true(d.instance.winevt_xml?)
|
42
43
|
end
|
44
|
+
|
45
|
+
class QualifiersTest < self
|
46
|
+
def setup
|
47
|
+
@xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
|
48
|
+
end
|
49
|
+
|
50
|
+
def teardown
|
51
|
+
@xml.close
|
52
|
+
end
|
53
|
+
|
54
|
+
def test_without_qualifiers
|
55
|
+
d = create_driver CONFIG + %[preserve_qualifiers false]
|
56
|
+
expected = {"ActivityID" => nil,
|
57
|
+
"Channel" => "Application",
|
58
|
+
"Computer" => "DESKTOP-G457RDR",
|
59
|
+
"EventID" => "3221241866",
|
60
|
+
"EventRecordID" => "150731",
|
61
|
+
"Keywords" => "0x80000000000000",
|
62
|
+
"Level" => "4",
|
63
|
+
"Opcode" => "0",
|
64
|
+
"ProcessID" => "0",
|
65
|
+
"ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
|
66
|
+
"ProviderName" => "Microsoft-Windows-Security-SPP",
|
67
|
+
"RelatedActivityID" => nil,
|
68
|
+
"Task" => "0",
|
69
|
+
"ThreadID" => "0",
|
70
|
+
"TimeCreated" => "2020-01-16T09:57:18.013693700Z",
|
71
|
+
"UserID" => nil,
|
72
|
+
"Version" => "0"}
|
73
|
+
d.instance.parse(@xml) do |time, record|
|
74
|
+
assert_equal(expected, record)
|
75
|
+
end
|
76
|
+
|
77
|
+
assert_true(d.instance.winevt_xml?)
|
78
|
+
end
|
79
|
+
end
|
43
80
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-parser-winevt_xml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Hiroshi Hatake
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2021-09-29 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -45,14 +45,14 @@ dependencies:
|
|
45
45
|
requirements:
|
46
46
|
- - "~>"
|
47
47
|
- !ruby/object:Gem::Version
|
48
|
-
version: 3.
|
48
|
+
version: 3.4.0
|
49
49
|
type: :development
|
50
50
|
prerelease: false
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
52
52
|
requirements:
|
53
53
|
- - "~>"
|
54
54
|
- !ruby/object:Gem::Version
|
55
|
-
version: 3.
|
55
|
+
version: 3.4.0
|
56
56
|
- !ruby/object:Gem::Dependency
|
57
57
|
name: fluentd
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
@@ -77,16 +77,22 @@ dependencies:
|
|
77
77
|
name: nokogiri
|
78
78
|
requirement: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
|
-
- - "
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: 1.12.5
|
83
|
+
- - "<"
|
81
84
|
- !ruby/object:Gem::Version
|
82
|
-
version: '1.
|
85
|
+
version: '1.13'
|
83
86
|
type: :runtime
|
84
87
|
prerelease: false
|
85
88
|
version_requirements: !ruby/object:Gem::Requirement
|
86
89
|
requirements:
|
87
|
-
- - "
|
90
|
+
- - ">="
|
91
|
+
- !ruby/object:Gem::Version
|
92
|
+
version: 1.12.5
|
93
|
+
- - "<"
|
88
94
|
- !ruby/object:Gem::Version
|
89
|
-
version: '1.
|
95
|
+
version: '1.13'
|
90
96
|
description: Fluentd Parser plugin to parse XML rendered windows event log.
|
91
97
|
email:
|
92
98
|
- cosmo0920.oucc@gmail.com
|
@@ -95,8 +101,10 @@ executables: []
|
|
95
101
|
extensions: []
|
96
102
|
extra_rdoc_files: []
|
97
103
|
files:
|
104
|
+
- ".github/workflows/linux-test.yaml"
|
105
|
+
- ".github/workflows/macos-test.yaml"
|
106
|
+
- ".github/workflows/windows-test.yaml"
|
98
107
|
- ".gitignore"
|
99
|
-
- ".travis.yml"
|
100
108
|
- Gemfile
|
101
109
|
- LICENSE
|
102
110
|
- README.md
|
@@ -106,6 +114,7 @@ files:
|
|
106
114
|
- lib/fluent/plugin/parser_winevt_sax.rb
|
107
115
|
- lib/fluent/plugin/parser_winevt_xml.rb
|
108
116
|
- lib/fluent/plugin/winevt_sax_document.rb
|
117
|
+
- test/data/eventlog-with-qualifiers.xml
|
109
118
|
- test/data/eventlog.xml
|
110
119
|
- test/helper.rb
|
111
120
|
- test/plugin/test_parser_winevt_sax.rb
|
@@ -129,11 +138,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
129
138
|
- !ruby/object:Gem::Version
|
130
139
|
version: '0'
|
131
140
|
requirements: []
|
132
|
-
rubygems_version: 3.
|
141
|
+
rubygems_version: 3.2.22
|
133
142
|
signing_key:
|
134
143
|
specification_version: 4
|
135
144
|
summary: Fluentd Parser plugin to parse XML rendered windows event log.
|
136
145
|
test_files:
|
146
|
+
- test/data/eventlog-with-qualifiers.xml
|
137
147
|
- test/data/eventlog.xml
|
138
148
|
- test/helper.rb
|
139
149
|
- test/plugin/test_parser_winevt_sax.rb
|