fluent-plugin-parser-winevt_xml 0.2.0 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/linux-test.yaml +34 -0
- data/.github/workflows/macos-test.yaml +28 -0
- data/.github/workflows/windows-test.yaml +28 -0
- data/README.md +10 -0
- data/appveyor.yml +7 -2
- data/fluent-plugin-parser-winevt_xml.gemspec +3 -3
- data/lib/fluent/plugin/parser_winevt_sax.rb +7 -1
- data/lib/fluent/plugin/parser_winevt_xml.rb +27 -2
- data/lib/fluent/plugin/winevt_sax_document.rb +28 -5
- data/test/data/eventlog-with-qualifiers.xml +1 -0
- data/test/plugin/test_parser_winevt_sax.rb +38 -2
- data/test/plugin/test_parser_winevt_xml.rb +39 -2
- metadata +20 -10
- data/.travis.yml +0 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cf661a22efc8f59fea1349378dd616e3492f8f744a4b2828ca92bcaa07104ee8
|
|
4
|
+
data.tar.gz: 225be6df196b003016e6ff05ecba7d0860e154ee5e666d8361dd48ea9f40536d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8cfb8dd8e674678fcda0d78f56b6ed782e36aae204039d895525905438ad4b2c6fbb0156e439694af778ebd34ba9e2d3028e12871582cbc50c44b06a953a047c
|
|
7
|
+
data.tar.gz: f7092485efbcc4ccf2e45448c604f4cc63663922567aa48200a091fc7e92f14ad4b12fd384d6a760df250574c25643d95624963ca482cc0120e9bd52a36ec049
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
name: Testing on Ubuntu
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [master]
|
|
6
|
+
pull_request:
|
|
7
|
+
branches: [master]
|
|
8
|
+
|
|
9
|
+
jobs:
|
|
10
|
+
test:
|
|
11
|
+
runs-on: ${{ matrix.os }}
|
|
12
|
+
continue-on-error: ${{ matrix.experimental }}
|
|
13
|
+
strategy:
|
|
14
|
+
fail-fast: false
|
|
15
|
+
matrix:
|
|
16
|
+
ruby: ['3.0', '2.7', '2.6']
|
|
17
|
+
os: [ubuntu-latest]
|
|
18
|
+
experimental: [false]
|
|
19
|
+
include:
|
|
20
|
+
- ruby: head
|
|
21
|
+
os: ubuntu-latest
|
|
22
|
+
experimental: true
|
|
23
|
+
|
|
24
|
+
name: Unit testing with Ruby ${{ matrix.ruby }} on ${{ matrix.os }}
|
|
25
|
+
steps:
|
|
26
|
+
- uses: actions/checkout@v2
|
|
27
|
+
- name: Set up Ruby
|
|
28
|
+
uses: ruby/setup-ruby@v1
|
|
29
|
+
with:
|
|
30
|
+
ruby-version: ${{ matrix.ruby }}
|
|
31
|
+
- name: Install dependencies
|
|
32
|
+
run: bundle install
|
|
33
|
+
- name: Run tests
|
|
34
|
+
run: bundle exec rake test
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
name: Testing on macOS
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [master]
|
|
6
|
+
pull_request:
|
|
7
|
+
branches: [master]
|
|
8
|
+
|
|
9
|
+
jobs:
|
|
10
|
+
test:
|
|
11
|
+
runs-on: ${{ matrix.os }}
|
|
12
|
+
strategy:
|
|
13
|
+
fail-fast: false
|
|
14
|
+
matrix:
|
|
15
|
+
ruby: ['3.0', '2.7', '2.6']
|
|
16
|
+
os: [macos-latest]
|
|
17
|
+
|
|
18
|
+
name: Unit testing with Ruby ${{ matrix.ruby }} on ${{ matrix.os }}
|
|
19
|
+
steps:
|
|
20
|
+
- uses: actions/checkout@v2
|
|
21
|
+
- name: Set up Ruby
|
|
22
|
+
uses: ruby/setup-ruby@v1
|
|
23
|
+
with:
|
|
24
|
+
ruby-version: ${{ matrix.ruby }}
|
|
25
|
+
- name: Install dependencies
|
|
26
|
+
run: bundle install
|
|
27
|
+
- name: Run tests
|
|
28
|
+
run: bundle exec rake test
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
name: Testing on Windows
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [master]
|
|
6
|
+
pull_request:
|
|
7
|
+
branches: [master]
|
|
8
|
+
|
|
9
|
+
jobs:
|
|
10
|
+
test:
|
|
11
|
+
runs-on: ${{ matrix.os }}
|
|
12
|
+
strategy:
|
|
13
|
+
fail-fast: false
|
|
14
|
+
matrix:
|
|
15
|
+
ruby: ['3.0', '2.7', '2.6']
|
|
16
|
+
os:
|
|
17
|
+
- windows-latest
|
|
18
|
+
name: Unit testing with Ruby ${{ matrix.ruby }} on ${{ matrix.os }}
|
|
19
|
+
steps:
|
|
20
|
+
- uses: actions/checkout@v2
|
|
21
|
+
- name: Set up Ruby
|
|
22
|
+
uses: ruby/setup-ruby@v1
|
|
23
|
+
with:
|
|
24
|
+
ruby-version: ${{ matrix.ruby }}
|
|
25
|
+
- name: Install dependencies
|
|
26
|
+
run: ridk exec bundle install
|
|
27
|
+
- name: Run tests
|
|
28
|
+
run: bundle exec rake test
|
data/README.md
CHANGED
|
@@ -22,9 +22,14 @@ gem install fluent-plugin-parser-winevt_xml
|
|
|
22
22
|
```aconf
|
|
23
23
|
<parse>
|
|
24
24
|
@type winevt_xml
|
|
25
|
+
preserve_qualifiers true
|
|
25
26
|
</parse>
|
|
26
27
|
```
|
|
27
28
|
|
|
29
|
+
#### preserve_qualifiers
|
|
30
|
+
|
|
31
|
+
Preserve Qualifiers key instead of calculating actual EventID with Qualifiers. Default is `true`.
|
|
32
|
+
|
|
28
33
|
### parser_winevt_sax
|
|
29
34
|
|
|
30
35
|
This plugin is a bit faster than `winevt_xml`.
|
|
@@ -32,9 +37,14 @@ This plugin is a bit faster than `winevt_xml`.
|
|
|
32
37
|
```aconf
|
|
33
38
|
<parse>
|
|
34
39
|
@type winevt_sax
|
|
40
|
+
preserve_qualifiers true
|
|
35
41
|
</parse>
|
|
36
42
|
```
|
|
37
43
|
|
|
44
|
+
#### preserve_qualifiers
|
|
45
|
+
|
|
46
|
+
Preserve Qualifiers key instead of calculating actual EventID with Qualifiers. Default is `true`.
|
|
47
|
+
|
|
38
48
|
## Copyright
|
|
39
49
|
|
|
40
50
|
### Copyright
|
data/appveyor.yml
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
version: '{build}'
|
|
2
|
+
image: Visual Studio 2019
|
|
2
3
|
|
|
3
4
|
# init:
|
|
4
5
|
# - ps: iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
|
|
@@ -20,5 +21,9 @@ branches:
|
|
|
20
21
|
# https://www.appveyor.com/docs/installed-software/#ruby
|
|
21
22
|
environment:
|
|
22
23
|
matrix:
|
|
23
|
-
- ruby_version: "
|
|
24
|
-
- ruby_version: "
|
|
24
|
+
- ruby_version: "30-x64"
|
|
25
|
+
- ruby_version: "30"
|
|
26
|
+
- ruby_version: "27-x64"
|
|
27
|
+
- ruby_version: "27"
|
|
28
|
+
- ruby_version: "26-x64"
|
|
29
|
+
- ruby_version: "26"
|
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "fluent-plugin-parser-winevt_xml"
|
|
7
|
-
spec.version = "0.2.
|
|
7
|
+
spec.version = "0.2.3"
|
|
8
8
|
spec.authors = ["Hiroshi Hatake", "Masahiro Nakagawa"]
|
|
9
9
|
spec.email = ["cosmo0920.oucc@gmail.com", "repeatedly@gmail.com"]
|
|
10
10
|
spec.summary = %q{Fluentd Parser plugin to parse XML rendered windows event log.}
|
|
@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
|
|
|
19
19
|
|
|
20
20
|
spec.add_development_dependency "bundler"
|
|
21
21
|
spec.add_development_dependency "rake"
|
|
22
|
-
spec.add_development_dependency "test-unit", "~> 3.
|
|
22
|
+
spec.add_development_dependency "test-unit", "~> 3.4.0"
|
|
23
23
|
spec.add_runtime_dependency "fluentd", [">= 0.14.12", "< 2"]
|
|
24
|
-
spec.add_runtime_dependency "nokogiri", "
|
|
24
|
+
spec.add_runtime_dependency "nokogiri", [">= 1.12.5", "< 1.13"]
|
|
25
25
|
end
|
|
@@ -6,12 +6,18 @@ module Fluent::Plugin
|
|
|
6
6
|
class WinevtSAXparser < Parser
|
|
7
7
|
Fluent::Plugin.register_parser('winevt_sax', self)
|
|
8
8
|
|
|
9
|
+
config_param :preserve_qualifiers, :bool, default: true
|
|
10
|
+
|
|
9
11
|
def winevt_xml?
|
|
10
12
|
true
|
|
11
13
|
end
|
|
12
14
|
|
|
15
|
+
def preserve_qualifiers?
|
|
16
|
+
@preserve_qualifiers
|
|
17
|
+
end
|
|
18
|
+
|
|
13
19
|
def parse(text)
|
|
14
|
-
evtxml = WinevtXMLDocument.new
|
|
20
|
+
evtxml = WinevtXMLDocument.new(@preserve_qualifiers)
|
|
15
21
|
parser = Nokogiri::XML::SAX::Parser.new(evtxml)
|
|
16
22
|
parser.parse(text)
|
|
17
23
|
time = @estimate_current_event ? Fluent::EventTime.now : nil
|
|
@@ -5,18 +5,43 @@ module Fluent::Plugin
|
|
|
5
5
|
class WinevtXMLparser < Parser
|
|
6
6
|
Fluent::Plugin.register_parser('winevt_xml', self)
|
|
7
7
|
|
|
8
|
+
config_param :preserve_qualifiers, :bool, default: true
|
|
9
|
+
|
|
8
10
|
def winevt_xml?
|
|
9
11
|
true
|
|
10
12
|
end
|
|
11
13
|
|
|
14
|
+
def preserve_qualifiers?
|
|
15
|
+
@preserve_qualifiers
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def MAKELONG(low, high)
|
|
19
|
+
(low & 0xffff) | (high & 0xffff) << 16
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def event_id(system_elem)
|
|
23
|
+
return (system_elem/'EventID').text rescue nil if @preserve_qualifiers
|
|
24
|
+
|
|
25
|
+
qualifiers = (system_elem/'EventID').attribute("Qualifiers").text rescue nil
|
|
26
|
+
if qualifiers
|
|
27
|
+
event_id = (system_elem/'EventID').text
|
|
28
|
+
event_id = MAKELONG(event_id.to_i, qualifiers.to_i)
|
|
29
|
+
event_id.to_s
|
|
30
|
+
else
|
|
31
|
+
(system_elem/'EventID').text rescue nil
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
12
35
|
def parse(text)
|
|
13
36
|
record = {}
|
|
14
37
|
doc = Nokogiri::XML(text)
|
|
15
38
|
system_elem = doc/'Event'/'System'
|
|
16
39
|
record["ProviderName"] = (system_elem/"Provider").attribute("Name").text rescue nil
|
|
17
40
|
record["ProviderGUID"] = (system_elem/"Provider").attribute("Guid").text rescue nil
|
|
18
|
-
|
|
19
|
-
|
|
41
|
+
if @preserve_qualifiers
|
|
42
|
+
record["Qualifiers"] = (system_elem/'EventID').attribute("Qualifiers").text rescue nil
|
|
43
|
+
end
|
|
44
|
+
record["EventID"] = event_id(system_elem)
|
|
20
45
|
record["Level"] = (system_elem/'Level').text rescue nil
|
|
21
46
|
record["Task"] = (system_elem/'Task').text rescue nil
|
|
22
47
|
record["Opcode"] = (system_elem/'Opcode').text rescue nil
|
|
@@ -1,12 +1,35 @@
|
|
|
1
1
|
require 'nokogiri'
|
|
2
2
|
|
|
3
3
|
class WinevtXMLDocument < Nokogiri::XML::SAX::Document
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
def initialize
|
|
4
|
+
def initialize(preserve_qualifiers)
|
|
7
5
|
@stack = []
|
|
8
6
|
@result = {}
|
|
9
|
-
|
|
7
|
+
@preserve_qualifiers = preserve_qualifiers
|
|
8
|
+
super()
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def MAKELONG(low, high)
|
|
12
|
+
(low & 0xffff) | (high & 0xffff) << 16
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def event_id
|
|
16
|
+
if @result.has_key?("Qualifiers")
|
|
17
|
+
qualifiers = @result.delete("Qualifiers")
|
|
18
|
+
event_id = @result['EventID']
|
|
19
|
+
event_id = MAKELONG(event_id.to_i, qualifiers.to_i)
|
|
20
|
+
@result['EventID'] = event_id.to_s
|
|
21
|
+
else
|
|
22
|
+
@result['EventID']
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def result
|
|
27
|
+
return @result if @preserve_qualifiers
|
|
28
|
+
|
|
29
|
+
if @result
|
|
30
|
+
@result['EventID'] = event_id
|
|
31
|
+
end
|
|
32
|
+
@result
|
|
10
33
|
end
|
|
11
34
|
|
|
12
35
|
def start_document
|
|
@@ -16,7 +39,7 @@ class WinevtXMLDocument < Nokogiri::XML::SAX::Document
|
|
|
16
39
|
@stack << name
|
|
17
40
|
|
|
18
41
|
if name == "Provider"
|
|
19
|
-
@result["
|
|
42
|
+
@result["ProviderName"] = attributes[0][1] rescue nil
|
|
20
43
|
@result["ProviderGUID"] = attributes[1][1] rescue nil
|
|
21
44
|
elsif name == "EventID"
|
|
22
45
|
@result["Qualifiers"] = attributes[0][1] rescue nil
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Security-SPP' Guid='{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}' EventSourceName='Software Protection Platform Service'/><EventID Qualifiers='49152'>16394</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2020-01-16T09:57:18.013693700Z'/><EventRecordID>150731</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>DESKTOP-G457RDR</Computer><Security/></System><EventData></EventData></Event>
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
|
|
1
|
+
require_relative '../helper'
|
|
2
2
|
|
|
3
3
|
class WinevtSAXparserTest < Test::Unit::TestCase
|
|
4
4
|
|
|
@@ -16,7 +16,7 @@ class WinevtSAXparserTest < Test::Unit::TestCase
|
|
|
16
16
|
def test_parse
|
|
17
17
|
d = create_driver
|
|
18
18
|
xml = XMLLOG
|
|
19
|
-
expected = {"
|
|
19
|
+
expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
|
|
20
20
|
"ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
|
|
21
21
|
"EventID" => "4624",
|
|
22
22
|
"Qualifiers" => nil,
|
|
@@ -40,4 +40,40 @@ class WinevtSAXparserTest < Test::Unit::TestCase
|
|
|
40
40
|
|
|
41
41
|
assert_true(d.instance.winevt_xml?)
|
|
42
42
|
end
|
|
43
|
+
|
|
44
|
+
class QualifiersTest < self
|
|
45
|
+
def setup
|
|
46
|
+
@xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def teardown
|
|
50
|
+
@xml.close
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def test_parse_without_qualifiers
|
|
54
|
+
d = create_driver CONFIG + %[preserve_qualifiers false]
|
|
55
|
+
expected = {"ActivityID" => nil,
|
|
56
|
+
"Channel" => "Application",
|
|
57
|
+
"Computer" => "DESKTOP-G457RDR",
|
|
58
|
+
"EventID" => "3221241866",
|
|
59
|
+
"EventRecordID" => "150731",
|
|
60
|
+
"Keywords" => "0x80000000000000",
|
|
61
|
+
"Level" => "4",
|
|
62
|
+
"Opcode" => "0",
|
|
63
|
+
"ProcessID" => "0",
|
|
64
|
+
"ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
|
|
65
|
+
"ProviderName" => "Microsoft-Windows-Security-SPP",
|
|
66
|
+
"RelatedActivityID" => nil,
|
|
67
|
+
"Task" => "0",
|
|
68
|
+
"ThreadID" => "0",
|
|
69
|
+
"TimeCreated" => "2020-01-16T09:57:18.013693700Z",
|
|
70
|
+
"UserID" => nil,
|
|
71
|
+
"Version" => "0"}
|
|
72
|
+
d.instance.parse(@xml) do |time, record|
|
|
73
|
+
assert_equal(expected, record)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
assert_true(d.instance.winevt_xml?)
|
|
77
|
+
end
|
|
78
|
+
end
|
|
43
79
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
|
|
1
|
+
require_relative '../helper'
|
|
2
2
|
|
|
3
3
|
class WinevtXMLparserTest < Test::Unit::TestCase
|
|
4
4
|
|
|
@@ -7,7 +7,7 @@ class WinevtXMLparserTest < Test::Unit::TestCase
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
CONFIG = %[]
|
|
10
|
-
XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml")
|
|
10
|
+
XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml"))
|
|
11
11
|
|
|
12
12
|
def create_driver(conf = CONFIG)
|
|
13
13
|
Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtXMLparser).configure(conf)
|
|
@@ -37,7 +37,44 @@ class WinevtXMLparserTest < Test::Unit::TestCase
|
|
|
37
37
|
d.instance.parse(xml) do |time, record|
|
|
38
38
|
assert_equal(expected, record)
|
|
39
39
|
end
|
|
40
|
+
xml.close
|
|
40
41
|
|
|
41
42
|
assert_true(d.instance.winevt_xml?)
|
|
42
43
|
end
|
|
44
|
+
|
|
45
|
+
class QualifiersTest < self
|
|
46
|
+
def setup
|
|
47
|
+
@xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def teardown
|
|
51
|
+
@xml.close
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def test_without_qualifiers
|
|
55
|
+
d = create_driver CONFIG + %[preserve_qualifiers false]
|
|
56
|
+
expected = {"ActivityID" => nil,
|
|
57
|
+
"Channel" => "Application",
|
|
58
|
+
"Computer" => "DESKTOP-G457RDR",
|
|
59
|
+
"EventID" => "3221241866",
|
|
60
|
+
"EventRecordID" => "150731",
|
|
61
|
+
"Keywords" => "0x80000000000000",
|
|
62
|
+
"Level" => "4",
|
|
63
|
+
"Opcode" => "0",
|
|
64
|
+
"ProcessID" => "0",
|
|
65
|
+
"ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
|
|
66
|
+
"ProviderName" => "Microsoft-Windows-Security-SPP",
|
|
67
|
+
"RelatedActivityID" => nil,
|
|
68
|
+
"Task" => "0",
|
|
69
|
+
"ThreadID" => "0",
|
|
70
|
+
"TimeCreated" => "2020-01-16T09:57:18.013693700Z",
|
|
71
|
+
"UserID" => nil,
|
|
72
|
+
"Version" => "0"}
|
|
73
|
+
d.instance.parse(@xml) do |time, record|
|
|
74
|
+
assert_equal(expected, record)
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
assert_true(d.instance.winevt_xml?)
|
|
78
|
+
end
|
|
79
|
+
end
|
|
43
80
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-parser-winevt_xml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Hatake
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2021-09-29 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|
|
@@ -45,14 +45,14 @@ dependencies:
|
|
|
45
45
|
requirements:
|
|
46
46
|
- - "~>"
|
|
47
47
|
- !ruby/object:Gem::Version
|
|
48
|
-
version: 3.
|
|
48
|
+
version: 3.4.0
|
|
49
49
|
type: :development
|
|
50
50
|
prerelease: false
|
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
|
52
52
|
requirements:
|
|
53
53
|
- - "~>"
|
|
54
54
|
- !ruby/object:Gem::Version
|
|
55
|
-
version: 3.
|
|
55
|
+
version: 3.4.0
|
|
56
56
|
- !ruby/object:Gem::Dependency
|
|
57
57
|
name: fluentd
|
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -77,16 +77,22 @@ dependencies:
|
|
|
77
77
|
name: nokogiri
|
|
78
78
|
requirement: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
|
-
- - "
|
|
80
|
+
- - ">="
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: 1.12.5
|
|
83
|
+
- - "<"
|
|
81
84
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: '1.
|
|
85
|
+
version: '1.13'
|
|
83
86
|
type: :runtime
|
|
84
87
|
prerelease: false
|
|
85
88
|
version_requirements: !ruby/object:Gem::Requirement
|
|
86
89
|
requirements:
|
|
87
|
-
- - "
|
|
90
|
+
- - ">="
|
|
91
|
+
- !ruby/object:Gem::Version
|
|
92
|
+
version: 1.12.5
|
|
93
|
+
- - "<"
|
|
88
94
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: '1.
|
|
95
|
+
version: '1.13'
|
|
90
96
|
description: Fluentd Parser plugin to parse XML rendered windows event log.
|
|
91
97
|
email:
|
|
92
98
|
- cosmo0920.oucc@gmail.com
|
|
@@ -95,8 +101,10 @@ executables: []
|
|
|
95
101
|
extensions: []
|
|
96
102
|
extra_rdoc_files: []
|
|
97
103
|
files:
|
|
104
|
+
- ".github/workflows/linux-test.yaml"
|
|
105
|
+
- ".github/workflows/macos-test.yaml"
|
|
106
|
+
- ".github/workflows/windows-test.yaml"
|
|
98
107
|
- ".gitignore"
|
|
99
|
-
- ".travis.yml"
|
|
100
108
|
- Gemfile
|
|
101
109
|
- LICENSE
|
|
102
110
|
- README.md
|
|
@@ -106,6 +114,7 @@ files:
|
|
|
106
114
|
- lib/fluent/plugin/parser_winevt_sax.rb
|
|
107
115
|
- lib/fluent/plugin/parser_winevt_xml.rb
|
|
108
116
|
- lib/fluent/plugin/winevt_sax_document.rb
|
|
117
|
+
- test/data/eventlog-with-qualifiers.xml
|
|
109
118
|
- test/data/eventlog.xml
|
|
110
119
|
- test/helper.rb
|
|
111
120
|
- test/plugin/test_parser_winevt_sax.rb
|
|
@@ -129,11 +138,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
129
138
|
- !ruby/object:Gem::Version
|
|
130
139
|
version: '0'
|
|
131
140
|
requirements: []
|
|
132
|
-
rubygems_version: 3.
|
|
141
|
+
rubygems_version: 3.2.22
|
|
133
142
|
signing_key:
|
|
134
143
|
specification_version: 4
|
|
135
144
|
summary: Fluentd Parser plugin to parse XML rendered windows event log.
|
|
136
145
|
test_files:
|
|
146
|
+
- test/data/eventlog-with-qualifiers.xml
|
|
137
147
|
- test/data/eventlog.xml
|
|
138
148
|
- test/helper.rb
|
|
139
149
|
- test/plugin/test_parser_winevt_sax.rb
|