fluent-plugin-parser-winevt_xml 0.2.3.rc1 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/linux-test.yaml +34 -0
  3. data/.github/workflows/macos-test.yaml +28 -0
  4. data/.github/workflows/windows-test.yaml +28 -0
  5. data/.gitignore +14 -14
  6. data/Gemfile +4 -4
  7. data/LICENSE +201 -201
  8. data/README.md +56 -56
  9. data/Rakefile +10 -10
  10. data/appveyor.yml +29 -24
  11. data/fluent-plugin-parser-winevt_xml.gemspec +25 -25
  12. data/lib/fluent/plugin/parser_winevt_sax.rb +27 -27
  13. data/lib/fluent/plugin/parser_winevt_xml.rb +63 -63
  14. data/lib/fluent/plugin/winevt_sax_document.rb +73 -73
  15. data/test/data/eventlog-with-qualifiers.xml +1 -1
  16. data/test/data/eventlog.xml +1 -1
  17. data/test/helper.rb +24 -24
  18. data/test/plugin/test_parser_winevt_sax.rb +79 -79
  19. data/test/plugin/test_parser_winevt_xml.rb +80 -80
  20. metadata +14 -13
  21. data/.travis.yml +0 -15
data/test/plugin/test_parser_winevt_sax.rb CHANGED
@@ -1,79 +1,79 @@
1
- require_relative '../helper'
2
-
3
- class WinevtSAXparserTest < Test::Unit::TestCase
4
-
5
- def setup
6
- Fluent::Test.setup
7
- end
8
-
9
- CONFIG = %[]
10
- XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml") )
11
-
12
- def create_driver(conf = CONFIG)
13
- Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtSAXparser).configure(conf)
14
- end
15
-
16
- def test_parse
17
- d = create_driver
18
- xml = XMLLOG
19
- expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
20
- "ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
21
- "EventID" => "4624",
22
- "Qualifiers" => nil,
23
- "Level" => "0",
24
- "Task" => "12544",
25
- "Opcode" => "0",
26
- "Keywords" => "0x8020000000000000",
27
- "TimeCreated" => "2019-06-13T09:21:23.345889600Z",
28
- "EventRecordID" => "80688",
29
- "ActivityID" => "{587F0743-1F71-0006-5007-7F58711FD501}",
30
- "RelatedActivityID" => nil,
31
- "ProcessID" => "912",
32
- "ThreadID" => "24708",
33
- "Channel" => "Security",
34
- "Computer" => "Fluentd-Developing-Windows",
35
- "UserID" => nil,
36
- "Version" => "2",}
37
- d.instance.parse(xml) do |time, record|
38
- assert_equal(expected, record)
39
- end
40
-
41
- assert_true(d.instance.winevt_xml?)
42
- end
43
-
44
- class QualifiersTest < self
45
- def setup
46
- @xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
47
- end
48
-
49
- def teardown
50
- @xml.close
51
- end
52
-
53
- def test_parse_without_qualifiers
54
- d = create_driver CONFIG + %[preserve_qualifiers false]
55
- expected = {"ActivityID" => nil,
56
- "Channel" => "Application",
57
- "Computer" => "DESKTOP-G457RDR",
58
- "EventID" => "3221241866",
59
- "EventRecordID" => "150731",
60
- "Keywords" => "0x80000000000000",
61
- "Level" => "4",
62
- "Opcode" => "0",
63
- "ProcessID" => "0",
64
- "ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
65
- "ProviderName" => "Microsoft-Windows-Security-SPP",
66
- "RelatedActivityID" => nil,
67
- "Task" => "0",
68
- "ThreadID" => "0",
69
- "TimeCreated" => "2020-01-16T09:57:18.013693700Z",
70
- "UserID" => nil,
71
- "Version" => "0"}
72
- d.instance.parse(@xml) do |time, record|
73
- assert_equal(expected, record)
74
- end
75
-
76
- assert_true(d.instance.winevt_xml?)
77
- end
78
- end
79
- end
1
+ require_relative '../helper'
2
+
3
+ class WinevtSAXparserTest < Test::Unit::TestCase
4
+
5
+ def setup
6
+ Fluent::Test.setup
7
+ end
8
+
9
+ CONFIG = %[]
10
+ XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml") )
11
+
12
+ def create_driver(conf = CONFIG)
13
+ Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtSAXparser).configure(conf)
14
+ end
15
+
16
+ def test_parse
17
+ d = create_driver
18
+ xml = XMLLOG
19
+ expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
20
+ "ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
21
+ "EventID" => "4624",
22
+ "Qualifiers" => nil,
23
+ "Level" => "0",
24
+ "Task" => "12544",
25
+ "Opcode" => "0",
26
+ "Keywords" => "0x8020000000000000",
27
+ "TimeCreated" => "2019-06-13T09:21:23.345889600Z",
28
+ "EventRecordID" => "80688",
29
+ "ActivityID" => "{587F0743-1F71-0006-5007-7F58711FD501}",
30
+ "RelatedActivityID" => nil,
31
+ "ProcessID" => "912",
32
+ "ThreadID" => "24708",
33
+ "Channel" => "Security",
34
+ "Computer" => "Fluentd-Developing-Windows",
35
+ "UserID" => nil,
36
+ "Version" => "2",}
37
+ d.instance.parse(xml) do |time, record|
38
+ assert_equal(expected, record)
39
+ end
40
+
41
+ assert_true(d.instance.winevt_xml?)
42
+ end
43
+
44
+ class QualifiersTest < self
45
+ def setup
46
+ @xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
47
+ end
48
+
49
+ def teardown
50
+ @xml.close
51
+ end
52
+
53
+ def test_parse_without_qualifiers
54
+ d = create_driver CONFIG + %[preserve_qualifiers false]
55
+ expected = {"ActivityID" => nil,
56
+ "Channel" => "Application",
57
+ "Computer" => "DESKTOP-G457RDR",
58
+ "EventID" => "3221241866",
59
+ "EventRecordID" => "150731",
60
+ "Keywords" => "0x80000000000000",
61
+ "Level" => "4",
62
+ "Opcode" => "0",
63
+ "ProcessID" => "0",
64
+ "ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
65
+ "ProviderName" => "Microsoft-Windows-Security-SPP",
66
+ "RelatedActivityID" => nil,
67
+ "Task" => "0",
68
+ "ThreadID" => "0",
69
+ "TimeCreated" => "2020-01-16T09:57:18.013693700Z",
70
+ "UserID" => nil,
71
+ "Version" => "0"}
72
+ d.instance.parse(@xml) do |time, record|
73
+ assert_equal(expected, record)
74
+ end
75
+
76
+ assert_true(d.instance.winevt_xml?)
77
+ end
78
+ end
79
+ end
data/test/plugin/test_parser_winevt_xml.rb CHANGED
@@ -1,80 +1,80 @@
1
- require_relative '../helper'
2
-
3
- class WinevtXMLparserTest < Test::Unit::TestCase
4
-
5
- def setup
6
- Fluent::Test.setup
7
- end
8
-
9
- CONFIG = %[]
10
- XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml"))
11
-
12
- def create_driver(conf = CONFIG)
13
- Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtXMLparser).configure(conf)
14
- end
15
-
16
- def test_parse
17
- d = create_driver
18
- xml = XMLLOG
19
- expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
20
- "ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
21
- "EventID" => "4624",
22
- "Qualifiers" => nil,
23
- "Level" => "0",
24
- "Task" => "12544",
25
- "Opcode" => "0",
26
- "Keywords" => "0x8020000000000000",
27
- "TimeCreated" => "2019-06-13T09:21:23.345889600Z",
28
- "EventRecordID" => "80688",
29
- "ActivityID" => "{587F0743-1F71-0006-5007-7F58711FD501}",
30
- "RelatedActivityID" => nil,
31
- "ProcessID" => "912",
32
- "ThreadID" => "24708",
33
- "Channel" => "Security",
34
- "Computer" => "Fluentd-Developing-Windows",
35
- "UserID" => nil,
36
- "Version" => "2",}
37
- d.instance.parse(xml) do |time, record|
38
- assert_equal(expected, record)
39
- end
40
- xml.close
41
-
42
- assert_true(d.instance.winevt_xml?)
43
- end
44
-
45
- class QualifiersTest < self
46
- def setup
47
- @xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
48
- end
49
-
50
- def teardown
51
- @xml.close
52
- end
53
-
54
- def test_without_qualifiers
55
- d = create_driver CONFIG + %[preserve_qualifiers false]
56
- expected = {"ActivityID" => nil,
57
- "Channel" => "Application",
58
- "Computer" => "DESKTOP-G457RDR",
59
- "EventID" => "3221241866",
60
- "EventRecordID" => "150731",
61
- "Keywords" => "0x80000000000000",
62
- "Level" => "4",
63
- "Opcode" => "0",
64
- "ProcessID" => "0",
65
- "ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
66
- "ProviderName" => "Microsoft-Windows-Security-SPP",
67
- "RelatedActivityID" => nil,
68
- "Task" => "0",
69
- "ThreadID" => "0",
70
- "TimeCreated" => "2020-01-16T09:57:18.013693700Z",
71
- "UserID" => nil,
72
- "Version" => "0"}
73
- d.instance.parse(@xml) do |time, record|
74
- assert_equal(expected, record)
75
- end
76
-
77
- assert_true(d.instance.winevt_xml?)
78
- end
79
- end
80
- end
1
+ require_relative '../helper'
2
+
3
+ class WinevtXMLparserTest < Test::Unit::TestCase
4
+
5
+ def setup
6
+ Fluent::Test.setup
7
+ end
8
+
9
+ CONFIG = %[]
10
+ XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml"))
11
+
12
+ def create_driver(conf = CONFIG)
13
+ Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtXMLparser).configure(conf)
14
+ end
15
+
16
+ def test_parse
17
+ d = create_driver
18
+ xml = XMLLOG
19
+ expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
20
+ "ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
21
+ "EventID" => "4624",
22
+ "Qualifiers" => nil,
23
+ "Level" => "0",
24
+ "Task" => "12544",
25
+ "Opcode" => "0",
26
+ "Keywords" => "0x8020000000000000",
27
+ "TimeCreated" => "2019-06-13T09:21:23.345889600Z",
28
+ "EventRecordID" => "80688",
29
+ "ActivityID" => "{587F0743-1F71-0006-5007-7F58711FD501}",
30
+ "RelatedActivityID" => nil,
31
+ "ProcessID" => "912",
32
+ "ThreadID" => "24708",
33
+ "Channel" => "Security",
34
+ "Computer" => "Fluentd-Developing-Windows",
35
+ "UserID" => nil,
36
+ "Version" => "2",}
37
+ d.instance.parse(xml) do |time, record|
38
+ assert_equal(expected, record)
39
+ end
40
+ xml.close
41
+
42
+ assert_true(d.instance.winevt_xml?)
43
+ end
44
+
45
+ class QualifiersTest < self
46
+ def setup
47
+ @xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
48
+ end
49
+
50
+ def teardown
51
+ @xml.close
52
+ end
53
+
54
+ def test_without_qualifiers
55
+ d = create_driver CONFIG + %[preserve_qualifiers false]
56
+ expected = {"ActivityID" => nil,
57
+ "Channel" => "Application",
58
+ "Computer" => "DESKTOP-G457RDR",
59
+ "EventID" => "3221241866",
60
+ "EventRecordID" => "150731",
61
+ "Keywords" => "0x80000000000000",
62
+ "Level" => "4",
63
+ "Opcode" => "0",
64
+ "ProcessID" => "0",
65
+ "ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
66
+ "ProviderName" => "Microsoft-Windows-Security-SPP",
67
+ "RelatedActivityID" => nil,
68
+ "Task" => "0",
69
+ "ThreadID" => "0",
70
+ "TimeCreated" => "2020-01-16T09:57:18.013693700Z",
71
+ "UserID" => nil,
72
+ "Version" => "0"}
73
+ d.instance.parse(@xml) do |time, record|
74
+ assert_equal(expected, record)
75
+ end
76
+
77
+ assert_true(d.instance.winevt_xml?)
78
+ end
79
+ end
80
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-parser-winevt_xml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.3.rc1
4
+ version: 0.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Hiroshi Hatake
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2020-06-25 00:00:00.000000000 Z
12
+ date: 2021-09-29 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler
@@ -45,14 +45,14 @@ dependencies:
45
45
  requirements:
46
46
  - - "~>"
47
47
  - !ruby/object:Gem::Version
48
- version: 3.2.0
48
+ version: 3.4.0
49
49
  type: :development
50
50
  prerelease: false
51
51
  version_requirements: !ruby/object:Gem::Requirement
52
52
  requirements:
53
53
  - - "~>"
54
54
  - !ruby/object:Gem::Version
55
- version: 3.2.0
55
+ version: 3.4.0
56
56
  - !ruby/object:Gem::Dependency
57
57
  name: fluentd
58
58
  requirement: !ruby/object:Gem::Requirement
@@ -79,20 +79,20 @@ dependencies:
79
79
  requirements:
80
80
  - - ">="
81
81
  - !ruby/object:Gem::Version
82
- version: 1.11.pre
82
+ version: 1.12.5
83
83
  - - "<"
84
84
  - !ruby/object:Gem::Version
85
- version: '1.12'
85
+ version: '1.13'
86
86
  type: :runtime
87
87
  prerelease: false
88
88
  version_requirements: !ruby/object:Gem::Requirement
89
89
  requirements:
90
90
  - - ">="
91
91
  - !ruby/object:Gem::Version
92
- version: 1.11.pre
92
+ version: 1.12.5
93
93
  - - "<"
94
94
  - !ruby/object:Gem::Version
95
- version: '1.12'
95
+ version: '1.13'
96
96
  description: Fluentd Parser plugin to parse XML rendered windows event log.
97
97
  email:
98
98
  - cosmo0920.oucc@gmail.com
@@ -101,8 +101,10 @@ executables: []
101
101
  extensions: []
102
102
  extra_rdoc_files: []
103
103
  files:
104
+ - ".github/workflows/linux-test.yaml"
105
+ - ".github/workflows/macos-test.yaml"
106
+ - ".github/workflows/windows-test.yaml"
104
107
  - ".gitignore"
105
- - ".travis.yml"
106
108
  - Gemfile
107
109
  - LICENSE
108
110
  - README.md
@@ -132,12 +134,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
132
134
  version: '0'
133
135
  required_rubygems_version: !ruby/object:Gem::Requirement
134
136
  requirements:
135
- - - ">"
137
+ - - ">="
136
138
  - !ruby/object:Gem::Version
137
- version: 1.3.1
139
+ version: '0'
138
140
  requirements: []
139
- rubyforge_project:
140
- rubygems_version: 2.7.6.2
141
+ rubygems_version: 3.2.22
141
142
  signing_key:
142
143
  specification_version: 4
143
144
  summary: Fluentd Parser plugin to parse XML rendered windows event log.
data/.travis.yml DELETED
@@ -1,15 +0,0 @@
1
- language: ruby
2
-
3
- rvm:
4
- - 2.4.5
5
- - 2.5.3
6
- - 2.6.0
7
-
8
- gemfile:
9
- - Gemfile
10
-
11
- before_install:
12
- - gem update --system=2.7.8
13
-
14
- script: bundle exec rake test
15
- sudo: false