fluent-plugin-parser-winevt_xml 0.2.3.rc1 → 0.2.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (21) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/linux-test.yaml +34 -0
  3. data/.github/workflows/macos-test.yaml +28 -0
  4. data/.github/workflows/windows-test.yaml +28 -0
  5. data/.gitignore +14 -14
  6. data/Gemfile +4 -4
  7. data/LICENSE +201 -201
  8. data/README.md +56 -56
  9. data/Rakefile +10 -10
  10. data/appveyor.yml +29 -24
  11. data/fluent-plugin-parser-winevt_xml.gemspec +25 -25
  12. data/lib/fluent/plugin/parser_winevt_sax.rb +27 -27
  13. data/lib/fluent/plugin/parser_winevt_xml.rb +63 -63
  14. data/lib/fluent/plugin/winevt_sax_document.rb +73 -73
  15. data/test/data/eventlog-with-qualifiers.xml +1 -1
  16. data/test/data/eventlog.xml +1 -1
  17. data/test/helper.rb +24 -24
  18. data/test/plugin/test_parser_winevt_sax.rb +79 -79
  19. data/test/plugin/test_parser_winevt_xml.rb +80 -80
  20. metadata +14 -13
  21. data/.travis.yml +0 -15
data/test/plugin/test_parser_winevt_sax.rb CHANGED
@@ -1,79 +1,79 @@
1
- require_relative '../helper'
2
-
3
- class WinevtSAXparserTest < Test::Unit::TestCase
4
-
5
- def setup
6
- Fluent::Test.setup
7
- end
8
-
9
- CONFIG = %[]
10
- XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml") )
11
-
12
- def create_driver(conf = CONFIG)
13
- Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtSAXparser).configure(conf)
14
- end
15
-
16
- def test_parse
17
- d = create_driver
18
- xml = XMLLOG
19
- expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
20
- "ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
21
- "EventID" => "4624",
22
- "Qualifiers" => nil,
23
- "Level" => "0",
24
- "Task" => "12544",
25
- "Opcode" => "0",
26
- "Keywords" => "0x8020000000000000",
27
- "TimeCreated" => "2019-06-13T09:21:23.345889600Z",
28
- "EventRecordID" => "80688",
29
- "ActivityID" => "{587F0743-1F71-0006-5007-7F58711FD501}",
30
- "RelatedActivityID" => nil,
31
- "ProcessID" => "912",
32
- "ThreadID" => "24708",
33
- "Channel" => "Security",
34
- "Computer" => "Fluentd-Developing-Windows",
35
- "UserID" => nil,
36
- "Version" => "2",}
37
- d.instance.parse(xml) do |time, record|
38
- assert_equal(expected, record)
39
- end
40
-
41
- assert_true(d.instance.winevt_xml?)
42
- end
43
-
44
- class QualifiersTest < self
45
- def setup
46
- @xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
47
- end
48
-
49
- def teardown
50
- @xml.close
51
- end
52
-
53
- def test_parse_without_qualifiers
54
- d = create_driver CONFIG + %[preserve_qualifiers false]
55
- expected = {"ActivityID" => nil,
56
- "Channel" => "Application",
57
- "Computer" => "DESKTOP-G457RDR",
58
- "EventID" => "3221241866",
59
- "EventRecordID" => "150731",
60
- "Keywords" => "0x80000000000000",
61
- "Level" => "4",
62
- "Opcode" => "0",
63
- "ProcessID" => "0",
64
- "ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
65
- "ProviderName" => "Microsoft-Windows-Security-SPP",
66
- "RelatedActivityID" => nil,
67
- "Task" => "0",
68
- "ThreadID" => "0",
69
- "TimeCreated" => "2020-01-16T09:57:18.013693700Z",
70
- "UserID" => nil,
71
- "Version" => "0"}
72
- d.instance.parse(@xml) do |time, record|
73
- assert_equal(expected, record)
74
- end
75
-
76
- assert_true(d.instance.winevt_xml?)
77
- end
78
- end
79
- end
1
+ require_relative '../helper'
2
+
3
+ class WinevtSAXparserTest < Test::Unit::TestCase
4
+
5
+ def setup
6
+ Fluent::Test.setup
7
+ end
8
+
9
+ CONFIG = %[]
10
+ XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml") )
11
+
12
+ def create_driver(conf = CONFIG)
13
+ Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtSAXparser).configure(conf)
14
+ end
15
+
16
+ def test_parse
17
+ d = create_driver
18
+ xml = XMLLOG
19
+ expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
20
+ "ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
21
+ "EventID" => "4624",
22
+ "Qualifiers" => nil,
23
+ "Level" => "0",
24
+ "Task" => "12544",
25
+ "Opcode" => "0",
26
+ "Keywords" => "0x8020000000000000",
27
+ "TimeCreated" => "2019-06-13T09:21:23.345889600Z",
28
+ "EventRecordID" => "80688",
29
+ "ActivityID" => "{587F0743-1F71-0006-5007-7F58711FD501}",
30
+ "RelatedActivityID" => nil,
31
+ "ProcessID" => "912",
32
+ "ThreadID" => "24708",
33
+ "Channel" => "Security",
34
+ "Computer" => "Fluentd-Developing-Windows",
35
+ "UserID" => nil,
36
+ "Version" => "2",}
37
+ d.instance.parse(xml) do |time, record|
38
+ assert_equal(expected, record)
39
+ end
40
+
41
+ assert_true(d.instance.winevt_xml?)
42
+ end
43
+
44
+ class QualifiersTest < self
45
+ def setup
46
+ @xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
47
+ end
48
+
49
+ def teardown
50
+ @xml.close
51
+ end
52
+
53
+ def test_parse_without_qualifiers
54
+ d = create_driver CONFIG + %[preserve_qualifiers false]
55
+ expected = {"ActivityID" => nil,
56
+ "Channel" => "Application",
57
+ "Computer" => "DESKTOP-G457RDR",
58
+ "EventID" => "3221241866",
59
+ "EventRecordID" => "150731",
60
+ "Keywords" => "0x80000000000000",
61
+ "Level" => "4",
62
+ "Opcode" => "0",
63
+ "ProcessID" => "0",
64
+ "ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
65
+ "ProviderName" => "Microsoft-Windows-Security-SPP",
66
+ "RelatedActivityID" => nil,
67
+ "Task" => "0",
68
+ "ThreadID" => "0",
69
+ "TimeCreated" => "2020-01-16T09:57:18.013693700Z",
70
+ "UserID" => nil,
71
+ "Version" => "0"}
72
+ d.instance.parse(@xml) do |time, record|
73
+ assert_equal(expected, record)
74
+ end
75
+
76
+ assert_true(d.instance.winevt_xml?)
77
+ end
78
+ end
79
+ end
data/test/plugin/test_parser_winevt_xml.rb CHANGED
@@ -1,80 +1,80 @@
1
- require_relative '../helper'
2
-
3
- class WinevtXMLparserTest < Test::Unit::TestCase
4
-
5
- def setup
6
- Fluent::Test.setup
7
- end
8
-
9
- CONFIG = %[]
10
- XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml"))
11
-
12
- def create_driver(conf = CONFIG)
13
- Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtXMLparser).configure(conf)
14
- end
15
-
16
- def test_parse
17
- d = create_driver
18
- xml = XMLLOG
19
- expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
20
- "ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
21
- "EventID" => "4624",
22
- "Qualifiers" => nil,
23
- "Level" => "0",
24
- "Task" => "12544",
25
- "Opcode" => "0",
26
- "Keywords" => "0x8020000000000000",
27
- "TimeCreated" => "2019-06-13T09:21:23.345889600Z",
28
- "EventRecordID" => "80688",
29
- "ActivityID" => "{587F0743-1F71-0006-5007-7F58711FD501}",
30
- "RelatedActivityID" => nil,
31
- "ProcessID" => "912",
32
- "ThreadID" => "24708",
33
- "Channel" => "Security",
34
- "Computer" => "Fluentd-Developing-Windows",
35
- "UserID" => nil,
36
- "Version" => "2",}
37
- d.instance.parse(xml) do |time, record|
38
- assert_equal(expected, record)
39
- end
40
- xml.close
41
-
42
- assert_true(d.instance.winevt_xml?)
43
- end
44
-
45
- class QualifiersTest < self
46
- def setup
47
- @xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
48
- end
49
-
50
- def teardown
51
- @xml.close
52
- end
53
-
54
- def test_without_qualifiers
55
- d = create_driver CONFIG + %[preserve_qualifiers false]
56
- expected = {"ActivityID" => nil,
57
- "Channel" => "Application",
58
- "Computer" => "DESKTOP-G457RDR",
59
- "EventID" => "3221241866",
60
- "EventRecordID" => "150731",
61
- "Keywords" => "0x80000000000000",
62
- "Level" => "4",
63
- "Opcode" => "0",
64
- "ProcessID" => "0",
65
- "ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
66
- "ProviderName" => "Microsoft-Windows-Security-SPP",
67
- "RelatedActivityID" => nil,
68
- "Task" => "0",
69
- "ThreadID" => "0",
70
- "TimeCreated" => "2020-01-16T09:57:18.013693700Z",
71
- "UserID" => nil,
72
- "Version" => "0"}
73
- d.instance.parse(@xml) do |time, record|
74
- assert_equal(expected, record)
75
- end
76
-
77
- assert_true(d.instance.winevt_xml?)
78
- end
79
- end
80
- end
1
+ require_relative '../helper'
2
+
3
+ class WinevtXMLparserTest < Test::Unit::TestCase
4
+
5
+ def setup
6
+ Fluent::Test.setup
7
+ end
8
+
9
+ CONFIG = %[]
10
+ XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml"))
11
+
12
+ def create_driver(conf = CONFIG)
13
+ Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtXMLparser).configure(conf)
14
+ end
15
+
16
+ def test_parse
17
+ d = create_driver
18
+ xml = XMLLOG
19
+ expected = {"ProviderName" => "Microsoft-Windows-Security-Auditing",
20
+ "ProviderGUID" => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
21
+ "EventID" => "4624",
22
+ "Qualifiers" => nil,
23
+ "Level" => "0",
24
+ "Task" => "12544",
25
+ "Opcode" => "0",
26
+ "Keywords" => "0x8020000000000000",
27
+ "TimeCreated" => "2019-06-13T09:21:23.345889600Z",
28
+ "EventRecordID" => "80688",
29
+ "ActivityID" => "{587F0743-1F71-0006-5007-7F58711FD501}",
30
+ "RelatedActivityID" => nil,
31
+ "ProcessID" => "912",
32
+ "ThreadID" => "24708",
33
+ "Channel" => "Security",
34
+ "Computer" => "Fluentd-Developing-Windows",
35
+ "UserID" => nil,
36
+ "Version" => "2",}
37
+ d.instance.parse(xml) do |time, record|
38
+ assert_equal(expected, record)
39
+ end
40
+ xml.close
41
+
42
+ assert_true(d.instance.winevt_xml?)
43
+ end
44
+
45
+ class QualifiersTest < self
46
+ def setup
47
+ @xml = File.open(File.join(__dir__, "..", "data", "eventlog-with-qualifiers.xml"))
48
+ end
49
+
50
+ def teardown
51
+ @xml.close
52
+ end
53
+
54
+ def test_without_qualifiers
55
+ d = create_driver CONFIG + %[preserve_qualifiers false]
56
+ expected = {"ActivityID" => nil,
57
+ "Channel" => "Application",
58
+ "Computer" => "DESKTOP-G457RDR",
59
+ "EventID" => "3221241866",
60
+ "EventRecordID" => "150731",
61
+ "Keywords" => "0x80000000000000",
62
+ "Level" => "4",
63
+ "Opcode" => "0",
64
+ "ProcessID" => "0",
65
+ "ProviderGUID" => "{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}",
66
+ "ProviderName" => "Microsoft-Windows-Security-SPP",
67
+ "RelatedActivityID" => nil,
68
+ "Task" => "0",
69
+ "ThreadID" => "0",
70
+ "TimeCreated" => "2020-01-16T09:57:18.013693700Z",
71
+ "UserID" => nil,
72
+ "Version" => "0"}
73
+ d.instance.parse(@xml) do |time, record|
74
+ assert_equal(expected, record)
75
+ end
76
+
77
+ assert_true(d.instance.winevt_xml?)
78
+ end
79
+ end
80
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-parser-winevt_xml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.3.rc1
4
+ version: 0.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Hiroshi Hatake
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2020-06-25 00:00:00.000000000 Z
12
+ date: 2021-09-29 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler
@@ -45,14 +45,14 @@ dependencies:
45
45
  requirements:
46
46
  - - "~>"
47
47
  - !ruby/object:Gem::Version
48
- version: 3.2.0
48
+ version: 3.4.0
49
49
  type: :development
50
50
  prerelease: false
51
51
  version_requirements: !ruby/object:Gem::Requirement
52
52
  requirements:
53
53
  - - "~>"
54
54
  - !ruby/object:Gem::Version
55
- version: 3.2.0
55
+ version: 3.4.0
56
56
  - !ruby/object:Gem::Dependency
57
57
  name: fluentd
58
58
  requirement: !ruby/object:Gem::Requirement
@@ -79,20 +79,20 @@ dependencies:
79
79
  requirements:
80
80
  - - ">="
81
81
  - !ruby/object:Gem::Version
82
- version: 1.11.pre
82
+ version: 1.12.5
83
83
  - - "<"
84
84
  - !ruby/object:Gem::Version
85
- version: '1.12'
85
+ version: '1.13'
86
86
  type: :runtime
87
87
  prerelease: false
88
88
  version_requirements: !ruby/object:Gem::Requirement
89
89
  requirements:
90
90
  - - ">="
91
91
  - !ruby/object:Gem::Version
92
- version: 1.11.pre
92
+ version: 1.12.5
93
93
  - - "<"
94
94
  - !ruby/object:Gem::Version
95
- version: '1.12'
95
+ version: '1.13'
96
96
  description: Fluentd Parser plugin to parse XML rendered windows event log.
97
97
  email:
98
98
  - cosmo0920.oucc@gmail.com
@@ -101,8 +101,10 @@ executables: []
101
101
  extensions: []
102
102
  extra_rdoc_files: []
103
103
  files:
104
+ - ".github/workflows/linux-test.yaml"
105
+ - ".github/workflows/macos-test.yaml"
106
+ - ".github/workflows/windows-test.yaml"
104
107
  - ".gitignore"
105
- - ".travis.yml"
106
108
  - Gemfile
107
109
  - LICENSE
108
110
  - README.md
@@ -132,12 +134,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
132
134
  version: '0'
133
135
  required_rubygems_version: !ruby/object:Gem::Requirement
134
136
  requirements:
135
- - - ">"
137
+ - - ">="
136
138
  - !ruby/object:Gem::Version
137
- version: 1.3.1
139
+ version: '0'
138
140
  requirements: []
139
- rubyforge_project:
140
- rubygems_version: 2.7.6.2
141
+ rubygems_version: 3.2.22
141
142
  signing_key:
142
143
  specification_version: 4
143
144
  summary: Fluentd Parser plugin to parse XML rendered windows event log.
data/.travis.yml DELETED
@@ -1,15 +0,0 @@
1
- language: ruby
2
-
3
- rvm:
4
- - 2.4.5
5
- - 2.5.3
6
- - 2.6.0
7
-
8
- gemfile:
9
- - Gemfile
10
-
11
- before_install:
12
- - gem update --system=2.7.8
13
-
14
- script: bundle exec rake test
15
- sudo: false