fluent-plugin-parser_cef 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/.codeclimate.yml +33 -0
  3. data/.rubocop.yml +1156 -0
  4. data/.travis.yml +6 -0
  5. data/{LICENSE.txt → LICENSE} +1 -1
  6. data/README.md +6 -0
  7. data/VERSION +1 -1
  8. data/fluent-plugin-parser_cef.gemspec +1 -1
  9. data/lib/fluent/plugin/parser_cef.rb +20 -9
  10. data/spec/fluent/plugin/parser_cef_spec.rb +61 -53
  11. metadata +14 -11
data/.travis.yml ADDED
@@ -0,0 +1,6 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.3.0
4
+ script: bundle exec rspec
5
+ gemfile:
6
+ - Gemfile
data/{LICENSE.txt → LICENSE} RENAMED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2016 TODO: Write your name
1
+ Copyright (c) 2016 Tomoyuki Sugimura
2
2
 
3
3
  MIT License
4
4
 
data/README.md CHANGED
@@ -1,5 +1,11 @@
1
1
  # fluent-plugin-parser_cef
2
2
 
3
+ [![Gem Version](https://badge.fury.io/rb/fluent-plugin-parser_cef.svg)](https://badge.fury.io/rb/fluent-plugin-parser_cef)
4
+ [![Build Status](https://travis-ci.org/lunardial/fluent-plugin-parser_cef.svg?branch=master)](https://travis-ci.org/lunardial/fluent-plugin-parser_cef)
5
+ [![Code Climate](https://codeclimate.com/github/lunardial/fluent-plugin-parser_cef/badges/gpa.svg)](https://codeclimate.com/github/lunardial/fluent-plugin-parser_cef)
6
+ [![downloads](https://img.shields.io/gem/dt/fluent-plugin-parser_cef.svg)](https://rubygems.org/gems/fluent-plugin-parser_cef)
7
+ [![MIT License](http://img.shields.io/badge/license-MIT-blue.svg?style=flat)](LICENSE)
8
+
3
9
  Fluentd Parser plugin to parse CEF - common event format -
4
10
 
5
11
  ## Installation
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.0
1
+ 0.1.1
data/fluent-plugin-parser_cef.gemspec CHANGED
@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
17
17
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
18
18
  spec.require_paths = ["lib"]
19
19
 
20
- spec.add_runtime_dependency "fluentd", "~> 0.10", ">= 0.10.43"
20
+ spec.add_runtime_dependency "fluentd", ">= 0.12", "< 0.14"
21
21
 
22
22
  spec.add_development_dependency "bundler", "~> 1.3"
23
23
  spec.add_development_dependency "rake"
data/lib/fluent/plugin/parser_cef.rb CHANGED
@@ -33,7 +33,7 @@ module Fluent
33
33
  yaml_fieldinfo = YAML.load_file("#{File.dirname(File.expand_path(__FILE__))}/#{@cef_keyfilename}")
34
34
  end
35
35
  @keys_array = []
36
- yaml_fieldinfo.each {|key, value| @keys_array.concat(value) }
36
+ yaml_fieldinfo.each {|_key, value| @keys_array.concat(value) }
37
37
  $log.info "running with strict mode, #{@keys_array.length} keys are valid."
38
38
  else
39
39
  $log.info "running without strict mode"
@@ -100,7 +100,7 @@ module Fluent
100
100
 
101
101
  begin
102
102
  time = Time.parse(record_overview["syslog_timestamp"]).to_i
103
- rescue => e
103
+ rescue
104
104
  time = Engine.now
105
105
  end
106
106
 
@@ -108,11 +108,18 @@ module Fluent
108
108
  record_overview.names.each {|key| record[key] = record_overview[key] }
109
109
  text_cef_extension = record_overview["cef_extension"]
110
110
  record.delete("cef_extension")
111
- unless text_cef_extension.nil?
112
- record_cef_extension = parse_cef_extension(text_cef_extension)
113
- record.merge!(record_cef_extension)
111
+ rescue
112
+ if block_given?
113
+ yield Engine.now, { "raw" => text }
114
+ return
115
+ else
116
+ return Engine.now, { "raw" => text }
114
117
  end
115
- rescue => e
118
+ end
119
+
120
+ unless text_cef_extension.nil?
121
+ record_cef_extension = parse_cef_extension(text_cef_extension)
122
+ record.merge!(record_cef_extension)
116
123
  end
117
124
 
118
125
  record["raw"] = text if @output_raw_field
@@ -126,7 +133,11 @@ module Fluent
126
133
 
127
134
 
128
135
  def parse_cef_extension(text)
129
- record = @parse_strict_mode ? parse_cef_extension_with_strict_mode(text) : parse_cef_extension_without_strict_mode(text)
136
+ if @parse_strict_mode == true
137
+ return parse_cef_extension_with_strict_mode(text)
138
+ else
139
+ return parse_cef_extension_without_strict_mode(text)
140
+ end
130
141
  end
131
142
 
132
143
 
@@ -143,7 +154,7 @@ module Fluent
143
154
  record[last_valid_key_name].concat("#{key}=#{value}")
144
155
  end
145
156
  end
146
- rescue => e
157
+ rescue
147
158
  return {}
148
159
  end
149
160
  return record
@@ -154,7 +165,7 @@ module Fluent
154
165
  record = {}
155
166
  begin
156
167
  text.scan(@key_value_format_regexp) {|key, value| record[key] = value.rstrip }
157
- rescue => e
168
+ rescue
158
169
  return {}
159
170
  end
160
171
  return record
data/spec/fluent/plugin/parser_cef_spec.rb CHANGED
@@ -26,6 +26,7 @@ RSpec.describe Fluent::TextParser::CommonEventFormatParser do
26
26
  end
27
27
 
28
28
  describe "#parse(text)" do
29
+
29
30
  context "text == nil" do
30
31
  let (:text) { nil }
31
32
  subject do
@@ -43,62 +44,67 @@ RSpec.describe Fluent::TextParser::CommonEventFormatParser do
43
44
  context "text is not syslog format nor CEF" do
44
45
  let (:text) { "December 12 10:00:00 hostname tag message" }
45
46
  subject do
47
+ allow(Fluent::Engine).to receive(:now).and_return(Time.now.to_i)
46
48
  @test_driver.parse(text)
47
49
  end
48
- it { is_expected.to contain_exactly(be_an(Integer), {"raw"=>"December 12 10:00:00 hostname tag message"}) }
50
+ it { is_expected.to contain_exactly(be_an(Integer), { "raw" => "December 12 10:00:00 hostname tag message" }) }
49
51
  end
50
52
  context "text is not in syslog format but is CEF" do
51
53
  let (:text) { "December 12 10:00:00 hostname tag CEF:0|Vendor|Product|Version|ID|Name|Severity|cs1=test" }
52
54
  subject do
55
+ allow(Fluent::Engine).to receive(:now).and_return(Time.now.to_i)
53
56
  @test_driver.parse(text)
54
57
  end
55
- it { is_expected.to contain_exactly(be_an(Integer), {"raw"=>"December 12 10:00:00 hostname tag CEF:0|Vendor|Product|Version|ID|Name|Severity|cs1=test"}) }
58
+ it { is_expected.to contain_exactly(be_an(Integer), { "raw" => "December 12 10:00:00 hostname tag CEF:0|Vendor|Product|Version|ID|Name|Severity|cs1=test" }) }
56
59
  end
57
60
  context "text is syslog format but not CEF" do
58
61
  let (:text) { "Dec 12 10:11:12 hostname tag message" }
59
62
  subject do
63
+ allow(Fluent::Engine).to receive(:now).and_return(Time.now.to_i)
60
64
  @test_driver.parse(text)
61
65
  end
62
- it { is_expected.to contain_exactly(be_an(Integer), {"raw"=>"Dec 12 10:11:12 hostname tag message"}) }
66
+ it { is_expected.to contain_exactly(be_an(Integer), { "raw" => "Dec 12 10:11:12 hostname tag message" }) }
63
67
  end
64
68
  context "text is syslog format and CEF (CEF Extension field is empty)" do
65
69
  let (:text) { "Dec 2 03:17:06 hostname tag CEF:0|Vendor|Product|Version|ID|Name|Severity|" }
66
70
  subject do
71
+ allow(Fluent::Engine).to receive(:now).and_return(Time.now.to_i)
72
+ @timestamp = Time.parse("Dec 2 03:17:06").to_i
67
73
  @test_driver.parse(text)
68
74
  end
69
75
  it { is_expected.to eq [
70
- 1480616226,
71
- {"syslog_timestamp"=>"Dec 2 03:17:06",
72
- "syslog_hostname"=>"hostname",
73
- "syslog_tag"=>"tag",
74
- "cef_version"=>"0",
75
- "cef_device_vendor"=>"Vendor",
76
- "cef_device_product"=>"Product",
77
- "cef_device_version"=>"Version",
78
- "cef_device_event_class_id"=>"ID",
79
- "cef_name"=>"Name",
80
- "cef_severity"=>"Severity"}
81
- ]}
76
+ @timestamp, {
77
+ "syslog_timestamp" => "Dec 2 03:17:06",
78
+ "syslog_hostname" => "hostname",
79
+ "syslog_tag" => "tag",
80
+ "cef_version" => "0",
81
+ "cef_device_vendor" => "Vendor",
82
+ "cef_device_product" => "Product",
83
+ "cef_device_version" => "Version",
84
+ "cef_device_event_class_id" => "ID",
85
+ "cef_name" => "Name",
86
+ "cef_severity" => "Severity" }]}
82
87
  end
83
88
  context "text is syslog format and CEF (there is only one valid key in the CEF Extension field), Strict mode on" do
84
89
  let (:text) { "Dec 2 03:17:06 hostname tag CEF:0|Vendor|Product|Version|ID|Name|Severity|cs1=test" }
85
90
  subject do
91
+ allow(Fluent::Engine).to receive(:now).and_return(Time.now.to_i)
92
+ @timestamp = Time.parse("Dec 2 03:17:06").to_i
86
93
  @test_driver.parse(text)
87
94
  end
88
95
  it { is_expected.to eq [
89
- 1480616226,
90
- {"syslog_timestamp"=>"Dec 2 03:17:06",
91
- "syslog_hostname"=>"hostname",
92
- "syslog_tag"=>"tag",
93
- "cef_version"=>"0",
94
- "cef_device_vendor"=>"Vendor",
95
- "cef_device_product"=>"Product",
96
- "cef_device_version"=>"Version",
97
- "cef_device_event_class_id"=>"ID",
98
- "cef_name"=>"Name",
99
- "cef_severity"=>"Severity",
100
- "cs1"=>"test"}
101
- ]}
96
+ @timestamp, {
97
+ "syslog_timestamp" => "Dec 2 03:17:06",
98
+ "syslog_hostname" => "hostname",
99
+ "syslog_tag" => "tag",
100
+ "cef_version" => "0",
101
+ "cef_device_vendor" => "Vendor",
102
+ "cef_device_product" => "Product",
103
+ "cef_device_version" => "Version",
104
+ "cef_device_event_class_id" => "ID",
105
+ "cef_name" => "Name",
106
+ "cef_severity" => "Severity",
107
+ "cs1" => "test" }]}
102
108
  end
103
109
  context "text is syslog format and CEF (there is only one valid key in the CEF Extension field), Strict mode off" do
104
110
  let (:config) {%[
@@ -106,23 +112,24 @@ RSpec.describe Fluent::TextParser::CommonEventFormatParser do
106
112
  ]}
107
113
  let (:text) { "Dec 2 03:17:06 hostname tag CEF:0|Vendor|Product|Version|ID|Name|Severity|foo=bar" }
108
114
  subject do
115
+ allow(Fluent::Engine).to receive(:now).and_return(Time.now.to_i)
116
+ @timestamp = Time.parse("Dec 2 03:17:06").to_i
109
117
  @test_driver = create_driver(config)
110
118
  @test_driver.parse(text)
111
119
  end
112
120
  it { is_expected.to eq [
113
- 1480616226,
114
- {"syslog_timestamp"=>"Dec 2 03:17:06",
115
- "syslog_hostname"=>"hostname",
116
- "syslog_tag"=>"tag",
117
- "cef_version"=>"0",
118
- "cef_device_vendor"=>"Vendor",
119
- "cef_device_product"=>"Product",
120
- "cef_device_version"=>"Version",
121
- "cef_device_event_class_id"=>"ID",
122
- "cef_name"=>"Name",
123
- "cef_severity"=>"Severity",
124
- "foo"=>"bar"}
125
- ]}
121
+ @timestamp, {
122
+ "syslog_timestamp" => "Dec 2 03:17:06",
123
+ "syslog_hostname" => "hostname",
124
+ "syslog_tag" => "tag",
125
+ "cef_version" => "0",
126
+ "cef_device_vendor" => "Vendor",
127
+ "cef_device_product" => "Product",
128
+ "cef_device_version" => "Version",
129
+ "cef_device_event_class_id" => "ID",
130
+ "cef_name" => "Name",
131
+ "cef_severity" => "Severity",
132
+ "foo" => "bar" }]}
126
133
  end
127
134
  context "text is syslog format and CEF (there is only one valid key in the CEF Extension field), Strict mode on, timestamp is rfc3339" do
128
135
  let (:config) {%[
@@ -130,22 +137,23 @@ RSpec.describe Fluent::TextParser::CommonEventFormatParser do
130
137
  ]}
131
138
  let (:text) { "2014-06-07T18:55:09.019283+09:00 hostname tag CEF:0|Vendor|Product|Version|ID|Name|Severity|foo=bar" }
132
139
  subject do
140
+ allow(Fluent::Engine).to receive(:now).and_return(Time.now.to_i)
141
+ @timestamp = Time.parse("2014-06-07T18:55:09.019283+09:00").to_i
133
142
  @test_driver = create_driver(config)
134
143
  @test_driver.parse(text)
135
144
  end
136
145
  it { is_expected.to eq [
137
- 1402134909,
138
- {"syslog_timestamp"=>"2014-06-07T18:55:09.019283+09:00",
139
- "syslog_hostname"=>"hostname",
140
- "syslog_tag"=>"tag",
141
- "cef_version"=>"0",
142
- "cef_device_vendor"=>"Vendor",
143
- "cef_device_product"=>"Product",
144
- "cef_device_version"=>"Version",
145
- "cef_device_event_class_id"=>"ID",
146
- "cef_name"=>"Name",
147
- "cef_severity"=>"Severity"}
148
- ]}
146
+ @timestamp, {
147
+ "syslog_timestamp" => "2014-06-07T18:55:09.019283+09:00",
148
+ "syslog_hostname" => "hostname",
149
+ "syslog_tag" => "tag",
150
+ "cef_version" => "0",
151
+ "cef_device_vendor" => "Vendor",
152
+ "cef_device_product" => "Product",
153
+ "cef_device_version" => "Version",
154
+ "cef_device_event_class_id" => "ID",
155
+ "cef_name" => "Name",
156
+ "cef_severity" => "Severity" }]}
149
157
  end
150
158
  end
151
159
  end
metadata CHANGED
@@ -1,35 +1,35 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-parser_cef
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tomoyuki Sugimura
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-12-05 00:00:00.000000000 Z
11
+ date: 2016-12-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: fluentd
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
18
- - !ruby/object:Gem::Version
19
- version: '0.10'
20
17
  - - ">="
21
18
  - !ruby/object:Gem::Version
22
- version: 0.10.43
19
+ version: '0.12'
20
+ - - "<"
21
+ - !ruby/object:Gem::Version
22
+ version: '0.14'
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
26
26
  requirements:
27
- - - "~>"
28
- - !ruby/object:Gem::Version
29
- version: '0.10'
30
27
  - - ">="
31
28
  - !ruby/object:Gem::Version
32
- version: 0.10.43
29
+ version: '0.12'
30
+ - - "<"
31
+ - !ruby/object:Gem::Version
32
+ version: '0.14'
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: bundler
35
35
  requirement: !ruby/object:Gem::Requirement
@@ -107,10 +107,13 @@ executables: []
107
107
  extensions: []
108
108
  extra_rdoc_files: []
109
109
  files:
110
+ - ".codeclimate.yml"
110
111
  - ".gitignore"
111
112
  - ".rspec"
113
+ - ".rubocop.yml"
114
+ - ".travis.yml"
112
115
  - Gemfile
113
- - LICENSE.txt
116
+ - LICENSE
114
117
  - README.md
115
118
  - Rakefile
116
119
  - VERSION