fluent-plugin-parser_cef 0.2.0 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/fluent-plugin-parser_cef.gemspec +2 -0
  4. data/lib/fluent/plugin/parser_cef.rb +49 -61
  5. data/spec/fluent/plugin/parser_cef_spec.rb +30 -0
  6. data/spec/spec_helper.rb +3 -5
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0e2eedd443b1b7fec47ddc045ee1f7506de43022
4
- data.tar.gz: ccbc339b8394d269ab365f4b4e8fc22d49a7d57b
3
+ metadata.gz: c09965c761425d6ee3fc54bbb9fba450a7a77ca1
4
+ data.tar.gz: '048a3194df2c21016b2d394f244c40ea6a4f6a44'
5
5
  SHA512:
6
- metadata.gz: 4e2b5fa97f9308e265b5baba0ddeb0abd211384adda34631d4c9b7793c5411b9f0edf38e7288b78ebea281a4baf577a9682a82137c05ee5061b4dcf08589d264
7
- data.tar.gz: 3e44f6c3731f048dbf4012678dc123c5b1ca69d64e6353e60c53b5684070072c2c507b9bbae35a4d09d5f4cf006bcf1efd13479c963a6e436992b9a0e0d9c191
6
+ metadata.gz: 387f53dab5273481471073b35a2821a47b876e94f5aadcebb3cd0b9d4779cee6ad5c9708a90afb65ed91a0859a6d91480993cd39579f3ad2c73b20bb4cc8393d
7
+ data.tar.gz: 84594857d98d6a8a5850a64a725142474cefbc5c2395636f6312ba5eb66cfa19f4cb4b7e12b507082dd54517d815e885850ff4cf5eb7200aea757a2036776271
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.2.0
1
+ 0.3.0
data/fluent-plugin-parser_cef.gemspec CHANGED
@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
17
17
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
18
18
  spec.require_paths = ["lib"]
19
19
 
20
+ spec.required_ruby_version = "~> 2.0"
21
+
20
22
  spec.add_runtime_dependency "fluentd", ">= 0.12", "< 0.14"
21
23
 
22
24
  spec.add_development_dependency "bundler", "~> 1.3"
data/lib/fluent/plugin/parser_cef.rb CHANGED
@@ -8,9 +8,7 @@ require 'yaml'
8
8
  module Fluent
9
9
  class TextParser
10
10
  class CommonEventFormatParser < Parser
11
-
12
11
  Plugin.register_parser("cef", self)
13
-
14
12
  config_param :log_format, :string, :default => "syslog"
15
13
  config_param :log_utc_offset, :string, :default => nil
16
14
  config_param :syslog_timestamp_format, :string, :default => '\w{3}\s+\d{1,2}\s\d{2}:\d{2}:\d{2}'
@@ -19,14 +17,11 @@ module Fluent
19
17
  config_param :cef_keyfilename, :string, :default => 'config/cef_version_0_keys.yaml'
20
18
  config_param :output_raw_field, :bool, :default => false
21
19
 
22
-
23
20
  def configure(conf)
24
21
  super
25
-
26
22
  @key_value_format_regexp = /([^\s=]+)=(.*?)(?:(?=[^\s=]+=)|\z)/
27
23
  @valid_format_regexp = create_valid_format_regexp
28
24
  @utc_offset = get_utc_offset(@log_utc_offset)
29
-
30
25
  begin
31
26
  if @parse_strict_mode
32
27
  if @cef_keyfilename =~ /^\//
@@ -47,6 +42,55 @@ module Fluent
47
42
  end
48
43
  end
49
44
 
45
+ def parse(text)
46
+ if text.nil? || text.empty?
47
+ if block_given?
48
+ yield nil, nil
49
+ return
50
+ else
51
+ return nil, nil
52
+ end
53
+ end
54
+ text.force_encoding("utf-8")
55
+ replaced_text = text.scrub('?')
56
+ record = {}
57
+ record_overview = @valid_format_regexp.match(replaced_text)
58
+ if record_overview.nil?
59
+ if block_given?
60
+ yield Engine.now, { "raw" => replaced_text }
61
+ return
62
+ else
63
+ return Engine.now, { "raw" => replaced_text }
64
+ end
65
+ end
66
+ time = get_unixtime_with_utc_offset(record_overview["syslog_timestamp"], @utc_offset)
67
+ begin
68
+ record_overview.names.each {|key| record[key] = record_overview[key] }
69
+ text_cef_extension = record_overview["cef_extension"]
70
+ record.delete("cef_extension")
71
+ rescue
72
+ if block_given?
73
+ yield Engine.now, { "raw" => replaced_text }
74
+ return
75
+ else
76
+ return Engine.now, { "raw" => replaced_text }
77
+ end
78
+ end
79
+ unless text_cef_extension.nil?
80
+ record_cef_extension = parse_cef_extension(text_cef_extension)
81
+ record.merge!(record_cef_extension)
82
+ end
83
+ record["raw"] = replaced_text if @output_raw_field
84
+ if block_given?
85
+ yield time, record
86
+ return
87
+ else
88
+ return time, record
89
+ end
90
+ end
91
+
92
+ private
93
+
50
94
  def get_utc_offset(text)
51
95
  utc_offset = nil
52
96
  begin
@@ -91,7 +135,6 @@ module Fluent
91
135
  return Regexp.new(valid_format_regexp)
92
136
  end
93
137
 
94
-
95
138
  def get_unixtime_with_utc_offset(timestamp, utc_offset)
96
139
  unixtime = nil
97
140
  begin
@@ -106,59 +149,6 @@ module Fluent
106
149
  return unixtime
107
150
  end
108
151
 
109
-
110
- def parse(text)
111
- if text.nil? || text.empty?
112
- if block_given?
113
- yield nil, nil
114
- return
115
- else
116
- return nil, nil
117
- end
118
- end
119
-
120
- text.force_encoding("utf-8")
121
- record = {}
122
- record_overview = @valid_format_regexp.match(text)
123
- if record_overview.nil?
124
- if block_given?
125
- yield Engine.now, { "raw" => text }
126
- return
127
- else
128
- return Engine.now, { "raw" => text }
129
- end
130
- end
131
-
132
- time = get_unixtime_with_utc_offset(record_overview["syslog_timestamp"], @utc_offset)
133
-
134
- begin
135
- record_overview.names.each {|key| record[key] = record_overview[key] }
136
- text_cef_extension = record_overview["cef_extension"]
137
- record.delete("cef_extension")
138
- rescue
139
- if block_given?
140
- yield Engine.now, { "raw" => text }
141
- return
142
- else
143
- return Engine.now, { "raw" => text }
144
- end
145
- end
146
-
147
- unless text_cef_extension.nil?
148
- record_cef_extension = parse_cef_extension(text_cef_extension)
149
- record.merge!(record_cef_extension)
150
- end
151
-
152
- record["raw"] = text if @output_raw_field
153
- if block_given?
154
- yield time, record
155
- return
156
- else
157
- return time, record
158
- end
159
- end
160
-
161
-
162
152
  def parse_cef_extension(text)
163
153
  if @parse_strict_mode == true
164
154
  return parse_cef_extension_with_strict_mode(text)
@@ -167,7 +157,6 @@ module Fluent
167
157
  end
168
158
  end
169
159
 
170
-
171
160
  def parse_cef_extension_with_strict_mode(text)
172
161
  record = {}
173
162
  begin
@@ -187,7 +176,6 @@ module Fluent
187
176
  return record
188
177
  end
189
178
 
190
-
191
179
  def parse_cef_extension_without_strict_mode(text)
192
180
  record = {}
193
181
  begin
data/spec/fluent/plugin/parser_cef_spec.rb CHANGED
@@ -283,5 +283,35 @@ RSpec.describe Fluent::TextParser::CommonEventFormatParser do
283
283
  "cef_severity" => "Severity",
284
284
  "cs1" => "test" }]}
285
285
  end
286
+ context "syslog message is UTF-8, but including invalid UTF-8 string" do
287
+ let (:config) {%[
288
+ log_utc_offset +09:00
289
+ ]}
290
+ let (:text) { "Feb 19 00:35:11 hogehuga CEF:0|Vendor|Product|Version|ID|Name|Severity|src=192.168.1.1 spt=60000 dst=172.16.100.100 dpt=80 msg=\xe3\x2e\x2e\x2e" }
291
+ subject do
292
+ allow(Fluent::Engine).to receive(:now).and_return(Time.now.to_i)
293
+ @timestamp = Time.parse("Feb 19 00:35:11 +09:00").to_i
294
+ @test_driver = create_driver(config)
295
+ text.force_encoding("ascii-8bit")
296
+ @test_driver.parse(text)
297
+ end
298
+ it { is_expected.to eq [
299
+ @timestamp, {
300
+ "syslog_timestamp" => "Feb 19 00:35:11",
301
+ "syslog_hostname" => "hogehuga",
302
+ "syslog_tag" => "",
303
+ "cef_version" => "0",
304
+ "cef_device_vendor" => "Vendor",
305
+ "cef_device_product" => "Product",
306
+ "cef_device_version" => "Version",
307
+ "cef_device_event_class_id" => "ID",
308
+ "cef_name" => "Name",
309
+ "cef_severity" => "Severity",
310
+ "src" => "192.168.1.1",
311
+ "spt" => "60000",
312
+ "dst" => "172.16.100.100",
313
+ "dpt" => "80",
314
+ "msg" => "\xe3\x2e\x2e\x2e".scrub('?') }]}
315
+ end
286
316
  end
287
317
  end
data/spec/spec_helper.rb CHANGED
@@ -24,11 +24,9 @@ require 'simplecov'
24
24
  require 'coveralls'
25
25
  Coveralls.wear!
26
26
 
27
- SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
28
- SimpleCov::Formatter::HTMLFormatter,
29
- Coveralls::SimpleCov::Formatter
30
- ]
31
- SimpleCov.start
27
+ SimpleCov.start do
28
+ add_filter "/spec/"
29
+ end
32
30
 
33
31
  RSpec.configure do |config|
34
32
  # rspec-expectations config goes here. You can use an alternate
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-parser_cef
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tomoyuki Sugimura
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-01-06 00:00:00.000000000 Z
11
+ date: 2017-02-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: fluentd
@@ -134,9 +134,9 @@ require_paths:
134
134
  - lib
135
135
  required_ruby_version: !ruby/object:Gem::Requirement
136
136
  requirements:
137
- - - ">="
137
+ - - "~>"
138
138
  - !ruby/object:Gem::Version
139
- version: '0'
139
+ version: '2.0'
140
140
  required_rubygems_version: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - ">="