RubyGems - fluent-plugin-windows-eventlog - Versions diffs - 0.2.1 → 0.4.2 - Mend

fluent-plugin-windows-eventlog 0.2.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +5 -5
data/.gitignore +14 -14
data/CHANGELOG.md +28 -0
data/Gemfile +4 -4
data/LICENSE.txt +203 -203
data/README.md +285 -63
data/Rakefile +10 -10
data/appveyor.yml +24 -27
data/fluent-plugin-winevtlog.gemspec +28 -25
data/lib/fluent/plugin/in_windows_eventlog.rb +234 -187
data/lib/fluent/plugin/in_windows_eventlog2.rb +227 -0
data/test/generate-windows-event.rb +47 -47
data/test/helper.rb +33 -32
data/test/plugin/test_in_windows_eventlog2.rb +214 -0
data/test/plugin/test_in_winevtlog.rb +48 -48
metadata +50 -4

data/test/generate-windows-event.rb CHANGED Viewed

@@ -1,47 +1,47 @@
-require 'win32/eventlog'
-class EventLog
-  def initialize
-    @logger = Win32::EventLog.new
-    @app_source = "fluent-plugins"
-  end
-  def info(event_id, message)
-    @logger.report_event(
-      source: @app_source,
-      event_type: Win32::EventLog::INFO_TYPE,
-      event_id: event_id,
-      data: message
-    )
-  end
-  def warn(event_id, message)
-    @logger.report_event(
-      source: @app_source,
-      event_type: Win32::EventLog::WARN_TYPE,
-      event_id: event_id,
-      data: message
-    )
-  end
-  def crit(event_id, message)
-    @logger.report_event(
-      source: @app_source,
-      event_type: Win32::EventLog::ERROR_TYPE,
-      event_id: event_id,
-      data: message
-    )
-  end
-end
-module Fluent
-  module Plugin
-    class EventService
-      def run
-        eventlog = EventLog.new()
-        eventlog.info(65500, "Hi, from fluentd-plugins!! at " + Time.now.strftime("%Y/%m/%d %H:%M:%S "))
-      end
-    end
-  end
-end
+require 'win32/eventlog'
+class EventLog
+  def initialize
+    @logger = Win32::EventLog.new
+    @app_source = "fluent-plugins"
+  end
+  def info(event_id, message)
+    @logger.report_event(
+      source: @app_source,
+      event_type: Win32::EventLog::INFO_TYPE,
+      event_id: event_id,
+      data: message
+    )
+  end
+  def warn(event_id, message)
+    @logger.report_event(
+      source: @app_source,
+      event_type: Win32::EventLog::WARN_TYPE,
+      event_id: event_id,
+      data: message
+    )
+  end
+  def crit(event_id, message)
+    @logger.report_event(
+      source: @app_source,
+      event_type: Win32::EventLog::ERROR_TYPE,
+      event_id: event_id,
+      data: message
+    )
+  end
+end
+module Fluent
+  module Plugin
+    class EventService
+      def run
+        eventlog = EventLog.new()
+        eventlog.info(65500, "Hi, from fluentd-plugins!! at " + Time.now.strftime("%Y/%m/%d %H:%M:%S "))
+      end
+    end
+  end
+end

data/test/helper.rb CHANGED Viewed

@@ -1,32 +1,33 @@
-require 'rubygems'
-require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'test/unit'
-$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
-$LOAD_PATH.unshift(File.dirname(__FILE__))
-require 'fluent/test'
-unless ENV.has_key?('VERBOSE')
-  nulllogger = Object.new
-  nulllogger.instance_eval {|obj|
-    def method_missing(method, *args)
-      # pass
-    end
-  }
-  $log = nulllogger
-end
-require 'fluent/test/driver/input'
-require 'fluent/plugin/in_windows_eventlog'
-class Test::Unit::TestCase
-end
-require 'fluent/test/helpers'
-include Fluent::Test::Helpers
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'fluent/test'
+unless ENV.has_key?('VERBOSE')
+  nulllogger = Object.new
+  nulllogger.instance_eval {|obj|
+    def method_missing(method, *args)
+      # pass
+    end
+  }
+  $log = nulllogger
+end
+require 'fluent/test/driver/input'
+require 'fluent/plugin/in_windows_eventlog'
+require 'fluent/plugin/in_windows_eventlog2'
+class Test::Unit::TestCase
+end
+require 'fluent/test/helpers'
+include Fluent::Test::Helpers

data/test/plugin/test_in_windows_eventlog2.rb ADDED Viewed

@@ -0,0 +1,214 @@
+require 'helper'
+require 'fileutils'
+require 'generate-windows-event'
+class WindowsEventLog2InputTest < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+  end
+  CONFIG = config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
+                            config_element("storage", "", {
+                                             '@type' => 'local',
+                                             'persistent' => false
+                                           })
+                          ])
+  def create_driver(conf = CONFIG)
+    Fluent::Test::Driver::Input.new(Fluent::Plugin::WindowsEventLog2Input).configure(conf)
+  end
+  def test_configure
+    d = create_driver CONFIG
+    assert_equal 'fluent.eventlog', d.instance.tag
+    assert_equal 2, d.instance.read_interval
+    assert_equal ['application'], d.instance.channels
+    assert_false d.instance.read_from_head
+    assert_true d.instance.render_as_xml
+  end
+  def test_parse_desc
+    d = create_driver
+    desc =<<-DESC
+A user's local group membership was enumerated.\r\n\r\nSubject:\r\n\tSecurity ID:\t\tS-X-Y-XX-WWWWWW-VVVV\r\n\tAccount Name:\t\tAdministrator\r\n\tAccount Domain:\t\tDESKTOP-FLUENTTEST\r\n\tLogon ID:\t\t0x3185B1\r\n\r\nUser:\r\n\tSecurity ID:\t\tS-X-Y-XX-WWWWWW-VVVV\r\n\tAccount Name:\t\tAdministrator\r\n\tAccount Domain:\t\tDESKTOP-FLUENTTEST\r\n\r\nProcess Information:\r\n\tProcess ID:\t\t0x50b8\r\n\tProcess Name:\t\tC:\\msys64\\usr\\bin\\make.exe
+DESC
+    h = {"Description" => desc}
+    expected = {"DescriptionTitle"                 => "A user's local group membership was enumerated.",
+                "subject.security_id"              => "S-X-Y-XX-WWWWWW-VVVV",
+                "subject.account_name"             => "Administrator",
+                "subject.account_domain"           => "DESKTOP-FLUENTTEST",
+                "subject.logon_id"                 => "0x3185B1",
+                "user.security_id"                 => "S-X-Y-XX-WWWWWW-VVVV",
+                "user.account_name"                => "Administrator",
+                "user.account_domain"              => "DESKTOP-FLUENTTEST",
+                "process_information.process_id"   => "0x50b8",
+                "process_information.process_name" => "C:\\msys64\\usr\\bin\\make.exe"}
+    d.instance.parse_desc(h)
+    assert_equal(expected, h)
+  end
+  def test_write
+    d = create_driver
+    service = Fluent::Plugin::EventService.new
+    d.run(expect_emits: 1) do
+      service.run
+    end
+    assert(d.events.length >= 1)
+    event = d.events.select {|e| e.last["EventID"] == "65500" }.last
+    record = event.last
+    assert_equal("Application", record["Channel"])
+    assert_equal("65500", record["EventID"])
+    assert_equal("4", record["Level"])
+    assert_equal("fluent-plugins", record["ProviderName"])
+  end
+  CONFIG_KEYS = config_element("ROOT", "", {
+                                 "tag" => "fluent.eventlog",
+                                 "keys" => ["EventID", "Level", "Channel", "ProviderName"]
+                               }, [
+                                 config_element("storage", "", {
+                                                  '@type' => 'local',
+                                                  'persistent' => false
+                                                })
+                               ])
+  def test_write_with_keys
+    d = create_driver(CONFIG_KEYS)
+    service = Fluent::Plugin::EventService.new
+    d.run(expect_emits: 1) do
+      service.run
+    end
+    assert(d.events.length >= 1)
+    event = d.events.last
+    record = event.last
+    expected = {"EventID"      => "65500",
+                "Level"        => "4",
+                "Channel"      => "Application",
+                "ProviderName" => "fluent-plugins"}
+    assert_equal(expected, record)
+  end
+  class HashRendered < self
+    def test_write
+      d = create_driver(config_element("ROOT", "", {"tag" => "fluent.eventlog",
+                                                    "render_as_xml" => false}, [
+                           config_element("storage", "", {
+                                            '@type' => 'local',
+                                            'persistent' => false
+                                          })
+                           ]))
+      service = Fluent::Plugin::EventService.new
+      d.run(expect_emits: 1) do
+        service.run
+      end
+      assert(d.events.length >= 1)
+      event = d.events.select {|e| e.last["EventID"] == "65500" }.last
+      record = event.last
+      assert_false(d.instance.render_as_xml)
+      assert_equal("Application", record["Channel"])
+      assert_equal("65500", record["EventID"])
+      assert_equal("4", record["Level"])
+      assert_equal("fluent-plugins", record["ProviderName"])
+    end
+  end
+  class PersistBookMark < self
+    TEST_PLUGIN_STORAGE_PATH = File.join( File.dirname(File.dirname(__FILE__)), 'tmp', 'in_windows_eventlog2', 'store' )
+    CONFIG2 = config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
+                               config_element("storage", "", {
+                                                '@type' => 'local',
+                                                '@id' => 'test-02',
+                                                'path' => File.join(TEST_PLUGIN_STORAGE_PATH,
+                                                                    'json', 'test-02.json'),
+                                                'persistent' => true,
+                                              })
+                             ])
+    def setup
+      FileUtils.rm_rf(TEST_PLUGIN_STORAGE_PATH)
+      FileUtils.mkdir_p(File.join(TEST_PLUGIN_STORAGE_PATH, 'json'))
+      FileUtils.chmod_R(0755, File.join(TEST_PLUGIN_STORAGE_PATH, 'json'))
+    end
+    def test_write
+      d = create_driver(CONFIG2)
+      assert !File.exist?(File.join(TEST_PLUGIN_STORAGE_PATH, 'json', 'test-02.json'))
+      service = Fluent::Plugin::EventService.new
+      d.run(expect_emits: 1) do
+        service.run
+      end
+      assert(d.events.length >= 1)
+      event = d.events.select {|e| e.last["EventID"] == "65500" }.last
+      record = event.last
+      prev_id = record["EventRecordID"].to_i
+      assert_equal("Application", record["Channel"])
+      assert_equal("65500", record["EventID"])
+      assert_equal("4", record["Level"])
+      assert_equal("fluent-plugins", record["ProviderName"])
+      assert File.exist?(File.join(TEST_PLUGIN_STORAGE_PATH, 'json', 'test-02.json'))
+      d2 = create_driver(CONFIG2)
+      d2.run(expect_emits: 1) do
+        service.run
+      end
+      assert(d2.events.length == 1) # should be tailing after previous context.
+      event2 = d2.events.last
+      record2 = event2.last
+      curr_id = record2["EventRecordID"].to_i
+      assert(curr_id > prev_id)
+      assert File.exist?(File.join(TEST_PLUGIN_STORAGE_PATH, 'json', 'test-02.json'))
+    end
+  end
+  def test_write_with_none_parser
+    d = create_driver(config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
+                                       config_element("storage", "", {
+                                                        '@type' => 'local',
+                                                        'persistent' => false
+                                                      }),
+                                       config_element("parse", "", {
+                                                        '@type' => 'none',
+                                                      }),
+                                     ]))
+    service = Fluent::Plugin::EventService.new
+    d.run(expect_emits: 1) do
+      service.run
+    end
+    assert(d.events.length >= 1)
+    event = d.events.last
+    record = event.last
+    assert do
+      # record should be {message: <RAW XML EventLog>}.
+      record["message"]
+    end
+    assert_true(record.has_key?("Description"))
+    assert_true(record.has_key?("EventData"))
+  end
+end

data/test/plugin/test_in_winevtlog.rb CHANGED Viewed

@@ -1,48 +1,48 @@
-require 'helper'
-require 'generate-windows-event'
-class WindowsEventLogInputTest < Test::Unit::TestCase
-  def setup
-    Fluent::Test.setup
-  end
-  CONFIG = config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
-                            config_element("storage", "", {
-                                             '@type' => 'local',
-                                             'persistent' => false
-                                           })
-                          ])
-  def create_driver(conf = CONFIG)
-    Fluent::Test::Driver::Input.new(Fluent::Plugin::WindowsEventLogInput).configure(conf)
-  end
-  def test_configure
-    d = create_driver CONFIG
-    assert_equal 'fluent.eventlog', d.instance.tag
-    assert_equal 2, d.instance.read_interval
-    assert_nil d.instance.pos_file
-    assert_equal ['application'], d.instance.channels
-    assert_true d.instance.keys.empty?
-    assert_false d.instance.read_from_head
-  end
-  def test_write
-    d = create_driver
-    service = Fluent::Plugin::EventService.new
-    d.run(expect_emits: 1) do
-      service.run
-    end
-    assert(d.events.length >= 1)
-    event = d.events.last
-    record = event.last
-    assert_equal("application", record["channel"])
-    assert_equal("65500", record["event_id"])
-    assert_equal("information", record["event_type"])
-    assert_equal("fluent-plugins", record["source_name"])
-  end
-end
+require 'helper'
+require 'generate-windows-event'
+class WindowsEventLogInputTest < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+  end
+  CONFIG = config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
+                            config_element("storage", "", {
+                                             '@type' => 'local',
+                                             'persistent' => false
+                                           })
+                          ])
+  def create_driver(conf = CONFIG)
+    Fluent::Test::Driver::Input.new(Fluent::Plugin::WindowsEventLogInput).configure(conf)
+  end
+  def test_configure
+    d = create_driver CONFIG
+    assert_equal 'fluent.eventlog', d.instance.tag
+    assert_equal 2, d.instance.read_interval
+    assert_nil d.instance.pos_file
+    assert_equal ['application'], d.instance.channels
+    assert_true d.instance.keys.empty?
+    assert_false d.instance.read_from_head
+  end
+  def test_write
+    d = create_driver
+    service = Fluent::Plugin::EventService.new
+    d.run(expect_emits: 1) do
+      service.run
+    end
+    assert(d.events.length >= 1)
+    event = d.events.select {|e| e.last["event_id"] == "65500" }.last
+    record = event.last
+    assert_equal("application", record["channel"])
+    assert_equal("65500", record["event_id"])
+    assert_equal("information", record["event_type"])
+    assert_equal("fluent-plugins", record["source_name"])
+  end
+end