fluent-plugin-windows-eventlog 0.2.1 → 0.4.2

data/test/generate-windows-event.rb

@@ -1,47 +1,47 @@
-require 'win32/eventlog'
-
-class EventLog
-  def initialize
-    @logger = Win32::EventLog.new
-    @app_source = "fluent-plugins"
-  end
-
-  def info(event_id, message)
-    @logger.report_event(
-      source: @app_source,
-      event_type: Win32::EventLog::INFO_TYPE,
-      event_id: event_id,
-      data: message
-    )
-  end
-
-  def warn(event_id, message)
-    @logger.report_event(
-      source: @app_source,
-      event_type: Win32::EventLog::WARN_TYPE,
-      event_id: event_id,
-      data: message
-    )
-  end
-
-  def crit(event_id, message)
-    @logger.report_event(
-      source: @app_source,
-      event_type: Win32::EventLog::ERROR_TYPE,
-      event_id: event_id,
-      data: message
-    )
-  end
-
-end
-
-module Fluent
-  module Plugin
-    class EventService
-      def run
-        eventlog = EventLog.new()
-        eventlog.info(65500, "Hi, from fluentd-plugins!! at " + Time.now.strftime("%Y/%m/%d %H:%M:%S "))
-      end
-    end
-  end
-end
+require 'win32/eventlog'
+
+class EventLog
+  def initialize
+    @logger = Win32::EventLog.new
+    @app_source = "fluent-plugins"
+  end
+
+  def info(event_id, message)
+    @logger.report_event(
+      source: @app_source,
+      event_type: Win32::EventLog::INFO_TYPE,
+      event_id: event_id,
+      data: message
+    )
+  end
+
+  def warn(event_id, message)
+    @logger.report_event(
+      source: @app_source,
+      event_type: Win32::EventLog::WARN_TYPE,
+      event_id: event_id,
+      data: message
+    )
+  end
+
+  def crit(event_id, message)
+    @logger.report_event(
+      source: @app_source,
+      event_type: Win32::EventLog::ERROR_TYPE,
+      event_id: event_id,
+      data: message
+    )
+  end
+
+end
+
+module Fluent
+  module Plugin
+    class EventService
+      def run
+        eventlog = EventLog.new()
+        eventlog.info(65500, "Hi, from fluentd-plugins!! at " + Time.now.strftime("%Y/%m/%d %H:%M:%S "))
+      end
+    end
+  end
+end

data/test/helper.rb

@@ -1,32 +1,33 @@
-require 'rubygems'
-require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'test/unit'
-
-$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
-$LOAD_PATH.unshift(File.dirname(__FILE__))
-require 'fluent/test'
-unless ENV.has_key?('VERBOSE')
-  nulllogger = Object.new
-  nulllogger.instance_eval {|obj|
-    def method_missing(method, *args)
-      # pass
-    end
-  }
-  $log = nulllogger
-end
-
-require 'fluent/test/driver/input'
-require 'fluent/plugin/in_windows_eventlog'
-
-class Test::Unit::TestCase
-end
-require 'fluent/test/helpers'
-
-include Fluent::Test::Helpers
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'fluent/test'
+unless ENV.has_key?('VERBOSE')
+  nulllogger = Object.new
+  nulllogger.instance_eval {|obj|
+    def method_missing(method, *args)
+      # pass
+    end
+  }
+  $log = nulllogger
+end
+
+require 'fluent/test/driver/input'
+require 'fluent/plugin/in_windows_eventlog'
+require 'fluent/plugin/in_windows_eventlog2'
+
+class Test::Unit::TestCase
+end
+require 'fluent/test/helpers'
+
+include Fluent::Test::Helpers

data/test/plugin/test_in_windows_eventlog2.rb

@@ -0,0 +1,214 @@
+require 'helper'
+require 'fileutils'
+require 'generate-windows-event'
+
+class WindowsEventLog2InputTest < Test::Unit::TestCase
+
+  def setup
+    Fluent::Test.setup
+  end
+
+  CONFIG = config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
+                            config_element("storage", "", {
+                                             '@type' => 'local',
+                                             'persistent' => false
+                                           })
+                          ])
+
+  def create_driver(conf = CONFIG)
+    Fluent::Test::Driver::Input.new(Fluent::Plugin::WindowsEventLog2Input).configure(conf)
+  end
+
+  def test_configure
+    d = create_driver CONFIG
+    assert_equal 'fluent.eventlog', d.instance.tag
+    assert_equal 2, d.instance.read_interval
+    assert_equal ['application'], d.instance.channels
+    assert_false d.instance.read_from_head
+    assert_true d.instance.render_as_xml
+  end
+
+  def test_parse_desc
+    d = create_driver
+    desc =<<-DESC
+A user's local group membership was enumerated.\r\n\r\nSubject:\r\n\tSecurity ID:\t\tS-X-Y-XX-WWWWWW-VVVV\r\n\tAccount Name:\t\tAdministrator\r\n\tAccount Domain:\t\tDESKTOP-FLUENTTEST\r\n\tLogon ID:\t\t0x3185B1\r\n\r\nUser:\r\n\tSecurity ID:\t\tS-X-Y-XX-WWWWWW-VVVV\r\n\tAccount Name:\t\tAdministrator\r\n\tAccount Domain:\t\tDESKTOP-FLUENTTEST\r\n\r\nProcess Information:\r\n\tProcess ID:\t\t0x50b8\r\n\tProcess Name:\t\tC:\\msys64\\usr\\bin\\make.exe
+DESC
+    h = {"Description" => desc}
+    expected = {"DescriptionTitle"                 => "A user's local group membership was enumerated.",
+                "subject.security_id"              => "S-X-Y-XX-WWWWWW-VVVV",
+                "subject.account_name"             => "Administrator",
+                "subject.account_domain"           => "DESKTOP-FLUENTTEST",
+                "subject.logon_id"                 => "0x3185B1",
+                "user.security_id"                 => "S-X-Y-XX-WWWWWW-VVVV",
+                "user.account_name"                => "Administrator",
+                "user.account_domain"              => "DESKTOP-FLUENTTEST",
+                "process_information.process_id"   => "0x50b8",
+                "process_information.process_name" => "C:\\msys64\\usr\\bin\\make.exe"}
+    d.instance.parse_desc(h)
+    assert_equal(expected, h)
+  end
+
+  def test_write
+    d = create_driver
+
+    service = Fluent::Plugin::EventService.new
+
+    d.run(expect_emits: 1) do
+      service.run
+    end
+
+    assert(d.events.length >= 1)
+    event = d.events.select {|e| e.last["EventID"] == "65500" }.last
+    record = event.last
+
+    assert_equal("Application", record["Channel"])
+    assert_equal("65500", record["EventID"])
+    assert_equal("4", record["Level"])
+    assert_equal("fluent-plugins", record["ProviderName"])
+  end
+
+  CONFIG_KEYS = config_element("ROOT", "", {
+                                 "tag" => "fluent.eventlog",
+                                 "keys" => ["EventID", "Level", "Channel", "ProviderName"]
+                               }, [
+                                 config_element("storage", "", {
+                                                  '@type' => 'local',
+                                                  'persistent' => false
+                                                })
+                               ])
+  def test_write_with_keys
+    d = create_driver(CONFIG_KEYS)
+
+    service = Fluent::Plugin::EventService.new
+
+    d.run(expect_emits: 1) do
+      service.run
+    end
+
+    assert(d.events.length >= 1)
+    event = d.events.last
+    record = event.last
+
+    expected = {"EventID"      => "65500",
+                "Level"        => "4",
+                "Channel"      => "Application",
+                "ProviderName" => "fluent-plugins"}
+
+    assert_equal(expected, record)
+  end
+
+  class HashRendered < self
+    def test_write
+      d = create_driver(config_element("ROOT", "", {"tag" => "fluent.eventlog",
+                                                    "render_as_xml" => false}, [
+                           config_element("storage", "", {
+                                            '@type' => 'local',
+                                            'persistent' => false
+                                          })
+                           ]))
+
+      service = Fluent::Plugin::EventService.new
+
+      d.run(expect_emits: 1) do
+        service.run
+      end
+
+      assert(d.events.length >= 1)
+      event = d.events.select {|e| e.last["EventID"] == "65500" }.last
+      record = event.last
+
+      assert_false(d.instance.render_as_xml)
+      assert_equal("Application", record["Channel"])
+      assert_equal("65500", record["EventID"])
+      assert_equal("4", record["Level"])
+      assert_equal("fluent-plugins", record["ProviderName"])
+    end
+  end
+
+  class PersistBookMark < self
+    TEST_PLUGIN_STORAGE_PATH = File.join( File.dirname(File.dirname(__FILE__)), 'tmp', 'in_windows_eventlog2', 'store' )
+    CONFIG2 = config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
+                               config_element("storage", "", {
+                                                '@type' => 'local',
+                                                '@id' => 'test-02',
+                                                'path' => File.join(TEST_PLUGIN_STORAGE_PATH,
+                                                                    'json', 'test-02.json'),
+                                                'persistent' => true,
+                                              })
+                             ])
+
+    def setup
+      FileUtils.rm_rf(TEST_PLUGIN_STORAGE_PATH)
+      FileUtils.mkdir_p(File.join(TEST_PLUGIN_STORAGE_PATH, 'json'))
+      FileUtils.chmod_R(0755, File.join(TEST_PLUGIN_STORAGE_PATH, 'json'))
+    end
+
+    def test_write
+      d = create_driver(CONFIG2)
+
+      assert !File.exist?(File.join(TEST_PLUGIN_STORAGE_PATH, 'json', 'test-02.json'))
+
+      service = Fluent::Plugin::EventService.new
+
+      d.run(expect_emits: 1) do
+        service.run
+      end
+
+      assert(d.events.length >= 1)
+      event = d.events.select {|e| e.last["EventID"] == "65500" }.last
+      record = event.last
+
+      prev_id = record["EventRecordID"].to_i
+      assert_equal("Application", record["Channel"])
+      assert_equal("65500", record["EventID"])
+      assert_equal("4", record["Level"])
+      assert_equal("fluent-plugins", record["ProviderName"])
+
+      assert File.exist?(File.join(TEST_PLUGIN_STORAGE_PATH, 'json', 'test-02.json'))
+
+      d2 = create_driver(CONFIG2)
+      d2.run(expect_emits: 1) do
+        service.run
+      end
+
+      assert(d2.events.length == 1) # should be tailing after previous context.
+      event2 = d2.events.last
+      record2 = event2.last
+
+      curr_id = record2["EventRecordID"].to_i
+      assert(curr_id > prev_id)
+
+      assert File.exist?(File.join(TEST_PLUGIN_STORAGE_PATH, 'json', 'test-02.json'))
+    end
+  end
+
+  def test_write_with_none_parser
+    d = create_driver(config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
+                                       config_element("storage", "", {
+                                                        '@type' => 'local',
+                                                        'persistent' => false
+                                                      }),
+                                       config_element("parse", "", {
+                                                        '@type' => 'none',
+                                                      }),
+                                     ]))
+
+    service = Fluent::Plugin::EventService.new
+
+    d.run(expect_emits: 1) do
+      service.run
+    end
+
+    assert(d.events.length >= 1)
+    event = d.events.last
+    record = event.last
+
+    assert do
+      # record should be {message: <RAW XML EventLog>}.
+      record["message"]
+    end
+
+    assert_true(record.has_key?("Description"))
+    assert_true(record.has_key?("EventData"))
+  end
+end

data/test/plugin/test_in_winevtlog.rb

@@ -1,48 +1,48 @@
-require 'helper'
-require 'generate-windows-event'
-
-class WindowsEventLogInputTest < Test::Unit::TestCase
-
-  def setup
-    Fluent::Test.setup
-  end
-
-  CONFIG = config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
-                            config_element("storage", "", {
-                                             '@type' => 'local',
-                                             'persistent' => false
-                                           })
-                          ])
-
-  def create_driver(conf = CONFIG)
-    Fluent::Test::Driver::Input.new(Fluent::Plugin::WindowsEventLogInput).configure(conf)
-  end
-
-  def test_configure
-    d = create_driver CONFIG
-    assert_equal 'fluent.eventlog', d.instance.tag
-    assert_equal 2, d.instance.read_interval
-    assert_nil d.instance.pos_file
-    assert_equal ['application'], d.instance.channels
-    assert_true d.instance.keys.empty?
-    assert_false d.instance.read_from_head
-  end
-
-  def test_write
-    d = create_driver
-
-    service = Fluent::Plugin::EventService.new
-
-    d.run(expect_emits: 1) do
-      service.run
-    end
-
-    assert(d.events.length >= 1)
-    event = d.events.last
-    record = event.last
-    assert_equal("application", record["channel"])
-    assert_equal("65500", record["event_id"])
-    assert_equal("information", record["event_type"])
-    assert_equal("fluent-plugins", record["source_name"])
-  end
-end
+require 'helper'
+require 'generate-windows-event'
+
+class WindowsEventLogInputTest < Test::Unit::TestCase
+
+  def setup
+    Fluent::Test.setup
+  end
+
+  CONFIG = config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
+                            config_element("storage", "", {
+                                             '@type' => 'local',
+                                             'persistent' => false
+                                           })
+                          ])
+
+  def create_driver(conf = CONFIG)
+    Fluent::Test::Driver::Input.new(Fluent::Plugin::WindowsEventLogInput).configure(conf)
+  end
+
+  def test_configure
+    d = create_driver CONFIG
+    assert_equal 'fluent.eventlog', d.instance.tag
+    assert_equal 2, d.instance.read_interval
+    assert_nil d.instance.pos_file
+    assert_equal ['application'], d.instance.channels
+    assert_true d.instance.keys.empty?
+    assert_false d.instance.read_from_head
+  end
+
+  def test_write
+    d = create_driver
+
+    service = Fluent::Plugin::EventService.new
+
+    d.run(expect_emits: 1) do
+      service.run
+    end
+
+    assert(d.events.length >= 1)
+    event = d.events.select {|e| e.last["event_id"] == "65500" }.last
+    record = event.last
+    assert_equal("application", record["channel"])
+    assert_equal("65500", record["event_id"])
+    assert_equal("information", record["event_type"])
+    assert_equal("fluent-plugins", record["source_name"])
+  end
+end