RubyGems - fluent-plugin-windows-eventlog - Versions diffs - 0.2.2 → 0.3.0 - Mend

fluent-plugin-windows-eventlog 0.2.2 → 0.3.0

Files changed (19) hide show

checksums.yaml +5 -5
data/.gitignore +14 -14
data/CHANGELOG.md +16 -0
data/Gemfile +4 -4
data/LICENSE.txt +203 -203
data/README.md +279 -132
data/Rakefile +10 -10
data/appveyor.yml +24 -34
data/fluent-plugin-winevtlog.gemspec +27 -25
data/lib/fluent/plugin/in_windows_eventlog.rb +234 -234
data/lib/fluent/plugin/in_windows_eventlog2.rb +169 -0
data/lib/fluent/plugin/parser_winevt_xml.rb +34 -0
data/test/data/eventlog.xml +1 -0
data/test/generate-windows-event.rb +47 -47
data/test/helper.rb +35 -32
data/test/plugin/test_in_windows_eventlog2.rb +182 -0
data/test/plugin/test_in_winevtlog.rb +48 -48
data/test/plugin/test_parser_winevt_xml.rb +42 -0
metadata +41 -4

data/test/plugin/test_in_winevtlog.rb CHANGED

@@ -1,48 +1,48 @@
-require 'helper'
-require 'generate-windows-event'
-class WindowsEventLogInputTest < Test::Unit::TestCase
-  def setup
-    Fluent::Test.setup
-  end
-  CONFIG = config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
-                            config_element("storage", "", {
-                                             '@type' => 'local',
-                                             'persistent' => false
-                                           })
-                          ])
-  def create_driver(conf = CONFIG)
-    Fluent::Test::Driver::Input.new(Fluent::Plugin::WindowsEventLogInput).configure(conf)
-  end
-  def test_configure
-    d = create_driver CONFIG
-    assert_equal 'fluent.eventlog', d.instance.tag
-    assert_equal 2, d.instance.read_interval
-    assert_nil d.instance.pos_file
-    assert_equal ['application'], d.instance.channels
-    assert_true d.instance.keys.empty?
-    assert_false d.instance.read_from_head
-  end
-  def test_write
-    d = create_driver
-    service = Fluent::Plugin::EventService.new
-    d.run(expect_emits: 1) do
-      service.run
-    end
-    assert(d.events.length >= 1)
-    event = d.events.last
-    record = event.last
-    assert_equal("application", record["channel"])
-    assert_equal("65500", record["event_id"])
-    assert_equal("information", record["event_type"])
-    assert_equal("fluent-plugins", record["source_name"])
-  end
-end
+require 'helper'
+require 'generate-windows-event'
+class WindowsEventLogInputTest < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+  end
+  CONFIG = config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
+                            config_element("storage", "", {
+                                             '@type' => 'local',
+                                             'persistent' => false
+                                           })
+                          ])
+  def create_driver(conf = CONFIG)
+    Fluent::Test::Driver::Input.new(Fluent::Plugin::WindowsEventLogInput).configure(conf)
+  end
+  def test_configure
+    d = create_driver CONFIG
+    assert_equal 'fluent.eventlog', d.instance.tag
+    assert_equal 2, d.instance.read_interval
+    assert_nil d.instance.pos_file
+    assert_equal ['application'], d.instance.channels
+    assert_true d.instance.keys.empty?
+    assert_false d.instance.read_from_head
+  end
+  def test_write
+    d = create_driver
+    service = Fluent::Plugin::EventService.new
+    d.run(expect_emits: 1) do
+      service.run
+    end
+    assert(d.events.length >= 1)
+    event = d.events.last
+    record = event.last
+    assert_equal("application", record["channel"])
+    assert_equal("65500", record["event_id"])
+    assert_equal("information", record["event_type"])
+    assert_equal("fluent-plugins", record["source_name"])
+  end
+end

data/test/plugin/test_parser_winevt_xml.rb ADDED

@@ -0,0 +1,42 @@
+require 'helper'
+require 'generate-windows-event'
+class WinevtXMLparserTest < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+  end
+  CONFIG = %[]
+  XMLLOG = File.open(File.join(__dir__, "..", "data", "eventlog.xml") )
+  def create_driver(conf = CONFIG)
+    Fluent::Test::Driver::Parser.new(Fluent::Plugin::WinevtXMLparser).configure(conf)
+  end
+  def test_parse
+    d = create_driver
+    xml = XMLLOG
+    expected = {"ProviderName"      => "Microsoft-Windows-Security-Auditing",
+                "ProviderGUID"      => "{54849625-5478-4994-A5BA-3E3B0328C30D}",
+                "EventID"           => "4624",
+                "Qualifiers"        => nil,
+                "Level"             => "0",
+                "Task"              => "12544",
+                "Opcode"            => "0",
+                "Keywords"          => "0x8020000000000000",
+                "TimeCreated"       => "2019-06-13T09:21:23.345889600Z",
+                "EventRecordID"     => "80688",
+                "ActivityID"        => "",
+                "RelatedActivityID" => "{587F0743-1F71-0006-5007-7F58711FD501}",
+                "ThreadID"          => "24708",
+                "Channel"           => "Security",
+                "Computer"          => "Fluentd-Developing-Windows",
+                "UserID"            => nil,
+                "Version"           => "2",
+                "EventData"         => []}
+    d.instance.parse(xml) do |time, record|
+      assert_equal(expected, record)
+    end
+  end
+end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-windows-eventlog
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.3.0
 platform: ruby
 authors:
 - okahashi117
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-09-08 00:00:00.000000000 Z
+date: 2019-07-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -88,7 +88,35 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Fluentd Input plugin to read windwos event log.
+- !ruby/object:Gem::Dependency
+  name: winevt_c
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+description: Fluentd Input plugin to read windows event log.
 email:
 - naruki_okahashi@jbat.co.jp
 - cosmo0920.oucc@gmail.com
@@ -98,6 +126,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -105,9 +134,14 @@ files:
 - appveyor.yml
 - fluent-plugin-winevtlog.gemspec
 - lib/fluent/plugin/in_windows_eventlog.rb
+- lib/fluent/plugin/in_windows_eventlog2.rb
+- lib/fluent/plugin/parser_winevt_xml.rb
+- test/data/eventlog.xml
 - test/generate-windows-event.rb
 - test/helper.rb
+- test/plugin/test_in_windows_eventlog2.rb
 - test/plugin/test_in_winevtlog.rb
+- test/plugin/test_parser_winevt_xml.rb
 homepage: https://github.com/fluent/fluent-plugin-windows-eventlog
 licenses:
 - Apache-2.0
@@ -128,11 +162,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.11
+rubygems_version: 2.7.3
 signing_key:
 specification_version: 4
 summary: Fluentd Input plugin to read windows event log.
 test_files:
+- test/data/eventlog.xml
 - test/generate-windows-event.rb
 - test/helper.rb
+- test/plugin/test_in_windows_eventlog2.rb
 - test/plugin/test_in_winevtlog.rb
+- test/plugin/test_parser_winevt_xml.rb