fluent-plugin-windows-eventlog 0.4.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/fluent-plugin-winevtlog.gemspec +1 -1
  4. data/lib/fluent/plugin/in_windows_eventlog2.rb +53 -43
  5. data/test/plugin/test_in_windows_eventlog2.rb +3 -3
  6. data/test/plugin/test_in_winevtlog.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 59131dc675a5af717f4f3d693af1f902d76aa7b557e82c14431cd310f28cf999
4
- data.tar.gz: f130a09fbb2c8a35a287869447e1486b3d21d371bc1acf4744ebd1a471e76edf
3
+ metadata.gz: 06511272a8c96f22e69b50f60d2a6c5b7ac377c0c446d48fc842cc4e2b272b7b
4
+ data.tar.gz: 78635a96981173d47b640f887b62e4ba7d0d773b1eaf39bfb0c59be488073364
5
5
  SHA512:
6
- metadata.gz: 6b9e107c6dd037cc4c2ef391cacf6636884a210a3c7058770972c0968603c8600267babaeee7cebb3dc75259c13d3aa0697e3a1980c06cba3d0daf26912b063e
7
- data.tar.gz: 8e41835e28cf0ad5ba6a73d50c985518c001988a721a5fdee2dd4820d48e656835b4e26d19eeefdd0c3db62ee701f29d957efcff7d87f0ade7449f720c8f6849
6
+ metadata.gz: ccabe68cf1bd5188e12f3eaa46670488b6eb458aca556d15d09022489722bf5be9ca6cace64b93abbb2d4aeecb5a4a8210a2e9787de96a201d6a24bdca201f1a
7
+ data.tar.gz: 290a21af0606ef47c61e3f9c63f45b25b0f1d90dcf2268a950c3f460e02faa59e72b4a0e6bdc3452bae10121c550b53d4b410610c587042498837075e081977e
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ # Release v0.4.2 - 2019/10/16
2
+ * in_windows_eventlog2: Handle invalid data error from `Winevt::EventLog::Query::Error`
3
+
1
4
  # Release v0.4.1 - 2019/10/11
2
5
  * in_windows_eventlog2: Add a missing ProcessID record
3
6
 
data/fluent-plugin-winevtlog.gemspec CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |spec|
6
6
  spec.name = "fluent-plugin-windows-eventlog"
7
- spec.version = "0.4.1"
7
+ spec.version = "0.4.2"
8
8
  spec.authors = ["okahashi117", "Hiroshi Hatake", "Masahiro Nakagawa"]
9
9
  spec.email = ["naruki_okahashi@jbat.co.jp", "cosmo0920.oucc@gmail.com", "repeatedly@gmail.com"]
10
10
  spec.summary = %q{Fluentd Input plugin to read windows event log.}
data/lib/fluent/plugin/in_windows_eventlog2.rb CHANGED
@@ -110,35 +110,40 @@ module Fluent::Plugin
110
110
 
111
111
  def on_notify_xml(ch, subscribe)
112
112
  es = Fluent::MultiEventStream.new
113
- subscribe.each do |xml, message, string_inserts|
114
- @parser.parse(xml) do |time, record|
115
- # record.has_key?("EventData") for none parser checking.
116
- if @winevt_xml
117
- record["Description"] = message
118
- record["EventData"] = string_inserts
119
-
120
- h = {}
121
- @keynames.each do |k|
122
- type = KEY_MAP[k][1]
123
- value = record[KEY_MAP[k][0]]
124
- h[k]=case type
125
- when :string
126
- value.to_s
127
- when :array
128
- value.map {|v| v.to_s}
129
- else
130
- raise "Unknown value type: #{type}"
131
- end
113
+ begin
114
+ subscribe.each do |xml, message, string_inserts|
115
+ @parser.parse(xml) do |time, record|
116
+ # record.has_key?("EventData") for none parser checking.
117
+ if @winevt_xml
118
+ record["Description"] = message
119
+ record["EventData"] = string_inserts
120
+
121
+ h = {}
122
+ @keynames.each do |k|
123
+ type = KEY_MAP[k][1]
124
+ value = record[KEY_MAP[k][0]]
125
+ h[k]=case type
126
+ when :string
127
+ value.to_s
128
+ when :array
129
+ value.map {|v| v.to_s}
130
+ else
131
+ raise "Unknown value type: #{type}"
132
+ end
133
+ end
134
+ parse_desc(h) if @parse_description
135
+ es.add(Fluent::Engine.now, h)
136
+ else
137
+ record["Description"] = message
138
+ record["EventData"] = string_inserts
139
+ # for none parser
140
+ es.add(Fluent::Engine.now, record)
132
141
  end
133
- parse_desc(h) if @parse_description
134
- es.add(Fluent::Engine.now, h)
135
- else
136
- record["Description"] = message
137
- record["EventData"] = string_inserts
138
- # for none parser
139
- es.add(Fluent::Engine.now, record)
140
142
  end
141
143
  end
144
+ rescue Winevt::EventLog::Query::Error => e
145
+ log.warn "Invalid XML data", error: e
146
+ log.warn_backtrace
142
147
  end
143
148
  router.emit_stream(@tag, es)
144
149
  @bookmarks_storage.put(ch, subscribe.bookmark)
@@ -146,24 +151,29 @@ module Fluent::Plugin
146
151
 
147
152
  def on_notify_hash(ch, subscribe)
148
153
  es = Fluent::MultiEventStream.new
149
- subscribe.each do |record, message, string_inserts|
150
- record["Description"] = message
151
- record["EventData"] = string_inserts
152
- h = {}
153
- @keynames.each do |k|
154
- type = KEY_MAP[k][1]
155
- value = record[KEY_MAP[k][0]]
156
- h[k]=case type
157
- when :string
158
- value.to_s
159
- when :array
160
- value.map {|v| v.to_s}
161
- else
162
- raise "Unknown value type: #{type}"
163
- end
154
+ begin
155
+ subscribe.each do |record, message, string_inserts|
156
+ record["Description"] = message
157
+ record["EventData"] = string_inserts
158
+ h = {}
159
+ @keynames.each do |k|
160
+ type = KEY_MAP[k][1]
161
+ value = record[KEY_MAP[k][0]]
162
+ h[k]=case type
163
+ when :string
164
+ value.to_s
165
+ when :array
166
+ value.map {|v| v.to_s}
167
+ else
168
+ raise "Unknown value type: #{type}"
169
+ end
170
+ end
171
+ parse_desc(h) if @parse_description
172
+ es.add(Fluent::Engine.now, h)
164
173
  end
165
- parse_desc(h) if @parse_description
166
- es.add(Fluent::Engine.now, h)
174
+ rescue Winevt::EventLog::Query::Error => e
175
+ log.warn "Invalid Hash data", error: e
176
+ log.warn_backtrace
167
177
  end
168
178
  router.emit_stream(@tag, es)
169
179
  @bookmarks_storage.put(ch, subscribe.bookmark)
data/test/plugin/test_in_windows_eventlog2.rb CHANGED
@@ -58,7 +58,7 @@ DESC
58
58
  end
59
59
 
60
60
  assert(d.events.length >= 1)
61
- event = d.events.last
61
+ event = d.events.select {|e| e.last["EventID"] == "65500" }.last
62
62
  record = event.last
63
63
 
64
64
  assert_equal("Application", record["Channel"])
@@ -114,7 +114,7 @@ DESC
114
114
  end
115
115
 
116
116
  assert(d.events.length >= 1)
117
- event = d.events.last
117
+ event = d.events.select {|e| e.last["EventID"] == "65500" }.last
118
118
  record = event.last
119
119
 
120
120
  assert_false(d.instance.render_as_xml)
@@ -155,7 +155,7 @@ DESC
155
155
  end
156
156
 
157
157
  assert(d.events.length >= 1)
158
- event = d.events.last
158
+ event = d.events.select {|e| e.last["EventID"] == "65500" }.last
159
159
  record = event.last
160
160
 
161
161
  prev_id = record["EventRecordID"].to_i
data/test/plugin/test_in_winevtlog.rb CHANGED
@@ -38,7 +38,7 @@ class WindowsEventLogInputTest < Test::Unit::TestCase
38
38
  end
39
39
 
40
40
  assert(d.events.length >= 1)
41
- event = d.events.last
41
+ event = d.events.select {|e| e.last["event_id"] == "65500" }.last
42
42
  record = event.last
43
43
  assert_equal("application", record["channel"])
44
44
  assert_equal("65500", record["event_id"])
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-windows-eventlog
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - okahashi117
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2019-10-11 00:00:00.000000000 Z
13
+ date: 2019-10-16 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: bundler