fluent-plugin-windows-eventlog 0.4.1 → 0.4.2
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 06511272a8c96f22e69b50f60d2a6c5b7ac377c0c446d48fc842cc4e2b272b7b
|
4
|
+
data.tar.gz: 78635a96981173d47b640f887b62e4ba7d0d773b1eaf39bfb0c59be488073364
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ccabe68cf1bd5188e12f3eaa46670488b6eb458aca556d15d09022489722bf5be9ca6cace64b93abbb2d4aeecb5a4a8210a2e9787de96a201d6a24bdca201f1a
|
7
|
+
data.tar.gz: 290a21af0606ef47c61e3f9c63f45b25b0f1d90dcf2268a950c3f460e02faa59e72b4a0e6bdc3452bae10121c550b53d4b410610c587042498837075e081977e
|
data/CHANGELOG.md
CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = "fluent-plugin-windows-eventlog"
|
7
|
-
spec.version = "0.4.
|
7
|
+
spec.version = "0.4.2"
|
8
8
|
spec.authors = ["okahashi117", "Hiroshi Hatake", "Masahiro Nakagawa"]
|
9
9
|
spec.email = ["naruki_okahashi@jbat.co.jp", "cosmo0920.oucc@gmail.com", "repeatedly@gmail.com"]
|
10
10
|
spec.summary = %q{Fluentd Input plugin to read windows event log.}
|
@@ -110,35 +110,40 @@ module Fluent::Plugin
|
|
110
110
|
|
111
111
|
def on_notify_xml(ch, subscribe)
|
112
112
|
es = Fluent::MultiEventStream.new
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
113
|
+
begin
|
114
|
+
subscribe.each do |xml, message, string_inserts|
|
115
|
+
@parser.parse(xml) do |time, record|
|
116
|
+
# record.has_key?("EventData") for none parser checking.
|
117
|
+
if @winevt_xml
|
118
|
+
record["Description"] = message
|
119
|
+
record["EventData"] = string_inserts
|
120
|
+
|
121
|
+
h = {}
|
122
|
+
@keynames.each do |k|
|
123
|
+
type = KEY_MAP[k][1]
|
124
|
+
value = record[KEY_MAP[k][0]]
|
125
|
+
h[k]=case type
|
126
|
+
when :string
|
127
|
+
value.to_s
|
128
|
+
when :array
|
129
|
+
value.map {|v| v.to_s}
|
130
|
+
else
|
131
|
+
raise "Unknown value type: #{type}"
|
132
|
+
end
|
133
|
+
end
|
134
|
+
parse_desc(h) if @parse_description
|
135
|
+
es.add(Fluent::Engine.now, h)
|
136
|
+
else
|
137
|
+
record["Description"] = message
|
138
|
+
record["EventData"] = string_inserts
|
139
|
+
# for none parser
|
140
|
+
es.add(Fluent::Engine.now, record)
|
132
141
|
end
|
133
|
-
parse_desc(h) if @parse_description
|
134
|
-
es.add(Fluent::Engine.now, h)
|
135
|
-
else
|
136
|
-
record["Description"] = message
|
137
|
-
record["EventData"] = string_inserts
|
138
|
-
# for none parser
|
139
|
-
es.add(Fluent::Engine.now, record)
|
140
142
|
end
|
141
143
|
end
|
144
|
+
rescue Winevt::EventLog::Query::Error => e
|
145
|
+
log.warn "Invalid XML data", error: e
|
146
|
+
log.warn_backtrace
|
142
147
|
end
|
143
148
|
router.emit_stream(@tag, es)
|
144
149
|
@bookmarks_storage.put(ch, subscribe.bookmark)
|
@@ -146,24 +151,29 @@ module Fluent::Plugin
|
|
146
151
|
|
147
152
|
def on_notify_hash(ch, subscribe)
|
148
153
|
es = Fluent::MultiEventStream.new
|
149
|
-
|
150
|
-
record
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
154
|
+
begin
|
155
|
+
subscribe.each do |record, message, string_inserts|
|
156
|
+
record["Description"] = message
|
157
|
+
record["EventData"] = string_inserts
|
158
|
+
h = {}
|
159
|
+
@keynames.each do |k|
|
160
|
+
type = KEY_MAP[k][1]
|
161
|
+
value = record[KEY_MAP[k][0]]
|
162
|
+
h[k]=case type
|
163
|
+
when :string
|
164
|
+
value.to_s
|
165
|
+
when :array
|
166
|
+
value.map {|v| v.to_s}
|
167
|
+
else
|
168
|
+
raise "Unknown value type: #{type}"
|
169
|
+
end
|
170
|
+
end
|
171
|
+
parse_desc(h) if @parse_description
|
172
|
+
es.add(Fluent::Engine.now, h)
|
164
173
|
end
|
165
|
-
|
166
|
-
|
174
|
+
rescue Winevt::EventLog::Query::Error => e
|
175
|
+
log.warn "Invalid Hash data", error: e
|
176
|
+
log.warn_backtrace
|
167
177
|
end
|
168
178
|
router.emit_stream(@tag, es)
|
169
179
|
@bookmarks_storage.put(ch, subscribe.bookmark)
|
@@ -58,7 +58,7 @@ DESC
|
|
58
58
|
end
|
59
59
|
|
60
60
|
assert(d.events.length >= 1)
|
61
|
-
event = d.events.last
|
61
|
+
event = d.events.select {|e| e.last["EventID"] == "65500" }.last
|
62
62
|
record = event.last
|
63
63
|
|
64
64
|
assert_equal("Application", record["Channel"])
|
@@ -114,7 +114,7 @@ DESC
|
|
114
114
|
end
|
115
115
|
|
116
116
|
assert(d.events.length >= 1)
|
117
|
-
event = d.events.last
|
117
|
+
event = d.events.select {|e| e.last["EventID"] == "65500" }.last
|
118
118
|
record = event.last
|
119
119
|
|
120
120
|
assert_false(d.instance.render_as_xml)
|
@@ -155,7 +155,7 @@ DESC
|
|
155
155
|
end
|
156
156
|
|
157
157
|
assert(d.events.length >= 1)
|
158
|
-
event = d.events.last
|
158
|
+
event = d.events.select {|e| e.last["EventID"] == "65500" }.last
|
159
159
|
record = event.last
|
160
160
|
|
161
161
|
prev_id = record["EventRecordID"].to_i
|
@@ -38,7 +38,7 @@ class WindowsEventLogInputTest < Test::Unit::TestCase
|
|
38
38
|
end
|
39
39
|
|
40
40
|
assert(d.events.length >= 1)
|
41
|
-
event = d.events.last
|
41
|
+
event = d.events.select {|e| e.last["event_id"] == "65500" }.last
|
42
42
|
record = event.last
|
43
43
|
assert_equal("application", record["channel"])
|
44
44
|
assert_equal("65500", record["event_id"])
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-windows-eventlog
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- okahashi117
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2019-10-
|
13
|
+
date: 2019-10-16 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: bundler
|