fluent-plugin-windows-eventlog 0.4.4 → 0.4.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/fluent-plugin-winevtlog.gemspec +1 -1
- data/lib/fluent/plugin/in_windows_eventlog2.rb +2 -1
- data/test/data/eventid_6416 +27 -0
- data/test/plugin/test_in_windows_eventlog2.rb +25 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b22aa563236f503aa9b606c6848b223995eab6174cf5ab244ef9cf535afcb8c9
|
|
4
|
+
data.tar.gz: 90dfddd1015ff28d730d11168fe60466e6a9c69b9c436601fb25eff867c935b0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 57f27df3303f3424057f4fce75d7a12c804cc7bd5ecc2c8cf9579512dd9dc29c944ebea038541bbdac508028c9da669a246ac754c572fac19e3028ecabefab8c
|
|
7
|
+
data.tar.gz: 78d02ada2bbc70fc91df533fdcd7f47a4d680707c06f1a26eaa014a2c57435c90d2e47c3d82b3c43d81229ffabc3e2f7791d397bf168d11911b20a8d4a451250
|
data/CHANGELOG.md
CHANGED
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "fluent-plugin-windows-eventlog"
|
|
7
|
-
spec.version = "0.4.
|
|
7
|
+
spec.version = "0.4.5"
|
|
8
8
|
spec.authors = ["okahashi117", "Hiroshi Hatake", "Masahiro Nakagawa"]
|
|
9
9
|
spec.email = ["naruki_okahashi@jbat.co.jp", "cosmo0920.oucc@gmail.com", "repeatedly@gmail.com"]
|
|
10
10
|
spec.summary = %q{Fluentd Input plugin to read windows event log.}
|
|
@@ -209,6 +209,7 @@ module Fluent::Plugin
|
|
|
209
209
|
else
|
|
210
210
|
r.split(NONE_FIELD_DELIMITER)
|
|
211
211
|
end
|
|
212
|
+
key = "" if key.nil?
|
|
212
213
|
key.chop! # remove ':' from key
|
|
213
214
|
if value.nil?
|
|
214
215
|
parent_key = to_key(key)
|
|
@@ -217,7 +218,7 @@ module Fluent::Plugin
|
|
|
217
218
|
value.strip!
|
|
218
219
|
# merge empty key values into the previous non-empty key record.
|
|
219
220
|
if key.empty?
|
|
220
|
-
record[previous_key] = [record[previous_key], value].flatten
|
|
221
|
+
record[previous_key] = [record[previous_key], value].flatten.reject {|e| e.nil?}
|
|
221
222
|
elsif parent_key.nil?
|
|
222
223
|
record[to_key(key)] = value
|
|
223
224
|
else
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
A new external device was recognized by the system.
|
|
2
|
+
|
|
3
|
+
Subject:
|
|
4
|
+
Security ID: SYSTEM
|
|
5
|
+
Account Name: IIZHU2016$
|
|
6
|
+
Account Domain: ITSS
|
|
7
|
+
Logon ID: 0x3E7
|
|
8
|
+
|
|
9
|
+
Device ID: SWD\PRINTENUM\{60FA1C6A-1AB2-440A-AEE1-62ABFB9A4650}
|
|
10
|
+
|
|
11
|
+
Device Name: Microsoft Print to PDF
|
|
12
|
+
|
|
13
|
+
Class ID: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
|
|
14
|
+
|
|
15
|
+
Class Name: PrintQueue
|
|
16
|
+
|
|
17
|
+
Vendor IDs:
|
|
18
|
+
PRINTENUM\{084f01fa-e634-4d77-83ee-074817c03581}
|
|
19
|
+
PRINTENUM\LocalPrintQueue
|
|
20
|
+
{084f01fa-e634-4d77-83ee-074817c03581}
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
Compatible IDs:
|
|
25
|
+
GenPrintQueue
|
|
26
|
+
SWD\GenericRaw
|
|
27
|
+
SWD\Generic
|
|
@@ -80,6 +80,31 @@ DESC
|
|
|
80
80
|
assert_equal(expected, h)
|
|
81
81
|
end
|
|
82
82
|
|
|
83
|
+
test "A new external device was recognized by the system." do
|
|
84
|
+
# using the event log example: eventopedia.cloudapp.net/EventDetails.aspx?id=17ef124e-eb89-4c01-9ba2-d761e06b2b68
|
|
85
|
+
d = create_driver
|
|
86
|
+
desc = nil
|
|
87
|
+
File.open('./test/data/eventid_6416', 'r') do |f|
|
|
88
|
+
desc = f.read.gsub(/\R/, "\r\n")
|
|
89
|
+
end
|
|
90
|
+
h = {"Description" => desc}
|
|
91
|
+
expected = {"DescriptionTitle" => "A new external device was recognized by the system.",
|
|
92
|
+
"class_id" => "{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}",
|
|
93
|
+
"class_name" => "PrintQueue",
|
|
94
|
+
"compatible_ids" => ["GenPrintQueue", "SWD\\GenericRaw", "SWD\\Generic"],
|
|
95
|
+
"device_id" => "SWD\\PRINTENUM\\{60FA1C6A-1AB2-440A-AEE1-62ABFB9A4650}",
|
|
96
|
+
"device_name" => "Microsoft Print to PDF",
|
|
97
|
+
"subject.account_domain" => "ITSS",
|
|
98
|
+
"subject.account_name" => "IIZHU2016$",
|
|
99
|
+
"subject.logon_id" => "0x3E7",
|
|
100
|
+
"subject.security_id" => "SYSTEM",
|
|
101
|
+
"vendor_ids" => ["PRINTENUM\\{084f01fa-e634-4d77-83ee-074817c03581}",
|
|
102
|
+
"PRINTENUM\\LocalPrintQueue",
|
|
103
|
+
"{084f01fa-e634-4d77-83ee-074817c03581}"]}
|
|
104
|
+
d.instance.parse_desc(h)
|
|
105
|
+
assert_equal(expected, h)
|
|
106
|
+
end
|
|
107
|
+
|
|
83
108
|
def test_write
|
|
84
109
|
d = create_driver
|
|
85
110
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-windows-eventlog
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- okahashi117
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2020-01-28 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: bundler
|
|
@@ -149,6 +149,7 @@ files:
|
|
|
149
149
|
- fluent-plugin-winevtlog.gemspec
|
|
150
150
|
- lib/fluent/plugin/in_windows_eventlog.rb
|
|
151
151
|
- lib/fluent/plugin/in_windows_eventlog2.rb
|
|
152
|
+
- test/data/eventid_6416
|
|
152
153
|
- test/generate-windows-event.rb
|
|
153
154
|
- test/helper.rb
|
|
154
155
|
- test/plugin/test_in_windows_eventlog2.rb
|
|
@@ -173,11 +174,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
173
174
|
version: '0'
|
|
174
175
|
requirements: []
|
|
175
176
|
rubyforge_project:
|
|
176
|
-
rubygems_version: 2.7.
|
|
177
|
+
rubygems_version: 2.7.6.2
|
|
177
178
|
signing_key:
|
|
178
179
|
specification_version: 4
|
|
179
180
|
summary: Fluentd Input plugin to read windows event log.
|
|
180
181
|
test_files:
|
|
182
|
+
- test/data/eventid_6416
|
|
181
183
|
- test/generate-windows-event.rb
|
|
182
184
|
- test/helper.rb
|
|
183
185
|
- test/plugin/test_in_windows_eventlog2.rb
|