fluent-plugin-windows-eventlog 0.4.4 → 0.4.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6634a0ee22c7988e40ebe92ebd457996eb25cfdd926a09c557e497065f6dbeac
-  data.tar.gz: 8f3a1543db5dd4a2299c5675ccd81ee19e10b476b06e3f6b7685213e14247814
+  metadata.gz: b22aa563236f503aa9b606c6848b223995eab6174cf5ab244ef9cf535afcb8c9
+  data.tar.gz: 90dfddd1015ff28d730d11168fe60466e6a9c69b9c436601fb25eff867c935b0
 SHA512:
-  metadata.gz: 8c9450771f970e88ec85ec5a44f3156a93475aeef12a729ffafe87c863516939fa66c739791b20c6e5bff30ba72e5958f14701b0713d5dca747c1b7919dee72c
-  data.tar.gz: 4d44d036e961e7cd502932863eedeb3781f25507384737850f9a81eb70f4099b0d24d27f8cc0f7753d310f9c3702273fd914271efa398e102610a2084b90c06a
+  metadata.gz: 57f27df3303f3424057f4fce75d7a12c804cc7bd5ecc2c8cf9579512dd9dc29c944ebea038541bbdac508028c9da669a246ac754c572fac19e3028ecabefab8c
+  data.tar.gz: 78d02ada2bbc70fc91df533fdcd7f47a4d680707c06f1a26eaa014a2c57435c90d2e47c3d82b3c43d81229ffabc3e2f7791d397bf168d11911b20a8d4a451250

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+# Release v0.4.5 - 2020/01/28
+* in_windows_eventlog2: Handle empty key case in parsing description method.
+
 # Release v0.4.4 - 2019/11/07
 * in_windows_eventlog: Improve error handling and logging when failed to open Windows Event Log.
 

data/fluent-plugin-winevtlog.gemspec

@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = "fluent-plugin-windows-eventlog"
-  spec.version       = "0.4.4"
+  spec.version       = "0.4.5"
   spec.authors       = ["okahashi117", "Hiroshi Hatake", "Masahiro Nakagawa"]
   spec.email         = ["naruki_okahashi@jbat.co.jp", "cosmo0920.oucc@gmail.com", "repeatedly@gmail.com"]
   spec.summary       = %q{Fluentd Input plugin to read windows event log.}

data/lib/fluent/plugin/in_windows_eventlog2.rb

@@ -209,6 +209,7 @@ module Fluent::Plugin
                        else
                          r.split(NONE_FIELD_DELIMITER)
                        end
+          key = "" if key.nil?
           key.chop!  # remove ':' from key
           if value.nil?
             parent_key = to_key(key)
@@ -217,7 +218,7 @@ module Fluent::Plugin
             value.strip!
             # merge empty key values into the previous non-empty key record.
             if key.empty?
-              record[previous_key] = [record[previous_key], value].flatten
+              record[previous_key] = [record[previous_key], value].flatten.reject {|e| e.nil?}
             elsif parent_key.nil?
               record[to_key(key)] = value
             else

data/test/data/eventid_6416

@@ -0,0 +1,27 @@
+A new external device was recognized by the system.
+
+Subject:
+	Security ID:		SYSTEM
+	Account Name:		IIZHU2016$
+	Account Domain:		ITSS
+	Logon ID:		0x3E7
+
+Device ID:	SWD\PRINTENUM\{60FA1C6A-1AB2-440A-AEE1-62ABFB9A4650}
+
+Device Name:	Microsoft Print to PDF
+
+Class ID:		{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
+
+Class Name:	PrintQueue
+
+Vendor IDs:
+		PRINTENUM\{084f01fa-e634-4d77-83ee-074817c03581}
+		PRINTENUM\LocalPrintQueue
+		{084f01fa-e634-4d77-83ee-074817c03581}
+
+
+
+Compatible IDs:
+		GenPrintQueue
+		SWD\GenericRaw
+		SWD\Generic

data/test/plugin/test_in_windows_eventlog2.rb

@@ -80,6 +80,31 @@ DESC
     assert_equal(expected, h)
   end
 
+  test "A new external device was recognized by the system." do
+    # using the event log example: eventopedia.cloudapp.net/EventDetails.aspx?id=17ef124e-eb89-4c01-9ba2-d761e06b2b68
+    d = create_driver
+    desc = nil
+    File.open('./test/data/eventid_6416', 'r') do |f|
+      desc = f.read.gsub(/\R/, "\r\n")
+    end
+    h = {"Description" => desc}
+    expected = {"DescriptionTitle"       => "A new external device was recognized by the system.",
+                "class_id"               => "{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}",
+                "class_name"             => "PrintQueue",
+                "compatible_ids"         => ["GenPrintQueue", "SWD\\GenericRaw", "SWD\\Generic"],
+                "device_id"              => "SWD\\PRINTENUM\\{60FA1C6A-1AB2-440A-AEE1-62ABFB9A4650}",
+                "device_name"            => "Microsoft Print to PDF",
+                "subject.account_domain" => "ITSS",
+                "subject.account_name"   => "IIZHU2016$",
+                "subject.logon_id"       => "0x3E7",
+                "subject.security_id"    => "SYSTEM",
+                "vendor_ids"             => ["PRINTENUM\\{084f01fa-e634-4d77-83ee-074817c03581}",
+                                             "PRINTENUM\\LocalPrintQueue",
+                                             "{084f01fa-e634-4d77-83ee-074817c03581}"]}
+    d.instance.parse_desc(h)
+    assert_equal(expected, h)
+  end
+
   def test_write
     d = create_driver
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-windows-eventlog
 version: !ruby/object:Gem::Version
-  version: 0.4.4
+  version: 0.4.5
 platform: ruby
 authors:
 - okahashi117
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-07 00:00:00.000000000 Z
+date: 2020-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -149,6 +149,7 @@ files:
 - fluent-plugin-winevtlog.gemspec
 - lib/fluent/plugin/in_windows_eventlog.rb
 - lib/fluent/plugin/in_windows_eventlog2.rb
+- test/data/eventid_6416
 - test/generate-windows-event.rb
 - test/helper.rb
 - test/plugin/test_in_windows_eventlog2.rb
@@ -173,11 +174,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.3
+rubygems_version: 2.7.6.2
 signing_key: 
 specification_version: 4
 summary: Fluentd Input plugin to read windows event log.
 test_files:
+- test/data/eventid_6416
 - test/generate-windows-event.rb
 - test/helper.rb
 - test/plugin/test_in_windows_eventlog2.rb