fluent-plugin-windows-eventlog 0.9.0 → 0.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/unit-test.yml +2 -2
- data/CHANGELOG.md +9 -0
- data/fluent-plugin-winevtlog.gemspec +2 -2
- data/lib/fluent/plugin/in_windows_eventlog2.rb +1 -1
- data/test/data/eventid_4697 +14 -0
- data/test/plugin/test_in_windows_eventlog2.rb +21 -0
- metadata +7 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ce765b8becd1cc7835d19f2f1b9e3e0b1da48467f26434295e041887a4d8d057
|
|
4
|
+
data.tar.gz: 59129a827b949a6db83ba01f6d03da41ae0923304fcc479aecc7b37127517835
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 74b3233cd11710c90c456e313d4f87ec0fcc5392bbb12761f8e62398aa8cda1b7ec6ae9cbbe5b4c74bb26be1e804c804a7eea6c8796887bd97924b768362e56f
|
|
7
|
+
data.tar.gz: 36e9a709f939d021e75ccc1723207b1dbb524aa2f5658aeefa319476a67d142e888518f037202934fbb2458006e77ce3269bd87572ca988457872aaf47cf6242
|
|
@@ -11,7 +11,7 @@ jobs:
|
|
|
11
11
|
strategy:
|
|
12
12
|
fail-fast: false
|
|
13
13
|
matrix:
|
|
14
|
-
ruby: [ '3.2', '3.1', '3.0', '2.7' ]
|
|
14
|
+
ruby: [ '3.4', '3.3', '3.2', '3.1', '3.0', '2.7' ]
|
|
15
15
|
os:
|
|
16
16
|
- windows-latest
|
|
17
17
|
experimental: [false]
|
|
@@ -21,7 +21,7 @@ jobs:
|
|
|
21
21
|
experimental: true
|
|
22
22
|
name: Ruby ${{ matrix.ruby }} on ${{ matrix.os }}
|
|
23
23
|
steps:
|
|
24
|
-
- uses: actions/checkout@
|
|
24
|
+
- uses: actions/checkout@v5
|
|
25
25
|
- uses: ruby/setup-ruby@v1
|
|
26
26
|
with:
|
|
27
27
|
ruby-version: ${{ matrix.ruby }}
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
# Release v0.9.2 - 2025/11/21
|
|
2
|
+
|
|
3
|
+
* in_windows_eventlog2: remove unexpected spaces in parsing description (#121)
|
|
4
|
+
|
|
5
|
+
# Release v0.9.1 - 2024/02/17
|
|
6
|
+
|
|
7
|
+
* Relax required Nokogiri version (#117)
|
|
8
|
+
This change permit 1.16 or later version of Nokogiri.
|
|
9
|
+
|
|
1
10
|
# Release v0.9.0 - 2024/08/02
|
|
2
11
|
* in_windows_eventlog2: Enable expanding user names from SID and add `preserve_sid_on_hash` option
|
|
3
12
|
* in_windows_eventlog2: Add Delimiter and Casing options for parsing
|
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "fluent-plugin-windows-eventlog"
|
|
7
|
-
spec.version = "0.9.
|
|
7
|
+
spec.version = "0.9.2"
|
|
8
8
|
spec.authors = ["okahashi117", "Hiroshi Hatake", "Masahiro Nakagawa"]
|
|
9
9
|
spec.email = ["naruki_okahashi@jbat.co.jp", "cosmo0920.oucc@gmail.com", "repeatedly@gmail.com"]
|
|
10
10
|
spec.summary = %q{Fluentd Input plugin to read windows event log.}
|
|
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.add_development_dependency "bundler"
|
|
21
21
|
spec.add_development_dependency "rake"
|
|
22
22
|
spec.add_development_dependency "test-unit", "~> 3.4.0"
|
|
23
|
-
spec.add_development_dependency "nokogiri",
|
|
23
|
+
spec.add_development_dependency "nokogiri", "~> 1.10"
|
|
24
24
|
spec.add_development_dependency "fluent-plugin-parser-winevt_xml", ">= 0.1.2"
|
|
25
25
|
spec.add_runtime_dependency "fluentd", [">= 0.14.12", "< 2"]
|
|
26
26
|
spec.add_runtime_dependency "win32-eventlog"
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
A service was installed in the system.
|
|
2
|
+
|
|
3
|
+
Subject:
|
|
4
|
+
Security ID: SYSTEM
|
|
5
|
+
Account Name: 824ZWL3$
|
|
6
|
+
Account Domain: WORKGROUP
|
|
7
|
+
Logon ID: 0x3E7
|
|
8
|
+
|
|
9
|
+
Service Information:
|
|
10
|
+
Service Name: WpnUserService_a46b7
|
|
11
|
+
Service File Name: C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
|
|
12
|
+
Service Type: 0xE0
|
|
13
|
+
Service Start Type: 2
|
|
14
|
+
Service Account: LocalSystem
|
|
@@ -325,6 +325,27 @@ DESC
|
|
|
325
325
|
assert_equal(expected, h)
|
|
326
326
|
end
|
|
327
327
|
|
|
328
|
+
test "A service was installed in the system." do
|
|
329
|
+
d = create_driver
|
|
330
|
+
desc = nil
|
|
331
|
+
File.open('./test/data/eventid_4697', 'r') do |f|
|
|
332
|
+
desc = f.read.gsub(/\R/, "\r\n")
|
|
333
|
+
end
|
|
334
|
+
h = {"Description" => desc}
|
|
335
|
+
expected = {"DescriptionTitle" => "A service was installed in the system.",
|
|
336
|
+
"service_information.service_account" => "LocalSystem",
|
|
337
|
+
"service_information.service_file_name" => "C:\\WINDOWS\\system32\\svchost.exe -k UnistackSvcGroup",
|
|
338
|
+
"service_information.service_name" => "WpnUserService_a46b7",
|
|
339
|
+
"service_information.service_start_type" => "2",
|
|
340
|
+
"service_information.service_type" => "0xE0",
|
|
341
|
+
"subject.account_domain" => "WORKGROUP",
|
|
342
|
+
"subject.account_name" => "824ZWL3$",
|
|
343
|
+
"subject.logon_id" => "0x3E7",
|
|
344
|
+
"subject.security_id" => "SYSTEM"}
|
|
345
|
+
d.instance.parse_desc(h)
|
|
346
|
+
assert_equal(expected, h)
|
|
347
|
+
end
|
|
348
|
+
|
|
328
349
|
def test_write
|
|
329
350
|
d = create_driver XML_RENDERING_CONFIG
|
|
330
351
|
|
metadata
CHANGED
|
@@ -1,16 +1,15 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-windows-eventlog
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- okahashi117
|
|
8
8
|
- Hiroshi Hatake
|
|
9
9
|
- Masahiro Nakagawa
|
|
10
|
-
autorequire:
|
|
11
10
|
bindir: bin
|
|
12
11
|
cert_chain: []
|
|
13
|
-
date:
|
|
12
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
14
13
|
dependencies:
|
|
15
14
|
- !ruby/object:Gem::Dependency
|
|
16
15
|
name: bundler
|
|
@@ -58,22 +57,16 @@ dependencies:
|
|
|
58
57
|
name: nokogiri
|
|
59
58
|
requirement: !ruby/object:Gem::Requirement
|
|
60
59
|
requirements:
|
|
61
|
-
- - "
|
|
60
|
+
- - "~>"
|
|
62
61
|
- !ruby/object:Gem::Version
|
|
63
62
|
version: '1.10'
|
|
64
|
-
- - "<"
|
|
65
|
-
- !ruby/object:Gem::Version
|
|
66
|
-
version: '1.15'
|
|
67
63
|
type: :development
|
|
68
64
|
prerelease: false
|
|
69
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
70
66
|
requirements:
|
|
71
|
-
- - "
|
|
67
|
+
- - "~>"
|
|
72
68
|
- !ruby/object:Gem::Version
|
|
73
69
|
version: '1.10'
|
|
74
|
-
- - "<"
|
|
75
|
-
- !ruby/object:Gem::Version
|
|
76
|
-
version: '1.15'
|
|
77
70
|
- !ruby/object:Gem::Dependency
|
|
78
71
|
name: fluent-plugin-parser-winevt_xml
|
|
79
72
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -158,6 +151,7 @@ files:
|
|
|
158
151
|
- lib/fluent/plugin/bookmark_sax_parser.rb
|
|
159
152
|
- lib/fluent/plugin/in_windows_eventlog.rb
|
|
160
153
|
- lib/fluent/plugin/in_windows_eventlog2.rb
|
|
154
|
+
- test/data/eventid_4697
|
|
161
155
|
- test/data/eventid_6416
|
|
162
156
|
- test/generate-windows-event.rb
|
|
163
157
|
- test/helper.rb
|
|
@@ -168,7 +162,6 @@ homepage: https://github.com/fluent/fluent-plugin-windows-eventlog
|
|
|
168
162
|
licenses:
|
|
169
163
|
- Apache-2.0
|
|
170
164
|
metadata: {}
|
|
171
|
-
post_install_message:
|
|
172
165
|
rdoc_options: []
|
|
173
166
|
require_paths:
|
|
174
167
|
- lib
|
|
@@ -183,11 +176,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
183
176
|
- !ruby/object:Gem::Version
|
|
184
177
|
version: '0'
|
|
185
178
|
requirements: []
|
|
186
|
-
rubygems_version: 3.
|
|
187
|
-
signing_key:
|
|
179
|
+
rubygems_version: 3.6.9
|
|
188
180
|
specification_version: 4
|
|
189
181
|
summary: Fluentd Input plugin to read windows event log.
|
|
190
182
|
test_files:
|
|
183
|
+
- test/data/eventid_4697
|
|
191
184
|
- test/data/eventid_6416
|
|
192
185
|
- test/generate-windows-event.rb
|
|
193
186
|
- test/helper.rb
|