fluent-plugin-windows-eventlog 0.2.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e4ec43a83a8b3f54edc73e2f26ee4ec43005ba73
-  data.tar.gz: 1f225569741fe7768cf373c8d287f9ff1c11cdab
+  metadata.gz: 44561910d111a16a85de6b5d9faee8cf052fed71
+  data.tar.gz: 2bc58308403d20000efe50f2b6f73e86a9a6585a
 SHA512:
-  metadata.gz: 343bbf9e3c173ca9707821599602fa767e3d693756c823bcafb5eeea2f87d073eefc3bae34eafaa55a15745f6875cd7c670fcd0c6ac6b096d82a9f842adec025
-  data.tar.gz: 1c30bc7385783027f6d2e3c509e3b811aede90c42cd27bc9da9b786f4de960262892a8a56c3d3b59cd42cc707af303fd499a59f7283ad41de960415a8aa41564
+  metadata.gz: 194172daa6b8dd788a785d89e392e3698fe7ed6b8ffa0de360ddc89bf2bd9d37818d8abd43bf5c6e71434cffdd603a91126f674ab80c45455aeffe969a5101c2
+  data.tar.gz: 2b45ac6f8ce1c4d142ce1aae21104945c2bdb706db26c57eb6f9a0e2ef90ba468a7b3fd5172242817c6e43f3b1575b2167bcd5f65ebd52600f4f461f3c0780ad

data/README.md

@@ -2,72 +2,62 @@
 
 ## Component
 
-#### fluentd Input plugin for Windows Event Log
+#### fluentd Input plugin for the Windows Event Log
 
-[Fluentd](http://fluentd.org) plugin to read Windows Event Log.
-You must use fluentd 'Windows' brach to use me, and it doesn't work on Linux of course.
+[Fluentd](http://fluentd.org) plugin to read the Windows Event Log.
 
 ## Installation
     gem install fluent-plugin-windows-eventlog
 
 ## Configuration
-#### fluentd Input plugin for Windows Event Log 
+#### fluentd Input plugin for the Windows Event Log
 
     <source>
       @type windows_eventlog
+      @id windows_eventlog
       channels application,system
-      pos_file c:\temp\mypos
       read_interval 2
       tag winevt.raw
-      @id windows_eventlog
       <storage>
-        @type local             # @type local is default.
-        persistent true         # persistent true is default.
+        @type local             # @type local is the default.
+        persistent true         # default is true. Set to false to use in-memory storage.
         path ./tmp/storage.json # This is required when persistent is true.
-                                # Or, please consider to use <system> section's root_dir parameter.
+                                # Or, please consider using <system> section's `root_dir` parameter.
       </storage>
     </source>
 
-
 #### parameters
 
 |name      | description |
 |:-----    |:-----       |
-|channels   | (option) 'applicaion' as default. one or combination of {application, system, setup, security}. If you want to read setup or security, administrator priv is required to launch fluentd.  |
-|pos_file  | (option, but higly recommended) a path of position file to save record numbers. |
-|read_interval   | (option) a read interval in second. 2 seconds as default.|
-|from_encoding  | (option) an input characters encoding. nil as default.|
-|encoding   | (option) an output characters encoding. nil as default.|
-
+|`channels`      | (option) 'application' as default. One or more of {'application', 'system', 'setup', 'security'}. If you want to read 'setup' or 'security' logs, you must launch fluentd with administrator privileges.|
+|`keys`          | (option) A subset of [keys](#read-keys) to read. Defaults to all keys.|
+|`read_interval` | (option) Read interval in seconds. 2 seconds as default.|
+|`from_encoding` | (option) Input character encoding. `nil` as default.|
+|`encoding`      | (option) Output character encoding. `nil` as default.|
+|`read_from_head`| (option) Start to read the entries from the oldest, not from when fluentd is started. Defaults to `false`.|
+|`<storage>`     | Setting for `storage` plugin for recording read position like `in_tail`'s `pos_file`.|
 
 #### read keys
-This plugin reads follows from Windws Event Log. No customization is allowed currently.
+This plugin reads the following fields from Windows Event Log entries. Use the `keys` configuration option to select a subset. No other customization is allowed for now.
 
 |key|
 |:-----    |
-|record_number   |
-|time_generated|
-|time_written   |
-|event_id   |
-|event_type   |
-|event_category   |
-|source_name   |
-|computer_name  |
-|user   |
-|description   |
-
-
-
-## Etc.
-'read_from_head' is not supporeted currently.You can read newer records after you start first.
-No customize to read information keys.
-
-
-
+|`record_number` |
+|`time_generated`|
+|`time_written`  |
+|`event_id`      |
+|`event_type`    |
+|`event_category`|
+|`source_name`   |
+|`computer_name` |
+|`user`          |
+|`description`   |
+|`string_inserts`|
 
 ## Copyright
-####Copyright
+#### Copyright
 Copyright(C) 2014- @okahashi117
-####License
+#### License
 Apache License, Version 2.0
 

data/appveyor.yml

@@ -0,0 +1,27 @@
+version: '{build}'
+
+# init:
+#   - ps: iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
+
+install:
+  - SET PATH=C:\Ruby%ruby_version%\bin;%PATH%
+  - "%devkit%\\devkitvars.bat"
+  - ruby --version
+  - gem --version
+  - bundle install
+build: off
+test_script:
+  - bundle exec rake test
+#  - bundle exec rake test TESTOPTS=-v
+
+branches:
+  only:
+    - master
+
+# https://www.appveyor.com/docs/installed-software/#ruby
+environment:
+  matrix:
+    - ruby_version: "23-x64"
+      devkit: C:\Ruby23-x64\DevKit
+    - ruby_version: "23"
+      devkit: C:\Ruby23\DevKit

data/fluent-plugin-winevtlog.gemspec

@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = "fluent-plugin-windows-eventlog"
-  spec.version       = "0.2.0"
+  spec.version       = "0.2.1"
   spec.authors       = ["okahashi117", "Hiroshi Hatake", "Masahiro Nakagawa"]
   spec.email         = ["naruki_okahashi@jbat.co.jp", "cosmo0920.oucc@gmail.com", "repeatedly@gmail.com"]
   spec.summary       = %q{Fluentd Input plugin to read windows event log.}

data/lib/fluent/plugin/in_windows_eventlog.rb

@@ -9,23 +9,24 @@ module Fluent::Plugin
     helpers :timer, :storage
 
     DEFAULT_STORAGE_TYPE = 'local'
-    KEY_MAP = {"record_number" => :record_number,
-                 "time_generated" => :time_generated,
-                 "time_written" => :time_written,
-                 "event_id" => :event_id,
-                 "event_type" => :event_type,
-                 "event_category" => :category,
-                 "source_name" => :source,
-                 "computer_name" => :computer,
-                 "user" => :user,
-                 "description" => :description}
+    KEY_MAP = {"record_number" => [:record_number, :string],
+                 "time_generated" => [:time_generated, :string],
+                 "time_written" => [:time_written, :string],
+                 "event_id" => [:event_id, :string],
+                 "event_type" => [:event_type, :string],
+                 "event_category" => [:category, :string],
+                 "source_name" => [:source, :string],
+                 "computer_name" => [:computer, :string],
+                 "user" => [:user, :string],
+                 "description" => [:description, :string],
+                 "string_inserts" => [:string_inserts, :array]}
 
     config_param :tag, :string
     config_param :read_interval, :time, default: 2
     config_param :pos_file, :string, default: nil,
                  obsoleted: "This section is not used anymore. Use 'store_pos' instead."
-    config_param :channels, :array, default: ['Application']
-    config_param :keys, :string, default: []
+    config_param :channels, :array, default: ['application']
+    config_param :keys, :array, default: []
     config_param :read_from_head, :bool, default: false
     config_param :from_encoding, :string, default: nil
     config_param :encoding, :string, default: nil
@@ -123,8 +124,19 @@ module Fluent::Plugin
       begin
         for r in lines
           h = {"channel" => ch}
-          @keynames.each {|k| h[k]=@receive_handlers.call(r.send(KEY_MAP[k]).to_s)}
-          #h = Hash[@keynames.map {|k| [k, r.send(KEY_MAP[k]).to_s]}]
+          @keynames.each do |k|
+            type = KEY_MAP[k][1]
+            value = r.send(KEY_MAP[k][0])
+            h[k]=case type
+                 when :string
+                   @receive_handlers.call(value.to_s)
+                 when :array
+                   value.map {|v| @receive_handlers.call(v.to_s)}
+                 else
+                   raise "Unknown value type: #{type}"
+                 end
+          end
+          #h = Hash[@keynames.map {|k| [k, r.send(KEY_MAP[k][0]).to_s]}]
           router.emit(@tag, Fluent::Engine.now, h)
         end
       rescue => e

data/test/generate-windows-event.rb

@@ -0,0 +1,47 @@
+require 'win32/eventlog'
+
+class EventLog
+  def initialize
+    @logger = Win32::EventLog.new
+    @app_source = "fluent-plugins"
+  end
+
+  def info(event_id, message)
+    @logger.report_event(
+      source: @app_source,
+      event_type: Win32::EventLog::INFO_TYPE,
+      event_id: event_id,
+      data: message
+    )
+  end
+
+  def warn(event_id, message)
+    @logger.report_event(
+      source: @app_source,
+      event_type: Win32::EventLog::WARN_TYPE,
+      event_id: event_id,
+      data: message
+    )
+  end
+
+  def crit(event_id, message)
+    @logger.report_event(
+      source: @app_source,
+      event_type: Win32::EventLog::ERROR_TYPE,
+      event_id: event_id,
+      data: message
+    )
+  end
+
+end
+
+module Fluent
+  module Plugin
+    class EventService
+      def run
+        eventlog = EventLog.new()
+        eventlog.info(65500, "Hi, from fluentd-plugins!! at " + Time.now.strftime("%Y/%m/%d %H:%M:%S "))
+      end
+    end
+  end
+end

data/test/helper.rb

@@ -27,3 +27,6 @@ require 'fluent/plugin/in_windows_eventlog'
 
 class Test::Unit::TestCase
 end
+require 'fluent/test/helpers'
+
+include Fluent::Test::Helpers

data/test/plugin/test_in_winevtlog.rb

@@ -1,13 +1,18 @@
 require 'helper'
+require 'generate-windows-event'
 
 class WindowsEventLogInputTest < Test::Unit::TestCase
+
   def setup
     Fluent::Test.setup
   end
 
-  CONFIG = %[
-    tag fluent.eventlog
-  ]
+  CONFIG = config_element("ROOT", "", {"tag" => "fluent.eventlog"}, [
+                            config_element("storage", "", {
+                                             '@type' => 'local',
+                                             'persistent' => false
+                                           })
+                          ])
 
   def create_driver(conf = CONFIG)
     Fluent::Test::Driver::Input.new(Fluent::Plugin::WindowsEventLogInput).configure(conf)
@@ -18,34 +23,26 @@ class WindowsEventLogInputTest < Test::Unit::TestCase
     assert_equal 'fluent.eventlog', d.instance.tag
     assert_equal 2, d.instance.read_interval
     assert_nil d.instance.pos_file
-    assert_equal ['Application'], d.instance.channels
+    assert_equal ['application'], d.instance.channels
     assert_true d.instance.keys.empty?
     assert_false d.instance.read_from_head
   end
 
-  def test_format
-    d = create_driver
-
-    # time = Time.parse("2011-01-02 13:14:15 UTC").to_i
-    # d.emit({"a"=>1}, time)
-    # d.emit({"a"=>2}, time)
-
-    # d.expect_format %[2011-01-02T13:14:15Z\ttest\t{"a":1}\n]
-    # d.expect_format %[2011-01-02T13:14:15Z\ttest\t{"a":2}\n]
-
-    # d.run
-  end
-
   def test_write
     d = create_driver
 
-    # time = Time.parse("2011-01-02 13:14:15 UTC").to_i
-    # d.emit({"a"=>1}, time)
-    # d.emit({"a"=>2}, time)
+    service = Fluent::Plugin::EventService.new
+
+    d.run(expect_emits: 1) do
+      service.run
+    end
 
-    # ### FileOutput#write returns path
-    # path = d.run
-    # expect_path = "#{TMP_DIR}/out_file_test._0.log.gz"
-    # assert_equal expect_path, path
+    assert(d.events.length >= 1)
+    event = d.events.last
+    record = event.last
+    assert_equal("application", record["channel"])
+    assert_equal("65500", record["event_id"])
+    assert_equal("information", record["event_type"])
+    assert_equal("fluent-plugins", record["source_name"])
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-windows-eventlog
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - okahashi117
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-08 00:00:00.000000000 Z
+date: 2017-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -102,8 +102,10 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- appveyor.yml
 - fluent-plugin-winevtlog.gemspec
 - lib/fluent/plugin/in_windows_eventlog.rb
+- test/generate-windows-event.rb
 - test/helper.rb
 - test/plugin/test_in_winevtlog.rb
 homepage: https://github.com/fluent/fluent-plugin-windows-eventlog
@@ -126,10 +128,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: Fluentd Input plugin to read windows event log.
 test_files:
+- test/generate-windows-event.rb
 - test/helper.rb
 - test/plugin/test_in_winevtlog.rb