fluent-plugin-windows-eventlog 0.4.1 → 0.4.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/fluent-plugin-winevtlog.gemspec +1 -1
  4. data/lib/fluent/plugin/in_windows_eventlog2.rb +53 -43
  5. data/test/plugin/test_in_windows_eventlog2.rb +3 -3
  6. data/test/plugin/test_in_winevtlog.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 59131dc675a5af717f4f3d693af1f902d76aa7b557e82c14431cd310f28cf999
4
- data.tar.gz: f130a09fbb2c8a35a287869447e1486b3d21d371bc1acf4744ebd1a471e76edf
3
+ metadata.gz: 06511272a8c96f22e69b50f60d2a6c5b7ac377c0c446d48fc842cc4e2b272b7b
4
+ data.tar.gz: 78635a96981173d47b640f887b62e4ba7d0d773b1eaf39bfb0c59be488073364
5
5
  SHA512:
6
- metadata.gz: 6b9e107c6dd037cc4c2ef391cacf6636884a210a3c7058770972c0968603c8600267babaeee7cebb3dc75259c13d3aa0697e3a1980c06cba3d0daf26912b063e
7
- data.tar.gz: 8e41835e28cf0ad5ba6a73d50c985518c001988a721a5fdee2dd4820d48e656835b4e26d19eeefdd0c3db62ee701f29d957efcff7d87f0ade7449f720c8f6849
6
+ metadata.gz: ccabe68cf1bd5188e12f3eaa46670488b6eb458aca556d15d09022489722bf5be9ca6cace64b93abbb2d4aeecb5a4a8210a2e9787de96a201d6a24bdca201f1a
7
+ data.tar.gz: 290a21af0606ef47c61e3f9c63f45b25b0f1d90dcf2268a950c3f460e02faa59e72b4a0e6bdc3452bae10121c550b53d4b410610c587042498837075e081977e
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ # Release v0.4.2 - 2019/10/16
2
+ * in_windows_eventlog2: Handle invalid data error from `Winevt::EventLog::Query::Error`
3
+
1
4
  # Release v0.4.1 - 2019/10/11
2
5
  * in_windows_eventlog2: Add a missing ProcessID record
3
6
 
data/fluent-plugin-winevtlog.gemspec CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |spec|
6
6
  spec.name = "fluent-plugin-windows-eventlog"
7
- spec.version = "0.4.1"
7
+ spec.version = "0.4.2"
8
8
  spec.authors = ["okahashi117", "Hiroshi Hatake", "Masahiro Nakagawa"]
9
9
  spec.email = ["naruki_okahashi@jbat.co.jp", "cosmo0920.oucc@gmail.com", "repeatedly@gmail.com"]
10
10
  spec.summary = %q{Fluentd Input plugin to read windows event log.}
data/lib/fluent/plugin/in_windows_eventlog2.rb CHANGED
@@ -110,35 +110,40 @@ module Fluent::Plugin
110
110
 
111
111
  def on_notify_xml(ch, subscribe)
112
112
  es = Fluent::MultiEventStream.new
113
- subscribe.each do |xml, message, string_inserts|
114
- @parser.parse(xml) do |time, record|
115
- # record.has_key?("EventData") for none parser checking.
116
- if @winevt_xml
117
- record["Description"] = message
118
- record["EventData"] = string_inserts
119
-
120
- h = {}
121
- @keynames.each do |k|
122
- type = KEY_MAP[k][1]
123
- value = record[KEY_MAP[k][0]]
124
- h[k]=case type
125
- when :string
126
- value.to_s
127
- when :array
128
- value.map {|v| v.to_s}
129
- else
130
- raise "Unknown value type: #{type}"
131
- end
113
+ begin
114
+ subscribe.each do |xml, message, string_inserts|
115
+ @parser.parse(xml) do |time, record|
116
+ # record.has_key?("EventData") for none parser checking.
117
+ if @winevt_xml
118
+ record["Description"] = message
119
+ record["EventData"] = string_inserts
120
+
121
+ h = {}
122
+ @keynames.each do |k|
123
+ type = KEY_MAP[k][1]
124
+ value = record[KEY_MAP[k][0]]
125
+ h[k]=case type
126
+ when :string
127
+ value.to_s
128
+ when :array
129
+ value.map {|v| v.to_s}
130
+ else
131
+ raise "Unknown value type: #{type}"
132
+ end
133
+ end
134
+ parse_desc(h) if @parse_description
135
+ es.add(Fluent::Engine.now, h)
136
+ else
137
+ record["Description"] = message
138
+ record["EventData"] = string_inserts
139
+ # for none parser
140
+ es.add(Fluent::Engine.now, record)
132
141
  end
133
- parse_desc(h) if @parse_description
134
- es.add(Fluent::Engine.now, h)
135
- else
136
- record["Description"] = message
137
- record["EventData"] = string_inserts
138
- # for none parser
139
- es.add(Fluent::Engine.now, record)
140
142
  end
141
143
  end
144
+ rescue Winevt::EventLog::Query::Error => e
145
+ log.warn "Invalid XML data", error: e
146
+ log.warn_backtrace
142
147
  end
143
148
  router.emit_stream(@tag, es)
144
149
  @bookmarks_storage.put(ch, subscribe.bookmark)
@@ -146,24 +151,29 @@ module Fluent::Plugin
146
151
 
147
152
  def on_notify_hash(ch, subscribe)
148
153
  es = Fluent::MultiEventStream.new
149
- subscribe.each do |record, message, string_inserts|
150
- record["Description"] = message
151
- record["EventData"] = string_inserts
152
- h = {}
153
- @keynames.each do |k|
154
- type = KEY_MAP[k][1]
155
- value = record[KEY_MAP[k][0]]
156
- h[k]=case type
157
- when :string
158
- value.to_s
159
- when :array
160
- value.map {|v| v.to_s}
161
- else
162
- raise "Unknown value type: #{type}"
163
- end
154
+ begin
155
+ subscribe.each do |record, message, string_inserts|
156
+ record["Description"] = message
157
+ record["EventData"] = string_inserts
158
+ h = {}
159
+ @keynames.each do |k|
160
+ type = KEY_MAP[k][1]
161
+ value = record[KEY_MAP[k][0]]
162
+ h[k]=case type
163
+ when :string
164
+ value.to_s
165
+ when :array
166
+ value.map {|v| v.to_s}
167
+ else
168
+ raise "Unknown value type: #{type}"
169
+ end
170
+ end
171
+ parse_desc(h) if @parse_description
172
+ es.add(Fluent::Engine.now, h)
164
173
  end
165
- parse_desc(h) if @parse_description
166
- es.add(Fluent::Engine.now, h)
174
+ rescue Winevt::EventLog::Query::Error => e
175
+ log.warn "Invalid Hash data", error: e
176
+ log.warn_backtrace
167
177
  end
168
178
  router.emit_stream(@tag, es)
169
179
  @bookmarks_storage.put(ch, subscribe.bookmark)
data/test/plugin/test_in_windows_eventlog2.rb CHANGED
@@ -58,7 +58,7 @@ DESC
58
58
  end
59
59
 
60
60
  assert(d.events.length >= 1)
61
- event = d.events.last
61
+ event = d.events.select {|e| e.last["EventID"] == "65500" }.last
62
62
  record = event.last
63
63
 
64
64
  assert_equal("Application", record["Channel"])
@@ -114,7 +114,7 @@ DESC
114
114
  end
115
115
 
116
116
  assert(d.events.length >= 1)
117
- event = d.events.last
117
+ event = d.events.select {|e| e.last["EventID"] == "65500" }.last
118
118
  record = event.last
119
119
 
120
120
  assert_false(d.instance.render_as_xml)
@@ -155,7 +155,7 @@ DESC
155
155
  end
156
156
 
157
157
  assert(d.events.length >= 1)
158
- event = d.events.last
158
+ event = d.events.select {|e| e.last["EventID"] == "65500" }.last
159
159
  record = event.last
160
160
 
161
161
  prev_id = record["EventRecordID"].to_i
data/test/plugin/test_in_winevtlog.rb CHANGED
@@ -38,7 +38,7 @@ class WindowsEventLogInputTest < Test::Unit::TestCase
38
38
  end
39
39
 
40
40
  assert(d.events.length >= 1)
41
- event = d.events.last
41
+ event = d.events.select {|e| e.last["event_id"] == "65500" }.last
42
42
  record = event.last
43
43
  assert_equal("application", record["channel"])
44
44
  assert_equal("65500", record["event_id"])
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-windows-eventlog
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - okahashi117
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2019-10-11 00:00:00.000000000 Z
13
+ date: 2019-10-16 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: bundler