hpess-logstash-codec-cef 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5c93c2c3bb203fb5ab931e1765e067259312a95d
4
- data.tar.gz: 3d121765f80193449bbd7418260af0a3ab5fd739
3
+ metadata.gz: 2aa574df0f3ca9ed883f4baf424f9e1813ab4042
4
+ data.tar.gz: 1fa77dc3ea0a1bec0f49164484e00208bd952ee7
5
5
  SHA512:
6
- metadata.gz: f9bf4831867ee0a32ee9e3ee3cf3a736cf516bbf0d752391e143bdfde5ce2d7210d984faafbf48f16ac5fb47379f133fc410a81994dc01682d81895eac42ff21
7
- data.tar.gz: fd3dd70a9613bd6899962ec07d698ba242e1b9611973f17ab6d454d20c27fbe7dfa663cd3493619c73084a2a464801845b38f607d41100fdf5a544a0a592b86a
6
+ metadata.gz: 6f2fe997e0a0ef22f9e74c01e5899e3bf1faa156455e6ec0cb127e56208b5ebed0a38fa06895b9c155f521cdb1565d0e80e4c17ae00ce055fb5169f9d11cbf79
7
+ data.tar.gz: 1bbe77325063c8804924e1bd49c7a7bccb5a9f819de417cd3be1842c87ab1d3eec09632f5b4becbc9a6b9d446f37e0b81b0b1a6eb0f026989be5514bd0ba9566
data/.gitignore CHANGED
@@ -2,3 +2,4 @@ build
2
2
  vendor
3
3
  tools
4
4
  .VERSION.mk
5
+ *.gem
@@ -31,15 +31,20 @@ class LogStash::Codecs::CEF < LogStash::Codecs::Base
31
31
  # We don't have syslog headers, so we just need to remove CEF:
32
32
  data.sub! /^CEF:/, ''
33
33
  end #if @syslog
34
+
34
35
  # Default any CEF unknown fields to unknown
35
- data.gsub! '||', ''
36
+ data.gsub! '||', '|unknown|'
36
37
 
37
38
  # Now, break out the rest of the headers
38
39
  event['cef_version'], event['cef_vendor'], event['cef_product'], event['cef_device_version'], event['cef_sigid'], event['cef_name'], event['cef_severity'], event['message'] = data.scan /(?:[^\|\\]|\\.)+/
39
- # Now, try to break out the Extension Dictionary
40
+
41
+ # Strip any leading or trailing spaces
40
42
  message=event['message']
41
- if message.to_s.strip.length != 0
42
- message = message.strip
43
+ message=message.to_s.strip
44
+ event['message']=message
45
+
46
+ # Now, try to break out the Extension Dictionary
47
+ if message.length != 0
43
48
  message = message.split(/ ([\w\.]+)=/)
44
49
 
45
50
  key, value = message.shift.split('=',2)
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'hpess-logstash-codec-cef'
4
- s.version = '0.1.4'
4
+ s.version = '0.1.5'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "CEF codec to parse CEF formated logs"
7
7
  s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hpess-logstash-codec-cef
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elasticsearch