hpess-logstash-codec-cef 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/lib/logstash/codecs/cef.rb +9 -4
- data/logstash-codec-cef.gemspec +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2aa574df0f3ca9ed883f4baf424f9e1813ab4042
|
|
4
|
+
data.tar.gz: 1fa77dc3ea0a1bec0f49164484e00208bd952ee7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6f2fe997e0a0ef22f9e74c01e5899e3bf1faa156455e6ec0cb127e56208b5ebed0a38fa06895b9c155f521cdb1565d0e80e4c17ae00ce055fb5169f9d11cbf79
|
|
7
|
+
data.tar.gz: 1bbe77325063c8804924e1bd49c7a7bccb5a9f819de417cd3be1842c87ab1d3eec09632f5b4becbc9a6b9d446f37e0b81b0b1a6eb0f026989be5514bd0ba9566
|
data/.gitignore
CHANGED
data/lib/logstash/codecs/cef.rb
CHANGED
|
@@ -31,15 +31,20 @@ class LogStash::Codecs::CEF < LogStash::Codecs::Base
|
|
|
31
31
|
# We don't have syslog headers, so we just need to remove CEF:
|
|
32
32
|
data.sub! /^CEF:/, ''
|
|
33
33
|
end #if @syslog
|
|
34
|
+
|
|
34
35
|
# Default any CEF unknown fields to unknown
|
|
35
|
-
data.gsub! '||', ''
|
|
36
|
+
data.gsub! '||', '|unknown|'
|
|
36
37
|
|
|
37
38
|
# Now, break out the rest of the headers
|
|
38
39
|
event['cef_version'], event['cef_vendor'], event['cef_product'], event['cef_device_version'], event['cef_sigid'], event['cef_name'], event['cef_severity'], event['message'] = data.scan /(?:[^\|\\]|\\.)+/
|
|
39
|
-
|
|
40
|
+
|
|
41
|
+
# Strip any leading or trailing spaces
|
|
40
42
|
message=event['message']
|
|
41
|
-
|
|
42
|
-
|
|
43
|
+
message=message.to_s.strip
|
|
44
|
+
event['message']=message
|
|
45
|
+
|
|
46
|
+
# Now, try to break out the Extension Dictionary
|
|
47
|
+
if message.length != 0
|
|
43
48
|
message = message.split(/ ([\w\.]+)=/)
|
|
44
49
|
|
|
45
50
|
key, value = message.shift.split('=',2)
|
data/logstash-codec-cef.gemspec
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'hpess-logstash-codec-cef'
|
|
4
|
-
s.version = '0.1.
|
|
4
|
+
s.version = '0.1.5'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "CEF codec to parse CEF formated logs"
|
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|