hpess-logstash-codec-cef 0.1.4 → 0.1.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/lib/logstash/codecs/cef.rb +9 -4
  4. data/logstash-codec-cef.gemspec +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5c93c2c3bb203fb5ab931e1765e067259312a95d
4
- data.tar.gz: 3d121765f80193449bbd7418260af0a3ab5fd739
3
+ metadata.gz: 2aa574df0f3ca9ed883f4baf424f9e1813ab4042
4
+ data.tar.gz: 1fa77dc3ea0a1bec0f49164484e00208bd952ee7
5
5
  SHA512:
6
- metadata.gz: f9bf4831867ee0a32ee9e3ee3cf3a736cf516bbf0d752391e143bdfde5ce2d7210d984faafbf48f16ac5fb47379f133fc410a81994dc01682d81895eac42ff21
7
- data.tar.gz: fd3dd70a9613bd6899962ec07d698ba242e1b9611973f17ab6d454d20c27fbe7dfa663cd3493619c73084a2a464801845b38f607d41100fdf5a544a0a592b86a
6
+ metadata.gz: 6f2fe997e0a0ef22f9e74c01e5899e3bf1faa156455e6ec0cb127e56208b5ebed0a38fa06895b9c155f521cdb1565d0e80e4c17ae00ce055fb5169f9d11cbf79
7
+ data.tar.gz: 1bbe77325063c8804924e1bd49c7a7bccb5a9f819de417cd3be1842c87ab1d3eec09632f5b4becbc9a6b9d446f37e0b81b0b1a6eb0f026989be5514bd0ba9566
data/.gitignore CHANGED
@@ -2,3 +2,4 @@ build
2
2
  vendor
3
3
  tools
4
4
  .VERSION.mk
5
+ *.gem
data/lib/logstash/codecs/cef.rb CHANGED
@@ -31,15 +31,20 @@ class LogStash::Codecs::CEF < LogStash::Codecs::Base
31
31
  # We don't have syslog headers, so we just need to remove CEF:
32
32
  data.sub! /^CEF:/, ''
33
33
  end #if @syslog
34
+
34
35
  # Default any CEF unknown fields to unknown
35
- data.gsub! '||', ''
36
+ data.gsub! '||', '|unknown|'
36
37
 
37
38
  # Now, break out the rest of the headers
38
39
  event['cef_version'], event['cef_vendor'], event['cef_product'], event['cef_device_version'], event['cef_sigid'], event['cef_name'], event['cef_severity'], event['message'] = data.scan /(?:[^\|\\]|\\.)+/
39
- # Now, try to break out the Extension Dictionary
40
+
41
+ # Strip any leading or trailing spaces
40
42
  message=event['message']
41
- if message.to_s.strip.length != 0
42
- message = message.strip
43
+ message=message.to_s.strip
44
+ event['message']=message
45
+
46
+ # Now, try to break out the Extension Dictionary
47
+ if message.length != 0
43
48
  message = message.split(/ ([\w\.]+)=/)
44
49
 
45
50
  key, value = message.shift.split('=',2)
data/logstash-codec-cef.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'hpess-logstash-codec-cef'
4
- s.version = '0.1.4'
4
+ s.version = '0.1.5'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "CEF codec to parse CEF formated logs"
7
7
  s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hpess-logstash-codec-cef
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elasticsearch