logstash-codec-cef 6.2.2-java → 6.2.3-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -3
- data/docs/index.asciidoc +1 -3
- data/lib/logstash/codecs/cef.rb +5 -3
- data/logstash-codec-cef.gemspec +3 -2
- data/spec/codecs/cef_spec.rb +1 -1
- metadata +22 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d45c024f0bdb71f6056b553e138fff8d57479d021ab3ba8b98ba69384bf9898f
|
|
4
|
+
data.tar.gz: 7ddb2bd1427fcf5c2ca91e762a326d0a9e73e17d911dbadaf4dffc4fdcfc50e8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4e1afac1d4c0c05fa8bc4db6f61063d591e47ba85623b8e2530cddbf599e4e2cc6e3b968f1effbe23bb196a1864111d70eee6b354d7404cabb6f27b1fa431be2
|
|
7
|
+
data.tar.gz: 872d25b0b8f8b2aa3f2e884794df1afd614cb26408ce7bdcdc4fc9e7a90cd9b6750659b2da37b4072229cec8f83ebbbd5eca691af32926404e967e1a00c4c628
|
data/CHANGELOG.md
CHANGED
|
@@ -1,16 +1,19 @@
|
|
|
1
|
+
## 6.2.3
|
|
2
|
+
- Feat: event_factory support [#94](https://github.com/logstash-plugins/logstash-codec-cef/pull/94)
|
|
3
|
+
|
|
1
4
|
## 6.2.2
|
|
2
5
|
- Fixed invalid Field Reference that could occur when ECS mode was enabled and the CEF field `fileHash` was parsed.
|
|
3
|
-
- Added expanded mapping for numbered `deviceCustom*` and `deviceCustom*Label` fields so that all now include numbers 1 through 15.
|
|
6
|
+
- Added expanded mapping for numbered `deviceCustom*` and `deviceCustom*Label` fields so that all now include numbers 1 through 15. [#89](https://github.com/logstash-plugins/logstash-codec-cef/pull/89).
|
|
4
7
|
|
|
5
8
|
## 6.2.1
|
|
6
9
|
- Added field mapping to docs.
|
|
7
|
-
- Fixed ECS mapping of `deviceMacAddress` field.
|
|
10
|
+
- Fixed ECS mapping of `deviceMacAddress` field. [#88](https://github.com/logstash-plugins/logstash-codec-cef/pull/88).
|
|
8
11
|
|
|
9
12
|
## 6.2.0
|
|
10
13
|
- Introduce ECS Compatibility mode [#83](https://github.com/logstash-plugins/logstash-codec-cef/pull/83).
|
|
11
14
|
|
|
12
15
|
## 6.1.2
|
|
13
|
-
- Added error log with full payload when something bad happens in decoding a message[#84](https://github.com/logstash-plugins/logstash-codec-cef/pull/84)
|
|
16
|
+
- Added error log with full payload when something bad happens in decoding a message [#84](https://github.com/logstash-plugins/logstash-codec-cef/pull/84)
|
|
14
17
|
|
|
15
18
|
## 6.1.1
|
|
16
19
|
- Improved encoding performance, especially when encoding many extension fields [#81](https://github.com/logstash-plugins/logstash-codec-cef/pull/81)
|
data/docs/index.asciidoc
CHANGED
|
@@ -484,9 +484,7 @@ If the codec handles data from a variety of sources, the ECS recommendation is t
|
|
|
484
484
|
** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
|
|
485
485
|
** Otherwise, the default value is `disabled`.
|
|
486
486
|
|
|
487
|
-
Controls this plugin's compatibility with the
|
|
488
|
-
{ecs-ref}[Elastic Common Schema (ECS)]
|
|
489
|
-
(ECS)].
|
|
487
|
+
Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)].
|
|
490
488
|
|
|
491
489
|
[id="plugins-{type}s-{plugin}-fields"]
|
|
492
490
|
===== `fields`
|
data/lib/logstash/codecs/cef.rb
CHANGED
|
@@ -6,6 +6,7 @@ require "json"
|
|
|
6
6
|
require "time"
|
|
7
7
|
|
|
8
8
|
require 'logstash/plugin_mixins/ecs_compatibility_support'
|
|
9
|
+
require 'logstash/plugin_mixins/event_support/event_factory_adapter'
|
|
9
10
|
|
|
10
11
|
# Implementation of a Logstash codec for the ArcSight Common Event Format (CEF)
|
|
11
12
|
# Based on Revision 20 of Implementing ArcSight CEF, dated from June 05, 2013
|
|
@@ -16,7 +17,8 @@ require 'logstash/plugin_mixins/ecs_compatibility_support'
|
|
|
16
17
|
class LogStash::Codecs::CEF < LogStash::Codecs::Base
|
|
17
18
|
config_name "cef"
|
|
18
19
|
|
|
19
|
-
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1)
|
|
20
|
+
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
|
|
21
|
+
include LogStash::PluginMixins::EventSupport::EventFactoryAdapter
|
|
20
22
|
|
|
21
23
|
InvalidTimestamp = Class.new(StandardError)
|
|
22
24
|
|
|
@@ -201,7 +203,7 @@ class LogStash::Codecs::CEF < LogStash::Codecs::Base
|
|
|
201
203
|
|
|
202
204
|
def handle(data, &block)
|
|
203
205
|
original_data = data.dup
|
|
204
|
-
event =
|
|
206
|
+
event = event_factory.new_event
|
|
205
207
|
event.set(raw_data_field, data) unless raw_data_field.nil?
|
|
206
208
|
|
|
207
209
|
@utf8_charset.convert(data)
|
|
@@ -282,7 +284,7 @@ class LogStash::Codecs::CEF < LogStash::Codecs::Base
|
|
|
282
284
|
rescue => e
|
|
283
285
|
@logger.error("Failed to decode CEF payload. Generating failure event with payload in message field.",
|
|
284
286
|
:exception => e.class, :message => e.message, :backtrace => e.backtrace, :original_data => original_data)
|
|
285
|
-
yield
|
|
287
|
+
yield event_factory.new_event("message" => data, "tags" => ["_cefparsefailure"])
|
|
286
288
|
end
|
|
287
289
|
|
|
288
290
|
public
|
data/logstash-codec-cef.gemspec
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-cef'
|
|
4
|
-
s.version = '6.2.
|
|
4
|
+
s.version = '6.2.3'
|
|
5
5
|
s.platform = 'java'
|
|
6
6
|
s.licenses = ['Apache License (2.0)']
|
|
7
7
|
s.summary = "Reads the ArcSight Common Event Format (CEF)."
|
|
@@ -22,7 +22,8 @@ Gem::Specification.new do |s|
|
|
|
22
22
|
|
|
23
23
|
# Gem dependencies
|
|
24
24
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
|
25
|
-
s.add_runtime_dependency
|
|
25
|
+
s.add_runtime_dependency "logstash-mixin-ecs_compatibility_support", '~> 1.3'
|
|
26
|
+
s.add_runtime_dependency "logstash-mixin-event_support", '~> 1.0'
|
|
26
27
|
|
|
27
28
|
s.add_development_dependency 'logstash-devutils'
|
|
28
29
|
s.add_development_dependency 'insist'
|
data/spec/codecs/cef_spec.rb
CHANGED
|
@@ -873,7 +873,7 @@ describe LogStash::Codecs::CEF do
|
|
|
873
873
|
|
|
874
874
|
let(:results) { [] }
|
|
875
875
|
|
|
876
|
-
ecs_compatibility_matrix(:disabled
|
|
876
|
+
ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do |ecs_select|
|
|
877
877
|
before(:each) do
|
|
878
878
|
allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
|
|
879
879
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-cef
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.2.
|
|
4
|
+
version: 6.2.3
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-07-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -20,8 +20,8 @@ dependencies:
|
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
21
|
version: '2.99'
|
|
22
22
|
name: logstash-core-plugin-api
|
|
23
|
-
prerelease: false
|
|
24
23
|
type: :runtime
|
|
24
|
+
prerelease: false
|
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
26
26
|
requirements:
|
|
27
27
|
- - ">="
|
|
@@ -35,15 +35,29 @@ dependencies:
|
|
|
35
35
|
requirements:
|
|
36
36
|
- - "~>"
|
|
37
37
|
- !ruby/object:Gem::Version
|
|
38
|
-
version: '1.
|
|
38
|
+
version: '1.3'
|
|
39
39
|
name: logstash-mixin-ecs_compatibility_support
|
|
40
|
+
type: :runtime
|
|
40
41
|
prerelease: false
|
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
43
|
+
requirements:
|
|
44
|
+
- - "~>"
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: '1.3'
|
|
47
|
+
- !ruby/object:Gem::Dependency
|
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
|
49
|
+
requirements:
|
|
50
|
+
- - "~>"
|
|
51
|
+
- !ruby/object:Gem::Version
|
|
52
|
+
version: '1.0'
|
|
53
|
+
name: logstash-mixin-event_support
|
|
41
54
|
type: :runtime
|
|
55
|
+
prerelease: false
|
|
42
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
43
57
|
requirements:
|
|
44
58
|
- - "~>"
|
|
45
59
|
- !ruby/object:Gem::Version
|
|
46
|
-
version: '1.
|
|
60
|
+
version: '1.0'
|
|
47
61
|
- !ruby/object:Gem::Dependency
|
|
48
62
|
requirement: !ruby/object:Gem::Requirement
|
|
49
63
|
requirements:
|
|
@@ -51,8 +65,8 @@ dependencies:
|
|
|
51
65
|
- !ruby/object:Gem::Version
|
|
52
66
|
version: '0'
|
|
53
67
|
name: logstash-devutils
|
|
54
|
-
prerelease: false
|
|
55
68
|
type: :development
|
|
69
|
+
prerelease: false
|
|
56
70
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
71
|
requirements:
|
|
58
72
|
- - ">="
|
|
@@ -65,8 +79,8 @@ dependencies:
|
|
|
65
79
|
- !ruby/object:Gem::Version
|
|
66
80
|
version: '0'
|
|
67
81
|
name: insist
|
|
68
|
-
prerelease: false
|
|
69
82
|
type: :development
|
|
83
|
+
prerelease: false
|
|
70
84
|
version_requirements: !ruby/object:Gem::Requirement
|
|
71
85
|
requirements:
|
|
72
86
|
- - ">="
|
|
@@ -113,8 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
113
127
|
- !ruby/object:Gem::Version
|
|
114
128
|
version: '0'
|
|
115
129
|
requirements: []
|
|
116
|
-
|
|
117
|
-
rubygems_version: 2.6.13
|
|
130
|
+
rubygems_version: 3.0.6
|
|
118
131
|
signing_key:
|
|
119
132
|
specification_version: 4
|
|
120
133
|
summary: Reads the ArcSight Common Event Format (CEF).
|