RubyGems - logstash-codec-cef - Versions diffs - 6.2.2-java → 6.2.5-java - Mend

logstash-codec-cef 6.2.2-java → 6.2.5-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d6769d2631f2bd27a0e5d4efebcdf5522eb2e1e843fef3d195ca804d4e68e1cb
-  data.tar.gz: 97a5acd21e5041dbb91129819ed13b4989f269acaccbc134a26be5c6a83535e6
+  metadata.gz: 03b13f5507c5f1bdb5f09668a2bcb445dd5d93014b91cb9c17272b7445a787ff
+  data.tar.gz: a25d40bf2ccd77baacc58dd4d49b69da9c7e0b616537d306b937807915d36115
 SHA512:
-  metadata.gz: 7a1021a17d1c87f07bf61f5583acda25f69e69c7946191056d93f0c8c0e9f1ad3aea6489b14fb78754c92507114d588ba36513d7ba9d39e861550d02aeaa7cab
-  data.tar.gz: ff9ce9b27c9c4ae1cc5440cecd9e6113989507e030bf609683de344645536eb1a713149e70da2f87638dd553e493145c750f54e5e560d5b938829b8d0b6404e8
+  metadata.gz: d600beff671cd1d1a287c153bf4dac27922ea8ca109fc92d3b43c18ea69fdbf645b53067d36cd859604e8013a14010397bd6b0640b4173977ff95a6800f563be
+  data.tar.gz: 4ef42b63bf2c8fdf535c6c7106149dcf7df4e269fd1299708ed3a290d9ceedace58eaf46c002eaa18afb174a2670edf6abea392c120e7eea606de5bb9f8d3bec

data/CHANGELOG.md CHANGED Viewed

@@ -1,16 +1,25 @@
+## 6.2.5
+  - [DOC] Update link to CEF implementation guide [#97](https://github.com/logstash-plugins/logstash-codec-cef/pull/97)
+## 6.2.4
+  - [DOC] Emphasize importance of delimiter setting for byte stream inputs [#95](https://github.com/logstash-plugins/logstash-codec-cef/pull/95)
+## 6.2.3
+  - Feat: event_factory support [#94](https://github.com/logstash-plugins/logstash-codec-cef/pull/94)
 ## 6.2.2
  - Fixed invalid Field Reference that could occur when ECS mode was enabled and the CEF field `fileHash` was parsed.
- - Added expanded mapping for numbered `deviceCustom*` and `deviceCustom*Label` fields so that all now include numbers 1 through 15.
+ - Added expanded mapping for numbered `deviceCustom*` and `deviceCustom*Label` fields so that all now include numbers 1 through 15. [#89](https://github.com/logstash-plugins/logstash-codec-cef/pull/89).
 ## 6.2.1
  - Added field mapping to docs.
- - Fixed ECS mapping of `deviceMacAddress` field.
+ - Fixed ECS mapping of `deviceMacAddress` field. [#88](https://github.com/logstash-plugins/logstash-codec-cef/pull/88).
 ## 6.2.0
  - Introduce ECS Compatibility mode [#83](https://github.com/logstash-plugins/logstash-codec-cef/pull/83).
 ## 6.1.2
- - Added error log with full payload when something bad happens in decoding a message[#84](https://github.com/logstash-plugins/logstash-codec-cef/pull/84)
+ - Added error log with full payload when something bad happens in decoding a message [#84](https://github.com/logstash-plugins/logstash-codec-cef/pull/84)
 ## 6.1.1
  - Improved encoding performance, especially when encoding many extension fields [#81](https://github.com/logstash-plugins/logstash-codec-cef/pull/81)

data/docs/index.asciidoc CHANGED Viewed

@@ -20,12 +20,11 @@ include::{include_path}/plugin_header.asciidoc[]
 ==== Description
-Implementation of a Logstash codec for the ArcSight Common Event Format (CEF)
-Based on Revision 20 of Implementing ArcSight CEF, dated from June 05, 2013
-https://community.saas.hpe.com/dcvta86296/attachments/dcvta86296/connector-documentation/1116/1/CommonEventFormatv23.pdf
+Implementation of a Logstash codec for the ArcSight Common Event Format (CEF).
+It is based on https://www.microfocus.com/documentation/arcsight/arcsight-smartconnectors/pdfdoc/common-event-format-v25/common-event-format-v25.pdf[Implementing ArcSight CEF Revision 25, September 2017].
-If this codec receives a payload from an input that is not a valid CEF message, then it will
-produce an event with the payload as the 'message' field and a '_cefparsefailure' tag.
+If this codec receives a payload from an input that is not a valid CEF message, then it
+produces an event with the payload as the 'message' field and a '_cefparsefailure' tag.
 ==== Compatibility with the Elastic Common Schema (ECS)
@@ -441,14 +440,19 @@ not include timezone information, this `default_timezone` is used instead.
 If your input puts a delimiter between each CEF event, you'll want to set
 this to be that delimiter.
-For example, with the TCP input, you probably want to put this:
+NOTE: Byte stream inputs such as TCP require delimiter to be specified. Otherwise input can be truncated or incorrectly split.
+**Example**
+[source,ruby]
+-----
     input {
       tcp {
         codec => cef { delimiter => "\r\n" }
         # ...
       }
     }
+-----
 This setting allows the following character sequences to have special meaning:
@@ -484,9 +488,7 @@ If the codec handles data from a variety of sources, the ECS recommendation is t
 ** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
 ** Otherwise, the default value is `disabled`.
-Controls this plugin's compatibility with the
-{ecs-ref}[Elastic Common Schema (ECS)]
-(ECS)].
+Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)].
 [id="plugins-{type}s-{plugin}-fields"]
 ===== `fields`

data/lib/logstash/codecs/cef.rb CHANGED Viewed

@@ -6,6 +6,7 @@ require "json"
 require "time"
 require 'logstash/plugin_mixins/ecs_compatibility_support'
+require 'logstash/plugin_mixins/event_support/event_factory_adapter'
 # Implementation of a Logstash codec for the ArcSight Common Event Format (CEF)
 # Based on Revision 20 of Implementing ArcSight CEF, dated from June 05, 2013
@@ -16,7 +17,8 @@ require 'logstash/plugin_mixins/ecs_compatibility_support'
 class LogStash::Codecs::CEF < LogStash::Codecs::Base
   config_name "cef"
-  include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1)
+  include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
+  include LogStash::PluginMixins::EventSupport::EventFactoryAdapter
   InvalidTimestamp = Class.new(StandardError)
@@ -201,7 +203,7 @@ class LogStash::Codecs::CEF < LogStash::Codecs::Base
   def handle(data, &block)
     original_data = data.dup
-    event = LogStash::Event.new
+    event = event_factory.new_event
     event.set(raw_data_field, data) unless raw_data_field.nil?
     @utf8_charset.convert(data)
@@ -282,7 +284,7 @@ class LogStash::Codecs::CEF < LogStash::Codecs::Base
   rescue => e
     @logger.error("Failed to decode CEF payload. Generating failure event with payload in message field.",
                   :exception => e.class, :message => e.message, :backtrace => e.backtrace, :original_data => original_data)
-    yield LogStash::Event.new("message" => data, "tags" => ["_cefparsefailure"])
+    yield event_factory.new_event("message" => data, "tags" => ["_cefparsefailure"])
   end
   public

data/logstash-codec-cef.gemspec CHANGED Viewed

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-codec-cef'
-  s.version         = '6.2.2'
+  s.version         = '6.2.5'
   s.platform        = 'java'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Reads the ArcSight Common Event Format (CEF)."
@@ -22,7 +22,8 @@ Gem::Specification.new do |s|
   # Gem dependencies
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
-  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.1'
+  s.add_runtime_dependency "logstash-mixin-ecs_compatibility_support", '~> 1.3'
+  s.add_runtime_dependency "logstash-mixin-event_support", '~> 1.0'
   s.add_development_dependency 'logstash-devutils'
   s.add_development_dependency 'insist'

data/spec/codecs/cef_spec.rb CHANGED Viewed

@@ -873,7 +873,7 @@ describe LogStash::Codecs::CEF do
     let(:results)   { [] }
-    ecs_compatibility_matrix(:disabled,:v1) do |ecs_select|
+    ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do |ecs_select|
       before(:each) do
         allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
       end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-codec-cef
 version: !ruby/object:Gem::Version
-  version: 6.2.2
+  version: 6.2.5
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-22 00:00:00.000000000 Z
+date: 2022-04-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -35,7 +35,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.3'
   name: logstash-mixin-ecs_compatibility_support
   prerelease: false
   type: :runtime
@@ -43,7 +43,21 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  name: logstash-mixin-event_support
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -113,8 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Reads the ArcSight Common Event Format (CEF).