logstash-filter-cef 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/logstash-filter-cef.gemspec +1 -1
- data/spec/filters/cef_spec.rb +25 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7032b9abe918a98deda1d9c92535094ab45208cf
|
|
4
|
+
data.tar.gz: 34a58297c38eb2e94fe5cc700c43ad2bc49ad822
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 40a83e496c20239cf0c92e0c6578f278a83ca6b5eedf2b49e3bc7fc32a7aced173f9c510ba6a218950abf1842046d2a6d843848b4c7c7df05d11cc3038685932
|
|
7
|
+
data.tar.gz: 9e0ceb8065b56287d08fd6004d41a8f49cb39466adb09c8d97de39b04b9af365437697b0590365c61c00a3a9746cbe1141501c4cec432da74aeba1603c1f98f1
|
data/logstash-filter-cef.gemspec
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-filter-cef'
|
|
3
|
-
s.version = '0.1.
|
|
3
|
+
s.version = '0.1.1'
|
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
|
5
5
|
s.summary = "This is a CEF parsing filter. It takes an existing field which contains CEF and expands it into an actual data structure within the Logstash event."
|
|
6
6
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
data/spec/filters/cef_spec.rb
CHANGED
|
@@ -29,6 +29,31 @@ describe LogStash::Filters::CEF do
|
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
+
describe 'provide a target' do
|
|
33
|
+
config <<-CONFIG
|
|
34
|
+
filter {
|
|
35
|
+
cef {
|
|
36
|
+
# Parse message as CEF string
|
|
37
|
+
source => "message"
|
|
38
|
+
target => "baz"
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
CONFIG
|
|
42
|
+
|
|
43
|
+
sample 'CEF: 0|Figgity Foo Bar Inc.|ThingyThang|1.0.0|Firewall|Something Bad Happened|Informative|foo=bar baz=ah Hellz Nah' do
|
|
44
|
+
insist { subject['baz']['cef_version'] } == '0'
|
|
45
|
+
insist { subject['baz']['cef_vendor'] } == 'Figgity Foo Bar Inc.'
|
|
46
|
+
insist { subject['baz']['cef_product'] } == 'ThingyThang'
|
|
47
|
+
insist { subject['baz']['cef_device_version'] } == '1.0.0'
|
|
48
|
+
insist { subject['baz']['cef_sigid'] } == 'Firewall'
|
|
49
|
+
insist { subject['baz']['cef_name'] } == 'Something Bad Happened'
|
|
50
|
+
insist { subject['baz']['cef_syslog'] } == "CEF:"
|
|
51
|
+
insist { subject['baz']['cef_severity'] } == 'Informative'
|
|
52
|
+
insist { subject['baz']['cef_ext']['foo'] } == 'bar'
|
|
53
|
+
insist { subject['baz']['cef_ext']['baz'] } == 'ah Hellz Nah'
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
|
|
32
57
|
context 'using message field source' do
|
|
33
58
|
subject(:filter) { LogStash::Filters::CEF.new(config) }
|
|
34
59
|
|