logstash-filter-cef 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/logstash-filter-cef.gemspec +1 -1
  3. data/spec/filters/cef_spec.rb +25 -0
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ebf5ff9780644f0093381ec3656ca654381e5d9b
4
- data.tar.gz: b0561ae6cdf87c42d0e0a631156607c99f15e89a
3
+ metadata.gz: 7032b9abe918a98deda1d9c92535094ab45208cf
4
+ data.tar.gz: 34a58297c38eb2e94fe5cc700c43ad2bc49ad822
5
5
  SHA512:
6
- metadata.gz: 1ed5271e8f064de97df95576c4017337ef754089fc6ca2aee827db9515bff596b21a9dd7b657f2cdb5aa62ee2bd0175679e6ad7bcde61aa2b45513ae80a1a85e
7
- data.tar.gz: 9f5c141c735d740c5b3808048b35c1f88e299a2173963c5bcd0536c8cae987b236d949d6ae78dab2348adc9f2f79773e458899a0bb2ab0d16685b3f4fde8ec73
6
+ metadata.gz: 40a83e496c20239cf0c92e0c6578f278a83ca6b5eedf2b49e3bc7fc32a7aced173f9c510ba6a218950abf1842046d2a6d843848b4c7c7df05d11cc3038685932
7
+ data.tar.gz: 9e0ceb8065b56287d08fd6004d41a8f49cb39466adb09c8d97de39b04b9af365437697b0590365c61c00a3a9746cbe1141501c4cec432da74aeba1603c1f98f1
data/logstash-filter-cef.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-filter-cef'
3
- s.version = '0.1.0'
3
+ s.version = '0.1.1'
4
4
  s.licenses = ['Apache License (2.0)']
5
5
  s.summary = "This is a CEF parsing filter. It takes an existing field which contains CEF and expands it into an actual data structure within the Logstash event."
6
6
  s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
data/spec/filters/cef_spec.rb CHANGED
@@ -29,6 +29,31 @@ describe LogStash::Filters::CEF do
29
29
  end
30
30
  end
31
31
 
32
+ describe 'provide a target' do
33
+ config <<-CONFIG
34
+ filter {
35
+ cef {
36
+ # Parse message as CEF string
37
+ source => "message"
38
+ target => "baz"
39
+ }
40
+ }
41
+ CONFIG
42
+
43
+ sample 'CEF: 0|Figgity Foo Bar Inc.|ThingyThang|1.0.0|Firewall|Something Bad Happened|Informative|foo=bar baz=ah Hellz Nah' do
44
+ insist { subject['baz']['cef_version'] } == '0'
45
+ insist { subject['baz']['cef_vendor'] } == 'Figgity Foo Bar Inc.'
46
+ insist { subject['baz']['cef_product'] } == 'ThingyThang'
47
+ insist { subject['baz']['cef_device_version'] } == '1.0.0'
48
+ insist { subject['baz']['cef_sigid'] } == 'Firewall'
49
+ insist { subject['baz']['cef_name'] } == 'Something Bad Happened'
50
+ insist { subject['baz']['cef_syslog'] } == "CEF:"
51
+ insist { subject['baz']['cef_severity'] } == 'Informative'
52
+ insist { subject['baz']['cef_ext']['foo'] } == 'bar'
53
+ insist { subject['baz']['cef_ext']['baz'] } == 'ah Hellz Nah'
54
+ end
55
+ end
56
+
32
57
  context 'using message field source' do
33
58
  subject(:filter) { LogStash::Filters::CEF.new(config) }
34
59
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-cef
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Domingo Kiser