logstash-filter-syslog_pri 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -4
- data/logstash-filter-syslog_pri.gemspec +3 -4
- data/spec/filters/syslog_pri_spec.rb +110 -2
- data/spec/spec_helper.rb +3 -0
- metadata +9 -9
- data/.gitignore +0 -4
- data/Rakefile +0 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: df705202b239ed3d14afc81e8072e643fbcef41f
|
|
4
|
+
data.tar.gz: 7f869def7afa8d180a7202e7d49cb3fdc4ef5582
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6c9ffb7129e032df6159b67f49b06048e830470f27cac4dc05c7b2353ab5187b0180395da99678ff91c959530d3a41a2bd5728e81b91d58e798c1354523cd3b4
|
|
7
|
+
data.tar.gz: 2926151113286a791c6244d05d89388ab3ee530e649750068a1a4ed14e1aa92d7a1b03f1dbcdb6aa3f2874cf4d4b3249dc66f50d7412ee910b2dec5da057a71c
|
data/README.md
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
# Logstash Plugin
|
|
2
2
|
|
|
3
|
-
This is a plugin for [Logstash](https://github.com/
|
|
3
|
+
This is a plugin for [Logstash](https://github.com/elastic/logstash).
|
|
4
4
|
|
|
5
5
|
It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
|
|
6
6
|
|
|
7
7
|
## Documentation
|
|
8
8
|
|
|
9
|
-
Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.
|
|
9
|
+
Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
|
|
10
10
|
|
|
11
11
|
- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
|
|
12
|
-
- For more asciidoc formatting tips, see the excellent reference here https://github.com/
|
|
12
|
+
- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
|
|
13
13
|
|
|
14
14
|
## Need Help?
|
|
15
15
|
|
|
@@ -83,4 +83,4 @@ Programming is not a required skill. Whatever you've seen about open source and
|
|
|
83
83
|
|
|
84
84
|
It is more important to the community that you are able to contribute.
|
|
85
85
|
|
|
86
|
-
For more information about contributing, see the [CONTRIBUTING](https://github.com/
|
|
86
|
+
For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-filter-syslog_pri'
|
|
4
|
-
s.version = '1.0.
|
|
4
|
+
s.version = '1.0.1'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Filter plugin for logstash to parse the PRI field from the front of a Syslog (RFC3164) message"
|
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
|
|
|
11
11
|
s.require_paths = ["lib"]
|
|
12
12
|
|
|
13
13
|
# Files
|
|
14
|
-
s.files =
|
|
14
|
+
s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
|
|
15
15
|
|
|
16
16
|
# Tests
|
|
17
17
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
|
@@ -21,7 +21,6 @@ Gem::Specification.new do |s|
|
|
|
21
21
|
|
|
22
22
|
# Gem dependencies
|
|
23
23
|
s.add_runtime_dependency "logstash-core", '>= 1.4.0', '< 2.0.0'
|
|
24
|
-
|
|
25
24
|
s.add_development_dependency 'logstash-devutils'
|
|
26
|
-
end
|
|
27
25
|
|
|
26
|
+
end
|
|
@@ -1,5 +1,113 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
require_relative "../spec_helper"
|
|
3
|
+
require "logstash/plugin"
|
|
4
|
+
require "logstash/event"
|
|
3
5
|
|
|
4
6
|
describe LogStash::Filters::Syslog_pri do
|
|
7
|
+
|
|
8
|
+
subject { LogStash::Filters::Syslog_pri.new( "syslog_pri_field_name" => "syslog_pri" ) }
|
|
9
|
+
let(:properties) { {:name => "foo" } }
|
|
10
|
+
let(:event) { LogStash::Event.new(properties) }
|
|
11
|
+
|
|
12
|
+
it "should register without errors" do
|
|
13
|
+
plugin = LogStash::Plugin.lookup("filter", "syslog_pri").new( "facility_labels" => ["kernel"] )
|
|
14
|
+
expect { plugin.register }.to_not raise_error
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
describe "defaults" do
|
|
18
|
+
|
|
19
|
+
subject { LogStash::Filters::Syslog_pri.new( "syslog_pri_field_name" => "my_syslog_pri" ) }
|
|
20
|
+
|
|
21
|
+
let(:properties) { { "syslog_pri" => 1 } }
|
|
22
|
+
let(:event) { LogStash::Event.new(properties) }
|
|
23
|
+
|
|
24
|
+
before(:each) do
|
|
25
|
+
subject.register
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
it "default syslog_facility is user-level" do
|
|
29
|
+
subject.filter(event)
|
|
30
|
+
expect(event["syslog_facility"]).to eq("user-level")
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
it "default syslog severity is notice" do
|
|
34
|
+
subject.filter(event)
|
|
35
|
+
expect(event["syslog_severity"]).to eq("notice")
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
it "default severity to be 5, out of priority default 13" do
|
|
39
|
+
subject.filter(event)
|
|
40
|
+
expect(event["syslog_severity_code"]).to eq(5)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
describe "filtering" do
|
|
46
|
+
|
|
47
|
+
let(:properties) { { "syslog_pri" => syslog_pri } }
|
|
48
|
+
let(:event) { LogStash::Event.new(properties) }
|
|
49
|
+
|
|
50
|
+
before(:each) do
|
|
51
|
+
subject.register
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
context "when critical messages arrive" do
|
|
55
|
+
let(:syslog_pri) { 34 }
|
|
56
|
+
|
|
57
|
+
it "syslog severity is critical" do
|
|
58
|
+
subject.filter(event)
|
|
59
|
+
expect(event["syslog_severity"]).to eq("critical")
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
it "default syslog_facility is user-level" do
|
|
63
|
+
subject.filter(event)
|
|
64
|
+
expect(event["syslog_facility"]).to eq("security/authorization")
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
context "when notice local messages arrive" do
|
|
70
|
+
let(:syslog_pri) { 165 }
|
|
71
|
+
|
|
72
|
+
it "syslog severity is notice" do
|
|
73
|
+
subject.filter(event)
|
|
74
|
+
expect(event["syslog_severity"]).to eq("notice")
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
it "default syslog_facility is user-level" do
|
|
78
|
+
subject.filter(event)
|
|
79
|
+
expect(event["syslog_facility"]).to eq("local4")
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
context "when a debug messages arrive" do
|
|
84
|
+
let(:syslog_pri) { 191 }
|
|
85
|
+
|
|
86
|
+
it "syslog severity is notice" do
|
|
87
|
+
subject.filter(event)
|
|
88
|
+
expect(event["syslog_severity"]).to eq("debug")
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
it "default syslog_facility is user-level" do
|
|
92
|
+
subject.filter(event)
|
|
93
|
+
expect(event["syslog_facility"]).to eq("local7")
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
context "when an alert messages arrive" do
|
|
98
|
+
let(:syslog_pri) { 137 }
|
|
99
|
+
|
|
100
|
+
it "syslog severity is notice" do
|
|
101
|
+
subject.filter(event)
|
|
102
|
+
expect(event["syslog_severity"]).to eq("alert")
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
it "default syslog_facility is user-level" do
|
|
106
|
+
subject.filter(event)
|
|
107
|
+
expect(event["syslog_facility"]).to eq("local1")
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
end
|
|
112
|
+
|
|
5
113
|
end
|
data/spec/spec_helper.rb
ADDED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-syslog_pri
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-09-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: logstash-core
|
|
@@ -50,17 +50,16 @@ executables: []
|
|
|
50
50
|
extensions: []
|
|
51
51
|
extra_rdoc_files: []
|
|
52
52
|
files:
|
|
53
|
-
- .
|
|
53
|
+
- lib/logstash/filters/syslog_pri.rb
|
|
54
|
+
- spec/spec_helper.rb
|
|
55
|
+
- spec/filters/syslog_pri_spec.rb
|
|
56
|
+
- logstash-filter-syslog_pri.gemspec
|
|
54
57
|
- CHANGELOG.md
|
|
58
|
+
- README.md
|
|
55
59
|
- CONTRIBUTORS
|
|
56
60
|
- Gemfile
|
|
57
61
|
- LICENSE
|
|
58
62
|
- NOTICE.TXT
|
|
59
|
-
- README.md
|
|
60
|
-
- Rakefile
|
|
61
|
-
- lib/logstash/filters/syslog_pri.rb
|
|
62
|
-
- logstash-filter-syslog_pri.gemspec
|
|
63
|
-
- spec/filters/syslog_pri_spec.rb
|
|
64
63
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
|
65
64
|
licenses:
|
|
66
65
|
- Apache License (2.0)
|
|
@@ -83,9 +82,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
83
82
|
version: '0'
|
|
84
83
|
requirements: []
|
|
85
84
|
rubyforge_project:
|
|
86
|
-
rubygems_version: 2.
|
|
85
|
+
rubygems_version: 2.1.9
|
|
87
86
|
signing_key:
|
|
88
87
|
specification_version: 4
|
|
89
88
|
summary: Filter plugin for logstash to parse the PRI field from the front of a Syslog (RFC3164) message
|
|
90
89
|
test_files:
|
|
90
|
+
- spec/spec_helper.rb
|
|
91
91
|
- spec/filters/syslog_pri_spec.rb
|
data/.gitignore
DELETED