logstash-input-eventlog 0.1.0 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,15 +1,7 @@
1
1
  ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- ZDBjNWRiYmZlZThlYzFkMjJiYTIxMDk2YzU2OTgwNTRkOTc3ZjA5MA==
5
- data.tar.gz: !binary |-
6
- MDQ5ZDVmNzc0MDU2NDcxYmNmZmY0ZmI3MzcxNzNjYmRlZTkxMDBiZA==
2
+ SHA1:
3
+ metadata.gz: d383f435401333671e4c67f299fba906218b5e62
4
+ data.tar.gz: 618396042270ad53179b98b6f6bd63df0c6d5b5d
7
5
  SHA512:
8
- metadata.gz: !binary |-
9
- NDUxYWE5MDJkZDc2Nzg3NjQ0YjJhODNhMTY5ZWViMzhhMWQzZGJjNzgzZDcy
10
- YWIzODQ4OGVlMmFhOWM1YTBkZmIxOTEyNWM3MDgwMzFkNDIzZmQ3ZjAyNjMy
11
- NTE1ODQ2YTlmMTYxMjBkMzllNjJiNjlhYmRiOTg1YzcyYWJhZDA=
12
- data.tar.gz: !binary |-
13
- MjgwMjFlMGNjYTcyZDRjODBkOWRlMDAzZjlkODliOGQyMDJkOWEzYzA3Yzk1
14
- Yzc2MGY4NGVlYmNkMjg5MTU4ZTkwMGY2N2U4ZjM2MTk4MTYzZmY4MTMxMDU1
15
- M2Y1YmFhMmNlYzRkZGMzNzBkYTU1ZDZlMjAyNDQwOTg1MTJjZjU=
6
+ metadata.gz: 0f48194926185e234ffe916d8bdf78471c0f5b1736a930bb81bc92c75d1000e9ea8b024a32e0bb3757cbba4856bf5e650afa015f49dc23e1ab758480df8defc2
7
+ data.tar.gz: 26da2254059f6cbf31f2cc16baf1e356eb3979620b89d628616fc4fdbcf18aee73353d4c581e9f40c404a3ccf361ef8d75d09124920c28c1aea2d60651c629ff
data/CHANGELOG.md ADDED
@@ -0,0 +1,5 @@
1
+ ## 2.0.0
2
+ - Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully,
3
+ instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895
4
+ - Dependency on logstash-core update to 2.0
5
+
data/CONTRIBUTORS ADDED
@@ -0,0 +1,19 @@
1
+ The following is a list of people who have contributed ideas, code, bug
2
+ reports, or in general have helped logstash along its way.
3
+
4
+ Contributors:
5
+ * Bernd Ahlers (bernd)
6
+ * Colin Surprenant (colinsurprenant)
7
+ * Drew Rogers (drogerschariot)
8
+ * Greg Mefford (GregMefford)
9
+ * James Turnbull (jamtur01)
10
+ * Jordan Sissel (jordansissel)
11
+ * Kurt Hurtado (kurtado)
12
+ * Pier-Hugues Pellerin (ph)
13
+ * Richard Pijnenburg (electrical)
14
+ * Suyog Rao (suyograo)
15
+
16
+ Note: If you've sent us patches, bug reports, or otherwise contributed to
17
+ Logstash, and you aren't on the list above and want to be, please let us know
18
+ and we'll make sure you're here. Contributions from folks like you are what make
19
+ open source awesome.
data/Gemfile CHANGED
@@ -1,4 +1,2 @@
1
- source 'http://rubygems.org'
2
- gem 'rake'
3
- gem 'gem_publisher'
4
- gem 'archive-tar-minitar'
1
+ source 'https://rubygems.org'
2
+ gemspec
data/LICENSE CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2012-2014 Elasticsearch <http://www.elasticsearch.org>
1
+ Copyright (c) 2012–2015 Elasticsearch <http://www.elastic.co>
2
2
 
3
3
  Licensed under the Apache License, Version 2.0 (the "License");
4
4
  you may not use this file except in compliance with the License.
data/NOTICE.TXT ADDED
@@ -0,0 +1,5 @@
1
+ Elasticsearch
2
+ Copyright 2012-2015 Elasticsearch
3
+
4
+ This product includes software developed by The Apache Software
5
+ Foundation (http://www.apache.org/).
data/README.md ADDED
@@ -0,0 +1,89 @@
1
+ # Logstash Plugin
2
+
3
+ [![Build
4
+ Status](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Inputs/job/logstash-plugin-input-eventlog-unit/badge/icon)](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Inputs/job/logstash-plugin-input-eventlog-unit/)
5
+
6
+ This is a plugin for [Logstash](https://github.com/elastic/logstash).
7
+
8
+ It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
9
+
10
+ ## Documentation
11
+
12
+ Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
13
+
14
+ - For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
15
+ - For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
16
+
17
+ ## Need Help?
18
+
19
+ Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
20
+
21
+ ## Developing
22
+
23
+ ### 1. Plugin Developement and Testing
24
+
25
+ #### Code
26
+ - To get started, you'll need JRuby with the Bundler gem installed.
27
+
28
+ - Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
29
+
30
+ - Install dependencies
31
+ ```sh
32
+ bundle install
33
+ ```
34
+
35
+ #### Test
36
+
37
+ - Update your dependencies
38
+
39
+ ```sh
40
+ bundle install
41
+ ```
42
+
43
+ - Run tests
44
+
45
+ ```sh
46
+ bundle exec rspec
47
+ ```
48
+
49
+ ### 2. Running your unpublished Plugin in Logstash
50
+
51
+ #### 2.1 Run in a local Logstash clone
52
+
53
+ - Edit Logstash `Gemfile` and add the local plugin path, for example:
54
+ ```ruby
55
+ gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
56
+ ```
57
+ - Install plugin
58
+ ```sh
59
+ bin/plugin install --no-verify
60
+ ```
61
+ - Run Logstash with your plugin
62
+ ```sh
63
+ bin/logstash -e 'filter {awesome {}}'
64
+ ```
65
+ At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
66
+
67
+ #### 2.2 Run in an installed Logstash
68
+
69
+ You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
70
+
71
+ - Build your plugin gem
72
+ ```sh
73
+ gem build logstash-filter-awesome.gemspec
74
+ ```
75
+ - Install the plugin from the Logstash home
76
+ ```sh
77
+ bin/plugin install /your/local/plugin/logstash-filter-awesome.gem
78
+ ```
79
+ - Start Logstash and proceed to test the plugin
80
+
81
+ ## Contributing
82
+
83
+ All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
84
+
85
+ Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here.
86
+
87
+ It is more important to the community that you are able to contribute.
88
+
89
+ For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
@@ -2,12 +2,13 @@
2
2
  require "logstash/inputs/base"
3
3
  require "logstash/namespace"
4
4
  require "logstash/timestamp"
5
- require "socket"
5
+ require "win32/eventlog"
6
+ require "stud/interval"
6
7
 
7
- # This input will pull events from a (http://msdn.microsoft.com/en-us/library/windows/desktop/bb309026%28v=vs.85%29.aspx)[Windows Event Log].
8
+ # This input will pull events from a http://msdn.microsoft.com/en-us/library/windows/desktop/bb309026%28v=vs.85%29.aspx[Windows Event Log].
8
9
  #
9
10
  # To collect Events from the System Event Log, use a config like:
10
- #
11
+ # [source,ruby]
11
12
  # input {
12
13
  # eventlog {
13
14
  # type => 'Win32-EventLog'
@@ -17,113 +18,75 @@ require "socket"
17
18
  class LogStash::Inputs::EventLog < LogStash::Inputs::Base
18
19
 
19
20
  config_name "eventlog"
20
- milestone 2
21
21
 
22
22
  default :codec, "plain"
23
23
 
24
24
  # Event Log Name
25
- config :logfile, :validate => :array, :default => [ "Application", "Security", "System" ]
25
+ # System and Security may require that privileges are given to the user running logstash.
26
+ # see more at: https://social.technet.microsoft.com/forums/windowsserver/en-US/d2f813db-6142-4b5b-8d86-253ebb740473/easy-way-to-read-security-log
27
+ config :logfile, :validate => :string, :validate => [ "Application", "Security", "System" ], :default => "Application"
28
+
29
+ # How frequently should tail check for new event logs in ms (default: 1 second)
30
+ config :interval, :validate => :number, :default => 1000
26
31
 
27
32
  public
28
33
  def register
29
34
 
30
35
  # wrap specified logfiles in suitable OR statements
31
- @logfiles = @logfile.join("' OR TargetInstance.LogFile = '")
32
-
33
36
  @hostname = Socket.gethostname
34
- @logger.info("Registering input eventlog://#{@hostname}/#{@logfile}")
37
+ @logger.info("Opening eventlog #{@logfile}")
35
38
 
36
- if RUBY_PLATFORM == "java"
37
- require "jruby-win32ole"
38
- else
39
- require "win32ole"
39
+ begin
40
+ @eventlog = Win32::EventLog.open(@logfile)
41
+ rescue SystemCallError => e
42
+ if e.errno == 1314 # ERROR_PRIVILEGE_NOT_HELD
43
+ @logger.fatal("No privilege held to open logfile", :logfile => @logfile)
44
+ end
45
+ raise
40
46
  end
41
47
  end # def register
42
48
 
43
49
  public
44
50
  def run(queue)
45
- @wmi = WIN32OLE.connect("winmgmts://")
46
51
 
47
- wmi_query = "Select * from __InstanceCreationEvent Where TargetInstance ISA 'Win32_NTLogEvent' And (TargetInstance.LogFile = '#{@logfiles}')"
48
-
49
- begin
50
- @logger.debug("Tailing Windows Event Log '#{@logfile}'")
51
-
52
- events = @wmi.ExecNotificationQuery(wmi_query)
53
-
54
- while
55
- notification = events.NextEvent
56
- event = notification.TargetInstance
57
-
58
- timestamp = to_timestamp(event.TimeGenerated)
59
-
60
- e = LogStash::Event.new(
61
- "host" => @hostname,
62
- "path" => @logfile,
63
- "type" => @type,
64
- LogStash::Event::TIMESTAMP => timestamp
65
- )
66
-
67
- %w{Category CategoryString ComputerName EventCode EventIdentifier
68
- EventType Logfile Message RecordNumber SourceName
69
- TimeGenerated TimeWritten Type User
70
- }.each{
71
- |property| e[property] = event.send property
72
- }
73
-
74
- if RUBY_PLATFORM == "java"
75
- # unwrap jruby-win32ole racob data
76
- e["InsertionStrings"] = unwrap_racob_variant_array(event.InsertionStrings)
77
- data = unwrap_racob_variant_array(event.Data)
78
- # Data is an array of signed shorts, so convert to bytes and pack a string
79
- e["Data"] = data.map{|byte| (byte > 0) ? byte : 256 + byte}.pack("c*")
80
- else
81
- # win32-ole data does not need to be unwrapped
82
- e["InsertionStrings"] = event.InsertionStrings
83
- e["Data"] = event.Data
84
- end
85
-
86
- e["message"] = event.Message
87
-
88
- decorate(e)
89
- queue << e
90
-
91
- end # while
92
-
93
- rescue Exception => ex
94
- @logger.error("Windows Event Log error: #{ex}\n#{ex.backtrace}")
95
- sleep 1
96
- retry
97
- end # rescue
98
-
99
- end # def run
100
-
101
- private
102
- def unwrap_racob_variant_array(variants)
103
- variants ||= []
104
- variants.map {|v| (v.respond_to? :getValue) ? v.getValue : v}
105
- end # def unwrap_racob_variant_array
52
+ @logger.debug("Tailing Windows Event Log '#{@logfile}'")
53
+
54
+ old_total = @eventlog.total_records()
55
+ flags = Win32::EventLog::FORWARDS_READ | Win32::EventLog::SEEK_READ
56
+ rec_num = @eventlog.read_last_event.record_number
57
+
58
+ while !stop?
59
+ new_total = @eventlog.total_records()
60
+ if new_total != old_total
61
+ rec_num = @eventlog.oldest_record_number() if @eventlog.full?
62
+ @eventlog.read(flags, rec_num).each { |log| e = process(log); decorate(e); queue << e }
63
+ old_total = new_total
64
+ rec_num = @eventlog.read_last_event.record_number + 1
65
+ end
66
+ Stud.stoppable_sleep(@interval/1000.0) { stop? }
67
+ end
68
+ end
106
69
 
107
- # the event log timestamp is a utc string in the following format: yyyymmddHHMMSS.xxxxxx±UUU
108
- # http://technet.microsoft.com/en-us/library/ee198928.aspx
109
70
  private
110
- def to_timestamp(wmi_time)
111
- result = ""
112
- # parse the utc date string
113
- /(?<w_date>\d{8})(?<w_time>\d{6})\.\d{6}(?<w_sign>[\+-])(?<w_diff>\d{3})/ =~ wmi_time
114
- result = "#{w_date}T#{w_time}#{w_sign}"
115
- # the offset is represented by the difference, in minutes,
116
- # between the local time zone and Greenwich Mean Time (GMT).
117
- if w_diff.to_i > 0
118
- # calculate the timezone offset in hours and minutes
119
- h_offset = w_diff.to_i / 60
120
- m_offset = w_diff.to_i - (h_offset * 60)
121
- result.concat("%02d%02d" % [h_offset, m_offset])
122
- else
123
- result.concat("0000")
124
- end
71
+ def process(log)
72
+
73
+ LogStash::Event.new(
74
+ "host" => @hostname,
75
+ "Logfile" => @logfile,
76
+ "message" => log["description"].strip,
77
+ "Category" => log["category"],
78
+ "ComputerName" => log["computer"],
79
+ "EventIdentifier" => log["event_id"],
80
+ "EventType" => log["event_type"],
81
+ "RecordNumber" => log["record_number"],
82
+ "SourceName" => log["source"],
83
+ "TimeGenerated" => log["time_generated"],
84
+ "TimeWritten" => log["time_written"],
85
+ "Type" => log["event_type"],
86
+ "User" => log["user"],
87
+ "InsertionStrings" => log["string_inserts"]
88
+ )
89
+ end # def run
125
90
 
126
- return LogStash::Timestamp.new(DateTime.strptime(result, "%Y%m%dT%H%M%S%z").to_time)
127
- end
128
91
  end # class LogStash::Inputs::EventLog
129
92
 
@@ -1,32 +1,30 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-input-eventlog'
4
- s.version = '0.1.0'
4
+ s.version = '3.0.0'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "This input will pull events from a Windows Event Log"
7
- s.description = "This input will pull events from a Windows Event Log"
8
- s.authors = ["Elasticsearch"]
9
- s.email = 'richard.pijnenburg@elasticsearch.com'
10
- s.homepage = "http://logstash.net/"
7
+ s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
8
+ s.authors = ["Elastic"]
9
+ s.email = 'info@elastic.co'
10
+ s.homepage = "http://www.elastic.co/guide/en/logstash/current/index.html"
11
11
  s.require_paths = ["lib"]
12
12
 
13
13
  # Files
14
- s.files = `git ls-files`.split($\)+::Dir.glob('vendor/*')
14
+ s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
15
15
 
16
16
  # Tests
17
17
  s.test_files = s.files.grep(%r{^(test|spec|features)/})
18
18
 
19
19
  # Special flag to let us know this is actually a logstash plugin
20
- s.metadata = { "logstash_plugin" => "true", "group" => "input" }
20
+ s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
21
21
 
22
22
  # Gem dependencies
23
- s.add_runtime_dependency 'logstash', '>= 1.4.0', '< 2.0.0'
23
+ s.add_runtime_dependency "logstash-core", ">= 2.0.0.beta2", "< 3.0.0"
24
24
 
25
25
  s.add_runtime_dependency 'logstash-codec-plain'
26
26
 
27
- if RUBY_PLATFORM == 'java'
28
- s.platform = RUBY_PLATFORM
29
- s.add_runtime_dependency "jruby-win32ole" #(unknown license)
30
- end
27
+ s.add_runtime_dependency "win32-eventlog", "~> 0.6.5" # Artistic 2.0
28
+ s.add_runtime_dependency "stud", "~> 0.0.22" # Apache 2.0
29
+ s.add_development_dependency 'logstash-devutils'
31
30
  end
32
-
@@ -1,5 +1,8 @@
1
- require 'spec_helper'
1
+ require "logstash/devutils/rspec/spec_helper"
2
2
  require 'logstash/inputs/eventlog'
3
3
 
4
- describe LogStash::Inputs::EventLog do
4
+ describe LogStash::Inputs::EventLog, :windows => true do
5
+ it_behaves_like "an interruptible input plugin" do
6
+ let(:config) { { "logfile" => "Application", "interval" => 10000000 } }
7
+ end
5
8
  end
metadata CHANGED
@@ -1,89 +1,130 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-eventlog
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
- - Elasticsearch
8
- autorequire:
7
+ - Elastic
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-11-05 00:00:00.000000000 Z
11
+ date: 2015-11-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: logstash
15
14
  requirement: !ruby/object:Gem::Requirement
16
15
  requirements:
17
- - - ! '>='
16
+ - - '>='
18
17
  - !ruby/object:Gem::Version
19
- version: 1.4.0
18
+ version: 2.0.0.beta2
20
19
  - - <
21
20
  - !ruby/object:Gem::Version
22
- version: 2.0.0
23
- type: :runtime
21
+ version: 3.0.0
22
+ name: logstash-core
24
23
  prerelease: false
24
+ type: :runtime
25
25
  version_requirements: !ruby/object:Gem::Requirement
26
26
  requirements:
27
- - - ! '>='
27
+ - - '>='
28
28
  - !ruby/object:Gem::Version
29
- version: 1.4.0
29
+ version: 2.0.0.beta2
30
30
  - - <
31
31
  - !ruby/object:Gem::Version
32
- version: 2.0.0
32
+ version: 3.0.0
33
33
  - !ruby/object:Gem::Dependency
34
- name: logstash-codec-plain
35
34
  requirement: !ruby/object:Gem::Requirement
36
35
  requirements:
37
- - - ! '>='
36
+ - - '>='
37
+ - !ruby/object:Gem::Version
38
+ version: '0'
39
+ name: logstash-codec-plain
40
+ prerelease: false
41
+ type: :runtime
42
+ version_requirements: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - '>='
38
45
  - !ruby/object:Gem::Version
39
46
  version: '0'
47
+ - !ruby/object:Gem::Dependency
48
+ requirement: !ruby/object:Gem::Requirement
49
+ requirements:
50
+ - - ~>
51
+ - !ruby/object:Gem::Version
52
+ version: 0.6.5
53
+ name: win32-eventlog
54
+ prerelease: false
55
+ type: :runtime
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - ~>
59
+ - !ruby/object:Gem::Version
60
+ version: 0.6.5
61
+ - !ruby/object:Gem::Dependency
62
+ requirement: !ruby/object:Gem::Requirement
63
+ requirements:
64
+ - - ~>
65
+ - !ruby/object:Gem::Version
66
+ version: 0.0.22
67
+ name: stud
68
+ prerelease: false
40
69
  type: :runtime
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - ~>
73
+ - !ruby/object:Gem::Version
74
+ version: 0.0.22
75
+ - !ruby/object:Gem::Dependency
76
+ requirement: !ruby/object:Gem::Requirement
77
+ requirements:
78
+ - - '>='
79
+ - !ruby/object:Gem::Version
80
+ version: '0'
81
+ name: logstash-devutils
41
82
  prerelease: false
83
+ type: :development
42
84
  version_requirements: !ruby/object:Gem::Requirement
43
85
  requirements:
44
- - - ! '>='
86
+ - - '>='
45
87
  - !ruby/object:Gem::Version
46
88
  version: '0'
47
- description: This input will pull events from a Windows Event Log
48
- email: richard.pijnenburg@elasticsearch.com
89
+ description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
90
+ email: info@elastic.co
49
91
  executables: []
50
92
  extensions: []
51
93
  extra_rdoc_files: []
52
94
  files:
53
- - .gitignore
95
+ - CHANGELOG.md
96
+ - CONTRIBUTORS
54
97
  - Gemfile
55
- - Gemfile.bak
56
98
  - LICENSE
57
- - Rakefile
99
+ - NOTICE.TXT
100
+ - README.md
58
101
  - lib/logstash/inputs/eventlog.rb
59
102
  - logstash-input-eventlog.gemspec
60
- - rakelib/publish.rake
61
- - rakelib/vendor.rake
62
103
  - spec/inputs/eventlog_spec.rb
63
- homepage: http://logstash.net/
104
+ homepage: http://www.elastic.co/guide/en/logstash/current/index.html
64
105
  licenses:
65
106
  - Apache License (2.0)
66
107
  metadata:
67
108
  logstash_plugin: 'true'
68
- group: input
69
- post_install_message:
109
+ logstash_group: input
110
+ post_install_message:
70
111
  rdoc_options: []
71
112
  require_paths:
72
113
  - lib
73
114
  required_ruby_version: !ruby/object:Gem::Requirement
74
115
  requirements:
75
- - - ! '>='
116
+ - - '>='
76
117
  - !ruby/object:Gem::Version
77
118
  version: '0'
78
119
  required_rubygems_version: !ruby/object:Gem::Requirement
79
120
  requirements:
80
- - - ! '>='
121
+ - - '>='
81
122
  - !ruby/object:Gem::Version
82
123
  version: '0'
83
124
  requirements: []
84
- rubyforge_project:
85
- rubygems_version: 2.4.1
86
- signing_key:
125
+ rubyforge_project:
126
+ rubygems_version: 2.4.8
127
+ signing_key:
87
128
  specification_version: 4
88
129
  summary: This input will pull events from a Windows Event Log
89
130
  test_files:
data/.gitignore DELETED
@@ -1,4 +0,0 @@
1
- *.gem
2
- Gemfile.lock
3
- .bundle
4
- vendor
data/Gemfile.bak DELETED
@@ -1,4 +0,0 @@
1
- source 'http://rubygems.org'
2
- gem 'rake'
3
- gem 'gem_publisher'
4
- gem 'archive-tar-minitar'
data/Rakefile DELETED
@@ -1,6 +0,0 @@
1
- @files=[]
2
-
3
- task :default do
4
- system("rake -T")
5
- end
6
-
data/rakelib/publish.rake DELETED
@@ -1,9 +0,0 @@
1
- require "gem_publisher"
2
-
3
- desc "Publish gem to RubyGems.org"
4
- task :publish_gem do |t|
5
- gem_file = Dir.glob(File.expand_path('../*.gemspec',File.dirname(__FILE__))).first
6
- gem = GemPublisher.publish_if_updated(gem_file, :rubygems)
7
- puts "Published #{gem}" if gem
8
- end
9
-
data/rakelib/vendor.rake DELETED
@@ -1,169 +0,0 @@
1
- require "net/http"
2
- require "uri"
3
- require "digest/sha1"
4
-
5
- def vendor(*args)
6
- return File.join("vendor", *args)
7
- end
8
-
9
- directory "vendor/" => ["vendor"] do |task, args|
10
- mkdir task.name
11
- end
12
-
13
- def fetch(url, sha1, output)
14
-
15
- puts "Downloading #{url}"
16
- actual_sha1 = download(url, output)
17
-
18
- if actual_sha1 != sha1
19
- fail "SHA1 does not match (expected '#{sha1}' but got '#{actual_sha1}')"
20
- end
21
- end # def fetch
22
-
23
- def file_fetch(url, sha1)
24
- filename = File.basename( URI(url).path )
25
- output = "vendor/#{filename}"
26
- task output => [ "vendor/" ] do
27
- begin
28
- actual_sha1 = file_sha1(output)
29
- if actual_sha1 != sha1
30
- fetch(url, sha1, output)
31
- end
32
- rescue Errno::ENOENT
33
- fetch(url, sha1, output)
34
- end
35
- end.invoke
36
-
37
- return output
38
- end
39
-
40
- def file_sha1(path)
41
- digest = Digest::SHA1.new
42
- fd = File.new(path, "r")
43
- while true
44
- begin
45
- digest << fd.sysread(16384)
46
- rescue EOFError
47
- break
48
- end
49
- end
50
- return digest.hexdigest
51
- ensure
52
- fd.close if fd
53
- end
54
-
55
- def download(url, output)
56
- uri = URI(url)
57
- digest = Digest::SHA1.new
58
- tmp = "#{output}.tmp"
59
- Net::HTTP.start(uri.host, uri.port, :use_ssl => (uri.scheme == "https")) do |http|
60
- request = Net::HTTP::Get.new(uri.path)
61
- http.request(request) do |response|
62
- fail "HTTP fetch failed for #{url}. #{response}" if [200, 301].include?(response.code)
63
- size = (response["content-length"].to_i || -1).to_f
64
- count = 0
65
- File.open(tmp, "w") do |fd|
66
- response.read_body do |chunk|
67
- fd.write(chunk)
68
- digest << chunk
69
- if size > 0 && $stdout.tty?
70
- count += chunk.bytesize
71
- $stdout.write(sprintf("\r%0.2f%%", count/size * 100))
72
- end
73
- end
74
- end
75
- $stdout.write("\r \r") if $stdout.tty?
76
- end
77
- end
78
-
79
- File.rename(tmp, output)
80
-
81
- return digest.hexdigest
82
- rescue SocketError => e
83
- puts "Failure while downloading #{url}: #{e}"
84
- raise
85
- ensure
86
- File.unlink(tmp) if File.exist?(tmp)
87
- end # def download
88
-
89
- def untar(tarball, &block)
90
- require "archive/tar/minitar"
91
- tgz = Zlib::GzipReader.new(File.open(tarball))
92
- # Pull out typesdb
93
- tar = Archive::Tar::Minitar::Input.open(tgz)
94
- tar.each do |entry|
95
- path = block.call(entry)
96
- next if path.nil?
97
- parent = File.dirname(path)
98
-
99
- mkdir_p parent unless File.directory?(parent)
100
-
101
- # Skip this file if the output file is the same size
102
- if entry.directory?
103
- mkdir path unless File.directory?(path)
104
- else
105
- entry_mode = entry.instance_eval { @mode } & 0777
106
- if File.exists?(path)
107
- stat = File.stat(path)
108
- # TODO(sissel): Submit a patch to archive-tar-minitar upstream to
109
- # expose headers in the entry.
110
- entry_size = entry.instance_eval { @size }
111
- # If file sizes are same, skip writing.
112
- next if stat.size == entry_size && (stat.mode & 0777) == entry_mode
113
- end
114
- puts "Extracting #{entry.full_name} from #{tarball} #{entry_mode.to_s(8)}"
115
- File.open(path, "w") do |fd|
116
- # eof? check lets us skip empty files. Necessary because the API provided by
117
- # Archive::Tar::Minitar::Reader::EntryStream only mostly acts like an
118
- # IO object. Something about empty files in this EntryStream causes
119
- # IO.copy_stream to throw "can't convert nil into String" on JRuby
120
- # TODO(sissel): File a bug about this.
121
- while !entry.eof?
122
- chunk = entry.read(16384)
123
- fd.write(chunk)
124
- end
125
- #IO.copy_stream(entry, fd)
126
- end
127
- File.chmod(entry_mode, path)
128
- end
129
- end
130
- tar.close
131
- File.unlink(tarball) if File.file?(tarball)
132
- end # def untar
133
-
134
- def ungz(file)
135
-
136
- outpath = file.gsub('.gz', '')
137
- tgz = Zlib::GzipReader.new(File.open(file))
138
- begin
139
- File.open(outpath, "w") do |out|
140
- IO::copy_stream(tgz, out)
141
- end
142
- File.unlink(file)
143
- rescue
144
- File.unlink(outpath) if File.file?(outpath)
145
- raise
146
- end
147
- tgz.close
148
- end
149
-
150
- desc "Process any vendor files required for this plugin"
151
- task "vendor" do |task, args|
152
-
153
- @files.each do |file|
154
- download = file_fetch(file['url'], file['sha1'])
155
- if download =~ /.tar.gz/
156
- prefix = download.gsub('.tar.gz', '').gsub('vendor/', '')
157
- untar(download) do |entry|
158
- if !file['files'].nil?
159
- next unless file['files'].include?(entry.full_name.gsub(prefix, ''))
160
- out = entry.full_name.split("/").last
161
- end
162
- File.join('vendor', out)
163
- end
164
- elsif download =~ /.gz/
165
- ungz(download)
166
- end
167
- end
168
-
169
- end