logstash-patterns-core 4.1.0 → 4.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTORS +1 -0
- data/logstash-patterns-core.gemspec +1 -1
- data/patterns/grok-patterns +1 -1
- data/patterns/httpd +2 -2
- data/spec/patterns/core_spec.rb +20 -0
- data/spec/patterns/httpd_spec.rb +19 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4ac061365b77ea880d2c1d924a766cb6a272cd9e
|
|
4
|
+
data.tar.gz: 11f0271a12da9118a7e5096ec1fef1780a0f4ad5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: baefc4c4e0f10c2163a5e0b8d1744b61abd9ade09e0356f848515eca8941ff2c1816a0ac2d02367fde0b0ab3fddc2d43badd155ed97c4fb3d195a3bde99d1bdd
|
|
7
|
+
data.tar.gz: 610e906180d8656cc7c9ea73e00be59a15bd7798fc8c688df063d62ddd55cea5185df1572e150ee00bde2a93695d5bfb46ea17e9cb6d63a355a05dd4cd95183c
|
data/CONTRIBUTORS
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-patterns-core'
|
|
4
|
-
s.version = '4.1.
|
|
4
|
+
s.version = '4.1.1'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Patterns to be used in logstash"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
data/patterns/grok-patterns
CHANGED
|
@@ -37,7 +37,7 @@ PATH (?:%{UNIXPATH}|%{WINPATH})
|
|
|
37
37
|
UNIXPATH (/([\w_%!$@:.,+~-]+|\\.)*)+
|
|
38
38
|
TTY (?:/dev/(pts|tty([pq])?)(\w+)?/?(?:[0-9]+))
|
|
39
39
|
WINPATH (?>[A-Za-z]+:|\\)(?:\\[^\\?*]*)+
|
|
40
|
-
URIPROTO [A-Za-z]
|
|
40
|
+
URIPROTO [A-Za-z]([A-Za-z0-9+\-.]+)+
|
|
41
41
|
URIHOST %{IPORHOST}(?::%{POSINT:port})?
|
|
42
42
|
# uripath comes loosely from RFC1738, but mostly from what Firefox
|
|
43
43
|
# doesn't turn into %XX
|
data/patterns/httpd
CHANGED
|
@@ -7,9 +7,9 @@ HTTPD_COMBINEDLOG %{HTTPD_COMMONLOG} %{QS:referrer} %{QS:agent}
|
|
|
7
7
|
|
|
8
8
|
# Error logs
|
|
9
9
|
HTTPD20_ERRORLOG \[%{HTTPDERROR_DATE:timestamp}\] \[%{LOGLEVEL:loglevel}\] (?:\[client %{IPORHOST:clientip}\] ){0,1}%{GREEDYDATA:message}
|
|
10
|
-
HTTPD24_ERRORLOG \[%{HTTPDERROR_DATE:timestamp}\] \[%{WORD:module}:%{LOGLEVEL:loglevel}\] \[pid %{POSINT:pid}:tid %{NUMBER:tid}
|
|
10
|
+
HTTPD24_ERRORLOG \[%{HTTPDERROR_DATE:timestamp}\] \[%{WORD:module}:%{LOGLEVEL:loglevel}\] \[pid %{POSINT:pid}(:tid %{NUMBER:tid})?\]( \(%{POSINT:proxy_errorcode}\)%{DATA:proxy_message}:)?( \[client %{IPORHOST:clientip}:%{POSINT:clientport}\])?( %{DATA:errorcode}:)? %{GREEDYDATA:message}
|
|
11
11
|
HTTPD_ERRORLOG %{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}
|
|
12
12
|
|
|
13
13
|
# Deprecated
|
|
14
14
|
COMMONAPACHELOG %{HTTPD_COMMONLOG}
|
|
15
|
-
COMBINEDAPACHELOG %{HTTPD_COMBINEDLOG}
|
|
15
|
+
COMBINEDAPACHELOG %{HTTPD_COMBINEDLOG}
|
data/spec/patterns/core_spec.rb
CHANGED
|
@@ -103,6 +103,26 @@ describe "UNIXPATH" do
|
|
|
103
103
|
end
|
|
104
104
|
end
|
|
105
105
|
|
|
106
|
+
describe "URIPROTO" do
|
|
107
|
+
let(:pattern) { 'URIPROTO' }
|
|
108
|
+
|
|
109
|
+
context "http is a valid URIPROTO" do
|
|
110
|
+
let(:value) { 'http' }
|
|
111
|
+
|
|
112
|
+
it "should match" do
|
|
113
|
+
expect(grok_match(pattern,value)).to pass
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
context "android-app is a valid URIPROTO" do
|
|
118
|
+
let(:value) { 'android-app' }
|
|
119
|
+
|
|
120
|
+
it "should match" do
|
|
121
|
+
expect(grok_match(pattern,value)).to pass
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
106
126
|
describe "URIPATH" do
|
|
107
127
|
let(:pattern) { 'URIPATH' }
|
|
108
128
|
|
data/spec/patterns/httpd_spec.rb
CHANGED
|
@@ -74,11 +74,11 @@ describe "HTTPD_ERRORLOG" do
|
|
|
74
74
|
end
|
|
75
75
|
|
|
76
76
|
context "HTTPD_ERRORLOG", "matches a short httpd 2.4 message" do
|
|
77
|
-
let(:
|
|
77
|
+
let(:value1) {
|
|
78
78
|
"[Mon Aug 31 07:15:38.664897 2015] [proxy_fcgi:error] [pid 28786:tid 140169629898496] [client 81.139.1.34:52042] AH01071: Got error 'Primary script unknown\n'"
|
|
79
79
|
}
|
|
80
80
|
it "generates the fields" do
|
|
81
|
-
expect(grok_match(subject,
|
|
81
|
+
expect(grok_match(subject, value1)).to include(
|
|
82
82
|
'timestamp' => 'Mon Aug 31 07:15:38.664897 2015',
|
|
83
83
|
'module' => 'proxy_fcgi',
|
|
84
84
|
'loglevel' => 'error',
|
|
@@ -87,7 +87,22 @@ describe "HTTPD_ERRORLOG" do
|
|
|
87
87
|
'clientip' => '81.139.1.34',
|
|
88
88
|
'clientport' => '52042',
|
|
89
89
|
'errorcode' => 'AH01071',
|
|
90
|
-
'message' => [
|
|
90
|
+
'message' => [ value1, "Got error 'Primary script unknown\n'" ]
|
|
91
|
+
)
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
let(:value2) {
|
|
95
|
+
"[Thu Apr 27 10:39:46.719636 2017] [php7:notice] [pid 17] [client 10.255.0.3:49580] Test error log record"
|
|
96
|
+
}
|
|
97
|
+
it "generates the fields" do
|
|
98
|
+
expect(grok_match(subject, value2)).to include(
|
|
99
|
+
'timestamp' => 'Thu Apr 27 10:39:46.719636 2017',
|
|
100
|
+
'module' => 'php7',
|
|
101
|
+
'loglevel' => 'notice',
|
|
102
|
+
'pid' => '17',
|
|
103
|
+
'clientip' => '10.255.0.3',
|
|
104
|
+
'clientport' => '49580',
|
|
105
|
+
'message' => [ value2, "Test error log record" ]
|
|
91
106
|
)
|
|
92
107
|
end
|
|
93
108
|
end
|
|
@@ -124,4 +139,5 @@ describe "HTTPD_ERRORLOG" do
|
|
|
124
139
|
end
|
|
125
140
|
end
|
|
126
141
|
|
|
142
|
+
|
|
127
143
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-patterns-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.1.
|
|
4
|
+
version: 4.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-06-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|