logstash-patterns-core 4.0.1 → 4.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/CONTRIBUTORS +1 -0
- data/logstash-patterns-core.gemspec +2 -2
- data/patterns/grok-patterns +5 -3
- data/patterns/java +2 -2
- data/spec/patterns/core_spec.rb +87 -0
- metadata +13 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6121e0138e8de43548944cc443bdf0ee2a6b3847
|
4
|
+
data.tar.gz: c1c8ae3d54e66de0b2a103cbdca29e6a186f8456
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 14e64a42d2b8e7c31fe076b83ebaef5ddac0b77a6c69e7c28511aafce48d2d4c3d058d9354f60df96033474c4bf70755fb67c6ed96c6ea46e4113e48915e6971
|
7
|
+
data.tar.gz: 3805625550fcf3bd35304bdbfcb8bb666f07debfdd9c4cb3b74332992313df4cc612baef06959ba9c10d045fcb1d2014ca8fc6b0b3c342731ba680be9f444a72
|
data/CHANGELOG.md
CHANGED
data/CONTRIBUTORS
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-patterns-core'
|
4
|
-
s.version = '4.0.
|
4
|
+
s.version = '4.0.2'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Patterns to be used in logstash"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
|
|
20
20
|
s.metadata = { "logstash_plugin" => "true" }
|
21
21
|
|
22
22
|
# Gem dependencies
|
23
|
-
s.add_runtime_dependency "logstash-core-plugin-api", "
|
23
|
+
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
24
24
|
|
25
25
|
s.add_development_dependency "logstash-devutils"
|
26
26
|
s.add_development_dependency "logstash-filter-grok"
|
data/patterns/grok-patterns
CHANGED
@@ -18,6 +18,8 @@ DATA .*?
|
|
18
18
|
GREEDYDATA .*
|
19
19
|
QUOTEDSTRING (?>(?<!\\)(?>"(?>\\.|[^\\"]+)+"|""|(?>'(?>\\.|[^\\']+)+')|''|(?>`(?>\\.|[^\\`]+)+`)|``))
|
20
20
|
UUID [A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}
|
21
|
+
# URN, allowing use of RFC 2141 section 2.3 reserved characters
|
22
|
+
URN urn:[0-9A-Za-z][0-9A-Za-z-]{0,31}:(?:%[0-9a-fA-F]{2}|[0-9A-Za-z()+,.:=@;$_!*'/?#-])+
|
21
23
|
|
22
24
|
# Networking
|
23
25
|
MAC (?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})
|
@@ -33,7 +35,7 @@ HOSTPORT %{IPORHOST}:%{POSINT}
|
|
33
35
|
|
34
36
|
# paths
|
35
37
|
PATH (?:%{UNIXPATH}|%{WINPATH})
|
36
|
-
UNIXPATH (/([\w_
|
38
|
+
UNIXPATH (/([\w_%!$@:.,+~-]+|\\.)*)+
|
37
39
|
TTY (?:/dev/(pts|tty([pq])?)(\w+)?/?(?:[0-9]+))
|
38
40
|
WINPATH (?>[A-Za-z]+:|\\)(?:\\[^\\?*]*)+
|
39
41
|
URIPROTO [A-Za-z]+(\+[A-Za-z+]+)?
|
@@ -47,7 +49,7 @@ URIPATHPARAM %{URIPATH}(?:%{URIPARAM})?
|
|
47
49
|
URI %{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?
|
48
50
|
|
49
51
|
# Months: January, Feb, 3, 03, 12, December
|
50
|
-
MONTH \b(?:
|
52
|
+
MONTH \b(?:[Jj]an(?:uary|uar)?|[Ff]eb(?:ruary|ruar)?|[Mm](?:a|ä)?r(?:ch|z)?|[Aa]pr(?:il)?|[Mm]a(?:y|i)?|[Jj]un(?:e|i)?|[Jj]ul(?:y)?|[Aa]ug(?:ust)?|[Ss]ep(?:tember)?|[Oo](?:c|k)?t(?:ober)?|[Nn]ov(?:ember)?|[Dd]e(?:c|z)(?:ember)?)\b
|
51
53
|
MONTHNUM (?:0?[1-9]|1[0-2])
|
52
54
|
MONTHNUM2 (?:0[1-9]|1[0-2])
|
53
55
|
MONTHDAY (?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])
|
@@ -70,7 +72,7 @@ ISO8601_SECOND (?:%{SECOND}|60)
|
|
70
72
|
TIMESTAMP_ISO8601 %{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?
|
71
73
|
DATE %{DATE_US}|%{DATE_EU}
|
72
74
|
DATESTAMP %{DATE}[- ]%{TIME}
|
73
|
-
TZ (?:[
|
75
|
+
TZ (?:[APMCE][SD]T|UTC)
|
74
76
|
DATESTAMP_RFC822 %{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}
|
75
77
|
DATESTAMP_RFC2822 %{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}
|
76
78
|
DATESTAMP_OTHER %{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}
|
data/patterns/java
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
JAVACLASS (?:[a-zA-Z$_][a-zA-Z$_0-9]*\.)*[a-zA-Z$_][a-zA-Z$_0-9]*
|
2
2
|
#Space is an allowed character to match special cases like 'Native Method' or 'Unknown Source'
|
3
3
|
JAVAFILE (?:[A-Za-z0-9_. -]+)
|
4
|
-
#Allow special <init>
|
5
|
-
JAVAMETHOD (?:(<init>)|[a-zA-Z$_][a-zA-Z$_0-9]*)
|
4
|
+
#Allow special <init>, <clinit> methods
|
5
|
+
JAVAMETHOD (?:(<(?:cl)?init>)|[a-zA-Z$_][a-zA-Z$_0-9]*)
|
6
6
|
#Line number is optional in special cases 'Native method' or 'Unknown source'
|
7
7
|
JAVASTACKTRACEPART %{SPACE}at %{JAVACLASS:class}\.%{JAVAMETHOD:method}\(%{JAVAFILE:file}(?::%{NUMBER:line})?\)
|
8
8
|
# Java Logs
|
data/spec/patterns/core_spec.rb
CHANGED
@@ -193,5 +193,92 @@ describe "IPV4" do
|
|
193
193
|
expect(grok_match(pattern,value)).not_to pass
|
194
194
|
end
|
195
195
|
end
|
196
|
+
end
|
197
|
+
|
198
|
+
describe "URN" do
|
199
|
+
|
200
|
+
let(:pattern) { "URN" }
|
201
|
+
|
202
|
+
# Valid URNs
|
203
|
+
# http://tools.ietf.org/html/rfc2141#section-2
|
204
|
+
let(:simple) { "urn:example:foo" }
|
205
|
+
let(:unreserved) { "urn:example:" +
|
206
|
+
[*'A'..'Z', *'a'..'z', *'0'..'9', "()+,-.::=@;$_!*'"].join() }
|
207
|
+
let(:reserved) { "urn:example:/#?" }
|
208
|
+
let(:escaped_upper) { "urn:example:%25foo%2Fbar%3F%23" }
|
209
|
+
let(:escaped_lower) { "urn:example:%25foo%2fbar%3f%23" }
|
210
|
+
let(:only_escaped) { "urn:example:%00" }
|
211
|
+
let(:long_nid) { "urn:example-example-example-example-:foo" }
|
212
|
+
|
213
|
+
# Invalid URNs
|
214
|
+
let(:bad_prefix) { "URN:example:foo" }
|
215
|
+
let(:empty_nid) { "urn::foo" }
|
216
|
+
let(:leading_hyphen) { "urn:-example:foo" }
|
217
|
+
let(:bad_nid) { "urn:example.com:foo" }
|
218
|
+
let(:percent_nid) { "urn:example%41com:foo" }
|
219
|
+
let(:too_long_nid) { "urn:example-example-example-example-x:foo" }
|
220
|
+
let(:empty_nss) { "urn:example:" }
|
221
|
+
let(:naked_percent) { "urn:example:%" }
|
222
|
+
let(:short_percent) { "urn:example:%a" }
|
223
|
+
let(:nonhex_percent) { "urn:example:%ax" }
|
224
|
+
|
225
|
+
context "when testing a valid URN" do
|
226
|
+
it "should match a simple URN" do
|
227
|
+
expect(grok_match(pattern, simple)).to pass
|
228
|
+
end
|
229
|
+
|
230
|
+
it "should match a complex URN" do
|
231
|
+
expect(grok_match(pattern, unreserved)).to pass
|
232
|
+
end
|
233
|
+
|
234
|
+
it "should allow reserved characters" do
|
235
|
+
expect(grok_match(pattern, reserved)).to pass
|
236
|
+
end
|
237
|
+
|
238
|
+
it "should allow percent-escapes" do
|
239
|
+
expect(grok_match(pattern, escaped_upper)).to pass
|
240
|
+
expect(grok_match(pattern, escaped_lower)).to pass
|
241
|
+
expect(grok_match(pattern, only_escaped)).to pass
|
242
|
+
end
|
243
|
+
|
244
|
+
it "should match a URN with a 32-character NID" do
|
245
|
+
expect(grok_match(pattern, long_nid)).to pass
|
246
|
+
end
|
247
|
+
end
|
248
|
+
|
249
|
+
context "when testing an invalid URN" do
|
250
|
+
it "should reject capitalized 'URN'" do
|
251
|
+
expect(grok_match(pattern, bad_prefix)).not_to pass
|
252
|
+
end
|
196
253
|
|
254
|
+
it "should reject an empty NID" do
|
255
|
+
expect(grok_match(pattern, empty_nid)).not_to pass
|
256
|
+
end
|
257
|
+
|
258
|
+
it "should reject an NID with a leading hyphen" do
|
259
|
+
expect(grok_match(pattern, leading_hyphen)).not_to pass
|
260
|
+
end
|
261
|
+
|
262
|
+
it "should reject an NID with a special character" do
|
263
|
+
expect(grok_match(pattern, bad_nid)).not_to pass
|
264
|
+
end
|
265
|
+
|
266
|
+
it "should reject an NID with a percent sign" do
|
267
|
+
expect(grok_match(pattern, percent_nid)).not_to pass
|
268
|
+
end
|
269
|
+
|
270
|
+
it "should reject an NID longer than 32 characters" do
|
271
|
+
expect(grok_match(pattern, too_long_nid)).not_to pass
|
272
|
+
end
|
273
|
+
|
274
|
+
it "should reject a URN with an empty NSS" do
|
275
|
+
expect(grok_match(pattern, empty_nss)).not_to pass
|
276
|
+
end
|
277
|
+
|
278
|
+
it "should reject non-escape percent signs" do
|
279
|
+
expect(grok_match(pattern, naked_percent)).not_to pass
|
280
|
+
expect(grok_match(pattern, short_percent)).not_to pass
|
281
|
+
expect(grok_match(pattern, nonhex_percent)).not_to pass
|
282
|
+
end
|
283
|
+
end
|
197
284
|
end
|
metadata
CHANGED
@@ -1,29 +1,35 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-patterns-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.0.
|
4
|
+
version: 4.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-07-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
15
15
|
requirements:
|
16
|
-
- - "
|
16
|
+
- - ">="
|
17
|
+
- !ruby/object:Gem::Version
|
18
|
+
version: '1.60'
|
19
|
+
- - "<="
|
17
20
|
- !ruby/object:Gem::Version
|
18
|
-
version: '2.
|
21
|
+
version: '2.99'
|
19
22
|
name: logstash-core-plugin-api
|
20
23
|
prerelease: false
|
21
24
|
type: :runtime
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
23
26
|
requirements:
|
24
|
-
- - "
|
27
|
+
- - ">="
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '1.60'
|
30
|
+
- - "<="
|
25
31
|
- !ruby/object:Gem::Version
|
26
|
-
version: '2.
|
32
|
+
version: '2.99'
|
27
33
|
- !ruby/object:Gem::Dependency
|
28
34
|
requirement: !ruby/object:Gem::Requirement
|
29
35
|
requirements:
|
@@ -117,7 +123,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
117
123
|
version: '0'
|
118
124
|
requirements: []
|
119
125
|
rubyforge_project:
|
120
|
-
rubygems_version: 2.
|
126
|
+
rubygems_version: 2.6.3
|
121
127
|
signing_key:
|
122
128
|
specification_version: 4
|
123
129
|
summary: Patterns to be used in logstash
|