RubyGems - unified2 - Versions diffs - 0.4.0 → 0.5.0 - Mend

unified2 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

data/ChangeLog.rdoc +6 -0
data/LICENSE.txt +1 -1
data/README.md +72 -0
data/example/{basic-example.rb → example.rb} +3 -2
data/example/seeds/{unified2 → unified2.log} +0 -0
data/gemspec.yml +2 -0
data/lib/unified2/classification.rb +17 -3
data/lib/unified2/config_file.rb +34 -10
data/lib/unified2/constructor/construct.rb +83 -0
data/lib/unified2/constructor/event_ip4.rb +47 -0
data/lib/unified2/constructor/event_ip6.rb +44 -0
data/lib/unified2/constructor/packet.rb +30 -0
data/lib/unified2/constructor/primitive/ipv4.rb +31 -0
data/lib/unified2/{primitive.rb → constructor/primitive.rb} +0 -0
data/lib/unified2/constructor/record_header.rb +17 -0
data/lib/unified2/constructor.rb +1 -0
data/lib/unified2/core_ext/string.rb +10 -2
data/lib/unified2/event.rb +250 -100
data/lib/unified2/exceptions/file_not_found.rb +6 -3
data/lib/unified2/exceptions/file_not_readable.rb +6 -3
data/lib/unified2/exceptions/unknown_load_type.rb +6 -3
data/lib/unified2/payload.rb +82 -13
data/lib/unified2/protocol.rb +141 -0
data/lib/unified2/sensor.rb +22 -0
data/lib/unified2/signature.rb +28 -4
data/lib/unified2/version.rb +2 -2
data/lib/unified2.rb +84 -13
data/spec/event_spec.rb +112 -0
data/spec/spec_helper.rb +45 -1
data/spec/unified2_spec.rb +87 -1
metadata +45 -25
data/README.rdoc +0 -60
data/Rakefile.compiled.rbc +0 -775
data/example/connect.rb +0 -20
data/example/models.rb +0 -194
data/example/mysql-example.rb +0 -73
data/example/search.rb +0 -14
data/example/untitled.rb +0 -31
data/lib/unified2/construct.rb +0 -54
data/lib/unified2/event_ip4.rb +0 -26
data/lib/unified2/event_ip6.rb +0 -23
data/lib/unified2/packet.rb +0 -16
data/lib/unified2/primitive/ipv4.rb +0 -19
data/lib/unified2/record_header.rb +0 -10

metadata CHANGED Viewed

@@ -2,7 +2,7 @@
 name: unified2
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Dustin Willis Webber
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-03-14 00:00:00 -04:00
+date: 2011-03-18 00:00:00 -04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -36,38 +36,60 @@ dependencies:
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency
-  name: ore-tasks
+  name: packetfu
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency
+  name: pcaprub
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+  type: :runtime
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency
+  name: ore-tasks
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: "0.4"
   type: :development
-  version_requirements: *id003
+  version_requirements: *id005
 - !ruby/object:Gem::Dependency
   name: rspec
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement
+  requirement: &id006 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: "2.4"
   type: :development
-  version_requirements: *id004
+  version_requirements: *id006
 - !ruby/object:Gem::Dependency
   name: yard
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement
+  requirement: &id007 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 0.6.0
   type: :development
-  version_requirements: *id005
+  version_requirements: *id007
 description: A ruby interface for unified2 output. rUnified2 allows you to manipulate unified2 output for custom storage and/or analysis.
 email:
 - dustin.webber@gmail.com
@@ -76,7 +98,7 @@ executables: []
 extensions: []
 extra_rdoc_files:
-- README.rdoc
+- README.md
 - ChangeLog.rdoc
 - LICENSE.txt
 files:
@@ -85,41 +107,38 @@ files:
 - .yardopts
 - ChangeLog.rdoc
 - LICENSE.txt
-- README.rdoc
+- README.md
 - Rakefile
-- Rakefile.compiled.rbc
-- example/basic-example.rb
-- example/connect.rb
-- example/models.rb
-- example/mysql-example.rb
-- example/search.rb
+- example/example.rb
 - example/seeds/classification.config
 - example/seeds/gen-msg.map
 - example/seeds/sid-msg.map
-- example/seeds/unified2
-- example/untitled.rb
+- example/seeds/unified2.log
 - gemspec.yml
 - lib/unified2.rb
 - lib/unified2/classification.rb
 - lib/unified2/config_file.rb
-- lib/unified2/construct.rb
+- lib/unified2/constructor.rb
+- lib/unified2/constructor/construct.rb
+- lib/unified2/constructor/event_ip4.rb
+- lib/unified2/constructor/event_ip6.rb
+- lib/unified2/constructor/packet.rb
+- lib/unified2/constructor/primitive.rb
+- lib/unified2/constructor/primitive/ipv4.rb
+- lib/unified2/constructor/record_header.rb
 - lib/unified2/core_ext.rb
 - lib/unified2/core_ext/string.rb
 - lib/unified2/event.rb
-- lib/unified2/event_ip4.rb
-- lib/unified2/event_ip6.rb
 - lib/unified2/exceptions.rb
 - lib/unified2/exceptions/file_not_found.rb
 - lib/unified2/exceptions/file_not_readable.rb
 - lib/unified2/exceptions/unknown_load_type.rb
-- lib/unified2/packet.rb
 - lib/unified2/payload.rb
-- lib/unified2/primitive.rb
-- lib/unified2/primitive/ipv4.rb
-- lib/unified2/record_header.rb
+- lib/unified2/protocol.rb
 - lib/unified2/sensor.rb
 - lib/unified2/signature.rb
 - lib/unified2/version.rb
+- spec/event_spec.rb
 - spec/spec_helper.rb
 - spec/unified2_spec.rb
 - unified2.gemspec
@@ -152,4 +171,5 @@ signing_key:
 specification_version: 3
 summary: A ruby interface for unified2 output.
 test_files:
+- spec/event_spec.rb
 - spec/unified2_spec.rb

data/README.rdoc DELETED Viewed

@@ -1,60 +0,0 @@
-= unified2
-* {Homepage}[https://github.com/mephux/unified2]
-* {Documentation}[https://github.com/mephux/unified2]
-== Description
-A ruby interface for unified2 output. rUnified2 allows you to manipulate unified2 output for custom storage and/or analysis.
-== Features
- * Monitor/Read unified2 logs & manipulate the data.
- * Numerous connivence methods
- * Simple & Intuitive to Use
-== Examples
- require 'unified2'
- # load rules into memory
- Unified2.configuration do
-  # Sensor Configurations
-  sensor :id => 1, :name => 'Test Sensor', :interface => 'en1'
-  # Load signatures, generators & classifications into memory
-  load :signatures, 'sid-msg.map'
-  load :generators, 'gen-msg.map'
-  load :classifications, 'classification.config'
- end
- # Unified2#watch
- # Watch a unified2 file for changes and process the results.
- Unified2.watch('/var/log/snort/merged.log', :last) do |event|
-  next if event.signature.name.blank?
-  puts event
- end
- # Unified2#read
- # Parse a unified2 file and process the results.
- Unified2.read('/var/log/snort/merged.log') do |event|
-  puts "#{event.id} | #{event.ip_destination} | #{event.ip_source} | #{event.signature.name}"
- end
-== Requirements
- * bindata ~> 1.3.1
- * hexdump: ~> 0.1.0
-== Install
-  $ gem install unified2
-== Copyright
-Copyright (c) 2011 Dustin Willis Webber
-See LICENSE.txt for details.