unified2 0.5.3 → 0.5.4

data/ChangeLog.md

@@ -1,3 +1,18 @@
+=== 0.5.4 / 2011-06-27
+
+* update packetfu ~> 1.1
+* update bindata ~> 1.4
+* update hexdump ~> 0.2
+* remove pcaprb dep
+
+=== 0.5.3 / 2011-03-24
+
+* remove unnecessary file (untitled.rb)
+
+=== 0.5.2 / 2011-03-24
+
+* Add payload checksum support
+
 === 0.5.1 / 2011-03-21
 
 * fixed exception when watching an empty unified2 log file

data/README.md

@@ -17,43 +17,45 @@ A ruby interface for unified2 output. rUnified2 allows you to manipulate unified
 
 ## Examples
 
-	require 'unified2'
-
-	#
-	# Load rules into memory
-	#
-
-	Unified2.configuration do
-	 # Sensor Configurations
-	 sensor :id => 1, :name => 'Test Sensor', :interface => 'en1'
-
-	 # Load signatures, generators & classifications into memory
-	 load :signatures, 'sid-msg.map'
-	 load :generators, 'gen-msg.map'
-	 load :classifications, 'classification.config'
-	end
-
-	#
-	# Unified2#watch
-	#
-	# Watch a unified2 file for changes and process the results.
-	# 
-
-	Unified2.watch('/var/log/snort/merged.log', :last) do |event|
-	 next if event.signature.name.blank?
-	 puts event	
-	end
-
-	# Unified2#read
-	# Parse a unified2 file and process the results.
-
-	Unified2.read('/var/log/snort/merged.log') do |event|
-	
-	 puts event.protocol #=> "TCP"
-	
-	 puts event.protocol.to_h #=> {:length=>379, :seq=>3934511163, :ack=>1584708129 ... }
-	
-	end
+``` ruby
+require 'unified2'
+
+#
+# Load rules into memory
+#
+
+Unified2.configuration do
+ # Sensor Configurations
+ sensor :id => 1, :name => 'Test Sensor', :interface => 'en1'
+
+ # Load signatures, generators & classifications into memory
+ load :signatures, 'sid-msg.map'
+ load :generators, 'gen-msg.map'
+ load :classifications, 'classification.config'
+end
+
+#
+# Unified2#watch
+#
+# Watch a unified2 file for changes and process the results.
+# 
+
+Unified2.watch('/var/log/snort/merged.log', :last) do |event|
+ next if event.signature.name.blank?
+ puts event	
+end
+
+# Unified2#read
+# Parse a unified2 file and process the results.
+
+Unified2.read('/var/log/snort/merged.log') do |event|
+
+ puts event.protocol #=> "TCP"
+
+ puts event.protocol.to_h #=> {:length=>379, :seq=>3934511163, :ack=>1584708129 ... }
+
+end
+```
 
 ## Requirements
 

data/gemspec.yml

@@ -7,12 +7,11 @@ email: dustin.webber@gmail.com
 homepage: https://github.com/mephux/unified2
 
 dependencies:
-  bindata: ~> 1.3.1
-  hexdump: ~> 0.1.0
-  packetfu: ~> 1.0.0
-  pcaprub: ~> 0.9.2
+  bindata: ~> 1.4
+  packetfu: ~> 1.1
+  hexdump: ~> 0.2
   
 development_dependencies:
-  ore-tasks: ~> 0.4
+  ore-tasks: ~> 0.5
   rspec: ~> 2.4
   yard: ~> 0.6.0

data/lib/unified2/version.rb

@@ -1,4 +1,4 @@
 module Unified2
   # Unified2 version
-  VERSION = "0.5.3"
+  VERSION = "0.5.4"
 end

metadata

@@ -1,8 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: unified2
 version: !ruby/object:Gem::Version 
+  hash: 3
   prerelease: 
-  version: 0.5.3
+  segments: 
+  - 0
+  - 5
+  - 4
+  version: 0.5.4
 platform: ruby
 authors: 
 - Dustin Willis Webber
@@ -10,18 +15,21 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-03-24 00:00:00 -04:00
-default_executable: 
+date: 2011-06-27 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: bindata
+  name: packetfu
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        version: 1.3.1
+        hash: 13
+        segments: 
+        - 1
+        - 1
+        version: "1.1"
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
@@ -32,40 +40,57 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        version: 0.1.0
+        hash: 15
+        segments: 
+        - 0
+        - 2
+        version: "0.2"
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
-  name: packetfu
+  name: bindata
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        version: 1.0.0
+        hash: 7
+        segments: 
+        - 1
+        - 4
+        version: "1.4"
   type: :runtime
   version_requirements: *id003
 - !ruby/object:Gem::Dependency 
-  name: pcaprub
+  name: ore-tasks
   prerelease: false
   requirement: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        version: 0.9.2
-  type: :runtime
+        hash: 1
+        segments: 
+        - 0
+        - 5
+        version: "0.5"
+  type: :development
   version_requirements: *id004
 - !ruby/object:Gem::Dependency 
-  name: ore-tasks
+  name: yard
   prerelease: false
   requirement: &id005 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        version: "0.4"
+        hash: 7
+        segments: 
+        - 0
+        - 6
+        - 0
+        version: 0.6.0
   type: :development
   version_requirements: *id005
 - !ruby/object:Gem::Dependency 
@@ -76,20 +101,13 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
+        hash: 11
+        segments: 
+        - 2
+        - 4
         version: "2.4"
   type: :development
   version_requirements: *id006
-- !ruby/object:Gem::Dependency 
-  name: yard
-  prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        version: 0.6.0
-  type: :development
-  version_requirements: *id007
 description: A ruby interface for unified2 output. rUnified2 allows you to manipulate unified2 output for custom storage and/or analysis.
 email: 
 - dustin.webber@gmail.com
@@ -99,49 +117,48 @@ extensions: []
 
 extra_rdoc_files: 
 - README.md
-- ChangeLog.md
 - LICENSE.txt
-files: 
-- .document
-- .rspec
-- .yardopts
 - ChangeLog.md
-- LICENSE.txt
-- README.md
-- Rakefile
-- example/example.rb
-- example/seeds/classification.config
-- example/seeds/gen-msg.map
-- example/seeds/sid-msg.map
-- example/seeds/unified2.log
-- gemspec.yml
+files: 
+- spec/spec_helper.rb
+- lib/unified2/event.rb
+- lib/unified2/constructor/record_header.rb
 - lib/unified2.rb
-- lib/unified2/classification.rb
+- gemspec.yml
+- .rspec
 - lib/unified2/config_file.rb
+- example/seeds/unified2.log
+- example/seeds/sid-msg.map
+- .yardopts
+- lib/unified2/signature.rb
+- lib/unified2/sensor.rb
 - lib/unified2/constructor.rb
-- lib/unified2/constructor/construct.rb
-- lib/unified2/constructor/event_ip4.rb
-- lib/unified2/constructor/event_ip6.rb
-- lib/unified2/constructor/packet.rb
-- lib/unified2/constructor/primitive/ipv4.rb
-- lib/unified2/constructor/record_header.rb
-- lib/unified2/core_ext.rb
-- lib/unified2/core_ext/string.rb
-- lib/unified2/event.rb
-- lib/unified2/exceptions.rb
-- lib/unified2/exceptions/file_not_found.rb
-- lib/unified2/exceptions/file_not_readable.rb
-- lib/unified2/exceptions/unknown_load_type.rb
-- lib/unified2/payload.rb
+- example/seeds/classification.config
+- spec/event_spec.rb
 - lib/unified2/protocol.rb
-- lib/unified2/sensor.rb
-- lib/unified2/signature.rb
+- lib/unified2/payload.rb
+- lib/unified2/constructor/primitive/ipv4.rb
+- lib/unified2/constructor/event_ip6.rb
+- lib/unified2/constructor/construct.rb
+- example/example.rb
 - lib/unified2/version.rb
-- spec/event_spec.rb
-- spec/spec_helper.rb
+- Rakefile
+- README.md
+- LICENSE.txt
 - spec/unified2_spec.rb
+- lib/unified2/exceptions/unknown_load_type.rb
+- lib/unified2/core_ext/string.rb
+- lib/unified2/core_ext.rb
+- lib/unified2/constructor/event_ip4.rb
 - unified2.gemspec
-has_rdoc: yard
+- lib/unified2/constructor/packet.rb
+- lib/unified2/exceptions/file_not_readable.rb
+- lib/unified2/exceptions/file_not_found.rb
+- example/seeds/gen-msg.map
+- .document
+- lib/unified2/exceptions.rb
+- lib/unified2/classification.rb
+- ChangeLog.md
 homepage: https://github.com/mephux/unified2
 licenses: 
 - MIT
@@ -155,17 +172,23 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
       version: "0"
 requirements: []
 
 rubyforge_project: unified2
-rubygems_version: 1.5.0
+rubygems_version: 1.8.1
 signing_key: 
 specification_version: 3
 summary: A ruby interface for unified2 output.