nifi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (NIFI-1975) Processor to Parse .evtx files
Date Tue, 07 Jun 2016 02:18:20 GMT

    [ https://issues.apache.org/jira/browse/NIFI-1975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15317683#comment-15317683
] 

ASF GitHub Bot commented on NIFI-1975:
--------------------------------------

Github user mattyb149 commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/492#discussion_r66000949
  
    --- Diff: nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/ParseEvtx.java
---
    @@ -0,0 +1,353 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one or more
    + * contributor license agreements.  See the NOTICE file distributed with
    + * this work for additional information regarding copyright ownership.
    + * The ASF licenses this file to You under the Apache License, Version 2.0
    + * (the "License"); you may not use this file except in compliance with
    + * the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +
    +package org.apache.nifi.processors.evtx;
    +
    +import com.google.common.annotations.VisibleForTesting;
    +import com.google.common.net.MediaType;
    +import com.google.common.primitives.UnsignedLong;
    +import org.apache.nifi.annotation.behavior.EventDriven;
    +import org.apache.nifi.annotation.behavior.InputRequirement;
    +import org.apache.nifi.annotation.behavior.InputRequirement.Requirement;
    +import org.apache.nifi.annotation.behavior.SideEffectFree;
    +import org.apache.nifi.annotation.behavior.SupportsBatching;
    +import org.apache.nifi.annotation.documentation.CapabilityDescription;
    +import org.apache.nifi.annotation.documentation.Tags;
    +import org.apache.nifi.components.PropertyDescriptor;
    +import org.apache.nifi.flowfile.FlowFile;
    +import org.apache.nifi.flowfile.attributes.CoreAttributes;
    +import org.apache.nifi.logging.ComponentLog;
    +import org.apache.nifi.processor.AbstractProcessor;
    +import org.apache.nifi.processor.ProcessContext;
    +import org.apache.nifi.processor.ProcessSession;
    +import org.apache.nifi.processor.Relationship;
    +import org.apache.nifi.processor.exception.ProcessException;
    +import org.apache.nifi.processors.evtx.parser.ChunkHeader;
    +import org.apache.nifi.processors.evtx.parser.FileHeader;
    +import org.apache.nifi.processors.evtx.parser.FileHeaderFactory;
    +import org.apache.nifi.processors.evtx.parser.MalformedChunkException;
    +import org.apache.nifi.processors.evtx.parser.Record;
    +import org.apache.nifi.processors.evtx.parser.XmlBxmlNodeVisitor;
    +import org.apache.nifi.processors.evtx.parser.bxml.RootNode;
    +
    +import javax.xml.stream.XMLOutputFactory;
    +import javax.xml.stream.XMLStreamException;
    +import javax.xml.stream.XMLStreamWriter;
    +import java.io.IOException;
    +import java.io.InputStream;
    +import java.io.OutputStream;
    +import java.util.Arrays;
    +import java.util.Collections;
    +import java.util.HashSet;
    +import java.util.List;
    +import java.util.Set;
    +import java.util.concurrent.atomic.AtomicReference;
    +
    +@SideEffectFree
    +@EventDriven
    +@SupportsBatching
    +@InputRequirement(Requirement.INPUT_REQUIRED)
    +@Tags({"logs", "windows", "event", "evtx", "message", "file"})
    +@CapabilityDescription("Parses the contents of a Windows Event Log file (evtx) and writes
the resulting xml to the FlowFile")
    +public class ParseEvtx extends AbstractProcessor {
    +    public static final String RECORD = "Record";
    +    public static final String CHUNK = "Chunk";
    +    public static final String FILE = "File";
    +    public static final String EVENTS = "Events";
    +    public static final XMLOutputFactory XML_OUTPUT_FACTORY = XMLOutputFactory.newFactory();
    +    public static final String EVTX_EXTENSION = ".evtx";
    +    public static final String UNABLE_TO_PROCESS_DUE_TO = "Unable to process {} due to
{}";
    +    public static final String XML_EXTENSION = ".xml";
    +
    +    @VisibleForTesting
    +    static final Relationship REL_SUCCESS = new Relationship.Builder()
    +            .name("success")
    +            .description("Any FlowFile that was successfully converted from evtx to xml")
    +            .build();
    +
    +    @VisibleForTesting
    +    static final Relationship REL_FAILURE = new Relationship.Builder()
    +            .name("failure")
    +            .description("Any FlowFile that encountered an exception during conversion
will be transferred to this relationship with as much parsing as possible done")
    +            .build();
    +
    +    @VisibleForTesting
    +    static final Relationship REL_BAD_CHUNK = new Relationship.Builder()
    +            .name("bad chunk")
    +            .description("Any bad chunks of records will be transferred to this relationship
in their original binary form")
    +            .build();
    +
    +    @VisibleForTesting
    +    static final Relationship REL_ORIGINAL = new Relationship.Builder()
    +            .name("original")
    +            .description("The unmodified input FlowFile will be transferred to this relationship")
    +            .build();
    +
    +    @VisibleForTesting
    +    static final Set<Relationship> RELATIONSHIPS = Collections.unmodifiableSet(new
HashSet<>(Arrays.asList(REL_SUCCESS, REL_FAILURE, REL_ORIGINAL, REL_BAD_CHUNK)));
    +
    +    @VisibleForTesting
    +    static final PropertyDescriptor GRANULARITY = new PropertyDescriptor.Builder().required(true)
    +            .name("granularity")
    +            .displayName("Granularity")
    +            .description("Output flow file for each Record, Chunk, or File encountered
in the event log")
    +            .allowableValues(RECORD, CHUNK, FILE)
    +            .build();
    --- End diff --
    
    With allowable values, usually there is a required(true) and something like defaultValue(RECORD).
Otherwise there should be a validator or documentation to say the default value used (if not
supplied)


> Processor to Parse .evtx files
> ------------------------------
>
>                 Key: NIFI-1975
>                 URL: https://issues.apache.org/jira/browse/NIFI-1975
>             Project: Apache NiFi
>          Issue Type: Sub-task
>            Reporter: Bryan Rosander
>
> Windows event logs are stored in .evtx format as-of Windows Vista.  If we port the pure
python implementation of an evtx parser  at https://github.com/williballenthin/python-evtx
to Java, we should be able to ingest those files in NiFi on any operating system



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message