[jira] [Commented] (NIFI-1975) Processor to Parse .evtx files

Mon, 06 Jun 2016 19:13:08 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-1975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15317674#comment-15317674
 ] 

ASF GitHub Bot commented on NIFI-1975:
--------------------------------------

Github user mattyb149 commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/492#discussion_r66000567
  
    --- Diff: 
nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/ParseEvtx.java
 ---
    @@ -0,0 +1,353 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one or more
    + * contributor license agreements.  See the NOTICE file distributed with
    + * this work for additional information regarding copyright ownership.
    + * The ASF licenses this file to You under the Apache License, Version 2.0
    + * (the "License"); you may not use this file except in compliance with
    + * the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +
    +package org.apache.nifi.processors.evtx;
    +
    +import com.google.common.annotations.VisibleForTesting;
    +import com.google.common.net.MediaType;
    +import com.google.common.primitives.UnsignedLong;
    +import org.apache.nifi.annotation.behavior.EventDriven;
    +import org.apache.nifi.annotation.behavior.InputRequirement;
    +import org.apache.nifi.annotation.behavior.InputRequirement.Requirement;
    +import org.apache.nifi.annotation.behavior.SideEffectFree;
    +import org.apache.nifi.annotation.behavior.SupportsBatching;
    +import org.apache.nifi.annotation.documentation.CapabilityDescription;
    +import org.apache.nifi.annotation.documentation.Tags;
    +import org.apache.nifi.components.PropertyDescriptor;
    +import org.apache.nifi.flowfile.FlowFile;
    +import org.apache.nifi.flowfile.attributes.CoreAttributes;
    +import org.apache.nifi.logging.ComponentLog;
    +import org.apache.nifi.processor.AbstractProcessor;
    +import org.apache.nifi.processor.ProcessContext;
    +import org.apache.nifi.processor.ProcessSession;
    +import org.apache.nifi.processor.Relationship;
    +import org.apache.nifi.processor.exception.ProcessException;
    +import org.apache.nifi.processors.evtx.parser.ChunkHeader;
    +import org.apache.nifi.processors.evtx.parser.FileHeader;
    +import org.apache.nifi.processors.evtx.parser.FileHeaderFactory;
    +import org.apache.nifi.processors.evtx.parser.MalformedChunkException;
    +import org.apache.nifi.processors.evtx.parser.Record;
    +import org.apache.nifi.processors.evtx.parser.XmlBxmlNodeVisitor;
    +import org.apache.nifi.processors.evtx.parser.bxml.RootNode;
    +
    +import javax.xml.stream.XMLOutputFactory;
    +import javax.xml.stream.XMLStreamException;
    +import javax.xml.stream.XMLStreamWriter;
    +import java.io.IOException;
    +import java.io.InputStream;
    +import java.io.OutputStream;
    +import java.util.Arrays;
    +import java.util.Collections;
    +import java.util.HashSet;
    +import java.util.List;
    +import java.util.Set;
    +import java.util.concurrent.atomic.AtomicReference;
    +
    +@SideEffectFree
    +@EventDriven
    +@SupportsBatching
    +@InputRequirement(Requirement.INPUT_REQUIRED)
    +@Tags({"logs", "windows", "event", "evtx", "message", "file"})
    +@CapabilityDescription("Parses the contents of a Windows Event Log file 
(evtx) and writes the resulting xml to the FlowFile")
    +public class ParseEvtx extends AbstractProcessor {
    +    public static final String RECORD = "Record";
    +    public static final String CHUNK = "Chunk";
    +    public static final String FILE = "File";
    +    public static final String EVENTS = "Events";
    +    public static final XMLOutputFactory XML_OUTPUT_FACTORY = 
XMLOutputFactory.newFactory();
    +    public static final String EVTX_EXTENSION = ".evtx";
    +    public static final String UNABLE_TO_PROCESS_DUE_TO = "Unable to 
process {} due to {}";
    +    public static final String XML_EXTENSION = ".xml";
    +
    +    @VisibleForTesting
    +    static final Relationship REL_SUCCESS = new Relationship.Builder()
    +            .name("success")
    +            .description("Any FlowFile that was successfully converted 
from evtx to xml")
    +            .build();
    +
    +    @VisibleForTesting
    +    static final Relationship REL_FAILURE = new Relationship.Builder()
    +            .name("failure")
    +            .description("Any FlowFile that encountered an exception 
during conversion will be transferred to this relationship with as much parsing 
as possible done")
    +            .build();
    +
    +    @VisibleForTesting
    +    static final Relationship REL_BAD_CHUNK = new Relationship.Builder()
    +            .name("bad chunk")
    +            .description("Any bad chunks of records will be transferred to 
this relationship in their original binary form")
    +            .build();
    +
    +    @VisibleForTesting
    +    static final Relationship REL_ORIGINAL = new Relationship.Builder()
    +            .name("original")
    +            .description("The unmodified input FlowFile will be 
transferred to this relationship")
    +            .build();
    +
    +    @VisibleForTesting
    +    static final Set<Relationship> RELATIONSHIPS = 
Collections.unmodifiableSet(new HashSet<>(Arrays.asList(REL_SUCCESS, 
REL_FAILURE, REL_ORIGINAL, REL_BAD_CHUNK)));
    +
    +    @VisibleForTesting
    +    static final PropertyDescriptor GRANULARITY = new 
PropertyDescriptor.Builder().required(true)
    +            .name("granularity")
    +            .displayName("Granularity")
    +            .description("Output flow file for each Record, Chunk, or File 
encountered in the event log")
    +            .allowableValues(RECORD, CHUNK, FILE)
    +            .build();
    +
    +    @VisibleForTesting
    +    static final List<PropertyDescriptor> PROPERTY_DESCRIPTORS = 
Collections.unmodifiableList(Arrays.asList(GRANULARITY));
    +
    +    private final FileHeaderFactory fileHeaderFactory;
    +    private final MalformedChunkHandler malformedChunkHandler;
    +    private final RootNodeHandler rootNodeHandler;
    +    private final XMLStreamWriterFactory xmlStreamWriterFactory;
    +    private final ResultProcessor resultProcessor;
    +
    +    public ParseEvtx() {
    +        this(FileHeader::new, ParseEvtx::handleMalformedChunkException, 
XmlBxmlNodeVisitor::new,
    +                ParseEvtx::createWriter, ParseEvtx::processResult);
    +    }
    +
    +    @VisibleForTesting
    +    ParseEvtx(FileHeaderFactory fileHeaderFactory, MalformedChunkHandler 
malformedChunkHandler, RootNodeHandler rootNodeHandler,
    --- End diff --
    
    I imagine the package-local scope on this and other methods are based on 
the IDE recommendations? I wonder if we should keep them more public in case 
sub-classing makes sense?


> Processor to Parse .evtx files
> ------------------------------
>
>                 Key: NIFI-1975
>                 URL: https://issues.apache.org/jira/browse/NIFI-1975
>             Project: Apache NiFi
>          Issue Type: Sub-task
>            Reporter: Bryan Rosander
>
> Windows event logs are stored in .evtx format as-of Windows Vista.  If we 
> port the pure python implementation of an evtx parser  at 
> https://github.com/williballenthin/python-evtx to Java, we should be able to 
> ingest those files in NiFi on any operating system



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to