From 09c86f3526773c888a0b520a16ee8075d21451cf Mon Sep 17 00:00:00 2001
From: Chris Coetzee <chriscz@users.noreply.github.com>
Date: Tue, 31 Mar 2020 14:27:53 +0200
Subject: [PATCH 1/3] Adds support for the unhex parameter

---
 lib/fluent/plugin/filter_parse_audit_log.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/fluent/plugin/filter_parse_audit_log.rb b/lib/fluent/plugin/filter_parse_audit_log.rb
index 95d8ca6..1f7e9be 100644
--- a/lib/fluent/plugin/filter_parse_audit_log.rb
+++ b/lib/fluent/plugin/filter_parse_audit_log.rb
@@ -6,11 +6,12 @@ class FluentParseAuditLogFilter < Fluent::Filter
 
   config_param :key, :string, default: 'message'
   config_param :flatten, :bool, default: false
+  config_param :unhex, :bool, default: false
 
   def filter(tag, time, record)
     line = record[@key]
     return record unless line
-    AuditLogParser.parse_line(line, flatten: @flatten)
+    AuditLogParser.parse_line(line, flatten: @flatten, unhex: @unhex)
   rescue => e
     log.warn "failed to parse a audit log: #{line}", error_class: e.class, error: e.message
     log.warn_backtrace

From 791c32bbf9a6c44292ea44d7fddbdc7dcbce5c72 Mon Sep 17 00:00:00 2001
From: Chris Coetzee <chriscz@users.noreply.github.com>
Date: Tue, 31 Mar 2020 15:17:52 +0200
Subject: [PATCH 2/3] Add unhex_keys config parameter

---
 lib/fluent/plugin/filter_parse_audit_log.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/fluent/plugin/filter_parse_audit_log.rb b/lib/fluent/plugin/filter_parse_audit_log.rb
index 1f7e9be..e0264e0 100644
--- a/lib/fluent/plugin/filter_parse_audit_log.rb
+++ b/lib/fluent/plugin/filter_parse_audit_log.rb
@@ -7,11 +7,12 @@ class FluentParseAuditLogFilter < Fluent::Filter
   config_param :key, :string, default: 'message'
   config_param :flatten, :bool, default: false
   config_param :unhex, :bool, default: false
+  config_param :unhex_keys, :array, default: ['*'], value_type: :string 
 
   def filter(tag, time, record)
     line = record[@key]
     return record unless line
-    AuditLogParser.parse_line(line, flatten: @flatten, unhex: @unhex)
+    AuditLogParser.parse_line(line, flatten: @flatten, unhex: @unhex, unhex_keys: @unhex_keys)
   rescue => e
     log.warn "failed to parse a audit log: #{line}", error_class: e.class, error: e.message
     log.warn_backtrace

From 6a932ae6711c58c08aaa4d2a66258a73f2602f5a Mon Sep 17 00:00:00 2001
From: Chris Coetzee <chriscz@users.noreply.github.com>
Date: Tue, 31 Mar 2020 15:46:41 +0200
Subject: [PATCH 3/3] Add unhex_min_length key

---
 lib/fluent/plugin/filter_parse_audit_log.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/fluent/plugin/filter_parse_audit_log.rb b/lib/fluent/plugin/filter_parse_audit_log.rb
index e0264e0..bed78ad 100644
--- a/lib/fluent/plugin/filter_parse_audit_log.rb
+++ b/lib/fluent/plugin/filter_parse_audit_log.rb
@@ -8,11 +8,12 @@ class FluentParseAuditLogFilter < Fluent::Filter
   config_param :flatten, :bool, default: false
   config_param :unhex, :bool, default: false
   config_param :unhex_keys, :array, default: ['*'], value_type: :string 
+  config_param :unhex_min_length, :integer, default: 8
 
   def filter(tag, time, record)
     line = record[@key]
     return record unless line
-    AuditLogParser.parse_line(line, flatten: @flatten, unhex: @unhex, unhex_keys: @unhex_keys)
+    AuditLogParser.parse_line(line, flatten: @flatten, unhex: @unhex, unhex_keys: @unhex_keys, unhex_min_length: @unhex_min_length)
   rescue => e
     log.warn "failed to parse a audit log: #{line}", error_class: e.class, error: e.message
     log.warn_backtrace