From d0a7040275488f37cde3b3f4ca997f5bbbfc8079 Mon Sep 17 00:00:00 2001
From: DustInDark <nextsasasa@gmail.com>
Date: Tue, 21 Dec 2021 20:55:46 +0900
Subject: [PATCH 1/2] changed output header #320

---
 src/afterfact.rs | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/afterfact.rs b/src/afterfact.rs
index 8cbe21a5..db71dd8c 100644
--- a/src/afterfact.rs
+++ b/src/afterfact.rs
@@ -13,23 +13,23 @@ use std::process;
 #[serde(rename_all = "PascalCase")]
 pub struct CsvFormat<'a> {
     time: &'a str,
-    computername: &'a str,
-    eventid: &'a str,
+    computer: &'a str,
+    event_i_d: &'a str,
     level: &'a str,
-    alert: &'a str,
+    rule_title: &'a str,
     details: &'a str,
-    rulepath: &'a str,
-    filepath: &'a str,
+    rule_path: &'a str,
+    file_path: &'a str,
 }
 
 #[derive(Debug, Serialize)]
 #[serde(rename_all = "PascalCase")]
 pub struct DisplayFormat<'a> {
     time: &'a str,
-    computername: &'a str,
-    eventid: &'a str,
+    computer: &'a str,
+    event_i_d: &'a str,
     level: &'a str,
-    alert: &'a str,
+    rule_title: &'a str,
     details: &'a str,
 }
 
@@ -91,21 +91,21 @@ fn emit_csv<W: std::io::Write>(writer: &mut W, displayflag: bool) -> io::Result<
                 wtr.serialize(DisplayFormat {
                     time: &format!("{} ", &format_time(time)),
                     level: &format!(" {} ", &detect_info.level),
-                    computername: &format!(" {} ", &detect_info.computername),
-                    eventid: &format!(" {} ", &detect_info.eventid),
-                    alert: &format!(" {} ", &detect_info.alert),
+                    computer: &format!(" {} ", &detect_info.computername),
+                    event_i_d: &format!(" {} ", &detect_info.eventid),
+                    rule_title: &format!(" {} ", &detect_info.alert),
                     details: &format!(" {}", &detect_info.detail),
                 })?;
             } else {
                 // csv出力時フォーマット
                 wtr.serialize(CsvFormat {
                     time: &format_time(time),
-                    filepath: &detect_info.filepath,
-                    rulepath: &detect_info.rulepath,
+                    file_path: &detect_info.filepath,
+                    rule_path: &detect_info.rulepath,
                     level: &detect_info.level,
-                    computername: &detect_info.computername,
-                    eventid: &detect_info.eventid,
-                    alert: &detect_info.alert,
+                    computer: &detect_info.computername,
+                    event_i_d: &detect_info.eventid,
+                    rule_title: &detect_info.alert,
                     details: &detect_info.detail,
                 })?;
             }

From a0cc36c67e3a161a2855a81c7eade64acc35f7a9 Mon Sep 17 00:00:00 2001
From: DustInDark <nextsasasa@gmail.com>
Date: Tue, 21 Dec 2021 22:31:21 +0900
Subject: [PATCH 2/2] fixed test error #320

---
 src/afterfact.rs | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/afterfact.rs b/src/afterfact.rs
index db71dd8c..97b1c85f 100644
--- a/src/afterfact.rs
+++ b/src/afterfact.rs
@@ -12,7 +12,7 @@ use std::process;
 #[derive(Debug, Serialize)]
 #[serde(rename_all = "PascalCase")]
 pub struct CsvFormat<'a> {
-    time: &'a str,
+    timestamp: &'a str,
     computer: &'a str,
     event_i_d: &'a str,
     level: &'a str,
@@ -25,7 +25,7 @@ pub struct CsvFormat<'a> {
 #[derive(Debug, Serialize)]
 #[serde(rename_all = "PascalCase")]
 pub struct DisplayFormat<'a> {
-    time: &'a str,
+    timestamp: &'a str,
     computer: &'a str,
     event_i_d: &'a str,
     level: &'a str,
@@ -89,7 +89,7 @@ fn emit_csv<W: std::io::Write>(writer: &mut W, displayflag: bool) -> io::Result<
         for detect_info in detect_infos {
             if displayflag {
                 wtr.serialize(DisplayFormat {
-                    time: &format!("{} ", &format_time(time)),
+                    timestamp: &format!("{} ", &format_time(time)),
                     level: &format!(" {} ", &detect_info.level),
                     computer: &format!(" {} ", &detect_info.computername),
                     event_i_d: &format!(" {} ", &detect_info.eventid),
@@ -99,7 +99,7 @@ fn emit_csv<W: std::io::Write>(writer: &mut W, displayflag: bool) -> io::Result<
             } else {
                 // csv出力時フォーマット
                 wtr.serialize(CsvFormat {
-                    time: &format_time(time),
+                    timestamp: &format_time(time),
                     file_path: &detect_info.filepath,
                     rule_path: &detect_info.rulepath,
                     level: &detect_info.level,
@@ -243,7 +243,7 @@ mod tests {
             .datetime_from_str("1996-02-27T01:05:01Z", "%Y-%m-%dT%H:%M:%SZ")
             .unwrap();
         let expect_tz = expect_time.with_timezone(&Local);
-        let expect = "Time,Computername,Eventid,Level,Alert,Details,Rulepath,Filepath\n"
+        let expect = "Timestamp,Computer,EventID,Level,RuleTitle,Details,RulePath,FilePath\n"
             .to_string()
             + &expect_tz
                 .clone()
@@ -319,7 +319,7 @@ mod tests {
             .datetime_from_str("1996-02-27T01:05:01Z", "%Y-%m-%dT%H:%M:%SZ")
             .unwrap();
         let expect_tz = expect_time.with_timezone(&Local);
-        let expect = "Time|Computername|Eventid|Level|Alert|Details\n".to_string()
+        let expect = "Timestamp|Computer|EventID|Level|RuleTitle|Details\n".to_string()
             + &expect_tz
                 .clone()
                 .format("%Y-%m-%d %H:%M:%S%.3f %:z")