Merge pull request #325 from Yamato-Security/fix/header_name_fix#320

changed output header #320

src/afterfact.rs

@@ -12,24 +12,24 @@ use std::process;
 #[derive(Debug, Serialize)]
 #[serde(rename_all = "PascalCase")]
 pub struct CsvFormat<'a> {
-    time: &'a str,
-    computername: &'a str,
-    eventid: &'a str,
+    timestamp: &'a str,
+    computer: &'a str,
+    event_i_d: &'a str,
     level: &'a str,
-    alert: &'a str,
+    rule_title: &'a str,
     details: &'a str,
-    rulepath: &'a str,
-    filepath: &'a str,
+    rule_path: &'a str,
+    file_path: &'a str,
 }
 
 #[derive(Debug, Serialize)]
 #[serde(rename_all = "PascalCase")]
 pub struct DisplayFormat<'a> {
-    time: &'a str,
-    computername: &'a str,
-    eventid: &'a str,
+    timestamp: &'a str,
+    computer: &'a str,
+    event_i_d: &'a str,
     level: &'a str,
-    alert: &'a str,
+    rule_title: &'a str,
     details: &'a str,
 }
 
@@ -89,23 +89,23 @@ fn emit_csv<W: std::io::Write>(writer: &mut W, displayflag: bool) -> io::Result<
         for detect_info in detect_infos {
             if displayflag {
                 wtr.serialize(DisplayFormat {
-                    time: &format!("{} ", &format_time(time)),
+                    timestamp: &format!("{} ", &format_time(time)),
                     level: &format!(" {} ", &detect_info.level),
-                    computername: &format!(" {} ", &detect_info.computername),
-                    eventid: &format!(" {} ", &detect_info.eventid),
-                    alert: &format!(" {} ", &detect_info.alert),
+                    computer: &format!(" {} ", &detect_info.computername),
+                    event_i_d: &format!(" {} ", &detect_info.eventid),
+                    rule_title: &format!(" {} ", &detect_info.alert),
                     details: &format!(" {}", &detect_info.detail),
                 })?;
             } else {
                 // csv出力時フォーマット
                 wtr.serialize(CsvFormat {
-                    time: &format_time(time),
-                    filepath: &detect_info.filepath,
-                    rulepath: &detect_info.rulepath,
+                    timestamp: &format_time(time),
+                    file_path: &detect_info.filepath,
+                    rule_path: &detect_info.rulepath,
                     level: &detect_info.level,
-                    computername: &detect_info.computername,
-                    eventid: &detect_info.eventid,
-                    alert: &detect_info.alert,
+                    computer: &detect_info.computername,
+                    event_i_d: &detect_info.eventid,
+                    rule_title: &detect_info.alert,
                     details: &detect_info.detail,
                 })?;
             }
@@ -243,7 +243,7 @@ mod tests {
             .datetime_from_str("1996-02-27T01:05:01Z", "%Y-%m-%dT%H:%M:%SZ")
             .unwrap();
         let expect_tz = expect_time.with_timezone(&Local);
-        let expect = "Time,Computername,Eventid,Level,Alert,Details,Rulepath,Filepath\n"
+        let expect = "Timestamp,Computer,EventID,Level,RuleTitle,Details,RulePath,FilePath\n"
             .to_string()
             + &expect_tz
                 .clone()
@@ -319,7 +319,7 @@ mod tests {
             .datetime_from_str("1996-02-27T01:05:01Z", "%Y-%m-%dT%H:%M:%SZ")
             .unwrap();
         let expect_tz = expect_time.with_timezone(&Local);
-        let expect = "Time|Computername|Eventid|Level|Alert|Details\n".to_string()
+        let expect = "Timestamp|Computer|EventID|Level|RuleTitle|Details\n".to_string()
             + &expect_tz
                 .clone()
                 .format("%Y-%m-%d %H:%M:%S%.3f %:z")