def test_growing_file(self):
write_fileobj = open("%s/unified2.log" % self.tmpdir, "ab")
write_fileobj.write(open(self.test_filename, "rb").read())
write_fileobj.flush()
write_fileobj.close()
read_fileobj = open("%s/unified2.log" % self.tmpdir, "rb")
for i in range(17):
record = unified2.read_record(read_fileobj)
self.assertTrue(record is not None, "record None at i=%d" % (i))
self.assertTrue(unified2.read_record(read_fileobj) is None)
# Grow the file by 17 more records.
write_fileobj = open("%s/unified2.log" % self.tmpdir, "ab")
write_fileobj.write(open(self.test_filename, "rb").read())
write_fileobj.flush()
write_fileobj.close()
for i in range(17):
record = unified2.read_record(read_fileobj)
self.assertTrue(
record is not None,
"record None at i=%d; expected on OSX w/Py2" % (i))
self.assertTrue(unified2.read_record(read_fileobj) is None)
read_fileobj.close()
def test_growing_file(self):
write_fileobj = open("%s/unified2.log" % self.tmpdir, "ab")
write_fileobj.write(open(self.test_filename, "rb").read())
write_fileobj.flush()
write_fileobj.close()
read_fileobj = open("%s/unified2.log" % self.tmpdir, "rb")
for i in range(17):
record = unified2.read_record(read_fileobj)
self.assertTrue(record is not None, "record None at i=%d" % (i))
self.assertTrue(unified2.read_record(read_fileobj) is None)
# Grow the file by 17 more records.
write_fileobj = open("%s/unified2.log" % self.tmpdir, "ab")
write_fileobj.write(open(self.test_filename, "rb").read())
write_fileobj.flush()
write_fileobj.close()
for i in range(17):
record = unified2.read_record(read_fileobj)
self.assertTrue(
record is not None,
"record None at i=%d; expected on OSX w/Py2" % (i))
self.assertTrue(unified2.read_record(read_fileobj) is None)
read_fileobj.close()
def test_read_ipv6_event(self):
fileobj = open("tests/ipv6-alert.unified2", "rb")
record = unified2.read_record(fileobj)
self.assertEqual("fe80:0000:0000:0000:dacb:8aff:feed:a146",
record["source-ip"])
self.assertEqual("fe80:0000:0000:0000:0215:17ff:fe0d:06f7",
record["destination-ip"])
def test_read_ipv6_event(self):
fileobj = open("tests/ipv6-alert.unified2", "rb")
record = unified2.read_record(fileobj)
self.assertEqual("fe80:0000:0000:0000:dacb:8aff:feed:a146",
record["source-ip"])
self.assertEqual("fe80:0000:0000:0000:0215:17ff:fe0d:06f7",
record["destination-ip"])
def main():
try:
opts, args = getopt.getopt(sys.argv[1:], "h", ["help"])
except getopt.GetoptError as err:
print("error: invalid command line: %s" % err, file=sys.stderr)
usage()
return 1
for o, a in opts:
if o in ["-h", "--help"]:
usage(sys.stdout)
return 0
if not args:
print("error: nothing to do", file=sys.stderr)
usage()
return 1
record_count = 0
start_time = time.time()
for arg in args:
print("Processing file %s." % arg)
with open(arg) as fileobj:
while 1:
record = unified2.read_record(fileobj)
if not record:
break
record_count += 1
elapsed_time = time.time() - start_time
print("Records: %d; Time: %d; Records/sec: %d" %
(record_count, elapsed_time, record_count / int(elapsed_time)))
def test_decoders(self):
"""Based on our knowledge of the test file, check that the
records were decoded as expected.
"""
fileobj = open(self.test_filename, "rb")
record = unified2.read_record(fileobj)
self.assertEqual("207.25.71.28", record["source-ip"])
self.assertEqual("10.20.11.123", record["destination-ip"])
def test_decoders(self):
"""Based on our knowledge of the test file, check that the
records were decoded as expected.
"""
fileobj = open(self.test_filename, "rb")
record = unified2.read_record(fileobj)
self.assertEqual("207.25.71.28", record["source-ip"])
self.assertEqual("10.20.11.123", record["destination-ip"])
def main():
try:
opts, args = getopt.getopt(
sys.argv[1:], "h",
["help"])
except getopt.GetoptError as err:
print("error: invalid command line: %s" % err, file=sys.stderr)
usage()
return 1
for o, a in opts:
if o in ["-h", "--help"]:
usage(sys.stdout)
return 0
if not args:
print("error: nothing to do", file=sys.stderr)
usage()
return 1
record_count = 0
start_time = time.time()
for arg in args:
print("Processing file %s." % arg)
with open(arg) as fileobj:
while 1:
record = unified2.read_record(fileobj)
if not record:
break
record_count += 1
elapsed_time = time.time() - start_time
print("Records: %d; Time: %d; Records/sec: %d" % (
record_count, elapsed_time, record_count / int(elapsed_time)))
