def testParseWtmpFile(self): """Tests the Parse function on a wtmp file.""" parser = utmp.UtmpParser() storage_writer = self._ParseFile(['wtmp.1'], parser) number_of_events = storage_writer.GetNumberOfAttributeContainers('event') self.assertEqual(number_of_events, 4) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'extraction_warning') self.assertEqual(number_of_warnings, 0) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'recovery_warning') self.assertEqual(number_of_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'date_time': '2011-12-01 17:36:38.432935', 'data_type': 'linux:utmp:event', 'exit_status': 0, 'hostname': '10.10.122.1', 'ip_address': '10.10.122.1', 'pid': 20060, 'terminal': 'pts/32', 'terminal_identifier': 842084211, 'type': 7, 'username': '******'} self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testParseWtmpFile(self): """Tests the Parse function for an WTMP file.""" parser = utmp.UtmpParser() storage_writer = self._ParseFile(['wtmp.1'], parser) self.assertEqual(storage_writer.number_of_events, 4) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2011-12-01 17:36:38.432935') self.assertEqual(event.user, 'userA') self.assertEqual(event.computer_name, '10.10.122.1') self.assertEqual(event.terminal, 'pts/32') self.assertEqual(event.status, 'USER_PROCESS') self.assertEqual(event.ip_address, '10.10.122.1') self.assertEqual(event.exit, 0) self.assertEqual(event.pid, 20060) self.assertEqual(event.terminal_id, 842084211) expected_message = ('User: userA ' 'Computer Name: 10.10.122.1 ' 'Terminal: pts/32 ' 'PID: 20060 ' 'Terminal_ID: 842084211 ' 'Status: USER_PROCESS ' 'IP Address: 10.10.122.1 ' 'Exit: 0') expected_short_message = ('User: userA') self._TestGetMessageStrings(event, expected_message, expected_short_message)
def testParseWtmpFile(self): """Tests the Parse function for an WTMP file.""" parser_object = utmp.UtmpParser() test_file = self._GetTestFilePath([u'wtmp.1']) events = self._ParseFile(parser_object, test_file) event_objects = self._GetEventObjectsFromQueue(events) self.assertEqual(len(event_objects), 4) event_object = event_objects[0] expected_timestamp = timelib.Timestamp.CopyFromString( u'2011-12-01 17:36:38.432935') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.user, u'userA') self.assertEqual(event_object.computer_name, u'10.10.122.1') self.assertEqual(event_object.terminal, u'pts/32') self.assertEqual(event_object.status, u'USER_PROCESS') self.assertEqual(event_object.ip_address, u'10.10.122.1') self.assertEqual(event_object.exit, 0) self.assertEqual(event_object.pid, 20060) self.assertEqual(event_object.terminal_id, 842084211) expected_msg = ( u'User: userA ' u'Computer Name: 10.10.122.1 ' u'Terminal: pts/32 ' u'PID: 20060 ' u'Terminal_ID: 842084211 ' u'Status: USER_PROCESS ' u'IP Address: 10.10.122.1 ' u'Exit: 0') expected_msg_short = ( u'User: userA') self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short)
def testParseUtmpFile(self): """Tests the Parse function on a utmp file.""" parser = utmp.UtmpParser() storage_writer = self._ParseFile(['utmp'], parser) number_of_events = storage_writer.GetNumberOfAttributeContainers('event') self.assertEqual(number_of_events, 14) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'extraction_warning') self.assertEqual(number_of_warnings, 0) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'recovery_warning') self.assertEqual(number_of_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'data_type': 'linux:utmp:event', 'terminal': 'system boot', 'type': 2} self.CheckEventValues(storage_writer, events[0], expected_event_values) expected_event_values = { 'data_type': 'linux:utmp:event', 'type': 1} self.CheckEventValues(storage_writer, events[1], expected_event_values) expected_event_values = { 'date_time': '2013-12-13 14:45:09.000000', 'data_type': 'linux:utmp:event', 'exit_status': 0, 'hostname': 'localhost', 'ip_address': '0.0.0.0', 'pid': 1115, 'terminal_identifier': 52, 'terminal': 'tty4', 'type': 6, 'username': '******'} self.CheckEventValues(storage_writer, events[2], expected_event_values) expected_event_values = { 'date_time': '2013-12-18 22:46:56.305504', 'data_type': 'linux:utmp:event', 'exit_status': 0, 'hostname': 'localhost', 'ip_address': '0.0.0.0', 'pid': 2684, 'terminal': 'pts/4', 'terminal_identifier': 13359, 'type': 7, 'username': '******'} self.CheckEventValues(storage_writer, events[12], expected_event_values)
def testParseWtmpFile(self): """Tests the Parse function on a wtmp file.""" parser = utmp.UtmpParser() storage_writer = self._ParseFile(['wtmp.1'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 4) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2011-12-01 17:36:38.432935') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.username, 'userA') self.assertEqual(event_data.hostname, '10.10.122.1') self.assertEqual(event_data.terminal, 'pts/32') self.assertEqual(event_data.type, 7) self.assertEqual(event_data.ip_address, '10.10.122.1') self.assertEqual(event_data.exit_status, 0) self.assertEqual(event_data.pid, 20060) self.assertEqual(event_data.terminal_identifier, 842084211) expected_message = ( 'User: userA ' 'Hostname: 10.10.122.1 ' 'Terminal: pts/32 ' 'PID: 20060 ' 'Terminal identifier: 842084211 ' 'Status: USER_PROCESS ' 'IP Address: 10.10.122.1 ' 'Exit status: 0') expected_short_message = ( 'User: userA ' 'PID: 20060 ' 'Status: USER_PROCESS') self._TestGetMessageStrings( event_data, expected_message, expected_short_message)
def testParseUtmpFile(self): """Tests the Parse function on a utmp file.""" parser = utmp.UtmpParser() storage_writer = self._ParseFile(['utmp'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 14) events = list(storage_writer.GetEvents()) event = events[0] event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.terminal, 'system boot') self.assertEqual(event_data.type, 2) event = events[1] event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.type, 1) event = events[2] self.CheckTimestamp(event.timestamp, '2013-12-13 14:45:09.000000') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.username, 'LOGIN') self.assertEqual(event_data.hostname, 'localhost') self.assertEqual(event_data.terminal, 'tty4') self.assertEqual(event_data.type, 6) self.assertEqual(event_data.exit_status, 0) self.assertEqual(event_data.pid, 1115) self.assertEqual(event_data.terminal_identifier, 52) expected_message = ('User: LOGIN ' 'Hostname: localhost ' 'Terminal: tty4 ' 'PID: 1115 ' 'Terminal identifier: 52 ' 'Status: LOGIN_PROCESS ' 'IP Address: 0.0.0.0 ' 'Exit status: 0') expected_short_message = ('User: LOGIN ' 'PID: 1115 ' 'Status: LOGIN_PROCESS') self._TestGetMessageStrings(event_data, expected_message, expected_short_message) event = events[12] self.CheckTimestamp(event.timestamp, '2013-12-18 22:46:56.305504') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.username, 'moxilo') self.assertEqual(event_data.hostname, 'localhost') self.assertEqual(event_data.terminal, 'pts/4') self.assertEqual(event_data.type, 7) self.assertEqual(event_data.exit_status, 0) self.assertEqual(event_data.pid, 2684) self.assertEqual(event_data.terminal_identifier, 13359) expected_message = ('User: moxilo ' 'Hostname: localhost ' 'Terminal: pts/4 ' 'PID: 2684 ' 'Terminal identifier: 13359 ' 'Status: USER_PROCESS ' 'IP Address: 0.0.0.0 ' 'Exit status: 0') expected_short_message = ('User: moxilo ' 'PID: 2684 ' 'Status: USER_PROCESS') self._TestGetMessageStrings(event_data, expected_message, expected_short_message)
def setUp(self): """Sets up the needed objects used throughout the test.""" pre_obj = event.PreprocessObject() self._parser = utmp.UtmpParser(pre_obj, None)
def testParseUtmpFile(self): """Tests the Parse function for an UTMP file.""" parser = utmp.UtmpParser() storage_writer = self._ParseFile(['utmp'], parser) self.assertEqual(storage_writer.number_of_events, 14) events = list(storage_writer.GetEvents()) event = events[0] self.assertEqual(event.terminal, 'system boot') self.assertEqual(event.status, 'BOOT_TIME') event = events[1] self.assertEqual(event.status, 'RUN_LVL') event = events[2] self.CheckTimestamp(event.timestamp, '2013-12-13 14:45:09.000000') self.assertEqual(event.user, 'LOGIN') self.assertEqual(event.computer_name, 'localhost') self.assertEqual(event.terminal, 'tty4') self.assertEqual(event.status, 'LOGIN_PROCESS') self.assertEqual(event.exit, 0) self.assertEqual(event.pid, 1115) self.assertEqual(event.terminal_id, 52) expected_message = ('User: LOGIN ' 'Computer Name: localhost ' 'Terminal: tty4 ' 'PID: 1115 ' 'Terminal_ID: 52 ' 'Status: LOGIN_PROCESS ' 'IP Address: localhost ' 'Exit: 0') expected_short_message = ('User: LOGIN') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[12] self.CheckTimestamp(event.timestamp, '2013-12-18 22:46:56.305504') self.assertEqual(event.user, 'moxilo') self.assertEqual(event.computer_name, 'localhost') self.assertEqual(event.terminal, 'pts/4') self.assertEqual(event.status, 'USER_PROCESS') self.assertEqual(event.exit, 0) self.assertEqual(event.pid, 2684) self.assertEqual(event.terminal_id, 13359) expected_message = ('User: moxilo ' 'Computer Name: localhost ' 'Terminal: pts/4 ' 'PID: 2684 ' 'Terminal_ID: 13359 ' 'Status: USER_PROCESS ' 'IP Address: localhost ' 'Exit: 0') expected_short_message = ('User: moxilo') self._TestGetMessageStrings(event, expected_message, expected_short_message)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._parser = utmp.UtmpParser()
def testParseUtmpFile(self): """Tests the Parse function for an UTMP file.""" parser_object = utmp.UtmpParser() test_file = self._GetTestFilePath([u'utmp']) events = self._ParseFile(parser_object, test_file) event_objects = self._GetEventObjectsFromQueue(events) self.assertEqual(len(event_objects), 14) event_object = event_objects[0] self.assertEqual(event_object.terminal, u'system boot') self.assertEqual(event_object.status, u'BOOT_TIME') event_object = event_objects[1] self.assertEqual(event_object.status, u'RUN_LVL') event_object = event_objects[2] expected_timestamp = timelib.Timestamp.CopyFromString( u'2013-12-13 14:45:09') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.user, u'LOGIN') self.assertEqual(event_object.computer_name, u'localhost') self.assertEqual(event_object.terminal, u'tty4') self.assertEqual(event_object.status, u'LOGIN_PROCESS') self.assertEqual(event_object.exit, 0) self.assertEqual(event_object.pid, 1115) self.assertEqual(event_object.terminal_id, 52) expected_msg = ( u'User: LOGIN ' u'Computer Name: localhost ' u'Terminal: tty4 ' u'PID: 1115 ' u'Terminal_ID: 52 ' u'Status: LOGIN_PROCESS ' u'IP Address: localhost ' u'Exit: 0') expected_msg_short = ( u'User: LOGIN') self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short) event_object = event_objects[12] expected_timestamp = timelib.Timestamp.CopyFromString( u'2013-12-18 22:46:56.305504') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.user, u'moxilo') self.assertEqual(event_object.computer_name, u'localhost') self.assertEqual(event_object.terminal, u'pts/4') self.assertEqual(event_object.status, u'USER_PROCESS') self.assertEqual(event_object.exit, 0) self.assertEqual(event_object.pid, 2684) self.assertEqual(event_object.terminal_id, 13359) expected_msg = ( u'User: moxilo ' u'Computer Name: localhost ' u'Terminal: pts/4 ' u'PID: 2684 ' u'Terminal_ID: 13359 ' u'Status: USER_PROCESS ' u'IP Address: localhost ' u'Exit: 0') expected_msg_short = ( u'User: moxilo') self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short)
def setUp(self): """Makes preparations before running an individual test.""" self._parser = utmp.UtmpParser()