def testRandomEvents(self): g = event.EventGenerator() events = g.randomEvents(100) inputqueue = Queue.Queue(1000) outputqueue = Queue.Queue(1000) for e in events: outputqueue.put(e) self.config.input = [{'source': "tcp:port=3003", 'translator': "xml"}] self.config.output = [{ 'sink': "tcp:host=localhost:port=3003", 'translator': "xml" }] source = TCPSource(0, self.config, self.logger, inputqueue) sink = TCPSink(0, self.config, self.logger, outputqueue) source.start() sink.start() outputqueue.join() sink.finish() sink.join() source.finish() source.join() self.assert_(outputqueue.qsize() == 0) self.assert_(inputqueue.qsize() == 100) self.assert_(events[0].id == inputqueue.queue[0].id) self.assert_(events[99].id == inputqueue.queue[99].id)
def test_event_name(self): g = event.EventGenerator() events = g.randomEvents(100) for i in range(15): events[i].name = "FOO" name_is_FOO = rulecomponents.event_name("FOO") self.assert_(len(name_is_FOO(query_events=events)) == 15)
def test_event_host(self): g = event.EventGenerator() events = g.randomEvents(100) for i in range(15): events[i].host = "FOO" host_is_foo = rulecomponents.event_host(lambda **kwargs: "FOO") self.assert_(len(host_is_foo(query_events=events)) == 15)
def test_event_min_age(self): g = event.EventGenerator() events = g.randomEvents(100) events[10].creation -= 200 events[11].creation -= 200 min_age = rulecomponents.event_min_age(100) self.assert_(len(min_age(query_events=events)) == 2)
def test_is_trigger(self): g = event.EventGenerator() events = g.randomEvents(100) is_trigger = rulecomponents.is_trigger trigger = is_trigger(query_events=events, trigger=events[42]) no_trigger = is_trigger(query_events=events, trigger=g.randomEvent()) self.assert_(len(trigger) == 1) self.assert_(trigger[0] == events[42]) self.assert_(len(no_trigger) == 0)
def setUp(self): self.config = configuration.Config() self.logger = logging.Logger(self.config) self.evgen = event.EventGenerator() self.ticker = None self.cache = cache.EventCache(self.config, self.logger, self.ticker) self.cm = contexts.ContextManager(self.config, self.logger, self.ticker, self.cache) self.eh = TestEventHandler()
def testRandomEventGenerator(self): """ random events should be generated without any problems, and they should all have different IDs """ g = event.EventGenerator() events = g.randomEvents(1000) ids = [e.id for e in events] self.assert_(len(set(ids)) == 1000)
def test_event_status(self): g = event.EventGenerator() events = g.randomEvents(100) for i in range(100): if i < 15: events[i].status = "active" else: events[i].status = "inactive" status_is_active = rulecomponents.event_status("active") self.assert_(len(status_is_active(query_events=events)) == 15)
def test_event_type(self): g = event.EventGenerator() events = g.randomEvents(100) for i in range(100): if i < 15: events[i].type = "raw" else: events[i].type = "compressed" type_is_raw = rulecomponents.event_type("raw") self.assert_(len(type_is_raw(query_events=events)) == 15)
def test_event_attribute_regexp(self): g = event.EventGenerator() events = g.randomEvents(100) events[10].setAttribute("foo", "bar") events[11].setAttribute("foo", "baar") events[12].setAttribute("foo", "bahr") attr_foo_matches_bar = rulecomponents.event_attribute( "foo", None, "re", "^baa?r$") self.assert_(len(attr_foo_matches_bar(query_events=events)) == 2) self.assert_( attr_foo_matches_bar(query_events=events)[1] == events[11])
def test_event_class(self): g = event.EventGenerator() events = g.randomEvents(100) events[42].name = "FOO" events[43].name = "BAR" classes = {"FOO": set(["bar", "baz"]), "BAR": set(["bar"])} rulemanager = TestRuleManager(classes=classes) event_class = rulecomponents.event_class("baz") evts = event_class(query_events=events, rulemanager=rulemanager) self.assert_(len(evts) == 1) self.assert_(evts[0] == events[42])
def test_in_context(self): g = event.EventGenerator() events = g.randomEvents(100) events[42].addDelayContext("foo", "a") events[43].addCacheContext("foo", "a") events[44].addCacheContext("foo", "b") events[45].addDelayContext("bar", "a") in_ctx = rulecomponents.in_context("foo", lambda **kwargs: "a") evnts = in_ctx(query_events=events) self.assert_(len(evnts) == 2) self.assert_(evnts[0] == events[42]) self.assert_(evnts[1] == events[43])
def test_complement(self): g = event.EventGenerator() events = g.randomEvents(100) cache = TestCache(events) for i in range(15): events[i].host = "FOO" host_is_foo = rulecomponents.event_host(lambda **kwargs: "FOO") complement = rulecomponents.complement(host_is_foo) self.assert_(len(complement(cache=cache, query_events=events)) == 85) self.assert_( sorted(complement(cache=cache, query_events=events)) == sorted( events[15:100]))
def test_trigger_match(self): g = event.EventGenerator() e = g.randomEvent() e.host = "FOO" e.name = "BAR" host_is_foo = rulecomponents.event_host(lambda **kwargs: "FOO") name_is_bar = rulecomponents.event_name("BAR") both = rulecomponents.trigger_match([host_is_foo, name_is_bar]) none = rulecomponents.trigger_match([]) self.assert_(both(trigger=e) == True) self.assert_(none(trigger=e) == True) e.name = "FOO" self.assert_(both(trigger=e) == False)
def test_last_of(self): g = event.EventGenerator() events = g.randomEvents(100) events[42].creation += 100 events[43].arrival += 100 last_of_creation = rulecomponents.last_of( "creation", lambda **kwargs: kwargs['query_events']) last_of_arrival = rulecomponents.last_of( "arrival", lambda **kwargs: kwargs['query_events']) creation_last = last_of_creation(query_events=events) arrival_last = last_of_arrival(query_events=events) self.assert_(creation_last == [events[42]]) self.assert_(arrival_last == [events[43]])
def test_union(self): g = event.EventGenerator() events = g.randomEvents(100) for i in range(15): events[i].host = "FOO" for i in range(5, 20): events[i].name = "BAR" host_is_foo = rulecomponents.event_host(lambda **kwargs: "FOO") name_is_bar = rulecomponents.event_name("BAR") both = rulecomponents.union([host_is_foo, name_is_bar]) all = rulecomponents.union([]) self.assert_(len(both(query_events=events)) == 20) self.assert_(sorted(both(query_events=events)) == sorted(events[0:20])) self.assert_(len(all(query_events=events)) == 100)
def test_first_of(self): g = event.EventGenerator() events = g.randomEvents(100) cache = TestCache(events) events[42].creation -= 10 events[43].arrival -= 10 first_of_creation = rulecomponents.first_of( "creation", lambda **kwargs: kwargs['query_events']) first_of_arrival = rulecomponents.first_of( "arrival", lambda **kwargs: kwargs['query_events']) creation_first = first_of_creation(query_events=events) arrival_first = first_of_arrival(query_events=events) self.assert_(creation_first == [events[42]]) self.assert_(arrival_first == [events[43]])
def test_match_query(self): g = event.EventGenerator() events = g.randomEvents(100) events[42].host = "FOO" cache = TestCache(events) query = rulecomponents.event_query( [rulecomponents.event_host(lambda **kwargs: "FOO")], None, "creation") queries = {"foo": {"bar": [query]}} rulemanager = TestRuleManager(queries=queries) match_query = rulecomponents.match_query("foo", "bar") evts = match_query(cache=cache, query_events=[], rulemanager=rulemanager) self.assert_(len(evts) == 1) self.assert_(evts[0] == events[42])
def test_event_attribute(self): g = event.EventGenerator() events = g.randomEvents(100) for i in range(15): events[i].setAttribute("foo", "bar") attr_foo_is_bar = rulecomponents.event_attribute( "foo", lambda **kwargs: "bar", "eq") self.assert_(len(attr_foo_is_bar(query_events=events)) == 15) for i in range(10, 20): events[i].setAttribute("foo", str(i)) attr_foo_is_ge15 = rulecomponents.event_attribute( "foo", lambda **kwargs: "15", "ge") attr_foo_is_le10 = rulecomponents.event_attribute( "foo", lambda **kwargs: "10", "le") self.assert_(len(attr_foo_is_ge15(query_events=events)) == 5) self.assert_(attr_foo_is_le10(query_events=events)[0] == events[10])
def test_unique_by(self): g = event.EventGenerator() events = g.randomEvents(100) for e in events: e.host = "TEST" events[42].creation -= 100 events[42].host = "FOO" events[43].creation += 100 events[43].host = "FOO" events[44].arrival -= 100 events[44].host = "FOO" events[45].arrival += 100 events[45].host = "FOO" unique_by_creation_first = rulecomponents.unique_by( "host", "creation", "first", lambda **kwargs: kwargs['query_events']) unique_by_creation_last = rulecomponents.unique_by( "host", "creation", "last", lambda **kwargs: kwargs['query_events']) unique_by_arrival_first = rulecomponents.unique_by( "host", "arrival", "first", lambda **kwargs: kwargs['query_events']) unique_by_arrival_last = rulecomponents.unique_by( "host", "arrival", "last", lambda **kwargs: kwargs['query_events']) events_unique_creation_first = unique_by_creation_first( query_events=events) events_unique_creation_last = unique_by_creation_last( query_events=events) events_unique_arrival_first = unique_by_arrival_first( query_events=events) events_unique_arrival_last = unique_by_arrival_last( query_events=events) # number of selected events self.assert_(len(events_unique_creation_first) == 2) self.assert_(len(events_unique_creation_last) == 2) self.assert_(len(events_unique_arrival_first) == 2) self.assert_(len(events_unique_arrival_last) == 2) # event with host FOO fooevent = lambda evts: [e for e in evts if e.host == "FOO"][0] self.assert_(fooevent(events_unique_creation_first) == events[42]) self.assert_(fooevent(events_unique_creation_last) == events[43]) self.assert_(fooevent(events_unique_arrival_first) == events[44]) self.assert_(fooevent(events_unique_arrival_last) == events[45]) # empty list empty = unique_by_creation_first(query_events=[]) self.assert_(len(empty) == 0)
def test_unique_by_attribute(self): g = event.EventGenerator() events = g.randomEvents(100) events[42].setAttribute("foo", "bar") events[42].creation -= 100 events[43].setAttribute("foo", "bar") events[44].setAttribute("foo", "bar") events[45].setAttribute("foo", "baz") unique_by_attribute_foo = rulecomponents.unique_by( "attributes.foo", "creation", "first", lambda **kwargs: kwargs['query_events']) unique_events = unique_by_attribute_foo(query_events=events) # event with host FOO self.assert_(len(unique_events) == 3) # "bar", "baz" and "" barevent = lambda evts: [ e for e in evts if e.getAttribute("foo") == "bar" ][0] self.assert_(barevent(unique_events) == events[42])
def testRandomEvents(self): g = event.EventGenerator() out_trans = xmloutputtranslator.XMLTranslator(0, self.config, self.logger) in_trans = xmlinputtranslator.XMLTranslator(0, self.config, self.logger) events = g.randomEvents(100) xmlstring = constants.EVENT_TAG_EVENTS_START for e in events: xmlstring += out_trans.translate(e) xmlstring += constants.EVENT_TAG_EVENTS_END events2 = [] for e in in_trans.translate(xmlstring): events2.append(e) self.assert_(len(events)==len(events2)) for i in range(len(events)): events2[i].arrival = events[i].arrival events2[i].cachetime = events[i].cachetime events2[i].delaytime = events[i].delaytime self.assert_(events[i].__dict__==events2[i].__dict__)
def testRandomEvents(self): g = event.EventGenerator() out_trans = EventPickler(0, self.config, self.logger) in_trans = EventUnpickler(0, self.config, self.logger) events = g.randomEvents(1000) s = "" for e in events: s += out_trans.translate(e) events2 = [] for e in in_trans.translate(s[:50]): events2.append(e) for e in in_trans.translate(s[50:100]): events2.append(e) for e in in_trans.translate(s[100:]): events2.append(e) self.assert_(len(events) == len(events2)) for i in range(len(events)): events2[i].arrival = events[i].getArrivalTime() events2[i].delaytime = events[i].delaytime events2[i].cachetime = events[i].cachetime self.assert_(events[i].__dict__ == events2[i].__dict__)
def test_count(self): g = event.EventGenerator() events = g.randomEvents(20) for i in range(10): events[i].host = 'test' event_query = lambda **kwargs: [ x for x in kwargs['events'] if x.host == 'test' ] eq10 = rulecomponents.count(10, op="eq", query=event_query) eq11 = rulecomponents.count(11, op="eq", query=event_query) ge9 = rulecomponents.count(9, op="ge", query=event_query) ge10 = rulecomponents.count(10, op="ge", query=event_query) ge11 = rulecomponents.count(11, op="ge", query=event_query) le9 = rulecomponents.count(9, op="le", query=event_query) le10 = rulecomponents.count(10, op="le", query=event_query) le11 = rulecomponents.count(11, op="le", query=event_query) self.assertTrue(eq10(events=events)) self.assertFalse(eq11(events=events)) self.assertTrue(ge9(events=events)) self.assertTrue(ge10(events=events)) self.assertFalse(ge11(events=events)) self.assertFalse(le9(events=events)) self.assertTrue(le10(events=events)) self.assertTrue(le11(events=events))
def setUp(self): self.config = configuration.Config() self.logger = logging.Logger(self.config) EventLogger = action_plugins.get_plugin("logevents") self.eventlogger = EventLogger(None, None, None) self.evgen = event.EventGenerator()