Ejemplo n.º 1
0
 def _dt_to_wmi(self, dt):
     ''' A wrapper around wmi.from_time to get a WMI-formatted time from a
         time struct.
     '''
     return from_time(year=dt.year, month=dt.month, day=dt.day,
                      hours=dt.hour, minutes=dt.minute,
                      seconds=dt.second, microseconds=0, timezone=0)
Ejemplo n.º 2
0
    def test_wql_eventlog_filtering(self):
        """
        Format filters with the eventlog expected form to a comprehensive WQL `WHERE` clause.
        """

        from checks.libs.wmi import sampler
        from datetime import datetime
        from checks.wmi_check import from_time

        format_filter = sampler.WMISampler._format_filter

        filters = []
        query = {}
        and_props = ["mEssage"]
        ltypes = ["Error", "Warning"]
        source_names = ["MSSQLSERVER", "IIS"]
        log_files = ["System", "Security"]
        event_codes = [302, 404, 501]
        message_filters = ["-foo", "%bar%", "%zen%"]
        last_ts = datetime(2016, 1, 1, 15, 8, 24, 78915)

        query["TimeGenerated"] = (">=", from_time(last_ts))
        query["Type"] = ("=", "footype")
        query["User"] = ("=", "luser")
        query["SourceName"] = ("=", "MSSQL")
        query["LogFile"] = ("=", "thelogfile")

        query["Type"] = []
        for ltype in ltypes:
            query["Type"].append(("=", ltype))

        query["SourceName"] = []
        for source_name in source_names:
            query["SourceName"].append(("=", source_name))

        query["LogFile"] = []
        for log_file in log_files:
            query["LogFile"].append(("=", log_file))

        query["EventCode"] = []
        for code in event_codes:
            query["EventCode"].append(("=", code))

        query["NOT Message"] = []
        query["Message"] = []
        for filt in message_filters:
            if filt[0] == "-":
                query["NOT Message"].append(("LIKE", filt[1:]))
            else:
                query["Message"].append(("LIKE", filt))

        filters.append(query)

        self.assertEquals(
            " WHERE ( NOT Message LIKE 'foo' AND ( EventCode = '302' OR EventCode = '404' OR EventCode = '501' ) "
            "AND ( SourceName = 'MSSQLSERVER' OR SourceName = 'IIS' ) AND TimeGenerated >= '2016-01-01 15:08:24.078915**********.******+' "
            "AND User = '******' AND Message LIKE '%bar%' AND Message LIKE '%zen%' AND ( LogFile = 'System' OR LogFile = 'Security' ) "
            "AND ( Type = 'Error' OR Type = 'Warning' ) )",
            format_filter(filters, and_props),
        )
Ejemplo n.º 3
0
 def _dt_to_wmi(self, dt):
     ''' A wrapper around wmi.from_time to get a WMI-formatted time from a
         time struct.
     '''
     return from_time(year=dt.year, month=dt.month, day=dt.day,
                      hours=dt.hour, minutes=dt.minute,
                      seconds=dt.second, microseconds=0, timezone=0)
Ejemplo n.º 4
0
    def test_wql_eventlog_filtering(self):
        """
        Format filters with the eventlog expected form to a comprehensive WQL `WHERE` clause.
        """

        from checks.libs.wmi import sampler
        from datetime import datetime
        from checks.wmi_check import from_time
        format_filter = sampler.WMISampler._format_filter

        filters = []
        query = {}
        and_props = ['mEssage']
        ltypes = ["Error", "Warning"]
        source_names = ["MSSQLSERVER", "IIS"]
        log_files = ["System", "Security"]
        event_codes = [302, 404, 501]
        message_filters = ["-foo", "%bar%", "%zen%"]
        last_ts = datetime(2016, 1, 1, 15, 8, 24, 78915)

        query['TimeGenerated'] = ('>=', from_time(last_ts))
        query['Type'] = ('=', 'footype')
        query['User'] = ('=', 'luser')
        query['SourceName'] = ('=', 'MSSQL')
        query['LogFile'] = ('=', 'thelogfile')

        query['Type'] = []
        for ltype in ltypes:
            query['Type'].append(('=', ltype))

        query['SourceName'] = []
        for source_name in source_names:
            query['SourceName'].append(('=', source_name))

        query['LogFile'] = []
        for log_file in log_files:
            query['LogFile'].append(('=', log_file))

        query['EventCode'] = []
        for code in event_codes:
            query['EventCode'].append(('=', code))

        query['NOT Message'] = []
        query['Message'] = []
        for filt in message_filters:
            if filt[0] == '-':
                query['NOT Message'].append(('LIKE', filt[1:]))
            else:
                query['Message'].append(('LIKE', filt))

        filters.append(query)

        self.assertEquals(
            " WHERE ( NOT Message LIKE 'foo' AND ( EventCode = '302' OR EventCode = '404' OR EventCode = '501' ) "
            "AND ( SourceName = 'MSSQLSERVER' OR SourceName = 'IIS' ) AND TimeGenerated >= '2016-01-01 15:08:24.078915**********.******+' "
            "AND User = '******' AND Message LIKE '%bar%' AND Message LIKE '%zen%' AND ( LogFile = 'System' OR LogFile = 'Security' ) "
            "AND ( Type = 'Error' OR Type = 'Warning' ) )",
            format_filter(filters, and_props))
Ejemplo n.º 5
0
 def _dt_to_wmi(self, dt):
     return from_time(year=dt.year, month=dt.month, day=dt.day,
                      hours=dt.hour, minutes=dt.minute,
                      seconds=dt.second, microseconds=0, timezone=0)