def testWriteEventBody(self):
"""Tests the WriteEventBody function."""
formatters_manager.FormattersManager.RegisterFormatter(
TestEventFormatter)
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module.SetFields([
'date', 'time', 'timezone', 'macb', 'source', 'sourcetype', 'type',
'user', 'host', 'message_short', 'message', 'filename', 'inode',
'notes', 'format', 'extra'
])
output_module.SetOutputWriter(output_writer)
output_module.WriteHeader()
expected_header = (
'date,time,timezone,macb,source,sourcetype,type,user,host,'
'message_short,message,filename,inode,notes,format,extra\n')
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
event, event_data = containers_test_lib.CreateEventFromValues(
self._TEST_EVENTS[0])
output_module.WriteEventBody(event, event_data, None)
expected_event_body = (
'2012-06-27,18:17:01,UTC,..C.,LOG,Syslog,Metadata Modification Time,-,'
'ubuntu,Reporter <CRON> PID: 8442 (pam_unix(cron:session): session '
'closed for user root),Reporter <CRON> PID: 8442 '
'(pam_unix(cron:session): session closed for user root),log/syslog.1'
',-,-,-,-\n')
event_body = output_writer.ReadOutput()
self.assertEqual(event_body, expected_event_body)
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module.SetFields(
['datetime', 'nonsense', 'hostname', 'message'])
output_module.SetOutputWriter(output_writer)
expected_header = 'datetime,nonsense,hostname,message\n'
output_module.WriteHeader()
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
expected_event_body = (
'2012-06-27T18:17:01+00:00,-,ubuntu,Reporter <CRON> PID: 8442'
' (pam_unix(cron:session): session closed for user root)\n')
event, event_data = containers_test_lib.CreateEventFromValues(
self._TEST_EVENTS[0])
output_module.WriteEventBody(event, event_data, None)
event_body = output_writer.ReadOutput()
self.assertEqual(event_body, expected_event_body)
formatters_manager.FormattersManager.DeregisterFormatter(
TestEventFormatter)
def testWriteEventBody(self):
"""Tests the WriteEventBody function."""
formatters_manager.FormattersManager.RegisterFormatter(
TestEventFormatter)
event_object = TestEvent()
filter_object = FakeFilter([
u'date', u'time', u'timezone', u'macb', u'source', u'sourcetype',
u'type', u'user', u'host', u'message_short', u'message',
u'filename', u'inode', u'notes', u'format', u'extra'])
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(
output_mediator, fields_filter=filter_object,
output_writer=output_writer)
output_module.WriteHeader()
expected_header = (
b'date,time,timezone,macb,source,sourcetype,type,user,host,'
b'message_short,message,filename,inode,notes,format,extra\n')
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
output_module.WriteEventBody(event_object)
expected_event_body = (
b'2012-06-27,18:17:01,UTC,..C.,LOG,Syslog,Metadata Modification Time,-,'
b'ubuntu,Reporter <CRON> PID: 8442 (pam_unix(cron:session): session '
b'closed for user root),Reporter <CRON> PID: 8442 '
b'(pam_unix(cron:session): session closed for user root),log/syslog.1'
b',-,-,-,-\n')
event_body = output_writer.ReadOutput()
self.assertEqual(event_body, expected_event_body)
filter_object = FakeFilter([
u'datetime', u'nonsense', u'hostname', u'message'])
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(
output_mediator, fields_filter=filter_object,
output_writer=output_writer)
expected_header = b'datetime,nonsense,hostname,message\n'
output_module.WriteHeader()
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
expected_event_body = (
b'2012-06-27T18:17:01+00:00,-,ubuntu,Reporter <CRON> PID: 8442'
b' (pam_unix(cron:session): session closed for user root)\n')
output_module.WriteEventBody(event_object)
event_body = output_writer.ReadOutput()
self.assertEqual(event_body, expected_event_body)
formatters_manager.FormattersManager.DeregisterFormatter(
TestEventFormatter)
def testWriteHeader(self):
"""Tests the WriteHeader function."""
test_file_object = io.StringIO()
output_mediator = self._CreateOutputMediator()
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module._file_object = test_file_object
output_module.WriteHeader()
expected_header = (
'datetime,timestamp_desc,source,source_long,message,parser,'
'display_name,tag\n')
header = test_file_object.getvalue()
self.assertEqual(header, expected_header)
test_file_object = io.StringIO()
output_mediator = self._CreateOutputMediator()
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module._file_object = test_file_object
output_module.SetFields(
['date', 'time', 'message', 'hostname', 'filename', 'some_stuff'])
output_module.WriteHeader()
header = test_file_object.getvalue()
self.assertEqual(header,
'date,time,message,hostname,filename,some_stuff\n')
test_file_object = io.StringIO()
output_mediator = self._CreateOutputMediator()
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module._file_object = test_file_object
output_module.SetFields(
['date', 'time', 'message', 'hostname', 'filename', 'some_stuff'])
output_module.SetFieldDelimiter('@')
output_module.WriteHeader()
header = test_file_object.getvalue()
self.assertEqual(header,
'date@time@message@hostname@filename@some_stuff\n')
def testHeader(self):
"""Tests the WriteHeader function."""
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module.SetOutputWriter(output_writer)
expected_header = (
b'datetime,timestamp_desc,source,source_long,message,parser,'
b'display_name,tag,store_number,store_index\n')
output_module.WriteHeader()
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
filter_object = FakeFilter([
u'date', u'time', u'message', u'hostname', u'filename',
u'some_stuff'
])
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module.SetFieldsFilter(filter_object)
output_module.SetOutputWriter(output_writer)
expected_header = b'date,time,message,hostname,filename,some_stuff\n'
output_module.WriteHeader()
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
filter_object = FakeFilter([
u'date', u'time', u'message', u'hostname', u'filename',
u'some_stuff'
],
separator=u'@')
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module.SetFieldsFilter(filter_object)
output_module.SetOutputWriter(output_writer)
expected_header = b'date@time@message@hostname@filename@some_stuff\n'
output_module.WriteHeader()
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
def testParseOptions(self):
"""Tests the ParseOptions function."""
options = cli_test_lib.TestOptions()
output_mediator = self._CreateOutputMediator()
output_module = dynamic.DynamicOutputModule(output_mediator)
dynamic_output.DynamicOutputArgumentsHelper.ParseOptions(
options, output_module)
with self.assertRaises(errors.BadConfigObject):
dynamic_output.DynamicOutputArgumentsHelper.ParseOptions(options, None)
def testExportEvents(self):
"""Tests the ExportEvents function."""
test_file_path = self._GetTestFilePath(['psort_test.plaso'])
self._SkipIfPathNotExists(test_file_path)
knowledge_base_object = knowledge_base.KnowledgeBase()
output_writer = cli_test_lib.TestBinaryOutputWriter()
formatters_manager.FormattersManager.Reset()
formatters_directory_path = self._GetDataFilePath(['formatters'])
formatters_manager.FormattersManager.ReadFormattersFromDirectory(
formatters_directory_path)
formatter_mediator = formatters_mediator.FormatterMediator()
formatter_mediator.SetPreferredLanguageIdentifier('en-US')
output_mediator_object = output_mediator.OutputMediator(
knowledge_base_object,
formatter_mediator,
data_location=shared_test_lib.TEST_DATA_PATH)
output_module = dynamic.DynamicOutputModule(output_mediator_object)
output_module.SetOutputWriter(output_writer)
configuration = configurations.ProcessingConfiguration()
storage_reader = storage_factory.StorageFactory.CreateStorageReaderForFile(
test_file_path)
test_engine = psort.PsortMultiProcessEngine()
test_engine.ExportEvents(knowledge_base_object, storage_reader,
output_module, configuration)
lines = []
output = output_writer.ReadOutput()
# TODO: add test output writer that produces strings also see:
# https://github.com/log2timeline/plaso/issues/1963
output = codecs.decode(output, 'utf-8')
for line in output.split('\n'):
lines.append(line)
self.assertEqual(len(lines), 22)
expected_line = ('2014-11-18T01:15:43+00:00,'
'Content Modification Time,'
'LOG,'
'Log File,'
'[---] last message repeated 5 times ---,'
'syslog,'
'OS:/tmp/test/test_data/syslog,'
'repeated')
self.assertEqual(lines[14], expected_line)
def testHeader(self):
"""Tests the WriteHeader function."""
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module.SetOutputWriter(output_writer)
expected_header = (
'datetime,timestamp_desc,source,source_long,message,parser,'
'display_name,tag\n')
output_module.WriteHeader()
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module.SetFields(
['date', 'time', 'message', 'hostname', 'filename', 'some_stuff'])
output_module.SetOutputWriter(output_writer)
expected_header = 'date,time,message,hostname,filename,some_stuff\n'
output_module.WriteHeader()
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module.SetFields(
['date', 'time', 'message', 'hostname', 'filename', 'some_stuff'])
output_module.SetFieldDelimiter('@')
output_module.SetOutputWriter(output_writer)
expected_header = 'date@time@message@hostname@filename@some_stuff\n'
output_module.WriteHeader()
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
def testExportEvents(self):
"""Tests the ExportEvents function."""
test_file_path = self._GetTestFilePath(['psort_test.plaso'])
self._SkipIfPathNotExists(test_file_path)
knowledge_base_object = knowledge_base.KnowledgeBase()
test_file_object = io.StringIO()
output_mediator_object = output_mediator.OutputMediator(
knowledge_base_object,
data_location=shared_test_lib.TEST_DATA_PATH)
formatters_directory_path = self._GetDataFilePath(['formatters'])
output_mediator_object.ReadMessageFormattersFromDirectory(
formatters_directory_path)
output_mediator_object.SetPreferredLanguageIdentifier('en-US')
output_module = dynamic.DynamicOutputModule(output_mediator_object)
output_module._file_object = test_file_object
configuration = configurations.ProcessingConfiguration()
storage_reader = storage_factory.StorageFactory.CreateStorageReaderForFile(
test_file_path)
test_engine = psort.PsortMultiProcessEngine()
test_engine.ExportEvents(knowledge_base_object, storage_reader,
output_module, configuration)
output = test_file_object.getvalue()
lines = output.split('\n')
self.assertEqual(len(lines), 22)
expected_line = ('2014-11-18T01:15:43+00:00,'
'Content Modification Time,'
'LOG,'
'Log File,'
'[---] last message repeated 5 times ---,'
'syslog,'
'OS:/tmp/test/test_data/syslog,'
'repeated')
self.assertEqual(lines[14], expected_line)
def testExportEvents(self):
"""Tests the ExportEvents function."""
storage_file_path = self._GetTestFilePath(['psort_test.plaso'])
knowledge_base_object = knowledge_base.KnowledgeBase()
output_writer = cli_test_lib.TestOutputWriter()
formatter_mediator = formatters_mediator.FormatterMediator()
formatter_mediator.SetPreferredLanguageIdentifier('en-US')
output_mediator_object = output_mediator.OutputMediator(
knowledge_base_object, formatter_mediator)
output_module = dynamic.DynamicOutputModule(output_mediator_object)
output_module.SetOutputWriter(output_writer)
configuration = configurations.ProcessingConfiguration()
storage_reader = storage_factory.StorageFactory.CreateStorageReaderForFile(
storage_file_path)
test_engine = psort.PsortMultiProcessEngine()
counter = test_engine.ExportEvents(
knowledge_base_object, storage_reader, output_module, configuration)
self.assertEqual(counter['Stored Events'], 0)
lines = []
output = output_writer.ReadOutput()
for line in output.split(b'\n'):
lines.append(line)
self.assertEqual(len(lines), 22)
expected_line = (
'2014-11-18T01:15:43+00:00,'
'Content Modification Time,'
'LOG,'
'Log File,'
'[---] last message repeated 5 times ---,'
'syslog,'
'OS:/tmp/test/test_data/syslog,'
'repeated')
self.assertEqual(lines[14], expected_line)
def testExportEvents(self):
"""Tests the ExportEvents function."""
storage_file_path = self._GetTestFilePath([u'psort_test.json.plaso'])
knowledge_base_object = knowledge_base.KnowledgeBase()
output_writer = cli_test_lib.TestOutputWriter()
formatter_mediator = formatters_mediator.FormatterMediator()
formatter_mediator.SetPreferredLanguageIdentifier(u'en-US')
output_mediator_object = output_mediator.OutputMediator(
knowledge_base_object, formatter_mediator)
output_module = dynamic.DynamicOutputModule(output_mediator_object)
output_module.SetOutputWriter(output_writer)
storage_reader = storage_zip_file.ZIPStorageFileReader(storage_file_path)
test_engine = psort.PsortMultiProcessEngine()
counter = test_engine.ExportEvents(
knowledge_base_object, storage_reader, output_module)
# TODO: refactor preprocessing object.
self.assertEqual(counter[u'Stored Events'], 0)
lines = []
output = output_writer.ReadOutput()
for line in output.split(b'\n'):
lines.append(line)
self.assertEqual(len(lines), 24)
expected_line = (
u'2016-10-16T15:13:43+00:00,'
u'mtime,'
u'FILE,'
u'OS mtime,'
u'OS:/tmp/test/test_data/syslog Type: file,'
u'filestat,'
u'OS:/tmp/test/test_data/syslog,-')
self.assertEquals(lines[14], expected_line)
def testWriteEventBody(self):
"""Tests the WriteEventBody function."""
test_file_object = io.StringIO()
output_mediator = self._CreateOutputMediator()
formatters_directory_path = self._GetTestFilePath(['formatters'])
output_mediator.ReadMessageFormattersFromDirectory(
formatters_directory_path)
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module._file_object = test_file_object
output_module.SetFields([
'date', 'time', 'timezone', 'macb', 'source', 'sourcetype', 'type',
'user', 'host', 'message_short', 'message', 'filename', 'inode',
'notes', 'format', 'extra'
])
output_module.WriteHeader()
expected_header = (
'date,time,timezone,macb,source,sourcetype,type,user,host,'
'message_short,message,filename,inode,notes,format,extra\n')
header = test_file_object.getvalue()
self.assertEqual(header, expected_header)
test_file_object.seek(0, os.SEEK_SET)
event, event_data, event_data_stream = (
containers_test_lib.CreateEventFromValues(self._TEST_EVENTS[0]))
output_module.WriteEventBody(event, event_data, event_data_stream,
None)
expected_event_body = (
'2012-06-27,18:17:01,UTC,..C.,FILE,Test log file,Metadata '
'Modification Time,-,ubuntu,Reporter <CRON> PID: 8442 '
'(pam_unix(cron:session): session closed for user root),Reporter '
'<CRON> PID: 8442 (pam_unix(cron:session): session closed for user '
'root),log/syslog.1,-,-,-,-\n')
event_body = test_file_object.getvalue()
self.assertEqual(event_body, expected_event_body)
test_file_object = io.StringIO()
output_mediator = self._CreateOutputMediator()
formatters_directory_path = self._GetTestFilePath(['formatters'])
output_mediator.ReadMessageFormattersFromDirectory(
formatters_directory_path)
output_module = dynamic.DynamicOutputModule(output_mediator)
output_module._file_object = test_file_object
output_module.SetFields(
['datetime', 'nonsense', 'hostname', 'message'])
output_module.WriteHeader()
header = test_file_object.getvalue()
self.assertEqual(header, 'datetime,nonsense,hostname,message\n')
test_file_object.seek(0, os.SEEK_SET)
event, event_data, event_data_stream = (
containers_test_lib.CreateEventFromValues(self._TEST_EVENTS[0]))
output_module.WriteEventBody(event, event_data, event_data_stream,
None)
expected_event_body = (
'2012-06-27T18:17:01.000000+00:00,-,ubuntu,Reporter <CRON> PID: 8442'
' (pam_unix(cron:session): session closed for user root)\n')
event_body = test_file_object.getvalue()
self.assertEqual(event_body, expected_event_body)
