def testParseWtmpFile(self):
"""Tests the Parse function on a wtmp file."""
parser = utmp.UtmpParser()
storage_writer = self._ParseFile(['wtmp.1'], parser)
number_of_events = storage_writer.GetNumberOfAttributeContainers('event')
self.assertEqual(number_of_events, 4)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 0)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetEvents())
expected_event_values = {
'date_time': '2011-12-01 17:36:38.432935',
'data_type': 'linux:utmp:event',
'exit_status': 0,
'hostname': '10.10.122.1',
'ip_address': '10.10.122.1',
'pid': 20060,
'terminal': 'pts/32',
'terminal_identifier': 842084211,
'type': 7,
'username': '******'}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testParseWtmpFile(self):
"""Tests the Parse function for an WTMP file."""
parser = utmp.UtmpParser()
storage_writer = self._ParseFile(['wtmp.1'], parser)
self.assertEqual(storage_writer.number_of_events, 4)
events = list(storage_writer.GetEvents())
event = events[0]
self.CheckTimestamp(event.timestamp, '2011-12-01 17:36:38.432935')
self.assertEqual(event.user, 'userA')
self.assertEqual(event.computer_name, '10.10.122.1')
self.assertEqual(event.terminal, 'pts/32')
self.assertEqual(event.status, 'USER_PROCESS')
self.assertEqual(event.ip_address, '10.10.122.1')
self.assertEqual(event.exit, 0)
self.assertEqual(event.pid, 20060)
self.assertEqual(event.terminal_id, 842084211)
expected_message = ('User: userA '
'Computer Name: 10.10.122.1 '
'Terminal: pts/32 '
'PID: 20060 '
'Terminal_ID: 842084211 '
'Status: USER_PROCESS '
'IP Address: 10.10.122.1 '
'Exit: 0')
expected_short_message = ('User: userA')
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
def testParseWtmpFile(self):
"""Tests the Parse function for an WTMP file."""
parser_object = utmp.UtmpParser()
test_file = self._GetTestFilePath([u'wtmp.1'])
events = self._ParseFile(parser_object, test_file)
event_objects = self._GetEventObjectsFromQueue(events)
self.assertEqual(len(event_objects), 4)
event_object = event_objects[0]
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2011-12-01 17:36:38.432935')
self.assertEqual(event_object.timestamp, expected_timestamp)
self.assertEqual(event_object.user, u'userA')
self.assertEqual(event_object.computer_name, u'10.10.122.1')
self.assertEqual(event_object.terminal, u'pts/32')
self.assertEqual(event_object.status, u'USER_PROCESS')
self.assertEqual(event_object.ip_address, u'10.10.122.1')
self.assertEqual(event_object.exit, 0)
self.assertEqual(event_object.pid, 20060)
self.assertEqual(event_object.terminal_id, 842084211)
expected_msg = (
u'User: userA '
u'Computer Name: 10.10.122.1 '
u'Terminal: pts/32 '
u'PID: 20060 '
u'Terminal_ID: 842084211 '
u'Status: USER_PROCESS '
u'IP Address: 10.10.122.1 '
u'Exit: 0')
expected_msg_short = (
u'User: userA')
self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short)
def testParseUtmpFile(self):
"""Tests the Parse function on a utmp file."""
parser = utmp.UtmpParser()
storage_writer = self._ParseFile(['utmp'], parser)
number_of_events = storage_writer.GetNumberOfAttributeContainers('event')
self.assertEqual(number_of_events, 14)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 0)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetEvents())
expected_event_values = {
'data_type': 'linux:utmp:event',
'terminal': 'system boot',
'type': 2}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
expected_event_values = {
'data_type': 'linux:utmp:event',
'type': 1}
self.CheckEventValues(storage_writer, events[1], expected_event_values)
expected_event_values = {
'date_time': '2013-12-13 14:45:09.000000',
'data_type': 'linux:utmp:event',
'exit_status': 0,
'hostname': 'localhost',
'ip_address': '0.0.0.0',
'pid': 1115,
'terminal_identifier': 52,
'terminal': 'tty4',
'type': 6,
'username': '******'}
self.CheckEventValues(storage_writer, events[2], expected_event_values)
expected_event_values = {
'date_time': '2013-12-18 22:46:56.305504',
'data_type': 'linux:utmp:event',
'exit_status': 0,
'hostname': 'localhost',
'ip_address': '0.0.0.0',
'pid': 2684,
'terminal': 'pts/4',
'terminal_identifier': 13359,
'type': 7,
'username': '******'}
self.CheckEventValues(storage_writer, events[12], expected_event_values)
def testParseWtmpFile(self):
"""Tests the Parse function on a wtmp file."""
parser = utmp.UtmpParser()
storage_writer = self._ParseFile(['wtmp.1'], parser)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 4)
events = list(storage_writer.GetEvents())
event = events[0]
self.CheckTimestamp(event.timestamp, '2011-12-01 17:36:38.432935')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.username, 'userA')
self.assertEqual(event_data.hostname, '10.10.122.1')
self.assertEqual(event_data.terminal, 'pts/32')
self.assertEqual(event_data.type, 7)
self.assertEqual(event_data.ip_address, '10.10.122.1')
self.assertEqual(event_data.exit_status, 0)
self.assertEqual(event_data.pid, 20060)
self.assertEqual(event_data.terminal_identifier, 842084211)
expected_message = (
'User: userA '
'Hostname: 10.10.122.1 '
'Terminal: pts/32 '
'PID: 20060 '
'Terminal identifier: 842084211 '
'Status: USER_PROCESS '
'IP Address: 10.10.122.1 '
'Exit status: 0')
expected_short_message = (
'User: userA '
'PID: 20060 '
'Status: USER_PROCESS')
self._TestGetMessageStrings(
event_data, expected_message, expected_short_message)
def testParseUtmpFile(self):
"""Tests the Parse function on a utmp file."""
parser = utmp.UtmpParser()
storage_writer = self._ParseFile(['utmp'], parser)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 14)
events = list(storage_writer.GetEvents())
event = events[0]
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.terminal, 'system boot')
self.assertEqual(event_data.type, 2)
event = events[1]
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.type, 1)
event = events[2]
self.CheckTimestamp(event.timestamp, '2013-12-13 14:45:09.000000')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.username, 'LOGIN')
self.assertEqual(event_data.hostname, 'localhost')
self.assertEqual(event_data.terminal, 'tty4')
self.assertEqual(event_data.type, 6)
self.assertEqual(event_data.exit_status, 0)
self.assertEqual(event_data.pid, 1115)
self.assertEqual(event_data.terminal_identifier, 52)
expected_message = ('User: LOGIN '
'Hostname: localhost '
'Terminal: tty4 '
'PID: 1115 '
'Terminal identifier: 52 '
'Status: LOGIN_PROCESS '
'IP Address: 0.0.0.0 '
'Exit status: 0')
expected_short_message = ('User: LOGIN '
'PID: 1115 '
'Status: LOGIN_PROCESS')
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
event = events[12]
self.CheckTimestamp(event.timestamp, '2013-12-18 22:46:56.305504')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.username, 'moxilo')
self.assertEqual(event_data.hostname, 'localhost')
self.assertEqual(event_data.terminal, 'pts/4')
self.assertEqual(event_data.type, 7)
self.assertEqual(event_data.exit_status, 0)
self.assertEqual(event_data.pid, 2684)
self.assertEqual(event_data.terminal_identifier, 13359)
expected_message = ('User: moxilo '
'Hostname: localhost '
'Terminal: pts/4 '
'PID: 2684 '
'Terminal identifier: 13359 '
'Status: USER_PROCESS '
'IP Address: 0.0.0.0 '
'Exit status: 0')
expected_short_message = ('User: moxilo '
'PID: 2684 '
'Status: USER_PROCESS')
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
pre_obj = event.PreprocessObject()
self._parser = utmp.UtmpParser(pre_obj, None)
def testParseUtmpFile(self):
"""Tests the Parse function for an UTMP file."""
parser = utmp.UtmpParser()
storage_writer = self._ParseFile(['utmp'], parser)
self.assertEqual(storage_writer.number_of_events, 14)
events = list(storage_writer.GetEvents())
event = events[0]
self.assertEqual(event.terminal, 'system boot')
self.assertEqual(event.status, 'BOOT_TIME')
event = events[1]
self.assertEqual(event.status, 'RUN_LVL')
event = events[2]
self.CheckTimestamp(event.timestamp, '2013-12-13 14:45:09.000000')
self.assertEqual(event.user, 'LOGIN')
self.assertEqual(event.computer_name, 'localhost')
self.assertEqual(event.terminal, 'tty4')
self.assertEqual(event.status, 'LOGIN_PROCESS')
self.assertEqual(event.exit, 0)
self.assertEqual(event.pid, 1115)
self.assertEqual(event.terminal_id, 52)
expected_message = ('User: LOGIN '
'Computer Name: localhost '
'Terminal: tty4 '
'PID: 1115 '
'Terminal_ID: 52 '
'Status: LOGIN_PROCESS '
'IP Address: localhost '
'Exit: 0')
expected_short_message = ('User: LOGIN')
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
event = events[12]
self.CheckTimestamp(event.timestamp, '2013-12-18 22:46:56.305504')
self.assertEqual(event.user, 'moxilo')
self.assertEqual(event.computer_name, 'localhost')
self.assertEqual(event.terminal, 'pts/4')
self.assertEqual(event.status, 'USER_PROCESS')
self.assertEqual(event.exit, 0)
self.assertEqual(event.pid, 2684)
self.assertEqual(event.terminal_id, 13359)
expected_message = ('User: moxilo '
'Computer Name: localhost '
'Terminal: pts/4 '
'PID: 2684 '
'Terminal_ID: 13359 '
'Status: USER_PROCESS '
'IP Address: localhost '
'Exit: 0')
expected_short_message = ('User: moxilo')
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._parser = utmp.UtmpParser()
def testParseUtmpFile(self):
"""Tests the Parse function for an UTMP file."""
parser_object = utmp.UtmpParser()
test_file = self._GetTestFilePath([u'utmp'])
events = self._ParseFile(parser_object, test_file)
event_objects = self._GetEventObjectsFromQueue(events)
self.assertEqual(len(event_objects), 14)
event_object = event_objects[0]
self.assertEqual(event_object.terminal, u'system boot')
self.assertEqual(event_object.status, u'BOOT_TIME')
event_object = event_objects[1]
self.assertEqual(event_object.status, u'RUN_LVL')
event_object = event_objects[2]
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2013-12-13 14:45:09')
self.assertEqual(event_object.timestamp, expected_timestamp)
self.assertEqual(event_object.user, u'LOGIN')
self.assertEqual(event_object.computer_name, u'localhost')
self.assertEqual(event_object.terminal, u'tty4')
self.assertEqual(event_object.status, u'LOGIN_PROCESS')
self.assertEqual(event_object.exit, 0)
self.assertEqual(event_object.pid, 1115)
self.assertEqual(event_object.terminal_id, 52)
expected_msg = (
u'User: LOGIN '
u'Computer Name: localhost '
u'Terminal: tty4 '
u'PID: 1115 '
u'Terminal_ID: 52 '
u'Status: LOGIN_PROCESS '
u'IP Address: localhost '
u'Exit: 0')
expected_msg_short = (
u'User: LOGIN')
self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short)
event_object = event_objects[12]
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2013-12-18 22:46:56.305504')
self.assertEqual(event_object.timestamp, expected_timestamp)
self.assertEqual(event_object.user, u'moxilo')
self.assertEqual(event_object.computer_name, u'localhost')
self.assertEqual(event_object.terminal, u'pts/4')
self.assertEqual(event_object.status, u'USER_PROCESS')
self.assertEqual(event_object.exit, 0)
self.assertEqual(event_object.pid, 2684)
self.assertEqual(event_object.terminal_id, 13359)
expected_msg = (
u'User: moxilo '
u'Computer Name: localhost '
u'Terminal: pts/4 '
u'PID: 2684 '
u'Terminal_ID: 13359 '
u'Status: USER_PROCESS '
u'IP Address: localhost '
u'Exit: 0')
expected_msg_short = (
u'User: moxilo')
self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short)
def setUp(self):
"""Makes preparations before running an individual test."""
self._parser = utmp.UtmpParser()
