def test_parse(self): data = '<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - BOM\'su root\' failed for lonvick on /dev/pts/8' parsed = Parse(data) self.assertTrue(isinstance(parsed, Parsed)) self.assertEqual(parsed.standard, 'Syslog 3164') data = '<34>1 2013-08-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM\'su root\' failed for lonvick on /dev/pts/8' parsed = Parse(data) self.assertTrue(isinstance(parsed, Parsed)) self.assertEqual(parsed.standard, 'Syslog 5424')
def test_new(self): user = User.new( name=u'Test user ø', email='*****@*****.**', ) store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5asd' )) Log_group.add(store) group = Log_group.get(message_hash=store.message_hash) self.assertTrue( Log_group_event.new( log_group_id=group.id, user_id=user.id, message=u'Test event', )) self.assertTrue( Log_group_event.new( log_group_id=group.id, user_id=user.id, message=u'Test event 2', )) events = Log_group_events.get(log_group_id=group.id) self.assertEqual(len(events), 2) self.assertEqual(events[0].user.id, user.id)
def test_count_limit(self): store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå' )) self.assertEqual(store.count_limit(50), 1) self.assertEqual(store.count_limit(51), 2)
def test_time_limit(self): store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå' )) self.assertEqual(store.time_limit(12345), 1) self.assertEqual(store.time_limit(1), 10000) self.assertEqual(store.time_limit(60), 60)
def test_should_sample(self): store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå' )) self.assertTrue(store.should_sample(times_seen=2, last_seen=None)) self.assertTrue(store.should_sample(times_seen=50, last_seen=None)) self.assertFalse(store.should_sample(times_seen=51, last_seen=None)) self.assertTrue(store.should_sample(times_seen=52, last_seen=None))
def test_save(self): filter_ = self.get_filter() store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå' ), [filter_]) self.assertStore(store, True) # Lets test if it works with some unicode letters! store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su: Rød grød med fløde' ), [filter_]) self.assertStore(store, True) # Here comes a bullshit log message store = Store(Parse(u'I' 'm a bullshit log message...'), [filter_]) self.assertStore(store, False)
def test_get_save_filters(self): filter1 = self.get_filter() filter2 = self.get_filter() filter2.data['store'] = False store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå' ), [filter1, filter2]) save_filters = store.get_save_filters() self.assertEqual(len(save_filters), 1)
def test_set_events(self): filter_ = Filter.new(u'Test filter ø', data_yaml='store: true') store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå' ), [filter_]) store.save() Log_group.update_status( id_=store.log_group.id, status=constants.STATUS_RESOLVED, reopened=None, ) store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå' ), [filter_]) store.save() self.assertEqual(Mock_log_group_event.message, 'reopened this log group')
def test_update(self): store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5' )) group = Log_group.add(store) filter_ = Filter.new(name=u'Test filter ø', data_yaml='') Times_seen_by_minute.update( log_group_id=group.id, filter_id=filter_.id, ) minutes = Times_seen_by_minute.get_by_log_group_id( log_group_id=group.id) self.assertEqual(len(minutes), 1) self.assertEqual(minutes[0].times_seen, 1)
def test_check_filter_warning(self): with new_session() as session: session.query(models.Filter).delete() filter1 = Filter.new( u'Test filter 1', yaml.safe_dump({ 'rate_warning': { 'enabled': True, 'min_logs': 100, 'threshold': 500, } })) store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5123' )) group1 = Log_group.add(store) # create some intervals intervals = 20 now = datetime.utcnow() for i in xrange(1, intervals): Times_seen_by_minute.update( log_group_id=group1.id, filter_id=filter1.id, when=normalize_datetime(now - timedelta( minutes=(i * MINUTE_NORMALIZATION))), inc=1000 + 10 * i, ) # create what would look like a lot of new messages in a short time. This should be enough to trigger then warning notification. when = datetime.utcnow() - timedelta(minutes=1, seconds=30) Times_seen_by_minute.update( log_group_id=group1.id, filter_id=filter1.id, when=when, inc=1000, ) filters_to_check = Filter_warning.get_filters_to_check() self.assertTrue( Filter_warning.check_filter_warning(filters_to_check[0]), )
def test_check(self): with new_session() as session: session.query(models.Filter).delete() filter1 = Filter.new( u'Test filter 1', yaml.safe_dump({'inactivity': { 'enabled': True, 'minutes': 15, }})) store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5' )) group1 = Log_group.add(store) group1 = Log_group.get(message_hash=store.message_hash) when = datetime.utcnow() - timedelta(minutes=16) Times_seen_by_minute.update( log_group_id=group1.id, filter_id=filter1.id, when=when, ) self.assertTrue(Filter_inactivity.check())
def test_add(self): store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5' )) group = Log_group.add(store) group = Log_group.get(message_hash=store.message_hash) self.assertTrue( Server_count.add( log_group_id=group.id, name=store.hostname, )) self.assertTrue( Server_count.add( log_group_id=group.id, name=store.hostname, )) servers = Servers_count.get(log_group_id=group.id) self.assertEqual(len(servers), 1) self.assertEqual(servers[0].name, store.hostname) self.assertEqual(servers[0].count, 2)
def test_get_filters_to_check(self): with new_session() as session: session.query(models.Filter).delete() ''' Checks that `get_filters_to_check` only returns those filters that has been active in the latests interval. ''' filter1 = Filter.new( u'Test filter 1', yaml.safe_dump({ 'rate_warning': { 'enabled': True, 'min_logs': 100, 'threshold': 500, } })) filter2 = Filter.new( u'Test filter 1', yaml.safe_dump({ 'rate_warning': { 'enabled': True, 'min_logs': 100, 'threshold': 500, } })) store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5' )) group1 = Log_group.add(store) group1 = Log_group.get(message_hash=store.message_hash) store = Store( Parse( u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5' )) group2 = Log_group.add(store) group2 = Log_group.get(message_hash=store.message_hash) # add som info that should not show up in the list we have to check for warnings. when = datetime.utcnow() - timedelta(minutes=MINUTE_NORMALIZATION) Times_seen_by_minute.update( log_group_id=group1.id, filter_id=filter1.id, when=when, inc=25, ) when = datetime.utcnow() - timedelta(minutes=10, seconds=30) # checks that the filters groups correctly Times_seen_by_minute.update( log_group_id=group1.id, filter_id=filter1.id, when=when, inc=1000, ) Times_seen_by_minute.update( log_group_id=group2.id, filter_id=filter1.id, when=when, inc=150, ) # there should not be enough messages received for this filter to be checked for alerts. Times_seen_by_minute.update( log_group_id=group1.id, filter_id=filter2.id, when=when, inc=1000, ) now = datetime.utcnow() from_date = now - timedelta(minutes=MINUTE_NORMALIZATION) filters_to_check = Filter_warning.get_filters_to_check() self.assertTrue(len(filters_to_check) > 0) self.assertEqual(filters_to_check[0].normalized_count, 100) return filters_to_check