def testRandomEvents(self):
g = event.EventGenerator()
events = g.randomEvents(100)
inputqueue = Queue.Queue(1000)
outputqueue = Queue.Queue(1000)
for e in events:
outputqueue.put(e)
self.config.input = [{'source': "tcp:port=3003", 'translator': "xml"}]
self.config.output = [{
'sink': "tcp:host=localhost:port=3003",
'translator': "xml"
}]
source = TCPSource(0, self.config, self.logger, inputqueue)
sink = TCPSink(0, self.config, self.logger, outputqueue)
source.start()
sink.start()
outputqueue.join()
sink.finish()
sink.join()
source.finish()
source.join()
self.assert_(outputqueue.qsize() == 0)
self.assert_(inputqueue.qsize() == 100)
self.assert_(events[0].id == inputqueue.queue[0].id)
self.assert_(events[99].id == inputqueue.queue[99].id)
def test_event_name(self):
g = event.EventGenerator()
events = g.randomEvents(100)
for i in range(15):
events[i].name = "FOO"
name_is_FOO = rulecomponents.event_name("FOO")
self.assert_(len(name_is_FOO(query_events=events)) == 15)
def test_event_host(self):
g = event.EventGenerator()
events = g.randomEvents(100)
for i in range(15):
events[i].host = "FOO"
host_is_foo = rulecomponents.event_host(lambda **kwargs: "FOO")
self.assert_(len(host_is_foo(query_events=events)) == 15)
def test_event_min_age(self):
g = event.EventGenerator()
events = g.randomEvents(100)
events[10].creation -= 200
events[11].creation -= 200
min_age = rulecomponents.event_min_age(100)
self.assert_(len(min_age(query_events=events)) == 2)
def test_is_trigger(self):
g = event.EventGenerator()
events = g.randomEvents(100)
is_trigger = rulecomponents.is_trigger
trigger = is_trigger(query_events=events, trigger=events[42])
no_trigger = is_trigger(query_events=events, trigger=g.randomEvent())
self.assert_(len(trigger) == 1)
self.assert_(trigger[0] == events[42])
self.assert_(len(no_trigger) == 0)
def setUp(self):
self.config = configuration.Config()
self.logger = logging.Logger(self.config)
self.evgen = event.EventGenerator()
self.ticker = None
self.cache = cache.EventCache(self.config, self.logger, self.ticker)
self.cm = contexts.ContextManager(self.config, self.logger,
self.ticker, self.cache)
self.eh = TestEventHandler()
def testRandomEventGenerator(self):
"""
random events should be generated without any problems, and they should
all have different IDs
"""
g = event.EventGenerator()
events = g.randomEvents(1000)
ids = [e.id for e in events]
self.assert_(len(set(ids)) == 1000)
def test_event_status(self):
g = event.EventGenerator()
events = g.randomEvents(100)
for i in range(100):
if i < 15:
events[i].status = "active"
else:
events[i].status = "inactive"
status_is_active = rulecomponents.event_status("active")
self.assert_(len(status_is_active(query_events=events)) == 15)
def test_event_type(self):
g = event.EventGenerator()
events = g.randomEvents(100)
for i in range(100):
if i < 15:
events[i].type = "raw"
else:
events[i].type = "compressed"
type_is_raw = rulecomponents.event_type("raw")
self.assert_(len(type_is_raw(query_events=events)) == 15)
def test_event_attribute_regexp(self):
g = event.EventGenerator()
events = g.randomEvents(100)
events[10].setAttribute("foo", "bar")
events[11].setAttribute("foo", "baar")
events[12].setAttribute("foo", "bahr")
attr_foo_matches_bar = rulecomponents.event_attribute(
"foo", None, "re", "^baa?r$")
self.assert_(len(attr_foo_matches_bar(query_events=events)) == 2)
self.assert_(
attr_foo_matches_bar(query_events=events)[1] == events[11])
def test_event_class(self):
g = event.EventGenerator()
events = g.randomEvents(100)
events[42].name = "FOO"
events[43].name = "BAR"
classes = {"FOO": set(["bar", "baz"]), "BAR": set(["bar"])}
rulemanager = TestRuleManager(classes=classes)
event_class = rulecomponents.event_class("baz")
evts = event_class(query_events=events, rulemanager=rulemanager)
self.assert_(len(evts) == 1)
self.assert_(evts[0] == events[42])
def test_in_context(self):
g = event.EventGenerator()
events = g.randomEvents(100)
events[42].addDelayContext("foo", "a")
events[43].addCacheContext("foo", "a")
events[44].addCacheContext("foo", "b")
events[45].addDelayContext("bar", "a")
in_ctx = rulecomponents.in_context("foo", lambda **kwargs: "a")
evnts = in_ctx(query_events=events)
self.assert_(len(evnts) == 2)
self.assert_(evnts[0] == events[42])
self.assert_(evnts[1] == events[43])
def test_complement(self):
g = event.EventGenerator()
events = g.randomEvents(100)
cache = TestCache(events)
for i in range(15):
events[i].host = "FOO"
host_is_foo = rulecomponents.event_host(lambda **kwargs: "FOO")
complement = rulecomponents.complement(host_is_foo)
self.assert_(len(complement(cache=cache, query_events=events)) == 85)
self.assert_(
sorted(complement(cache=cache, query_events=events)) == sorted(
events[15:100]))
def test_trigger_match(self):
g = event.EventGenerator()
e = g.randomEvent()
e.host = "FOO"
e.name = "BAR"
host_is_foo = rulecomponents.event_host(lambda **kwargs: "FOO")
name_is_bar = rulecomponents.event_name("BAR")
both = rulecomponents.trigger_match([host_is_foo, name_is_bar])
none = rulecomponents.trigger_match([])
self.assert_(both(trigger=e) == True)
self.assert_(none(trigger=e) == True)
e.name = "FOO"
self.assert_(both(trigger=e) == False)
def test_last_of(self):
g = event.EventGenerator()
events = g.randomEvents(100)
events[42].creation += 100
events[43].arrival += 100
last_of_creation = rulecomponents.last_of(
"creation", lambda **kwargs: kwargs['query_events'])
last_of_arrival = rulecomponents.last_of(
"arrival", lambda **kwargs: kwargs['query_events'])
creation_last = last_of_creation(query_events=events)
arrival_last = last_of_arrival(query_events=events)
self.assert_(creation_last == [events[42]])
self.assert_(arrival_last == [events[43]])
def test_union(self):
g = event.EventGenerator()
events = g.randomEvents(100)
for i in range(15):
events[i].host = "FOO"
for i in range(5, 20):
events[i].name = "BAR"
host_is_foo = rulecomponents.event_host(lambda **kwargs: "FOO")
name_is_bar = rulecomponents.event_name("BAR")
both = rulecomponents.union([host_is_foo, name_is_bar])
all = rulecomponents.union([])
self.assert_(len(both(query_events=events)) == 20)
self.assert_(sorted(both(query_events=events)) == sorted(events[0:20]))
self.assert_(len(all(query_events=events)) == 100)
def test_first_of(self):
g = event.EventGenerator()
events = g.randomEvents(100)
cache = TestCache(events)
events[42].creation -= 10
events[43].arrival -= 10
first_of_creation = rulecomponents.first_of(
"creation", lambda **kwargs: kwargs['query_events'])
first_of_arrival = rulecomponents.first_of(
"arrival", lambda **kwargs: kwargs['query_events'])
creation_first = first_of_creation(query_events=events)
arrival_first = first_of_arrival(query_events=events)
self.assert_(creation_first == [events[42]])
self.assert_(arrival_first == [events[43]])
def test_match_query(self):
g = event.EventGenerator()
events = g.randomEvents(100)
events[42].host = "FOO"
cache = TestCache(events)
query = rulecomponents.event_query(
[rulecomponents.event_host(lambda **kwargs: "FOO")], None,
"creation")
queries = {"foo": {"bar": [query]}}
rulemanager = TestRuleManager(queries=queries)
match_query = rulecomponents.match_query("foo", "bar")
evts = match_query(cache=cache,
query_events=[],
rulemanager=rulemanager)
self.assert_(len(evts) == 1)
self.assert_(evts[0] == events[42])
def test_event_attribute(self):
g = event.EventGenerator()
events = g.randomEvents(100)
for i in range(15):
events[i].setAttribute("foo", "bar")
attr_foo_is_bar = rulecomponents.event_attribute(
"foo", lambda **kwargs: "bar", "eq")
self.assert_(len(attr_foo_is_bar(query_events=events)) == 15)
for i in range(10, 20):
events[i].setAttribute("foo", str(i))
attr_foo_is_ge15 = rulecomponents.event_attribute(
"foo", lambda **kwargs: "15", "ge")
attr_foo_is_le10 = rulecomponents.event_attribute(
"foo", lambda **kwargs: "10", "le")
self.assert_(len(attr_foo_is_ge15(query_events=events)) == 5)
self.assert_(attr_foo_is_le10(query_events=events)[0] == events[10])
def test_unique_by(self):
g = event.EventGenerator()
events = g.randomEvents(100)
for e in events:
e.host = "TEST"
events[42].creation -= 100
events[42].host = "FOO"
events[43].creation += 100
events[43].host = "FOO"
events[44].arrival -= 100
events[44].host = "FOO"
events[45].arrival += 100
events[45].host = "FOO"
unique_by_creation_first = rulecomponents.unique_by(
"host", "creation", "first",
lambda **kwargs: kwargs['query_events'])
unique_by_creation_last = rulecomponents.unique_by(
"host", "creation", "last",
lambda **kwargs: kwargs['query_events'])
unique_by_arrival_first = rulecomponents.unique_by(
"host", "arrival", "first",
lambda **kwargs: kwargs['query_events'])
unique_by_arrival_last = rulecomponents.unique_by(
"host", "arrival", "last", lambda **kwargs: kwargs['query_events'])
events_unique_creation_first = unique_by_creation_first(
query_events=events)
events_unique_creation_last = unique_by_creation_last(
query_events=events)
events_unique_arrival_first = unique_by_arrival_first(
query_events=events)
events_unique_arrival_last = unique_by_arrival_last(
query_events=events)
# number of selected events
self.assert_(len(events_unique_creation_first) == 2)
self.assert_(len(events_unique_creation_last) == 2)
self.assert_(len(events_unique_arrival_first) == 2)
self.assert_(len(events_unique_arrival_last) == 2)
# event with host FOO
fooevent = lambda evts: [e for e in evts if e.host == "FOO"][0]
self.assert_(fooevent(events_unique_creation_first) == events[42])
self.assert_(fooevent(events_unique_creation_last) == events[43])
self.assert_(fooevent(events_unique_arrival_first) == events[44])
self.assert_(fooevent(events_unique_arrival_last) == events[45])
# empty list
empty = unique_by_creation_first(query_events=[])
self.assert_(len(empty) == 0)
def test_unique_by_attribute(self):
g = event.EventGenerator()
events = g.randomEvents(100)
events[42].setAttribute("foo", "bar")
events[42].creation -= 100
events[43].setAttribute("foo", "bar")
events[44].setAttribute("foo", "bar")
events[45].setAttribute("foo", "baz")
unique_by_attribute_foo = rulecomponents.unique_by(
"attributes.foo", "creation", "first",
lambda **kwargs: kwargs['query_events'])
unique_events = unique_by_attribute_foo(query_events=events)
# event with host FOO
self.assert_(len(unique_events) == 3) # "bar", "baz" and ""
barevent = lambda evts: [
e for e in evts if e.getAttribute("foo") == "bar"
][0]
self.assert_(barevent(unique_events) == events[42])
def testRandomEvents(self): g = event.EventGenerator() out_trans = xmloutputtranslator.XMLTranslator(0, self.config, self.logger) in_trans = xmlinputtranslator.XMLTranslator(0, self.config, self.logger) events = g.randomEvents(100) xmlstring = constants.EVENT_TAG_EVENTS_START for e in events: xmlstring += out_trans.translate(e) xmlstring += constants.EVENT_TAG_EVENTS_END events2 = [] for e in in_trans.translate(xmlstring): events2.append(e) self.assert_(len(events)==len(events2)) for i in range(len(events)): events2[i].arrival = events[i].arrival events2[i].cachetime = events[i].cachetime events2[i].delaytime = events[i].delaytime self.assert_(events[i].__dict__==events2[i].__dict__)
def testRandomEvents(self):
g = event.EventGenerator()
out_trans = EventPickler(0, self.config, self.logger)
in_trans = EventUnpickler(0, self.config, self.logger)
events = g.randomEvents(1000)
s = ""
for e in events:
s += out_trans.translate(e)
events2 = []
for e in in_trans.translate(s[:50]):
events2.append(e)
for e in in_trans.translate(s[50:100]):
events2.append(e)
for e in in_trans.translate(s[100:]):
events2.append(e)
self.assert_(len(events) == len(events2))
for i in range(len(events)):
events2[i].arrival = events[i].getArrivalTime()
events2[i].delaytime = events[i].delaytime
events2[i].cachetime = events[i].cachetime
self.assert_(events[i].__dict__ == events2[i].__dict__)
def test_count(self):
g = event.EventGenerator()
events = g.randomEvents(20)
for i in range(10):
events[i].host = 'test'
event_query = lambda **kwargs: [
x for x in kwargs['events'] if x.host == 'test'
]
eq10 = rulecomponents.count(10, op="eq", query=event_query)
eq11 = rulecomponents.count(11, op="eq", query=event_query)
ge9 = rulecomponents.count(9, op="ge", query=event_query)
ge10 = rulecomponents.count(10, op="ge", query=event_query)
ge11 = rulecomponents.count(11, op="ge", query=event_query)
le9 = rulecomponents.count(9, op="le", query=event_query)
le10 = rulecomponents.count(10, op="le", query=event_query)
le11 = rulecomponents.count(11, op="le", query=event_query)
self.assertTrue(eq10(events=events))
self.assertFalse(eq11(events=events))
self.assertTrue(ge9(events=events))
self.assertTrue(ge10(events=events))
self.assertFalse(ge11(events=events))
self.assertFalse(le9(events=events))
self.assertTrue(le10(events=events))
self.assertTrue(le11(events=events))
def setUp(self):
self.config = configuration.Config()
self.logger = logging.Logger(self.config)
EventLogger = action_plugins.get_plugin("logevents")
self.eventlogger = EventLogger(None, None, None)
self.evgen = event.EventGenerator()
