def test_get_logger_for_server_constructs_handler_with_expected_args( mocker, monkeypatch): no_priority_syslog_handler = mocker.patch( "code42cli.logger.handlers.NoPrioritySysLogHandler.__init__") no_priority_syslog_handler.return_value = None get_logger_for_server("example.com", ServerProtocol.TCP, SendToFileEventsOutputFormat.CEF, "cert") no_priority_syslog_handler.assert_called_once_with("example.com", 514, ServerProtocol.TCP, "cert")
def test_get_logger_for_server_when_hostname_includes_port_constructs_handler_with_expected_args( mocker, no_priority_syslog_handler): no_priority_syslog_handler_wrapper = mocker.patch( "c42eventextractor.logging.handlers.NoPrioritySysLogHandlerWrapper.__init__" ) no_priority_syslog_handler_wrapper.return_value = None get_logger_for_server("example.com:999", "TCP", "CEF") no_priority_syslog_handler_wrapper.assert_called_once_with("example.com", port=999, protocol="TCP")
def test_get_logger_for_server_when_hostname_includes_port_constructs_handler_with_expected_args( mocker, ): no_priority_syslog_handler = mocker.patch( "code42cli.logger.handlers.NoPrioritySysLogHandler.__init__") no_priority_syslog_handler.return_value = None get_logger_for_server("example.com:999", ServerProtocol.TCP, SendToFileEventsOutputFormat.CEF, None) no_priority_syslog_handler.assert_called_once_with( "example.com", 999, ServerProtocol.TCP, None, )
def no_priority_syslog_handler(mocker): mock = mocker.patch( "c42eventextractor.logging.handlers.NoPrioritySysLogHandlerWrapper.handler" ) # Set handlers to empty list so it gets initialized each test get_logger_for_server("example.com", "TCP", "CEF").handlers = [] return mock
def fresh_syslog_handler(init_socket_mock): # Set handlers to empty list so it gets initialized each test get_logger_for_server( "example.com", ServerProtocol.TCP, SendToFileEventsOutputFormat.CEF, None, ).handlers = [] init_socket_mock.call_count = 0
def send_to(state, format, hostname, protocol, begin, end, advanced_query, use_checkpoint, saved_search, or_query, **kwargs): """Send events to the given server address.""" logger = get_logger_for_server(hostname, protocol, format) cursor = (_get_file_event_cursor_store(state.profile.name) if use_checkpoint else None) handlers = ext.create_send_to_handlers(state.sdk, FileEventExtractor, cursor, use_checkpoint, logger) _call_extractor(state, handlers, begin, end, or_query, advanced_query, saved_search, **kwargs) handle_no_events(not handlers.TOTAL_EVENTS and not errors.ERRORED)
def send_to( state, hostname, protocol, begin, end, event_type, actor_username, actor_user_id, actor_ip, affected_user_id, affected_username, use_checkpoint, ): """Send audit logs to the given server address in JSON format.""" logger = get_logger_for_server(hostname, protocol, "RAW-JSON") cursor = _get_audit_log_cursor_store(state.profile.name) if use_checkpoint: checkpoint_name = use_checkpoint checkpoint = cursor.get(checkpoint_name) if checkpoint is not None: begin = checkpoint events = _get_all_audit_log_events( state.sdk, begin_time=begin, end_time=end, event_types=event_type, usernames=actor_username, user_ids=actor_user_id, user_ip_addresses=actor_ip, affected_user_ids=affected_user_id, affected_usernames=affected_username, ) if use_checkpoint: checkpoint_name = use_checkpoint events = list( _dedupe_checkpointed_events_and_store_updated_checkpoint( cursor, checkpoint_name, events ) ) with warn_interrupt(): event = None for event in events: logger.info(event) if event is None: # generator was empty click.echo("No results found.")
def _try_get_logger_for_server(hostname, protocol, output_format, certs): try: return get_logger_for_server(hostname, protocol, output_format, certs) except Exception as err: raise Code42CLIError( f"Unable to connect to {hostname}. Failed with error: {err}.")
def test_get_logger_for_server_when_called_twice_only_has_one_handler(): get_logger_for_server("example.com", ServerProtocol.TCP, OutputFormat.JSON, None) logger = get_logger_for_server("example.com", ServerProtocol.TCP, SendToFileEventsOutputFormat.CEF, None) assert len(logger.handlers) == 1
def test_get_logger_for_server_when_given_raw_json_format_uses_raw_json_formatter( ): logger = get_logger_for_server("example.com", ServerProtocol.TCP, OutputFormat.RAW, None) actual = type(logger.handlers[0].formatter) assert actual == FileEventDictToRawJSONFormatter
def test_get_logger_for_server_when_given_cef_format_uses_cef_formatter(): logger = get_logger_for_server("example.com", ServerProtocol.TCP, SendToFileEventsOutputFormat.CEF, None) assert type(logger.handlers[0].formatter) == FileEventDictToCEFFormatter
def test_get_logger_for_server_has_info_level(): logger = get_logger_for_server("example.com", ServerProtocol.TCP, SendToFileEventsOutputFormat.CEF, None) assert logger.level == logging.INFO
def test_get_logger_for_server_inits_socket(init_socket_mock): get_logger_for_server("example.com", ServerProtocol.TCP, SendToFileEventsOutputFormat.CEF, None) assert init_socket_mock.call_count == 1
def test_get_logger_for_server_has_info_level(no_priority_syslog_handler): logger = get_logger_for_server("example.com", "TCP", "CEF") assert logger.level == logging.INFO
def test_get_logger_for_server_uses_no_priority_syslog_handler(): logger = get_logger_for_server("example.com", ServerProtocol.TCP, SendToFileEventsOutputFormat.CEF, None) assert type(logger.handlers[0]) == NoPrioritySysLogHandler
def test_get_logger_for_server_uses_no_priority_syslog_handler( no_priority_syslog_handler, ): logger = get_logger_for_server("example.com", "TCP", "CEF") assert logger.handlers[0] == no_priority_syslog_handler
def test_get_logger_for_server_when_called_twice_only_has_one_handler( no_priority_syslog_handler, ): get_logger_for_server("example.com", "TCP", "JSON") logger = get_logger_for_server("example.com", "TCP", "CEF") assert len(logger.handlers) == 1
def test_get_logger_for_server_when_given_raw_json_format_uses_raw_json_formatter( no_priority_syslog_handler, ): get_logger_for_server("example.com", "TCP", "RAW-JSON").handlers = [] get_logger_for_server("example.com", "TCP", "RAW-JSON") actual = type(no_priority_syslog_handler.setFormatter.call_args[0][0]) assert actual == FileEventDictToRawJSONFormatter
def test_get_logger_for_server_when_given_cef_format_uses_cef_formatter( no_priority_syslog_handler, ): get_logger_for_server("example.com", "TCP", "CEF") assert (type(no_priority_syslog_handler.setFormatter.call_args[0][0]) == FileEventDictToCEFFormatter)