def test_aggregated_records_custom(self):
# Aggregate by interface_id
messages = [
SAMPLE_RECORDS[1],
SAMPLE_RECORDS[2].replace('REJECT', 'ACCEPT'),
]
all_records = (FlowRecord.from_message(x) for x in messages)
key_fields = ('interface_id', 'srcaddr', 'srcport', 'dstport')
results = aggregated_records(all_records, key_fields=key_fields)
actual = sorted(results, key=lambda x: x['interface_id'])
expected = [
{
'srcaddr': '192.0.2.1',
'srcport': 49152,
'interface_id': 'eni-102010ab',
'dstport': 443,
'start': datetime(2015, 8, 12, 13, 47, 44),
'end': datetime(2015, 8, 12, 13, 47, 45),
'packets': 20,
'bytes': 1680,
},
{
'srcaddr': '192.0.2.1',
'srcport': 49152,
'interface_id': 'eni-102010cd',
'dstport': 443,
'start': datetime(2015, 8, 12, 13, 47, 43),
'end': datetime(2015, 8, 12, 13, 47, 46),
'packets': 20,
'bytes': 1680,
},
]
self.assertEqual(actual, expected)
def test_aggregated_records_custom(self):
# Aggregate by interface_id
messages = [
SAMPLE_RECORDS[1],
SAMPLE_RECORDS[2].replace('REJECT', 'ACCEPT'),
]
all_records = (FlowRecord.from_message(x) for x in messages)
key_fields = ('interface_id', 'srcaddr', 'srcport', 'dstport')
results = aggregated_records(all_records, key_fields=key_fields)
actual = sorted(results, key=lambda x: x['interface_id'])
expected = [
{
'srcaddr': '192.0.2.1',
'srcport': 49152,
'interface_id': 'eni-102010ab',
'dstport': 443,
'start': datetime(2015, 8, 12, 13, 47, 44),
'end': datetime(2015, 8, 12, 13, 47, 45),
'packets': 20,
'bytes': 1680,
},
{
'srcaddr': '192.0.2.1',
'srcport': 49152,
'interface_id': 'eni-102010cd',
'dstport': 443,
'start': datetime(2015, 8, 12, 13, 47, 43),
'end': datetime(2015, 8, 12, 13, 47, 46),
'packets': 20,
'bytes': 1680,
},
]
self.assertEqual(actual, expected)
def test_aggregated_records(self):
# Aggregate by 5-tuple by default
events = [
{
'message': V2_RECORDS[0]
},
{
'message': V2_RECORDS[1]
},
{
'message': V2_RECORDS[2].replace('REJECT', 'ACCEPT')
},
{
'message': V2_RECORDS[3]
},
]
all_records = (FlowRecord.from_cwl_event(x) for x in events)
results = aggregated_records(all_records)
actual = sorted(results, key=lambda x: x['srcaddr'])
expected = [
{
'srcaddr': '192.0.2.1',
'srcport': 49152,
'dstaddr': '198.51.100.1',
'dstport': 443,
'protocol': 6,
'start': datetime(2015, 8, 12, 13, 47, 43),
'end': datetime(2015, 8, 12, 13, 47, 46),
'packets': 40,
'bytes': 3360,
},
{
'srcaddr': '198.51.100.1',
'srcport': 443,
'dstaddr': '192.0.2.1',
'dstport': 49152,
'protocol': 6,
'start': datetime(2015, 8, 12, 13, 47, 43),
'end': datetime(2015, 8, 12, 13, 47, 44),
'packets': 10,
'bytes': 840,
},
]
self.assertEqual(actual, expected)
def test_aggregated_records(self):
# Aggregate by 5-tuple by default
messages = [
SAMPLE_RECORDS[0],
SAMPLE_RECORDS[1],
SAMPLE_RECORDS[2].replace('REJECT', 'ACCEPT'),
SAMPLE_RECORDS[3],
]
all_records = (FlowRecord.from_message(x) for x in messages)
results = aggregated_records(all_records)
actual = sorted(results, key=lambda x: x['srcaddr'])
expected = [
{
'srcaddr': '192.0.2.1',
'srcport': 49152,
'dstaddr': '198.51.100.1',
'dstport': 443,
'protocol': 6,
'start': datetime(2015, 8, 12, 13, 47, 43),
'end': datetime(2015, 8, 12, 13, 47, 46),
'packets': 40,
'bytes': 3360,
},
{
'srcaddr': '198.51.100.1',
'srcport': 443,
'dstaddr': '192.0.2.1',
'dstport': 49152,
'protocol': 6,
'start': datetime(2015, 8, 12, 13, 47, 43),
'end': datetime(2015, 8, 12, 13, 47, 44),
'packets': 10,
'bytes': 840,
},
]
self.assertEqual(actual, expected)