def _dt_to_wmi(self, dt): ''' A wrapper around wmi.from_time to get a WMI-formatted time from a time struct. ''' return from_time(year=dt.year, month=dt.month, day=dt.day, hours=dt.hour, minutes=dt.minute, seconds=dt.second, microseconds=0, timezone=0)
def test_wql_eventlog_filtering(self): """ Format filters with the eventlog expected form to a comprehensive WQL `WHERE` clause. """ from checks.libs.wmi import sampler from datetime import datetime from checks.wmi_check import from_time format_filter = sampler.WMISampler._format_filter filters = [] query = {} and_props = ["mEssage"] ltypes = ["Error", "Warning"] source_names = ["MSSQLSERVER", "IIS"] log_files = ["System", "Security"] event_codes = [302, 404, 501] message_filters = ["-foo", "%bar%", "%zen%"] last_ts = datetime(2016, 1, 1, 15, 8, 24, 78915) query["TimeGenerated"] = (">=", from_time(last_ts)) query["Type"] = ("=", "footype") query["User"] = ("=", "luser") query["SourceName"] = ("=", "MSSQL") query["LogFile"] = ("=", "thelogfile") query["Type"] = [] for ltype in ltypes: query["Type"].append(("=", ltype)) query["SourceName"] = [] for source_name in source_names: query["SourceName"].append(("=", source_name)) query["LogFile"] = [] for log_file in log_files: query["LogFile"].append(("=", log_file)) query["EventCode"] = [] for code in event_codes: query["EventCode"].append(("=", code)) query["NOT Message"] = [] query["Message"] = [] for filt in message_filters: if filt[0] == "-": query["NOT Message"].append(("LIKE", filt[1:])) else: query["Message"].append(("LIKE", filt)) filters.append(query) self.assertEquals( " WHERE ( NOT Message LIKE 'foo' AND ( EventCode = '302' OR EventCode = '404' OR EventCode = '501' ) " "AND ( SourceName = 'MSSQLSERVER' OR SourceName = 'IIS' ) AND TimeGenerated >= '2016-01-01 15:08:24.078915**********.******+' " "AND User = '******' AND Message LIKE '%bar%' AND Message LIKE '%zen%' AND ( LogFile = 'System' OR LogFile = 'Security' ) " "AND ( Type = 'Error' OR Type = 'Warning' ) )", format_filter(filters, and_props), )
def test_wql_eventlog_filtering(self): """ Format filters with the eventlog expected form to a comprehensive WQL `WHERE` clause. """ from checks.libs.wmi import sampler from datetime import datetime from checks.wmi_check import from_time format_filter = sampler.WMISampler._format_filter filters = [] query = {} and_props = ['mEssage'] ltypes = ["Error", "Warning"] source_names = ["MSSQLSERVER", "IIS"] log_files = ["System", "Security"] event_codes = [302, 404, 501] message_filters = ["-foo", "%bar%", "%zen%"] last_ts = datetime(2016, 1, 1, 15, 8, 24, 78915) query['TimeGenerated'] = ('>=', from_time(last_ts)) query['Type'] = ('=', 'footype') query['User'] = ('=', 'luser') query['SourceName'] = ('=', 'MSSQL') query['LogFile'] = ('=', 'thelogfile') query['Type'] = [] for ltype in ltypes: query['Type'].append(('=', ltype)) query['SourceName'] = [] for source_name in source_names: query['SourceName'].append(('=', source_name)) query['LogFile'] = [] for log_file in log_files: query['LogFile'].append(('=', log_file)) query['EventCode'] = [] for code in event_codes: query['EventCode'].append(('=', code)) query['NOT Message'] = [] query['Message'] = [] for filt in message_filters: if filt[0] == '-': query['NOT Message'].append(('LIKE', filt[1:])) else: query['Message'].append(('LIKE', filt)) filters.append(query) self.assertEquals( " WHERE ( NOT Message LIKE 'foo' AND ( EventCode = '302' OR EventCode = '404' OR EventCode = '501' ) " "AND ( SourceName = 'MSSQLSERVER' OR SourceName = 'IIS' ) AND TimeGenerated >= '2016-01-01 15:08:24.078915**********.******+' " "AND User = '******' AND Message LIKE '%bar%' AND Message LIKE '%zen%' AND ( LogFile = 'System' OR LogFile = 'Security' ) " "AND ( Type = 'Error' OR Type = 'Warning' ) )", format_filter(filters, and_props))
def _dt_to_wmi(self, dt): return from_time(year=dt.year, month=dt.month, day=dt.day, hours=dt.hour, minutes=dt.minute, seconds=dt.second, microseconds=0, timezone=0)