def test_041_trigger_rule_untag_host(self): settings = uvmContext.eventManager().getSettings() orig_settings = copy.deepcopy(settings) new_rule = create_trigger_rule("TAG_HOST", "localAddr", "test-tag", 30, "test tag rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.clientIP+"*") settings['triggerRules']['list'] = [ new_rule ] uvmContext.eventManager().setSettings( settings ) result = remote_control.is_online() time.sleep(4) entry = uvmContext.hostTable().getHostTableEntry( remote_control.clientIP ) tag_test = entry.get('tagsString') uvmContext.eventManager().setSettings( orig_settings ) new_rule = create_trigger_rule("UNTAG_HOST", "localAddr", "test*", 30, "test tag rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.clientIP+"*") settings['triggerRules']['list'] = [ new_rule ] uvmContext.eventManager().setSettings( settings ) result = remote_control.is_online() time.sleep(4) entry = uvmContext.hostTable().getHostTableEntry( remote_control.clientIP ) tag_test2 = entry.get('tagsString') uvmContext.eventManager().setSettings( orig_settings ) assert( tag_test != None ) assert( "test-tag" in tag_test ) assert( tag_test2 == None or "test-tag" not in tag_test2)
def test_050_alert_rule(self): settings = uvmContext.eventManager().getSettings() orig_settings = copy.deepcopy(settings) new_rule = create_alert_rule("test alert rule", "class", "=", "*SessionEvent*", "localAddr", "=", "*"+remote_control.clientIP+"*") settings['alertRules']['list'].append( new_rule ) uvmContext.eventManager().setSettings( settings ) result = remote_control.is_online() time.sleep(4) events = global_functions.get_events('Events','Alert Events',None,10) found = global_functions.check_events( events.get('list'), 5, 'description', 'test alert rule' ) uvmContext.eventManager().setSettings( orig_settings ) assert(events != None) assert ( found )
def test_040_remote_syslog(self): if (not can_syslog): raise unittest2.SkipTest('Unable to syslog through ' + syslog_server_host) firewall_app = None if (uvmContext.appManager().isInstantiated("firewall")): print("App %s already installed" % "firewall") firewall_app = uvmContext.appManager().app("firewall") else: firewall_app = uvmContext.appManager().instantiate( "firewall", default_policy_id) # Install firewall rule to generate syslog events rules = firewall_app.getRules() rules["list"].append( create_firewall_rule("SRC_ADDR", remote_control.clientIP)) firewall_app.setRules(rules) rules = firewall_app.getRules() # Get rule ID for rule in rules['list']: if rule['enabled'] and rule['block']: targetRuleId = rule['ruleId'] break # Setup syslog to send events to syslog host in /config/events/syslog syslogSettings = uvmContext.eventManager().getSettings() syslogSettings["syslogEnabled"] = True syslogSettings["syslogPort"] = 514 syslogSettings["syslogProtocol"] = "UDP" syslogSettings["syslogHost"] = syslog_server_host uvmContext.eventManager().setSettings(syslogSettings) # create some traffic (blocked by firewall and thus create a syslog event) today = datetime.now() timestamp = today.strftime('%Y-%m-%d %H:%M') result = remote_control.is_online(tries=1) # flush out events app.flushEvents() # remove the firewall rule aet syslog back to original settings app.setSettings(orig_settings) rules["list"] = [] firewall_app.setRules(rules) # remove firewall if firewall_app != None: uvmContext.appManager().destroy( firewall_app.getAppSettings()["id"]) firewall_app = None # parse the output and look for a rule that matches the expected values tries = 5 found_count = 0 strings_to_find = [ '\"blocked\":true', str('\"ruleId\":%i' % targetRuleId), str('\"timeStamp\":\"%s' % timestamp) ] num_string_find = len(strings_to_find) while (tries > 0 and found_count < num_string_find): # get syslog results on server rsyslogResult = remote_control.run_command( "sudo tail -n 200 /var/log/syslog | grep 'FirewallEvent'", host=syslog_server_host, stdout=True) tries -= 1 for line in rsyslogResult.splitlines(): print("\nchecking line: %s " % line) found_count = 0 for string in strings_to_find: if not string in line: print("missing: %s" % string) # continue break else: found_count += 1 print("found: %s" % string) # break if all the strings have been found. if found_count == num_string_find: break time.sleep(2) # Disable syslog syslogSettings = uvmContext.eventManager().getSettings() syslogSettings["syslogEnabled"] = False uvmContext.eventManager().setSettings(syslogSettings) assert (found_count == num_string_find)