def test_upload(self):
file1 = self.tempdir + '/eve.json.foo.archived'
file2 = self.tempdir + '/eve.json.bar.archived'
ignored = self.tempdir + '/ignored'
with open(file1, 'w'):
pass
with open(file2, 'w'):
pass
with open(ignored, 'w'):
pass
now = datetime(2015, 3, 12)
watcher = SuricataAlertWatcher(log_dir=self.tempdir)
watcher.api = MagicMock()
watcher.api.send_file.return_value = 'send_destination'
watcher._upload(now)
self.assertFalse(path.exists(file1))
self.assertFalse(path.exists(file2))
self.assertTrue(path.exists(ignored))
self.assertItemsEqual(watcher.api.send_file.call_args_list, [
call('logs', file1, now, suffix='suricata'),
call('logs', file2, now, suffix='suricata'),
])
watcher.api.send_signal.assert_called_with('logs', {
'path': 'send_destination',
'utcoffset': 0,
'log_type': 'suricata',
'ip': '10.1.1.1',
})
self.assertEquals(len(watcher.api.send_signal.call_args_list), 2)
def test_rotate_then_upload(self, mock_check_output):
logfile = self.tempdir + '/eve.json'
with open(logfile, 'w'):
pass
after_rename = '{}.{}.archived'.format(logfile, '12345678')
mock_check_output.return_value = 0
mock_check_output.side_effect = rename(logfile, after_rename)
now = datetime(2015, 3, 12)
watcher = SuricataAlertWatcher(log_dir=self.tempdir)
watcher.api = MagicMock()
watcher.api.send_file.return_value = 'send_destination'
watcher._rotate_logs()
self.assertFalse(path.exists(logfile))
self.assertTrue(path.exists(after_rename))
watcher._upload(now)
self.assertFalse(path.exists(after_rename))
self.assertEquals(watcher.api.send_file.call_args_list, [
call('logs', after_rename, now, suffix='suricata'),
])
self.assertEquals(watcher.api.send_signal.call_args_list, [
call('logs', {
'path': 'send_destination',
'utcoffset': 0,
'log_type': 'suricata',
'ip': '10.1.1.1',
})
])
def test_upload_compressed(self):
watcher = SuricataAlertWatcher(log_dir=self.tempdir)
watcher.api = MagicMock()
# Write some fake data
outfile_name = '{}.12345678.archived'.format(SURICATA_LOGNAME)
outfile_path = path.join(self.tempdir, outfile_name)
with io.open(outfile_path, 'w') as outfile:
print(u'I am but a meer cat.', file=outfile)
# Make the call
now = datetime.now()
watcher._upload(now, compress=True)
# Ensure API calls are correct
watcher.api.send_file.assert_called_once_with(
'logs',
'{}.gz'.format(outfile_path),
now,
suffix='suricata'
)
self.assertEqual(watcher.api.send_signal.call_count, 1)
# Ensure that directory was cleaned up
self.assertEqual(glob(path.join(self.tempdir, '*.*')), [])
def test_upload_nothing(self):
now = datetime(2015, 3, 12)
watcher = SuricataAlertWatcher(log_dir=self.tempdir)
watcher.api = MagicMock()
watcher.api.send_file.return_value = 'send_destination'
watcher._upload(now)
self.assertEquals(watcher.api.send_file.call_args_list, [])
self.assertEquals(watcher.api.call_args_list, [])
