def testProcess(self): """Tests the Process function.""" plugin = srum.SystemResourceUsageMonitorESEDBPlugin() storage_writer = self._ParseESEDBFileWithPlugin(['SRUDB.dat'], plugin) # TODO: confirm this is working as intended. Also see: #2134 self.assertEqual(storage_writer.number_of_warnings, 2) self.assertEqual(storage_writer.number_of_events, 18543) events = list(storage_writer.GetSortedEvents()) data_types = collections.Counter() for event in events: event_data = self._GetEventDataOfEvent(storage_writer, event) data_types[event_data.data_type] += 1 self.assertEqual(len(data_types.keys()), 3) self.assertEqual(data_types['windows:srum:application_usage'], 16183) self.assertEqual(data_types['windows:srum:network_connectivity'], 520) self.assertEqual(data_types['windows:srum:network_usage'], 1840) # Test event with data type windows:srum:application_usage expected_event_values = { 'application': 'Memory Compression', 'data_type': 'windows:srum:application_usage', 'identifier': 22167, 'timestamp': '2017-11-05 11:32:00.000000', 'timestamp_desc': definitions.TIME_DESCRIPTION_SAMPLE } self.CheckEventValues(storage_writer, events[92], expected_event_values) # Test event with data type windows:srum:network_connectivity expected_event_values = { 'application': 1, 'data_type': 'windows:srum:network_connectivity', 'identifier': 501, 'timestamp': '2017-11-05 10:30:48.167971', 'timestamp_desc': definitions.TIME_DESCRIPTION_FIRST_CONNECTED } self.CheckEventValues(storage_writer, events[2], expected_event_values) # Test event with data type windows:srum:network_usage expected_event_values = { 'application': 'DiagTrack', 'bytes_sent': 2076, 'data_type': 'windows:srum:network_usage', 'identifier': 3495, 'interface_luid': 1689399632855040, 'timestamp': '2017-11-05 11:32:00.000000', 'timestamp_desc': definitions.TIME_DESCRIPTION_SAMPLE, 'user_identifier': 'S-1-5-18' } self.CheckEventValues(storage_writer, events[8], expected_event_values)
def testProcess(self): """Tests the Process function.""" plugin = srum.SystemResourceUsageMonitorESEDBPlugin() storage_writer = self._ParseESEDBFileWithPlugin(['SRUDB.dat'], plugin) # TODO: confirm this is working as intended. Also see: #2134 self.assertEqual(storage_writer.number_of_warnings, 2) self.assertEqual(storage_writer.number_of_events, 18543) events = list(storage_writer.GetSortedEvents()) data_types = collections.Counter() for event in events: data_types[event.data_type] += 1 self.assertEqual(len(data_types.keys()), 3) self.assertEqual(data_types['windows:srum:application_usage'], 16183) self.assertEqual(data_types['windows:srum:network_connectivity'], 520) self.assertEqual(data_types['windows:srum:network_usage'], 1840) # Test event with data type windows:srum:application_usage event = events[21] self.CheckTimestamp(event.timestamp, '2017-11-05 11:32:00.000000') self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_SAMPLE) self.assertEqual(event.data_type, 'windows:srum:application_usage') self.assertEqual(event.identifier, 22167) expected_message = ('Application: Memory Compression') expected_short_message = 'Memory Compression' self._TestGetMessageStrings(event, expected_message, expected_short_message) # Test event with data type windows:srum:network_connectivity event = events[0] self.CheckTimestamp(event.timestamp, '2017-11-05 10:30:48.167971') self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_FIRST_CONNECTED) self.assertEqual(event.data_type, 'windows:srum:network_connectivity') self.assertEqual(event.identifier, 501) expected_message = ('Application: 1') expected_short_message = '1' self._TestGetMessageStrings(event, expected_message, expected_short_message) # Test event with data type windows:srum:network_usage event = events[14] self.CheckTimestamp(event.timestamp, '2017-11-05 11:32:00.000000') self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_SAMPLE) self.assertEqual(event.data_type, 'windows:srum:network_usage') self.assertEqual(event.identifier, 3495) expected_message = ('Application: DiagTrack ' 'Bytes sent: 2076 ' 'Interface LUID: 1689399632855040 ' 'User identifier: S-1-5-18') expected_short_message = 'DiagTrack' self._TestGetMessageStrings(event, expected_message, expected_short_message)