def test_count_limit(self):
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'
))
self.assertEqual(store.count_limit(50), 1)
self.assertEqual(store.count_limit(51), 2)
def test_get_save_filters(self):
filter1 = self.get_filter()
filter2 = self.get_filter()
filter2.data['store'] = False
store = Store(Parse(u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'), [filter1, filter2])
save_filters = store.get_save_filters()
self.assertEqual(len(save_filters), 1)
def test_time_limit(self):
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'
))
self.assertEqual(store.time_limit(12345), 1)
self.assertEqual(store.time_limit(1), 10000)
self.assertEqual(store.time_limit(60), 60)
def test_get_save_filters(self):
filter1 = self.get_filter()
filter2 = self.get_filter()
filter2.data['store'] = False
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'
), [filter1, filter2])
save_filters = store.get_save_filters()
self.assertEqual(len(save_filters), 1)
def test_new(self):
user = User.new(
name=u'Test user ø',
email='*****@*****.**',
)
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5asd'
))
Log_group.add(store)
group = Log_group.get(message_hash=store.message_hash)
self.assertTrue(
Log_group_event.new(
log_group_id=group.id,
user_id=user.id,
message=u'Test event',
))
self.assertTrue(
Log_group_event.new(
log_group_id=group.id,
user_id=user.id,
message=u'Test event 2',
))
events = Log_group_events.get(log_group_id=group.id)
self.assertEqual(len(events), 2)
self.assertEqual(events[0].user.id, user.id)
def test_save(self):
filter_ = self.get_filter()
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'
), [filter_])
self.assertStore(store, True)
# Lets test if it works with some unicode letters!
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su: Rød grød med fløde'
), [filter_])
self.assertStore(store, True)
# Here comes a bullshit log message
store = Store(Parse(u'I' 'm a bullshit log message...'), [filter_])
self.assertStore(store, False)
def test_should_sample(self):
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'
))
self.assertTrue(store.should_sample(times_seen=2, last_seen=None))
self.assertTrue(store.should_sample(times_seen=50, last_seen=None))
self.assertFalse(store.should_sample(times_seen=51, last_seen=None))
self.assertTrue(store.should_sample(times_seen=52, last_seen=None))
def test_update(self):
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5'
))
group = Log_group.add(store)
filter_ = Filter.new(name=u'Test filter ø', data_yaml='')
Times_seen_by_minute.update(
log_group_id=group.id,
filter_id=filter_.id,
)
minutes = Times_seen_by_minute.get_by_log_group_id(
log_group_id=group.id)
self.assertEqual(len(minutes), 1)
self.assertEqual(minutes[0].times_seen, 1)
def test_set_events(self):
filter_ = Filter.new(u'Test filter ø', data_yaml='store: true')
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'
), [filter_])
store.save()
Log_group.update_status(
id_=store.log_group.id,
status=constants.STATUS_RESOLVED,
reopened=None,
)
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'
), [filter_])
store.save()
self.assertEqual(Mock_log_group_event.message,
'reopened this log group')
def test_set_events(self):
filter_ = Filter.new(u'Test filter ø', data_yaml='store: true')
store = Store(Parse(u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'), [filter_])
store.save()
Log_group.update_status(
id_=store.log_group.id,
status=constants.STATUS_RESOLVED,
reopened=None,
)
store = Store(Parse(u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'), [filter_])
store.save()
self.assertEqual(Mock_log_group_event.message, 'reopened this log group')
def test_check_filter_warning(self):
with new_session() as session:
session.query(models.Filter).delete()
filter1 = Filter.new(
u'Test filter 1',
yaml.safe_dump({
'rate_warning': {
'enabled': True,
'min_logs': 100,
'threshold': 500,
}
}))
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5123'
))
group1 = Log_group.add(store)
# create some intervals
intervals = 20
now = datetime.utcnow()
for i in xrange(1, intervals):
Times_seen_by_minute.update(
log_group_id=group1.id,
filter_id=filter1.id,
when=normalize_datetime(now - timedelta(
minutes=(i * MINUTE_NORMALIZATION))),
inc=1000 + 10 * i,
)
# create what would look like a lot of new messages in a short time. This should be enough to trigger then warning notification.
when = datetime.utcnow() - timedelta(minutes=1, seconds=30)
Times_seen_by_minute.update(
log_group_id=group1.id,
filter_id=filter1.id,
when=when,
inc=1000,
)
filters_to_check = Filter_warning.get_filters_to_check()
self.assertTrue(
Filter_warning.check_filter_warning(filters_to_check[0]), )
def test_check(self):
with new_session() as session:
session.query(models.Filter).delete()
filter1 = Filter.new(
u'Test filter 1',
yaml.safe_dump({'inactivity': {
'enabled': True,
'minutes': 15,
}}))
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5'
))
group1 = Log_group.add(store)
group1 = Log_group.get(message_hash=store.message_hash)
when = datetime.utcnow() - timedelta(minutes=16)
Times_seen_by_minute.update(
log_group_id=group1.id,
filter_id=filter1.id,
when=when,
)
self.assertTrue(Filter_inactivity.check())
def test_add(self):
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5'
))
group = Log_group.add(store)
group = Log_group.get(message_hash=store.message_hash)
self.assertTrue(
Server_count.add(
log_group_id=group.id,
name=store.hostname,
))
self.assertTrue(
Server_count.add(
log_group_id=group.id,
name=store.hostname,
))
servers = Servers_count.get(log_group_id=group.id)
self.assertEqual(len(servers), 1)
self.assertEqual(servers[0].name, store.hostname)
self.assertEqual(servers[0].count, 2)
def test_count_limit(self):
store = Store(Parse(u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'))
self.assertEqual(store.count_limit(50), 1)
self.assertEqual(store.count_limit(51), 2)
def test_get_filters_to_check(self):
with new_session() as session:
session.query(models.Filter).delete()
'''
Checks that `get_filters_to_check` only returns those filters that has been active in the latests interval.
'''
filter1 = Filter.new(
u'Test filter 1',
yaml.safe_dump({
'rate_warning': {
'enabled': True,
'min_logs': 100,
'threshold': 500,
}
}))
filter2 = Filter.new(
u'Test filter 1',
yaml.safe_dump({
'rate_warning': {
'enabled': True,
'min_logs': 100,
'threshold': 500,
}
}))
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5'
))
group1 = Log_group.add(store)
group1 = Log_group.get(message_hash=store.message_hash)
store = Store(
Parse(
u'<34>Oct 11 22:14:15 mymachine.example.com su - ID47 - ZwPpeQyUtrRKxw5'
))
group2 = Log_group.add(store)
group2 = Log_group.get(message_hash=store.message_hash)
# add som info that should not show up in the list we have to check for warnings.
when = datetime.utcnow() - timedelta(minutes=MINUTE_NORMALIZATION)
Times_seen_by_minute.update(
log_group_id=group1.id,
filter_id=filter1.id,
when=when,
inc=25,
)
when = datetime.utcnow() - timedelta(minutes=10, seconds=30)
# checks that the filters groups correctly
Times_seen_by_minute.update(
log_group_id=group1.id,
filter_id=filter1.id,
when=when,
inc=1000,
)
Times_seen_by_minute.update(
log_group_id=group2.id,
filter_id=filter1.id,
when=when,
inc=150,
)
# there should not be enough messages received for this filter to be checked for alerts.
Times_seen_by_minute.update(
log_group_id=group1.id,
filter_id=filter2.id,
when=when,
inc=1000,
)
now = datetime.utcnow()
from_date = now - timedelta(minutes=MINUTE_NORMALIZATION)
filters_to_check = Filter_warning.get_filters_to_check()
self.assertTrue(len(filters_to_check) > 0)
self.assertEqual(filters_to_check[0].normalized_count, 100)
return filters_to_check
def test_check(self):
parsed = Parsed(
hostname='te-pc',
level=0,
data={
"message": "Some test message",
},
standard='Test standard',
)
filter_ = Filter(
id_=0,
version=1,
name='test',
data={'store': True},
data_yaml='store: true',
)
filter_.data = {
'match': {
'message': '^[a-zA-Z ]+$',
}
}
self.assertTrue(Filter_checker.check(filter_, parsed))
# check that we do not accidentally remove the `data` field
# in th parsed message when validating it against a filter.
store = Store(parsed, [filter_])
self.assertTrue(isinstance(store, Store))
filter_.data = {
'match': {
'hostname': [
'something wrong',
],
'message': ['^[a-zA-Z ]+$'],
}
}
self.assertFalse(Filter_checker.check(filter_, parsed))
filter_.data = {'match': {'level': ['[0-9]+']}}
self.assertTrue(Filter_checker.check(filter_, parsed))
filter_.data = {'match': {'level': ['[5-6]+']}}
self.assertFalse(Filter_checker.check(filter_, parsed))
filter_.data = {
'match': {
'hostname': [
'te-pc',
],
'data': {
'message': ['^[a-zA-Z ]+$'],
}
},
'not_match': {
'hostname': [
'te-pc',
]
}
}
self.assertFalse(Filter_checker.check(filter_, parsed))
filter_.data = {
'match': {
'level': ['[0-9]+']
},
'not_match': {
'hostname': [
'te-pc',
]
}
}
self.assertFalse(Filter_checker.check(filter_, parsed))
filter_.data = {
'match': {
'level': ['[0-9]+']
},
'not_match': {
'hostname': [
'kurtkurtsen',
]
}
}
self.assertTrue(Filter_checker.check(filter_, parsed))
filter_.data = {
'not_match': {
'hostname': [
'kurtkurtsen',
]
}
}
self.assertTrue(Filter_checker.check(filter_, parsed))
filter_.data = {
'not_match': {
'level': [
'[0-9]+',
]
}
}
self.assertFalse(Filter_checker.check(filter_, parsed))
def test_should_sample(self):
store = Store(Parse(u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'))
self.assertTrue(store.should_sample(times_seen=2, last_seen=None))
self.assertTrue(store.should_sample(times_seen=50, last_seen=None))
self.assertFalse(store.should_sample(times_seen=51, last_seen=None))
self.assertTrue(store.should_sample(times_seen=52, last_seen=None))
def test_time_limit(self):
store = Store(Parse(u'<34>Oct 11 22:14:15 mymachine.example.com su: BOM\'su root\' failed for lonvick on /dev/pts/8 æøå'))
self.assertEqual(store.time_limit(12345), 1)
self.assertEqual(store.time_limit(1), 10000)
self.assertEqual(store.time_limit(60), 60)