def testSSHLogEvent(self): """ Verifies, that events are correctly generated from test log messages. """ self.config.input = [ { "source": "file:filename=" + self.basedir + "test_100_sshlog.log", "translator": "linebased:rulefile=" + self.basedir + "test_100_sshrules.xml", } ] source = FileSource(0, self.config, self.logger, self.queue) source.work() source.finish() # 3rd line should be dropped -> 4 events in total self.assertEquals(self.queue.qsize(), 3) # first event e = self.queue.get() self.assert_(e.name == "SSH:LOGIN:FAILED") self.assert_(e.host == "server-002") self.assert_(e.attributes["username"] == "root") self.assert_(e.attributes["srchost"] == "10.0.2.68") # second event e = self.queue.get() self.assert_(e.name == "SSH:LOGIN:SUCCESS") # third event e = self.queue.get() self.assert_(e.name == "SYSLOG:UNKNOWN") self.assert_(e.attributes.has_key("logline")) # third event should not have the following two attributes, as they were generated by earlier matches self.assertFalse(e.attributes.has_key("ignore1")) self.assertFalse(e.attributes.has_key("ignore2"))
def testSSHLogEvent(self): """ Verifies, that events are correctly generated from test log messages. """ self.config.input = [{ 'source': "file:filename=" + self.basedir + "test_100_sshlog.log", 'translator': "linebased:rulefile=" + self.basedir + "test_100_sshrules.xml" }] source = FileSource(0, self.config, self.logger, self.queue) source.work() source.finish() # 3rd line should be dropped -> 4 events in total self.assertEquals(self.queue.qsize(), 3) # first event e = self.queue.get() self.assert_(e.name == "SSH:LOGIN:FAILED") self.assert_(e.host == "server-002") self.assert_(e.attributes['username'] == "root") self.assert_(e.attributes['srchost'] == "10.0.2.68") # second event e = self.queue.get() self.assert_(e.name == "SSH:LOGIN:SUCCESS") # third event e = self.queue.get() self.assert_(e.name == "SYSLOG:UNKNOWN") self.assert_(e.attributes.has_key('logline')) # third event should not have the following two attributes, as they were generated by earlier matches self.assertFalse(e.attributes.has_key('ignore1')) self.assertFalse(e.attributes.has_key('ignore2'))
def testXMLWrite(self): """ Just to check that all is running and there are no validation errors. """ self.config.input = [{'source':"file:filename="+self.basedir+"test_101_events.xml", 'translator':"xml"}] source = FileSource(0, self.config, self.logger, self.queue) source.work() source.finish() self.config.output = [{'sink':"file:filename=/dev/null", 'translator':"xml"}] sink = FileSink(0, self.config, self.logger, self.queue) sink.start() self.queue.join() sink.finish() sink.join()
def testXMLRead(self): self.config.input = [{'source':"file:filename="+self.basedir+"test_101_events.xml", 'translator':"xml"}] source = FileSource(0, self.config, self.logger, self.queue) source.work() source.finish() self.assert_(self.queue.qsize()==2) event1 = self.queue.get() event2 = self.queue.get() self.assert_(event1.getName()=="NIC:ETHERNET:LINKUP") self.assert_(event1.getDescription()=="The ethernet network internet controller is up.") self.assert_(event1.getID()=="e9294e806d02fd8ebd90e345434c16a3") self.assert_(event1.getType()=="raw") self.assert_(event1.getStatus()=="active") self.assert_(event1.getHost()=="host-a-0") self.assert_(event1.getTimestamp()==1243039102) self.assert_(len(event1.getAttributes())==1) self.assert_(event1.getAttribute("interface")=="1") self.assert_(event2.getName()=="MAIL:FRESHCLAM:ERROR") self.assert_(event2.getHistory()==[{"host":"host-b-0", "rule":{"groupname": "freshclam", "rulename": "detect-single-events"}, "timestamp": 1244014940, "fields": ["status"], "reason": "Single errors can be ignored."}])