def test_02_exists(self):
filter1 = {'timestamp': { '$exists': True } }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = {'timestamp': { '$exists': False } }
match = cmfilter.check(filter1, event)
self.assertFalse(match, msg='Filter: %s' % filter1)
def test_01_simple(self):
filter1 = {'connector': 'cengine'}
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = {'connector': 'cengidddddne'}
match = cmfilter.check(filter1, event)
self.assertFalse(match, msg='Filter: %s' % filter1)
def test_07_all(self):
filter1 = { 'connector': { '$all': [ 'cengine' ] } }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = { 'connector': { '$all': [ 'cengine', 'ccengine' ] } }
match = cmfilter.check(filter1, event)
self.assertFalse(match, msg='Filter: %s' % filter1)
def test_05_in_nin(self):
filter1 = {'timestamp': { '$in': [ 0, 5, 6, 1378713357 ] } }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = {'timestamp': { '$nin': [ 0, 5, 6 ] } }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
def test_04_gt_gte(self):
filter1 = {'timestamp': { '$gt': 1378713357 } }
match = cmfilter.check(filter1, event)
self.assertFalse(match, msg='Filter: %s' % filter1)
filter1 = {'timestamp': { '$gte': 1378713357 } }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = {'timestamp': { '$gt': 137871335 } }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
def test_03_eq(self):
filter1 = {'connector': { '$eq': 'cengine' } }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = {'connector': { '$eq': 'cenginessssss' } }
match = cmfilter.check(filter1, event)
self.assertFalse(match, msg='Filter: %s' % filter1)
filter1 = {'timestamp': { '$eq': 1378713357 } }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
def test_08_regex(self):
filter1 = { 'connector': { '$regex': 'c.ngInE' } }
match = cmfilter.check(filter1, event)
self.assertFalse(match, msg='Filter: %s' % filter1)
filter1 = { 'connector': { '$regex': 'c.ngInE', '$options': 'i' } }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = { 'connector': { '$regex': 'c..ngine', '$options': 'i' } }
match = cmfilter.check(filter1, event)
self.assertFalse(match, msg='Filter: %s' % filter1)
def match(self, event):
"""Does event match this selector ?"""
# is event in always include list ?
if self.include_ids and len(self.include_ids) and event.get('_id',False) in self.include_ids:
return True
# is event always black listed ?
if self.exclude_ids and len(self.exclude_ids) and event.get('_id','') in self.exclude_ids:
return False
# is event matching selector filter ?
if not self.mfilter:
#mfilter is not set properly, then event shall match this invalid rule
return True
return cmfilter.check(self.mfilter, event)
def match(self, event):
"""Does event match this selector ?"""
# is event in always include list ?
if self.include_ids and len(self.include_ids) and event.get(
'_id', False) in self.include_ids:
return True
# is event always black listed ?
if self.exclude_ids and len(self.exclude_ids) and event.get(
'_id', '') in self.exclude_ids:
return False
# is event matching selector filter ?
if not self.mfilter:
#mfilter is not set properly, then event shall match this invalid rule
return True
return cmfilter.check(self.mfilter, event)
def work(self, event, *xargs, **kwargs):
event_str = str(event)
default_action = self.configuration.get('default_action', 'pass')
#When list configuration then check black and white lists depending on json configuration
for filterItem in self.configuration.get('rules', []):
action = filterItem.get('action')
name = filterItem.get('name', 'no_name')
# Try filter rules on current event
if cmfilter.check(filterItem['mfilter'], event):
if action == 'pass':
self.logger.debug("Event passed by rule '%s'" % name)
self.pass_event_count += 1
return event
elif action == 'drop':
self.logger.debug("Event dropped by rule '%s'" % name)
self.drop_event_count += 1
return DROP
else:
self.logger.warning("Unknown action '%s'" % action)
# No rules matched
if default_action == 'drop':
self.logger.debug("Event '%s' dropped by default action" %
(event_str))
self.drop_event_count += 1
return DROP
self.logger.debug("Event '%s' passed by default action" % (event_str))
self.pass_event_count += 1
return event
def work(self, event, *xargs, **kwargs):
event_str = str(event)
default_action = self.configuration.get('default_action', 'pass')
#When list configuration then check black and white lists depending on json configuration
for filterItem in self.configuration.get('rules', []):
action = filterItem.get('action')
name = filterItem.get('name', 'no_name')
# Try filter rules on current event
if cmfilter.check(filterItem['mfilter'], event):
if action == 'pass':
self.logger.debug("Event passed by rule '%s'" % name)
self.pass_event_count += 1
return event
elif action == 'drop':
self.logger.debug("Event dropped by rule '%s'" % name)
self.drop_event_count += 1
return DROP
else:
self.logger.warning("Unknown action '%s'" % action)
# No rules matched
if default_action == 'drop':
self.logger.debug("Event '%s' dropped by default action" % (event_str))
self.drop_event_count += 1
return DROP
self.logger.debug("Event '%s' passed by default action" % (event_str))
self.pass_event_count += 1
return event
def test_06_complex(self):
filter1 = {'timestamp': { '$gt': 0, '$lt': 2378713357 } }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = { '$and': [ {'timestamp': {'$gt': 0} } , {'timestamp': {'$lt': 2378713357} }] }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = { 'connector': { '$eq': 'cengine' }, 'timestamp': { '$gt': 137871335 }}
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = { 'connector': { '$not': { '$eq': 'cccenngine' } } }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = { 'connector': { '$not': { '$eq': 'cengine' } } }
match = cmfilter.check(filter1, event)
self.assertFalse(match, msg='Filter: %s' % filter1)
filter1 = { '$nor': [ { 'connector': { '$eq': 'ccengine' } }, {'connector': { '$eq': 'cccengine' } } ] }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = { '$nor': [ { 'connector': { '$eq': 'cengine' } }, {'connector': { '$eq': 'cccengine' } } ] }
match = cmfilter.check(filter1, event)
self.assertFalse(match, msg='Filter: %s' % filter1)
filter1 = {'connector': 'cengine', 'event_type': 'check'}
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = {'$and': [ {'connector': 'cengine'}, {'event_type': 'check'}, {'event_type': 'check'} ] }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = {'$or': [ {'connector': 'cenginddddde'}, {'event_type': 'check'}, {'event_type': 'checkkkkk'} ] }
match = cmfilter.check(filter1, event)
self.assertTrue(match, msg='Filter: %s' % filter1)
filter1 = {'$or': [ { '$and': [ {'connector': 'cenginddddde'}, {'event_type': 'check'} ] }, {'event_type': 'checkkkkk'} ] }
match = cmfilter.check(filter1, event)
self.assertFalse(match, msg='Filter: %s' % filter1)
