def test_get_logger_for_server_constructs_handler_with_expected_args(
mocker, monkeypatch):
no_priority_syslog_handler = mocker.patch(
"code42cli.logger.handlers.NoPrioritySysLogHandler.__init__")
no_priority_syslog_handler.return_value = None
get_logger_for_server("example.com", ServerProtocol.TCP,
SendToFileEventsOutputFormat.CEF, "cert")
no_priority_syslog_handler.assert_called_once_with("example.com", 514,
ServerProtocol.TCP,
"cert")
def test_get_logger_for_server_when_hostname_includes_port_constructs_handler_with_expected_args(
mocker, no_priority_syslog_handler):
no_priority_syslog_handler_wrapper = mocker.patch(
"c42eventextractor.logging.handlers.NoPrioritySysLogHandlerWrapper.__init__"
)
no_priority_syslog_handler_wrapper.return_value = None
get_logger_for_server("example.com:999", "TCP", "CEF")
no_priority_syslog_handler_wrapper.assert_called_once_with("example.com",
port=999,
protocol="TCP")
def test_get_logger_for_server_when_hostname_includes_port_constructs_handler_with_expected_args(
mocker, ):
no_priority_syslog_handler = mocker.patch(
"code42cli.logger.handlers.NoPrioritySysLogHandler.__init__")
no_priority_syslog_handler.return_value = None
get_logger_for_server("example.com:999", ServerProtocol.TCP,
SendToFileEventsOutputFormat.CEF, None)
no_priority_syslog_handler.assert_called_once_with(
"example.com",
999,
ServerProtocol.TCP,
None,
)
def no_priority_syslog_handler(mocker):
mock = mocker.patch(
"c42eventextractor.logging.handlers.NoPrioritySysLogHandlerWrapper.handler"
)
# Set handlers to empty list so it gets initialized each test
get_logger_for_server("example.com", "TCP", "CEF").handlers = []
return mock
def fresh_syslog_handler(init_socket_mock):
# Set handlers to empty list so it gets initialized each test
get_logger_for_server(
"example.com",
ServerProtocol.TCP,
SendToFileEventsOutputFormat.CEF,
None,
).handlers = []
init_socket_mock.call_count = 0
def send_to(state, format, hostname, protocol, begin, end, advanced_query,
use_checkpoint, saved_search, or_query, **kwargs):
"""Send events to the given server address."""
logger = get_logger_for_server(hostname, protocol, format)
cursor = (_get_file_event_cursor_store(state.profile.name)
if use_checkpoint else None)
handlers = ext.create_send_to_handlers(state.sdk, FileEventExtractor,
cursor, use_checkpoint, logger)
_call_extractor(state, handlers, begin, end, or_query, advanced_query,
saved_search, **kwargs)
handle_no_events(not handlers.TOTAL_EVENTS and not errors.ERRORED)
def send_to(
state,
hostname,
protocol,
begin,
end,
event_type,
actor_username,
actor_user_id,
actor_ip,
affected_user_id,
affected_username,
use_checkpoint,
):
"""Send audit logs to the given server address in JSON format."""
logger = get_logger_for_server(hostname, protocol, "RAW-JSON")
cursor = _get_audit_log_cursor_store(state.profile.name)
if use_checkpoint:
checkpoint_name = use_checkpoint
checkpoint = cursor.get(checkpoint_name)
if checkpoint is not None:
begin = checkpoint
events = _get_all_audit_log_events(
state.sdk,
begin_time=begin,
end_time=end,
event_types=event_type,
usernames=actor_username,
user_ids=actor_user_id,
user_ip_addresses=actor_ip,
affected_user_ids=affected_user_id,
affected_usernames=affected_username,
)
if use_checkpoint:
checkpoint_name = use_checkpoint
events = list(
_dedupe_checkpointed_events_and_store_updated_checkpoint(
cursor, checkpoint_name, events
)
)
with warn_interrupt():
event = None
for event in events:
logger.info(event)
if event is None: # generator was empty
click.echo("No results found.")
def _try_get_logger_for_server(hostname, protocol, output_format, certs):
try:
return get_logger_for_server(hostname, protocol, output_format, certs)
except Exception as err:
raise Code42CLIError(
f"Unable to connect to {hostname}. Failed with error: {err}.")
def test_get_logger_for_server_when_called_twice_only_has_one_handler():
get_logger_for_server("example.com", ServerProtocol.TCP, OutputFormat.JSON,
None)
logger = get_logger_for_server("example.com", ServerProtocol.TCP,
SendToFileEventsOutputFormat.CEF, None)
assert len(logger.handlers) == 1
def test_get_logger_for_server_when_given_raw_json_format_uses_raw_json_formatter(
):
logger = get_logger_for_server("example.com", ServerProtocol.TCP,
OutputFormat.RAW, None)
actual = type(logger.handlers[0].formatter)
assert actual == FileEventDictToRawJSONFormatter
def test_get_logger_for_server_when_given_cef_format_uses_cef_formatter():
logger = get_logger_for_server("example.com", ServerProtocol.TCP,
SendToFileEventsOutputFormat.CEF, None)
assert type(logger.handlers[0].formatter) == FileEventDictToCEFFormatter
def test_get_logger_for_server_has_info_level():
logger = get_logger_for_server("example.com", ServerProtocol.TCP,
SendToFileEventsOutputFormat.CEF, None)
assert logger.level == logging.INFO
def test_get_logger_for_server_inits_socket(init_socket_mock):
get_logger_for_server("example.com", ServerProtocol.TCP,
SendToFileEventsOutputFormat.CEF, None)
assert init_socket_mock.call_count == 1
def test_get_logger_for_server_has_info_level(no_priority_syslog_handler):
logger = get_logger_for_server("example.com", "TCP", "CEF")
assert logger.level == logging.INFO
def test_get_logger_for_server_uses_no_priority_syslog_handler():
logger = get_logger_for_server("example.com", ServerProtocol.TCP,
SendToFileEventsOutputFormat.CEF, None)
assert type(logger.handlers[0]) == NoPrioritySysLogHandler
def test_get_logger_for_server_uses_no_priority_syslog_handler(
no_priority_syslog_handler, ):
logger = get_logger_for_server("example.com", "TCP", "CEF")
assert logger.handlers[0] == no_priority_syslog_handler
def test_get_logger_for_server_when_called_twice_only_has_one_handler(
no_priority_syslog_handler, ):
get_logger_for_server("example.com", "TCP", "JSON")
logger = get_logger_for_server("example.com", "TCP", "CEF")
assert len(logger.handlers) == 1
def test_get_logger_for_server_when_given_raw_json_format_uses_raw_json_formatter(
no_priority_syslog_handler, ):
get_logger_for_server("example.com", "TCP", "RAW-JSON").handlers = []
get_logger_for_server("example.com", "TCP", "RAW-JSON")
actual = type(no_priority_syslog_handler.setFormatter.call_args[0][0])
assert actual == FileEventDictToRawJSONFormatter
def test_get_logger_for_server_when_given_cef_format_uses_cef_formatter(
no_priority_syslog_handler, ):
get_logger_for_server("example.com", "TCP", "CEF")
assert (type(no_priority_syslog_handler.setFormatter.call_args[0][0]) ==
FileEventDictToCEFFormatter)
