def test_alphabet(self):
cache = TestCache([
event.Event(name="A", host="A", creation=1, arrival=6),
event.Event(name="B", host="A", creation=2, arrival=5),
event.Event(name="B", host="A", creation=3, arrival=4),
event.Event(name="B", host="C", creation=4, arrival=3),
event.Event(name="C", host="C", creation=5, arrival=2),
event.Event(name="C", host="E", creation=5, arrival=2), # note the timestamps -> sorting must be stable
])
nameA = rulecomponents.event_query([rulecomponents.event_name("A")], None, None)
nameBhostA = rulecomponents.event_query([rulecomponents.event_name("B"), rulecomponents.event_host(lambda **kwargs: "A")], None, None)
nameB = rulecomponents.event_query([rulecomponents.event_name("B")], None, None)
nameChostC = rulecomponents.event_query([rulecomponents.event_name("C"), rulecomponents.event_host(lambda **kwargs: "C")], None, None)
nameC = rulecomponents.event_query([rulecomponents.event_name("C")], None, None)
alphabet = rulecomponents.alphabet(sort_by="creation", symbols=[('f', nameA), ('o', nameBhostA), ('b', nameB), ('a', nameChostC), ('r', nameC)])
alphabet2 = rulecomponents.alphabet(sort_by="arrival", symbols=[('f', nameA), ('o', nameBhostA), ('b', nameB), ('a', nameChostC), ('r', nameC)])
self.assert_(alphabet(cache=cache)=="foobar")
self.assert_(alphabet2(cache=cache)=="arboof") # not raboof, because the sorting of the two events with the same timestamp is not changed (see above)
def test_alphabet(self):
cache = TestCache([
event.Event(name="A", host="A", creation=1, arrival=6),
event.Event(name="B", host="A", creation=2, arrival=5),
event.Event(name="B", host="A", creation=3, arrival=4),
event.Event(name="B", host="C", creation=4, arrival=3),
event.Event(name="C", host="C", creation=5, arrival=2),
event.Event(
name="C", host="E", creation=5,
arrival=2), # note the timestamps -> sorting must be stable
])
nameA = rulecomponents.event_query([rulecomponents.event_name("A")],
None, None)
nameBhostA = rulecomponents.event_query([
rulecomponents.event_name("B"),
rulecomponents.event_host(lambda **kwargs: "A")
], None, None)
nameB = rulecomponents.event_query([rulecomponents.event_name("B")],
None, None)
nameChostC = rulecomponents.event_query([
rulecomponents.event_name("C"),
rulecomponents.event_host(lambda **kwargs: "C")
], None, None)
nameC = rulecomponents.event_query([rulecomponents.event_name("C")],
None, None)
alphabet = rulecomponents.alphabet(sort_by="creation",
symbols=[('f', nameA),
('o', nameBhostA),
('b', nameB),
('a', nameChostC),
('r', nameC)])
alphabet2 = rulecomponents.alphabet(sort_by="arrival",
symbols=[('f', nameA),
('o', nameBhostA),
('b', nameB),
('a', nameChostC),
('r', nameC)])
self.assert_(alphabet(cache=cache) == "foobar")
self.assert_(
alphabet2(cache=cache) == "arboof"
) # not raboof, because the sorting of the two events with the same timestamp is not changed (see above)
def test_match_query(self):
g = event.EventGenerator()
events = g.randomEvents(100)
events[42].host = "FOO"
cache = TestCache(events)
query = rulecomponents.event_query([rulecomponents.event_host(lambda **kwargs: "FOO")], None, "creation")
queries = {"foo": {"bar": [query]}}
rulemanager = TestRuleManager(queries = queries)
match_query = rulecomponents.match_query("foo", "bar")
evts = match_query(cache=cache, query_events=[], rulemanager=rulemanager)
self.assert_(len(evts)==1)
self.assert_(evts[0]==events[42])
def test_match_query(self):
g = event.EventGenerator()
events = g.randomEvents(100)
events[42].host = "FOO"
cache = TestCache(events)
query = rulecomponents.event_query(
[rulecomponents.event_host(lambda **kwargs: "FOO")], None,
"creation")
queries = {"foo": {"bar": [query]}}
rulemanager = TestRuleManager(queries=queries)
match_query = rulecomponents.match_query("foo", "bar")
evts = match_query(cache=cache,
query_events=[],
rulemanager=rulemanager)
self.assert_(len(evts) == 1)
self.assert_(evts[0] == events[42])
