def test_growing_file(self): write_fileobj = open("%s/unified2.log" % self.tmpdir, "ab") write_fileobj.write(open(self.test_filename, "rb").read()) write_fileobj.flush() write_fileobj.close() read_fileobj = open("%s/unified2.log" % self.tmpdir, "rb") for i in range(17): record = unified2.read_record(read_fileobj) self.assertTrue(record is not None, "record None at i=%d" % (i)) self.assertTrue(unified2.read_record(read_fileobj) is None) # Grow the file by 17 more records. write_fileobj = open("%s/unified2.log" % self.tmpdir, "ab") write_fileobj.write(open(self.test_filename, "rb").read()) write_fileobj.flush() write_fileobj.close() for i in range(17): record = unified2.read_record(read_fileobj) self.assertTrue( record is not None, "record None at i=%d; expected on OSX w/Py2" % (i)) self.assertTrue(unified2.read_record(read_fileobj) is None) read_fileobj.close()
def test_read_ipv6_event(self): fileobj = open("tests/ipv6-alert.unified2", "rb") record = unified2.read_record(fileobj) self.assertEqual("fe80:0000:0000:0000:dacb:8aff:feed:a146", record["source-ip"]) self.assertEqual("fe80:0000:0000:0000:0215:17ff:fe0d:06f7", record["destination-ip"])
def main(): try: opts, args = getopt.getopt(sys.argv[1:], "h", ["help"]) except getopt.GetoptError as err: print("error: invalid command line: %s" % err, file=sys.stderr) usage() return 1 for o, a in opts: if o in ["-h", "--help"]: usage(sys.stdout) return 0 if not args: print("error: nothing to do", file=sys.stderr) usage() return 1 record_count = 0 start_time = time.time() for arg in args: print("Processing file %s." % arg) with open(arg) as fileobj: while 1: record = unified2.read_record(fileobj) if not record: break record_count += 1 elapsed_time = time.time() - start_time print("Records: %d; Time: %d; Records/sec: %d" % (record_count, elapsed_time, record_count / int(elapsed_time)))
def test_decoders(self): """Based on our knowledge of the test file, check that the records were decoded as expected. """ fileobj = open(self.test_filename, "rb") record = unified2.read_record(fileobj) self.assertEqual("207.25.71.28", record["source-ip"]) self.assertEqual("10.20.11.123", record["destination-ip"])
def main(): try: opts, args = getopt.getopt( sys.argv[1:], "h", ["help"]) except getopt.GetoptError as err: print("error: invalid command line: %s" % err, file=sys.stderr) usage() return 1 for o, a in opts: if o in ["-h", "--help"]: usage(sys.stdout) return 0 if not args: print("error: nothing to do", file=sys.stderr) usage() return 1 record_count = 0 start_time = time.time() for arg in args: print("Processing file %s." % arg) with open(arg) as fileobj: while 1: record = unified2.read_record(fileobj) if not record: break record_count += 1 elapsed_time = time.time() - start_time print("Records: %d; Time: %d; Records/sec: %d" % ( record_count, elapsed_time, record_count / int(elapsed_time)))