def testParseWithTimeZone(self):
"""Tests the Parse function with a time zone."""
parser = winfirewall.WinFirewallParser()
storage_writer = self._ParseFile(['firewall.log'],
parser,
timezone='CET')
number_of_events = storage_writer.GetNumberOfAttributeContainers(
'event')
self.assertEqual(number_of_events, 15)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 0)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetSortedEvents())
expected_event_values = {
'date_time': '2005-04-11 08:06:02',
'data_type': 'windows:firewall:log_entry',
'dest_ip': '123.156.78.90',
'source_ip': '123.45.78.90',
'timestamp': '2005-04-11 06:06:02.000000'
}
self.CheckEventValues(storage_writer, events[4], expected_event_values)
def testParse(self):
"""Tests the Parse function."""
parser = winfirewall.WinFirewallParser()
storage_writer = self._ParseFile(['firewall.log'], parser)
number_of_events = storage_writer.GetNumberOfAttributeContainers(
'event')
self.assertEqual(number_of_events, 15)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 0)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetSortedEvents())
expected_event_values = {
'date_time': '2005-04-11 08:06:02',
'data_type': 'windows:firewall:log_entry',
'dest_ip': '123.156.78.90',
'source_ip': '123.45.78.90'
}
self.CheckEventValues(storage_writer, events[4], expected_event_values)
expected_event_values = {
'date_time': '2005-04-11 08:06:26',
'data_type': 'windows:firewall:log_entry',
'dest_ip': '123.156.78.90',
'dest_port': 1774,
'flags': 'A',
'source_ip': '123.45.78.90',
'source_port': 80,
'size': 576,
'tcp_ack': 987654321,
'tcp_seq': 123456789,
'tcp_win': 12345
}
self.CheckEventValues(storage_writer, events[7], expected_event_values)
expected_event_values = {
'data_type': 'windows:firewall:log_entry',
'icmp_code': 0,
'icmp_type': 8
}
self.CheckEventValues(storage_writer, events[9], expected_event_values)
def testParse(self):
"""Tests the Parse function."""
parser = winfirewall.WinFirewallParser()
storage_writer = self._ParseFile(['firewall.log'], parser)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 15)
events = list(storage_writer.GetSortedEvents())
event = events[4]
self.CheckTimestamp(event.timestamp, '2005-04-11 08:06:02.000000')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.source_ip, '123.45.78.90')
self.assertEqual(event_data.dest_ip, '123.156.78.90')
event = events[7]
self.CheckTimestamp(event.timestamp, '2005-04-11 08:06:26.000000')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.size, 576)
self.assertEqual(event_data.flags, 'A')
self.assertEqual(event_data.tcp_ack, 987654321)
expected_message = (
'DROP [ TCP RECEIVE ] '
'From: 123.45.78.90 :80 > 123.156.78.90 :1774 '
'Size (bytes): 576 '
'Flags [A] '
'TCP Seq Number: 123456789 '
'TCP ACK Number: 987654321 '
'TCP Window Size (bytes): 12345')
expected_short_message = (
'DROP [TCP] 123.45.78.90 : 80 > 123.156.78.90 : 1774')
self._TestGetMessageStrings(
event_data, expected_message, expected_short_message)
event = events[9]
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.icmp_type, 8)
self.assertEqual(event_data.icmp_code, 0)
def testParse(self):
"""Tests the Parse function."""
parser_object = winfirewall.WinFirewallParser()
test_file = self._GetTestFilePath([u'firewall.log'])
event_queue_consumer = self._ParseFile(parser_object, test_file)
event_objects = self._GetEventObjectsFromQueue(event_queue_consumer)
self.assertEqual(len(event_objects), 15)
event_object = event_objects[4]
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2005-04-11 08:06:02')
self.assertEqual(event_object.timestamp, expected_timestamp)
self.assertEqual(event_object.source_ip, u'123.45.78.90')
self.assertEqual(event_object.dest_ip, u'123.156.78.90')
event_object = event_objects[7]
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2005-04-11 08:06:26')
self.assertEqual(event_object.timestamp, expected_timestamp)
self.assertEqual(event_object.size, 576)
self.assertEqual(event_object.flags, u'A')
self.assertEqual(event_object.tcp_ack, 987654321)
expected_msg = (u'DROP [ TCP RECEIVE ] '
u'From: 123.45.78.90 :80 > 123.156.78.90 :1774 '
u'Size (bytes): 576 '
u'Flags [A] '
u'TCP Seq Number: 123456789 '
u'TCP ACK Number: 987654321 '
u'TCP Window Size (bytes): 12345')
expected_msg_short = (
u'DROP [TCP] 123.45.78.90 : 80 > 123.156.78.90 : 1774')
self._TestGetMessageStrings(event_object, expected_msg,
expected_msg_short)
event_object = event_objects[9]
self.assertEqual(event_object.icmp_type, 8)
self.assertEqual(event_object.icmp_code, 0)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._parser = winfirewall.WinFirewallParser()
def setUp(self):
"""Makes preparations before running an individual test."""
self._parser = winfirewall.WinFirewallParser()
def setUp(self): """Sets up the needed objects used throughout the test.""" pre_obj = event.PreprocessObject() self._parser = winfirewall.WinFirewallParser(pre_obj, None)
