Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(80)

Unified Diff: test_data/end_to_end/json_line.log

Issue 325050043: [plaso] Added event data support to ZIP and GZIP storage (Closed)
Patch Set: Added event data support to ZIP and GZIP storage Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: test_data/end_to_end/json_line.log
diff --git a/test_data/end_to_end/json_line.log b/test_data/end_to_end/json_line.log
index db112929175939ee9cbd95e0478c901a42228875..c308fa64c0b22fdf27bb29feb526b98e01d42640 100644
--- a/test_data/end_to_end/json_line.log
+++ b/test_data/end_to_end/json_line.log
@@ -5,13 +5,13 @@
{"__container_type__": "event", "__type__": "AttributeContainer", "body": "(root) CMD (touch /var/run/crond.somecheck)", "command": "touch /var/run/crond.somecheck", "data_type": "syslog:cron:task_run", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": "myhostname.myhost.com", "inode": 0, "message": "Cron ran: touch /var/run/crond.somecheck for user: root pid: 31068", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": 31068, "reporter": "CRON", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "timestamp": 1327218841000000, "timestamp_desc": "Content Modification Time", "username": "root"}
{"__container_type__": "event", "__type__": "AttributeContainer", "body": "`cron.daily' terminated", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": "myhostname.myhost.com", "inode": 0, "message": "[Job] `cron.daily' terminated", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": {"__type__": "bytes", "stream": ""}, "reporter": "Job", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "timestamp": 1327218872000000, "timestamp_desc": "Content Modification Time"}
{"__container_type__": "event", "__type__": "AttributeContainer", "body": "testing leap year in parsing, events take place in 2012 ---", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": ":", "inode": 0, "message": "[---] testing leap year in parsing, events take place in 2012 ---", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": {"__type__": "bytes", "stream": ""}, "reporter": "---", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "timestamp": 1330478143000000, "timestamp_desc": "Content Modification Time"}
-{"__container_type__": "event", "__type__": "AttributeContainer", "body": "No true exit can exist (124 job run)", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": "myhostname.myhost.com", "inode": 0, "message": "[anacron, pid: 1234] No true exit can exist (124 job run)", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": 1234, "reporter": "anacron", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "tag": {"__container_type__": "event_tag", "__type__": "AttributeContainer", "comment": "Tag applied by tagging analysis plugin.Tag applied by tagging analysis plugin.", "event_entry_index": 7, "event_stream_number": 2, "labels": [{"__type__": "bytes", "stream": "exit"}]}, "timestamp": 1355853272000000, "timestamp_desc": "Content Modification Time"}
+{"__container_type__": "event", "__type__": "AttributeContainer", "body": "No true exit can exist (124 job run)", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": "myhostname.myhost.com", "inode": 0, "message": "[anacron, pid: 1234] No true exit can exist (124 job run)", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": 1234, "reporter": "anacron", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "tag": {"__container_type__": "event_tag", "__type__": "AttributeContainer", "comment": "Tag applied by tagging analysis plugin.Tag applied by tagging analysis plugin.", "labels": [{"__type__": "bytes", "stream": "exit"}]}, "timestamp": 1355853272000000, "timestamp_desc": "Content Modification Time"}
{"__container_type__": "event", "__type__": "AttributeContainer", "body": "This syslog message has a fractional value for seconds.", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": "myhostname.myhost.com", "inode": 0, "message": "[somrandomexe, pid: 19] This syslog message has a fractional value for seconds.", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": 19, "reporter": "somrandomexe", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "timestamp": 1364079678000000, "timestamp_desc": "Content Modification Time"}
{"__container_type__": "event", "__type__": "AttributeContainer", "body": "This syslog message is brought to you by me (and not the other guy)", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": "myhostname.myhost.com", "inode": 0, "message": "[somrandomexe, pid: 1915] This syslog message is brought to you by me (and not the other guy)", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": 1915, "reporter": "somrandomexe", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "timestamp": 1364079678000000, "timestamp_desc": "Content Modification Time"}
{"__container_type__": "event", "__type__": "AttributeContainer", "body": "This is a multi-line message that screws up\n\tmany syslog parsers.", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": "myhostname.myhost.com", "inode": 0, "message": "[aprocess, pid: 10100] This is a multi-line message that screws up\tmany syslog parsers.", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": 10100, "reporter": "aprocess", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "timestamp": 1384737320000000, "timestamp_desc": "Content Modification Time"}
{"__container_type__": "event", "__type__": "AttributeContainer", "body": "Another one just like this (124 job run)", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": "myhostname.myhost.com", "inode": 0, "message": "[/sbin/anacron, pid: 1234] Another one just like this (124 job run)", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": 1234, "reporter": "/sbin/anacron", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "timestamp": 1388512472000000, "timestamp_desc": "Content Modification Time"}
{"__container_type__": "event", "__type__": "AttributeContainer", "body": "Test message with single character day", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": "victoria", "inode": 0, "message": "[process, pid: 2085] Test message with single character day", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": 2085, "reporter": "process", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "timestamp": 1391699790000000, "timestamp_desc": "Content Modification Time"}
-{"__container_type__": "event", "__type__": "AttributeContainer", "body": "last message repeated 5 times ---", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": ":", "inode": 0, "message": "[---] last message repeated 5 times ---", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": {"__type__": "bytes", "stream": ""}, "reporter": "---", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "tag": {"__container_type__": "event_tag", "__type__": "AttributeContainer", "comment": "Tag applied by tagging analysis plugin.Tag applied by tagging analysis plugin.", "event_entry_index": 13, "event_stream_number": 2, "labels": [{"__type__": "bytes", "stream": "repeated"}]}, "timestamp": 1416273343000000, "timestamp_desc": "Content Modification Time"}
+{"__container_type__": "event", "__type__": "AttributeContainer", "body": "last message repeated 5 times ---", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": ":", "inode": 0, "message": "[---] last message repeated 5 times ---", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": {"__type__": "bytes", "stream": ""}, "reporter": "---", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "tag": {"__container_type__": "event_tag", "__type__": "AttributeContainer", "comment": "Tag applied by tagging analysis plugin.Tag applied by tagging analysis plugin.", "labels": [{"__type__": "bytes", "stream": "repeated"}]}, "timestamp": 1416273343000000, "timestamp_desc": "Content Modification Time"}
{"__container_type__": "event", "__type__": "AttributeContainer", "body": "[997.390602] sda2: rw=0, want=65, limit=2", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "inode": 0, "message": "[kernel] [997.390602] sda2: rw=0, want=65, limit=2", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": {"__type__": "bytes", "stream": ""}, "reporter": "kernel", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "timestamp": 1416299420000000, "timestamp_desc": "Content Modification Time"}
{"__container_type__": "event", "__type__": "AttributeContainer", "body": "[998.390602] sda2: rw=0, want=66, limit=2", "data_type": "syslog:line", "display_name": "OS:/tmp/test/test_data/syslog", "filename": "/tmp/test/test_data/syslog", "hostname": "victoria", "inode": 0, "message": "[kernel] [998.390602] sda2: rw=0, want=66, limit=2", "offset": 0, "parser": "syslog", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "pid": {"__type__": "bytes", "stream": ""}, "reporter": "kernel", "severity": {"__type__": "bytes", "stream": ""}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "timestamp": 1416299480000000, "timestamp_desc": "Content Modification Time"}
{"__container_type__": "event", "__type__": "AttributeContainer", "data_type": "fs:stat", "display_name": "OS:/tmp/test/test_data/syslog", "file_entry_type": 3, "file_size": {"__type__": "tuple", "values": [1509]}, "file_system_type": "OS", "filename": "/tmp/test/test_data/syslog", "inode": 0, "is_allocated": true, "message": "OS:/tmp/test/test_data/syslog Type: file", "offset": 0, "parser": "filestat", "pathspec": {"__type__": "PathSpec", "location": "/tmp/test/test_data/syslog", "type_indicator": "OS"}, "sha256_hash": "1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4", "timestamp": 1491238787000000, "timestamp_desc": "atime"}

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b