Left: | ||
Right: |
OLD | NEW |
---|---|
1 #!/usr/bin/python | 1 #!/usr/bin/python |
2 # -*- coding: utf-8 -*- | 2 # -*- coding: utf-8 -*- |
3 """Tests for the syslog parser.""" | 3 """Tests for the syslog parser.""" |
4 | 4 |
5 from __future__ import unicode_literals | 5 from __future__ import unicode_literals |
6 | 6 |
7 import unittest | 7 import unittest |
8 | 8 |
9 from plaso.formatters import syslog as _ # pylint: disable=unused-import | 9 from plaso.formatters import syslog as _ # pylint: disable=unused-import |
10 from plaso.lib import timelib | 10 from plaso.lib import timelib |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
43 def testParseChromeOS(self): | 43 def testParseChromeOS(self): |
44 """Tests the Parse function.""" | 44 """Tests the Parse function.""" |
45 parser = syslog.SyslogParser() | 45 parser = syslog.SyslogParser() |
46 knowledge_base_values = {'year': 2016} | 46 knowledge_base_values = {'year': 2016} |
47 storage_writer = self._ParseFile( | 47 storage_writer = self._ParseFile( |
48 ['syslog_chromeos'], parser, | 48 ['syslog_chromeos'], parser, |
49 knowledge_base_values=knowledge_base_values) | 49 knowledge_base_values=knowledge_base_values) |
50 | 50 |
51 self.assertEqual(storage_writer.number_of_events, 8) | 51 self.assertEqual(storage_writer.number_of_events, 8) |
52 | 52 |
53 events = list(storage_writer.GetEvents()) | 53 events = list(storage_writer.GetSortedEvents()) |
54 | 54 |
55 event = events[0] | 55 event = events[0] |
56 event_timestamp = timelib.Timestamp.CopyToIsoFormat( | 56 |
57 event.timestamp) | 57 expected_timestamp = timelib.Timestamp.CopyFromString( |
58 self.assertEqual(event_timestamp, '2016-10-25T19:37:23.297265+00:00') | 58 '2016-10-25 19:37:23.297265') |
59 self.assertEqual(event.timestamp, expected_timestamp) | |
onager
2018/01/19 04:51:07
This makes the error messages substantially less u
Joachim Metz
2018/01/19 05:21:54
Not in this CL. This is consistent with the rest o
| |
59 | 60 |
60 expected_message = ( | 61 expected_message = ( |
61 'INFO [periodic_scheduler, pid: 13707] cleanup_logs: job completed') | 62 'INFO [periodic_scheduler, pid: 13707] cleanup_logs: job completed') |
62 self._TestGetMessageStrings(event, expected_message, expected_message) | 63 self._TestGetMessageStrings(event, expected_message, expected_message) |
63 | 64 |
64 event = events[2] | 65 event = events[2] |
65 event_timestamp = timelib.Timestamp.CopyToIsoFormat( | 66 |
66 event.timestamp) | 67 expected_timestamp = timelib.Timestamp.CopyFromString( |
67 self.assertEqual(event_timestamp, '2016-10-25T19:37:24.987014+00:00') | 68 '2016-10-25 19:37:24.987014') |
69 self.assertEqual(event.timestamp, expected_timestamp) | |
68 | 70 |
69 # Testing year increment. | 71 # Testing year increment. |
70 event = events[4] | 72 event = events[4] |
71 event_timestamp = timelib.Timestamp.CopyToIsoFormat( | 73 |
72 event.timestamp) | 74 expected_timestamp = timelib.Timestamp.CopyFromString( |
73 self.assertEqual(event_timestamp, '2016-10-25T19:37:24.993079+00:00') | 75 '2016-10-25 19:37:24.993079') |
76 self.assertEqual(event.timestamp, expected_timestamp) | |
74 | 77 |
75 event = events[6] | 78 event = events[6] |
79 | |
76 expected_reporter = 'kernel' | 80 expected_reporter = 'kernel' |
77 self.assertEqual(event.reporter, expected_reporter) | 81 self.assertEqual(event.reporter, expected_reporter) |
78 | 82 |
79 event = events[7] | 83 event = events[7] |
80 expected_message = ( | 84 expected_message = ( |
81 'INFO [aprocess] [ 316.587330] cfg80211: This is a multi-line\t' | 85 'INFO [aprocess] [ 316.587330] cfg80211: This is a multi-line\t' |
82 'message that screws up many syslog parsers.') | 86 'message that screws up many syslog parsers.') |
83 expected_short_message = ( | 87 expected_short_message = ( |
84 'INFO [aprocess] [ 316.587330] cfg80211: This is a multi-line\t' | 88 'INFO [aprocess] [ 316.587330] cfg80211: This is a multi-line\t' |
85 'message that sc...') | 89 'message that sc...') |
86 self._TestGetMessageStrings(event, expected_message, expected_short_message) | 90 self._TestGetMessageStrings(event, expected_message, expected_short_message) |
87 | 91 |
88 @shared_test_lib.skipUnlessHasTestFile(['syslog']) | 92 @shared_test_lib.skipUnlessHasTestFile(['syslog']) |
89 def testParse(self): | 93 def testParse(self): |
90 """Tests the Parse function.""" | 94 """Tests the Parse function.""" |
91 parser = syslog.SyslogParser() | 95 parser = syslog.SyslogParser() |
92 knowledge_base_values = {'year': 2012} | 96 knowledge_base_values = {'year': 2012} |
93 storage_writer = self._ParseFile( | 97 storage_writer = self._ParseFile( |
94 ['syslog'], parser, | 98 ['syslog'], parser, |
95 knowledge_base_values=knowledge_base_values) | 99 knowledge_base_values=knowledge_base_values) |
96 | 100 |
97 self.assertEqual(storage_writer.number_of_events, 16) | 101 self.assertEqual(storage_writer.number_of_events, 16) |
98 | 102 |
99 events = list(storage_writer.GetEvents()) | 103 events = list(storage_writer.GetSortedEvents()) |
100 | 104 |
101 event = events[0] | 105 event = events[1] |
102 event_timestamp = timelib.Timestamp.CopyToIsoFormat( | 106 |
103 event.timestamp) | 107 expected_timestamp = timelib.Timestamp.CopyFromString( |
104 self.assertEqual(event_timestamp, '2012-01-22T07:52:33+00:00') | 108 '2012-01-22 07:52:33') |
109 self.assertEqual(event.timestamp, expected_timestamp) | |
110 | |
105 self.assertEqual(event.hostname, 'myhostname.myhost.com') | 111 self.assertEqual(event.hostname, 'myhostname.myhost.com') |
106 | 112 |
107 expected_message = ( | 113 expected_message = ( |
108 '[client, pid: 30840] INFO No new content in ímynd.dd.') | 114 '[client, pid: 30840] INFO No new content in ímynd.dd.') |
109 self._TestGetMessageStrings(event, expected_message, expected_message) | 115 self._TestGetMessageStrings(event, expected_message, expected_message) |
110 | 116 |
111 event = events[6] | 117 event = events[6] |
112 event_timestamp = timelib.Timestamp.CopyToIsoFormat( | 118 |
113 event.timestamp) | 119 expected_timestamp = timelib.Timestamp.CopyFromString( |
114 self.assertEqual(event_timestamp, '2012-02-29T01:15:43+00:00') | 120 '2012-02-29 01:15:43') |
121 self.assertEqual(event.timestamp, expected_timestamp) | |
115 | 122 |
116 # Testing year increment. | 123 # Testing year increment. |
117 event = events[8] | 124 event = events[8] |
118 event_timestamp = timelib.Timestamp.CopyToIsoFormat( | |
119 event.timestamp) | |
120 self.assertEqual(event_timestamp, '2013-03-23T23:01:18+00:00') | |
121 | 125 |
122 event = events[10] | 126 expected_timestamp = timelib.Timestamp.CopyFromString( |
127 '2013-03-23 23:01:18') | |
128 self.assertEqual(event.timestamp, expected_timestamp) | |
129 | |
130 event = events[11] | |
123 expected_reporter = '/sbin/anacron' | 131 expected_reporter = '/sbin/anacron' |
124 self.assertEqual(event.reporter, expected_reporter) | 132 self.assertEqual(event.reporter, expected_reporter) |
125 | 133 |
126 event = events[11] | 134 event = events[10] |
127 expected_message = ( | 135 expected_message = ( |
128 '[aprocess, pid: 10100] This is a multi-line message that screws up' | 136 '[aprocess, pid: 10100] This is a multi-line message that screws up' |
129 '\tmany syslog parsers.') | 137 '\tmany syslog parsers.') |
130 expected_short_message = ( | 138 expected_short_message = ( |
131 '[aprocess, pid: 10100] This is a multi-line message that screws up' | 139 '[aprocess, pid: 10100] This is a multi-line message that screws up' |
132 '\tmany syslo...') | 140 '\tmany syslo...') |
133 self._TestGetMessageStrings(event, expected_message, expected_short_message) | 141 self._TestGetMessageStrings(event, expected_message, expected_short_message) |
134 | 142 |
135 event = events[14] | 143 event = events[14] |
136 self.assertEqual(event.reporter, 'kernel') | 144 self.assertEqual(event.reporter, 'kernel') |
137 self.assertIsNone(event.hostname) | 145 self.assertIsNone(event.hostname) |
138 expected_message = ( | 146 expected_message = ( |
139 '[kernel] [997.390602] sda2: rw=0, want=65, limit=2') | 147 '[kernel] [997.390602] sda2: rw=0, want=65, limit=2') |
140 expected_short_message = ( | 148 expected_short_message = ( |
141 '[kernel] [997.390602] sda2: rw=0, want=65, limit=2') | 149 '[kernel] [997.390602] sda2: rw=0, want=65, limit=2') |
142 self._TestGetMessageStrings(event, expected_message, expected_short_message) | 150 self._TestGetMessageStrings(event, expected_message, expected_short_message) |
143 | 151 |
144 # Testing non-leap year. | 152 # Testing non-leap year. |
145 parser = syslog.SyslogParser() | 153 parser = syslog.SyslogParser() |
146 knowledge_base_values = {'year': 2013} | 154 knowledge_base_values = {'year': 2013} |
147 storage_writer = self._ParseFile( | 155 storage_writer = self._ParseFile( |
148 ['syslog'], parser, | 156 ['syslog'], parser, |
149 knowledge_base_values=knowledge_base_values) | 157 knowledge_base_values=knowledge_base_values) |
150 | 158 |
151 self.assertEqual(storage_writer.number_of_events, 15) | 159 self.assertEqual(storage_writer.number_of_events, 15) |
152 | 160 |
153 | 161 |
154 if __name__ == '__main__': | 162 if __name__ == '__main__': |
155 unittest.main() | 163 unittest.main() |
OLD | NEW |