static void test_simple_rule_with_rate_limited_action(void) { /* tag assigned based on "class" */ assert_msg_matches_and_has_tag("simple-message-with-rate-limited-action", ".classifier.violation", TRUE); /* messages in the output: * [0] trigger * [1] GENERATED (as rate limit was met) * [2] trigger * [3] trigger * [4] trigger * [5] GENERATED (as rate limit was met again due to advance time */ assert_msg_matches_and_output_message_nvpair_equals("simple-message-with-rate-limited-action", 1, "MESSAGE", "generated-message-rate-limit"); _dont_reset_patterndb_state_for_the_next_call(); assert_msg_matches_and_no_such_output_message("simple-message-with-rate-limited-action", 3); _dont_reset_patterndb_state_for_the_next_call(); assert_msg_matches_and_no_such_output_message("simple-message-with-rate-limited-action", 4); _dont_reset_patterndb_state_for_the_next_call(); _advance_time(120); assert_msg_matches_and_output_message_nvpair_equals("simple-message-with-rate-limited-action", 5, "MESSAGE", "generated-message-rate-limit"); }
void assert_msg_matches_and_output_message_has_tag_with_timeout(const gchar *pattern, gint timeout, gint ndx, const gchar *tag, gboolean set) { LogMessage *msg; msg = _construct_message("prog2", pattern); _process(msg); _advance_time(timeout); assert_output_message_has_tag(ndx, tag, set); log_msg_unref(msg); }
void assert_msg_matches_and_output_message_nvpair_equals_with_timeout(const gchar *pattern, gint timeout, gint ndx, const gchar *name, const gchar *value) { LogMessage *msg; msg = _construct_message("prog2", pattern); _process(msg); _advance_time(timeout); assert_output_message_nvpair_equals(ndx, name, value); log_msg_unref(msg); }
void test_patterndb_message_property_inheritance_context(void) { _load_pattern_db_from_string(pdb_inheritance_context_skeleton); _feed_message_to_correllation_state("prog2", "pattern-with-inheritance-context", "merged1", "merged1"); _feed_message_to_correllation_state("prog2", "pattern-with-inheritance-context", "merged2", "merged2"); _advance_time(60); assert_output_message_nvpair_equals(2, "MESSAGE", "action message"); assert_output_message_nvpair_equals(2, "merged1", "merged1"); assert_output_message_nvpair_equals(2, "merged2", "merged2"); assert_output_message_has_tag(2, "actiontag", TRUE); _destroy_pattern_db(); }