static void
test_simple_rule_with_rate_limited_action(void)
{
/* tag assigned based on "class" */
assert_msg_matches_and_has_tag("simple-message-with-rate-limited-action", ".classifier.violation", TRUE);
/* messages in the output:
* [0] trigger
* [1] GENERATED (as rate limit was met)
* [2] trigger
* [3] trigger
* [4] trigger
* [5] GENERATED (as rate limit was met again due to advance time */
assert_msg_matches_and_output_message_nvpair_equals("simple-message-with-rate-limited-action", 1, "MESSAGE",
"generated-message-rate-limit");
_dont_reset_patterndb_state_for_the_next_call();
assert_msg_matches_and_no_such_output_message("simple-message-with-rate-limited-action", 3);
_dont_reset_patterndb_state_for_the_next_call();
assert_msg_matches_and_no_such_output_message("simple-message-with-rate-limited-action", 4);
_dont_reset_patterndb_state_for_the_next_call();
_advance_time(120);
assert_msg_matches_and_output_message_nvpair_equals("simple-message-with-rate-limited-action", 5, "MESSAGE",
"generated-message-rate-limit");
}
void
assert_msg_matches_and_output_message_has_tag_with_timeout(const gchar *pattern, gint timeout, gint ndx, const gchar *tag, gboolean set)
{
LogMessage *msg;
msg = _construct_message("prog2", pattern);
_process(msg);
_advance_time(timeout);
assert_output_message_has_tag(ndx, tag, set);
log_msg_unref(msg);
}
void
assert_msg_matches_and_output_message_nvpair_equals_with_timeout(const gchar *pattern, gint timeout, gint ndx, const gchar *name, const gchar *value)
{
LogMessage *msg;
msg = _construct_message("prog2", pattern);
_process(msg);
_advance_time(timeout);
assert_output_message_nvpair_equals(ndx, name, value);
log_msg_unref(msg);
}
void
test_patterndb_message_property_inheritance_context(void)
{
_load_pattern_db_from_string(pdb_inheritance_context_skeleton);
_feed_message_to_correllation_state("prog2", "pattern-with-inheritance-context", "merged1", "merged1");
_feed_message_to_correllation_state("prog2", "pattern-with-inheritance-context", "merged2", "merged2");
_advance_time(60);
assert_output_message_nvpair_equals(2, "MESSAGE", "action message");
assert_output_message_nvpair_equals(2, "merged1", "merged1");
assert_output_message_nvpair_equals(2, "merged2", "merged2");
assert_output_message_has_tag(2, "actiontag", TRUE);
_destroy_pattern_db();
}
