void check_val_in_hash_clone(gchar *msg, LogMessage *self,LogMessage *msg_clone , const gchar* pair[2]) { const gchar * a1 = log_msg_get_value(self, log_msg_get_value_handle(pair[0]), NULL); const gchar * a2 = log_msg_get_value(msg_clone, log_msg_get_value_handle(pair[0]), NULL); TEST_ASSERT(strcmp( a1, pair[1]) == 0 && strcmp(a2, pair[1] ) == 0, "%s", a1, a2); }
int testcase_replace(const gchar *log, const gchar *re, gchar *replacement, const gchar *expected_result, const gint matcher_flags, LogMatcher *m) { LogMessage *msg; LogTemplate *r; gchar *result; gssize length; gchar buf[1024]; gssize msglen; NVHandle nonasciiz = log_msg_get_value_handle("NON-ASCIIZ"); const gchar *value; GSockAddr *sa; sa = g_sockaddr_inet_new("10.10.10.10", 1010); msg = log_msg_new(log, strlen(log), sa, &parse_options); g_sockaddr_unref(sa); /* NOTE: we test how our matchers cope with non-zero terminated values. We don't change message_len, only the value */ g_snprintf(buf, sizeof(buf), "%sAAAAAAAAAAAA", log_msg_get_value(msg, LM_V_MESSAGE, &msglen)); log_msg_set_value(msg, log_msg_get_value_handle("MESSAGE2"), buf, -1); /* add a non-zero terminated indirect value which contains the whole message */ log_msg_set_value_indirect(msg, nonasciiz, log_msg_get_value_handle("MESSAGE2"), 0, 0, msglen); log_matcher_set_flags(m, matcher_flags); log_matcher_compile(m, re); r = log_template_new(configuration, NULL); log_template_compile(r, replacement, NULL); NVTable *nv_table = nv_table_ref(msg->payload); value = log_msg_get_value(msg, nonasciiz, &msglen); result = log_matcher_replace(m, msg, nonasciiz, value, msglen, r, &length); value = log_msg_get_value(msg, nonasciiz, &msglen); nv_table_unref(nv_table); if (strncmp(result ? result : value, expected_result, result ? length : msglen) != 0) { fprintf(stderr, "Testcase failure. pattern=%s, result=%.*s, expected=%s\n", re, (gint) length, result ? result : value, expected_result); exit(1); } g_free(result); log_template_unref(r); log_matcher_unref(m); log_msg_unref(msg); return 0; }
static void test_kv_parser_basics(void) { LogMessage *msg; msg = parse_kv_into_log_message("foo=bar"); assert_log_message_value(msg, log_msg_get_value_handle("foo"), "bar"); log_msg_unref(msg); kv_parser_set_prefix(kv_parser, ".prefix."); msg = parse_kv_into_log_message("foo=bar"); assert_log_message_value(msg, log_msg_get_value_handle(".prefix.foo"), "bar"); log_msg_unref(msg); }
static void test_geoip_parser_basics(void) { LogMessage *msg; msg = parse_geoip_into_log_message("217.20.130.99"); assert_log_message_value(msg, log_msg_get_value_handle(".geoip.country_code"), "HU"); log_msg_unref(msg); geoip_parser_set_prefix(geoip_parser, ".prefix."); msg = parse_geoip_into_log_message("217.20.130.99"); assert_log_message_value(msg, log_msg_get_value_handle(".prefix.country_code"), "HU"); log_msg_unref(msg); }
LogMessage * construct_log_message_with_all_bells_and_whistles(void) { LogMessage *msg = construct_log_message(); nv_handle = log_msg_get_value_handle("foo"); sd_handle = log_msg_get_value_handle(".SDATA.foo.bar"); log_msg_set_value(msg, nv_handle, "value", -1); log_msg_set_value(msg, sd_handle, "value", -1); msg->saddr = g_sockaddr_inet_new("1.2.3.4", 5050); log_msg_set_tag_by_name(msg, tag_name); return msg; }
void test_rule_value_without_clean(const gchar *program, const gchar *pattern, const gchar *name, const gchar *value) { gboolean result; LogMessage *msg = log_msg_new_empty(); gboolean found = FALSE; const gchar *val; gssize len; PDBInput input; log_msg_set_value(msg, LM_V_MESSAGE, pattern, strlen(pattern)); log_msg_set_value(msg, LM_V_PROGRAM, program, 5); log_msg_set_value(msg, LM_V_HOST, MYHOST, strlen(MYHOST)); log_msg_set_value(msg, LM_V_PID, MYPID, strlen(MYPID)); result = pattern_db_process(patterndb, PDB_INPUT_WRAP_MESSAGE(&input, msg)); val = log_msg_get_value(msg, log_msg_get_value_handle(name), &len); if (value) found = strcmp(val, value) == 0; if (!!value ^ (len > 0)) test_fail("Value '%s' is %smatching for pattern '%s' (%d)\n", name, found ? "" : "not ", pattern, !!result); log_msg_unref(msg); }
static void pdb_message_apply(PDBMessage *self, PDBContext *context, LogMessage *msg, GString *buffer) { gint i; if (self->tags) { for (i = 0; i < self->tags->len; i++) log_msg_set_tag_by_id(msg, g_array_index(self->tags, LogTagId, i)); } if (self->values) { for (i = 0; i < self->values->len; i++) { log_template_format_with_context(g_ptr_array_index(self->values, i), context ? (LogMessage **) context->messages->pdata : &msg, context ? context->messages->len : 1, NULL, LTZ_LOCAL, 0, context ? context->key.session_id : NULL, buffer); log_msg_set_value(msg, log_msg_get_value_handle(((LogTemplate *) g_ptr_array_index(self->values, i))->name), buffer->str, buffer->len); } } }
//FIXME use log msg value lookup void check_val_in_hash(gchar *msg, LogMessage *self, const gchar* pair[2]) { const gchar *a = log_msg_get_value(self, log_msg_get_value_handle(pair[0]), NULL); TEST_ASSERT(strcmp(a, pair[1]) == 0, "%s", a, pair[1]); }
FilterExprNode * filter_in_list_new(const gchar *list_file, const gchar *property) { FilterInList *self; FILE *stream; gchar line[16384]; stream = fopen(list_file, "r"); if (!stream) { msg_error("Error opening in-list filter list file", evt_tag_str("file", list_file), evt_tag_errno("errno", errno), NULL); return NULL; } self = g_new0(FilterInList, 1); filter_expr_node_init_instance(&self->super); self->value_handle = log_msg_get_value_handle(property); self->tree = g_tree_new_full((GCompareDataFunc)strcmp, NULL, g_free, NULL); while (fgets(line, sizeof(line), stream) != NULL) { line[strlen(line) - 1] = '\0'; if (line[0]) g_tree_insert(self->tree, g_strdup(line), GINT_TO_POINTER(1)); } fclose(stream); self->super.eval = filter_in_list_eval; self->super.free_fn = filter_in_list_free; return &self->super; }
static void assert_log_kmsg_value(LogMessage *message, const gchar *key, const gchar *expected_value) { const gchar *actual_value = log_msg_get_value(message, log_msg_get_value_handle(key), NULL); assert_string(actual_value, expected_value, NULL); }
void assert_log_message_sdata_pairs(LogMessage *message, const gchar *expected_sd_pairs[][2]) { gint i; for (i = 0; expected_sd_pairs && expected_sd_pairs[i][0] != NULL;i++) { const gchar *actual_value = log_msg_get_value(message, log_msg_get_value_handle(expected_sd_pairs[i][0]), NULL); assert_string(actual_value, expected_sd_pairs[i][1], NULL); } }
void __test_other_has_prefix(TestCase *self, LogMessage *msg) { gchar *requested_name = g_strdup_printf("%s%s", (gchar *) self->user_data, "_CMDLINE"); NVHandle handle = log_msg_get_value_handle(requested_name); gssize value_len; const gchar *value = log_msg_get_value(msg, handle, &value_len); assert_string(value, "sshd: foo_user [priv]", ASSERTION_ERROR("Bad value for prefixed key")); g_free(requested_name); }
void __test_message_has_no_prefix(TestCase *self, LogMessage *msg) { gchar *requested_name = g_strdup_printf("%s%s", (gchar *)self->user_data, "MESSAGE"); NVHandle handle = log_msg_get_value_handle(requested_name); gssize value_len; log_msg_get_value(msg, handle, &value_len); assert_gint(value_len, 0, ASSERTION_ERROR("MESSAGE has prefix")); g_free(requested_name); }
void set_new_log_message_attributes(LogMessage *log_message) { log_msg_set_value(log_message, LM_V_HOST, "newhost", -1); log_msg_set_value(log_message, LM_V_HOST_FROM, "newhost", -1); log_msg_set_value(log_message, LM_V_MESSAGE, "newmsg", -1); log_msg_set_value(log_message, LM_V_PROGRAM, "newprogram", -1); log_msg_set_value(log_message, LM_V_PID, "newpid", -1); log_msg_set_value(log_message, LM_V_MSGID, "newmsgid", -1); log_msg_set_value(log_message, LM_V_SOURCE, "newsource", -1); log_msg_set_value(log_message, log_msg_get_value_handle("newvalue"), "newvalue", -1); }
static void affile_sd_queue(LogPipe *s, LogMessage *msg, const LogPathOptions *path_options, gpointer user_data) { AFFileSourceDriver *self = (AFFileSourceDriver *) s; static NVHandle filename_handle = 0; if (!filename_handle) filename_handle = log_msg_get_value_handle("FILE_NAME"); log_msg_set_value(msg, filename_handle, self->filename->str, self->filename->len); log_src_driver_queue_method(s, msg, path_options, user_data); }
static void assert_msg_doesnot_match(const gchar *message) { LogMessage *msg; gboolean result; msg = _construct_message("prog1", message); result = _process(msg); assert_false(result, "patterndb expected to match but it didn't"); assert_log_message_value(msg, log_msg_get_value_handle(".classifier.class"), "unknown"); assert_log_message_has_tag(msg, ".classifier.unknown"); log_msg_unref(msg); }
static void assert_msg_with_program_matches_and_nvpair_equals(const gchar *program, const gchar *message, const gchar *name, const gchar *expected_value) { LogMessage *msg; gboolean result; msg = _construct_message(program, message); result = _process(msg); assert_true(result, "patterndb expected to match but it didn't"); assert_log_message_value(msg, log_msg_get_value_handle(name), expected_value); log_msg_unref(msg); }
static void affile_sd_queue(LogPipe *s, LogMessage *msg, const LogPathOptions *path_options) { AFFileSourceDriver *self = (AFFileSourceDriver *) s; static NVHandle filename_handle = 0; if (!filename_handle) filename_handle = log_msg_get_value_handle("FILE_NAME"); log_msg_set_value(msg, filename_handle, self->filename->str, self->filename->len); log_pipe_forward_msg(s, msg, path_options); }
void test_value_pairs_walk_prefix_data(GlobalConfig *cfg) { ValuePairs *vp; LogMessage *msg; const char* value = "value"; NVHandle handle; log_template_options_init(&template_options, cfg); msg_format_options_init(&parse_options, cfg); vp = value_pairs_new(); value_pairs_add_glob_pattern(vp, "root.*", TRUE); msg = log_msg_new("test",4, NULL, &parse_options); handle = log_msg_get_value_handle("root.test.alma"); log_msg_set_value(msg, handle, value, strlen(value)); handle = log_msg_get_value_handle("root.test.korte"); log_msg_set_value(msg, handle, value, strlen(value)); value_pairs_walk(vp, test_vp_obj_start, test_vp_value, test_vp_obj_stop, msg, 0, LTZ_LOCAL, &template_options, NULL); };
int testcase_match(const gchar *log, const gchar *pattern, gint matcher_flags, gboolean expected_result, LogMatcher *m) { LogMessage *msg; gboolean result; gchar buf[1024]; NVHandle nonasciiz = log_msg_get_value_handle("NON-ASCIIZ"); gssize msglen; const gchar *value; GSockAddr *sa; sa = g_sockaddr_inet_new("10.10.10.10", 1010); msg = log_msg_new(log, strlen(log), sa, &parse_options); g_sockaddr_unref(sa); g_snprintf(buf, sizeof(buf), "%sAAAAAAAAAAAA", log_msg_get_value(msg, LM_V_MESSAGE, &msglen)); log_msg_set_value(msg, log_msg_get_value_handle("MESSAGE2"), buf, -1); /* add a non-zero terminated indirect value which contains the whole message */ log_msg_set_value_indirect(msg, nonasciiz, log_msg_get_value_handle("MESSAGE2"), 0, 0, msglen); log_matcher_set_flags(m, matcher_flags); log_matcher_compile(m, pattern); value = log_msg_get_value(msg, nonasciiz, &msglen); result = log_matcher_match(m, msg, nonasciiz, value, msglen); if (result != expected_result) { fprintf(stderr, "Testcase match failure. pattern=%s, result=%d, expected=%d\n", pattern, result, expected_result); exit(1); } log_matcher_unref(m); log_msg_unref(msg); return 0; }
static PyObject * py_log_message_getattr(PyLogMessage *self, gchar *name) { NVHandle handle; const gchar *value; handle = log_msg_get_value_handle(name); value = log_msg_get_value(self->msg, handle, NULL); if (!value) { PyErr_SetString(PyExc_AttributeError, "No such attribute"); return NULL; } return PyBytes_FromString(value); }
static void test_log_msg_get_value_with_time_related_macro(void) { LogMessage *msg; gssize value_len; NVHandle handle; const char *date_value; msg = log_msg_new_empty(); msg->timestamps[LM_TS_STAMP].tv_sec = 1389783444; handle = log_msg_get_value_handle("ISODATE"); date_value = log_msg_get_value(msg, handle, &value_len); assert_string(date_value, "2014-01-15T10:57:23-00:00", "ISODATE macro value does not match!"); log_msg_unref(msg); }
static void testcase(gchar *msg, gchar *timezone, gchar *format, gchar *expected) { LogTemplate *templ; LogMessage *logmsg; LogParser *parser; gboolean success; GString *res = g_string_sized_new(128); parser = date_parser_new (configuration); if (format != NULL) date_parser_set_format(parser, format); if (timezone != NULL) date_parser_set_timezone(parser, timezone); log_pipe_init(&parser->super); logmsg = log_msg_new_empty(); logmsg->timestamps[LM_TS_RECVD].tv_sec = 1451473200; /* Dec 30 2015 */ log_msg_set_value(logmsg, log_msg_get_value_handle("MESSAGE"), msg, -1); success = log_parser_process(parser, &logmsg, NULL, log_msg_get_value(logmsg, LM_V_MESSAGE, NULL), -1); if (!success && expected) { fprintf(stderr, "unable to parse format=%s msg=%s\n", format, msg); exit(1); } else if (success && !expected) { fprintf(stderr, "successfully parsed but expected failure, format=%s msg=%s\n", format, msg); exit(1); } else if (expected) { /* Convert to ISODATE */ templ = compile_template("${ISODATE}", FALSE); log_template_format(templ, logmsg, NULL, LTZ_LOCAL, -1, NULL, res); assert_nstring(res->str, res->len, expected, strlen(expected), "incorrect date parsed msg=%s format=%s", msg, format); log_template_unref(templ); } g_string_free(res, TRUE); log_pipe_unref(&parser->super); log_msg_unref(logmsg); return; }
LogMessage * create_message_with_fields(const char *field_name, ...) { va_list args; const char* arg; LogMessage *msg = log_msg_new_empty(); arg = field_name; va_start(args, field_name); while (arg != NULL) { NVHandle handle = log_msg_get_value_handle(arg); arg = va_arg(args, char*); log_msg_set_value(msg, handle, arg, -1); arg = va_arg(args, char*); } va_end(args); return msg; }
static int lua_message_metatable__index(lua_State *state) { gssize value_len; LogMessage *m = lua_check_and_convert_userdata(state, 1, LUA_MESSAGE_TYPE); const char *key = lua_tostring(state, 2); NVHandle handle = log_msg_get_value_handle(key); const char *value = log_msg_get_value(m, handle, &value_len); msg_trace("Getting value from lua message", evt_tag_str("key",key), evt_tag_str("value",value), NULL); lua_pushlstring(state, value, value_len); return 1; }
static void log_template_add_value_elem(LogTemplateCompiler *self, gchar *value_name, gsize value_name_len, gchar *default_value) { LogTemplateElem *e; gchar *dup; e = g_new0(LogTemplateElem, 1); e->type = LTE_VALUE; e->text_len = self->text ? self->text->len : 0; e->text = self->text ? g_strndup(self->text->str, self->text->len) : NULL; /* value_name is not NUL terminated */ dup = g_strndup(value_name, value_name_len); e->value_handle = log_msg_get_value_handle(dup); g_free(dup); e->default_value = default_value; e->msg_ref = self->msg_ref; self->result = g_list_prepend(self->result, e); }
static void testcase(gchar *msg, goffset offset, gchar *timezone, gchar *format, gchar *expected) { LogTemplate *templ; LogMessage *logmsg; NVTable *nvtable; GlobalConfig *cfg = cfg_new (0x302); LogParser *parser = date_parser_new (cfg); gboolean success; const gchar *context_id = "test-context-id"; GString *res = g_string_sized_new(128); date_parser_set_offset(parser, offset); if (format != NULL) date_parser_set_format(parser, format); if (timezone != NULL) date_parser_set_timezone(parser, timezone); parse_options.flags = 0; logmsg = log_msg_new_empty(); logmsg->timestamps[LM_TS_RECVD].tv_sec = 1438793384; /* Wed Aug 5 2015 */ log_msg_set_value(logmsg, log_msg_get_value_handle("MESSAGE"), msg, -1); nvtable = nv_table_ref(logmsg->payload); success = log_parser_process(parser, &logmsg, NULL, log_msg_get_value(logmsg, LM_V_MESSAGE, NULL), -1); nv_table_unref(nvtable); if (!success) { fprintf(stderr, "unable to parse offset=%d format=%s msg=%s\n", offset, format, msg); exit(1); } /* Convert to ISODATE */ templ = compile_template("${ISODATE}", FALSE); log_template_format(templ, logmsg, NULL, LTZ_LOCAL, 999, context_id, res); assert_nstring(res->str, res->len, expected, strlen(expected), "incorrect date parsed msg=%s offset=%d format=%s", msg, offset, format); log_template_unref(templ); g_string_free(res, TRUE); log_pipe_unref(&parser->super); log_msg_unref(logmsg); return; }
gboolean assert_msg_field_equals_non_fatal(LogMessage *msg, gchar *field_name, gchar *expected_value, gssize expected_value_len, const gchar *error_message, ...) { gssize actual_value_len; const gchar* actual_value; va_list args; gboolean result; if (expected_value_len < 0) expected_value_len = strlen(expected_value); NVHandle handle = log_msg_get_value_handle(field_name); actual_value = log_msg_get_value(msg, handle, &actual_value_len); va_start(args, error_message); result = assert_nstring_non_fatal_va(actual_value, actual_value_len, expected_value, expected_value_len, error_message, args); va_end(args); return result; };
FilterExprNode * filter_in_list_new(const gchar *list_file, const gchar *property) { FilterInList *self; FILE *stream; size_t n; gchar *line = NULL; stream = fopen(list_file, "r"); if (!stream) { msg_error("Error opening in-list filter list file", evt_tag_str("file", list_file), evt_tag_errno("errno", errno), NULL); return NULL; } self = g_new0(FilterInList, 1); filter_expr_node_init(&self->super); self->value_handle = log_msg_get_value_handle(property); self->tree = g_tree_new((GCompareFunc) strcmp); while (getline(&line, &n, stream) != -1) { line[strlen(line) - 1] = '\0'; if (line[0]) g_tree_insert(self->tree, line, GINT_TO_POINTER(1)); line = NULL; } fclose(stream); self->super.eval = filter_in_list_eval; self->super.free_fn = filter_in_list_free; return &self->super; }
void test_rule_action_message_value(const gchar *pattern, gint timeout, gint ndx, const gchar *name, const gchar *value) { LogMessage *msg = log_msg_new_empty(); gboolean found = FALSE, result; const gchar *val; gssize len; PDBInput input; log_msg_set_value(msg, LM_V_MESSAGE, pattern, strlen(pattern)); log_msg_set_value(msg, LM_V_PROGRAM, "prog2", 5); log_msg_set_value(msg, LM_V_HOST, MYHOST, strlen(MYHOST)); log_msg_set_value(msg, LM_V_PID, MYPID, strlen(MYPID)); msg->timestamps[LM_TS_STAMP].tv_sec = msg->timestamps[LM_TS_RECVD].tv_sec; result = pattern_db_process(patterndb, PDB_INPUT_WRAP_MESSAGE(&input, msg)); if (timeout) timer_wheel_set_time(patterndb->timer_wheel, timer_wheel_get_time(patterndb->timer_wheel) + timeout + 1); if (ndx >= messages->len) { test_fail("Expected the %d. message, but no such message was returned by patterndb\n", ndx); goto exit; } val = log_msg_get_value((LogMessage *) g_ptr_array_index(messages, ndx), log_msg_get_value_handle(name), &len); if (value) found = strcmp(val, value) == 0; if (!!value ^ (len > 0)) test_fail("Value '%s' is %smatching for pattern '%s' (%d) index %d\n", name, found ? "" : "not ", pattern, !!result, ndx); exit: log_msg_unref(msg); test_clean_state(); }