Permalink
Browse files

Removing previous methods of tests.

That's right folks, fixtures don't really make sense here. Instead I have opted
to go through and validate almost* every value of each message that was in
fixtures. This has caused me to find two problems, one with ISO8601 parsing but
I blame other people for that, but also with the structured data parsing so as
of this commit TESTS FAIL with FIXME left where they need fixing.

* Times in 3164 tests are not immediately tested because they feature no year
and no TZ, new Date('...') will use this TZ and it's known DST, and this year.
Tests will break until I find a better way of doing things.
  • Loading branch information...
1 parent 525877c commit 29ad115e98abeb23dac9f0b5423f9a672ce71e05 @squeeks committed Mar 6, 2013
Showing with 170 additions and 34 deletions.
  1. +0 −8 test/fixtures/RFC3164.json
  2. +0 −6 test/fixtures/RFC5424.json
  3. +80 −12 test/parse-3164.js
  4. +90 −8 test/parse-5424.js
@@ -1,8 +0,0 @@
-[
- "<13>Feb 5 17:32:18 10.0.0.99 Use the BFG!",
- "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8",
- "<191>94103: 51w2d: DHCPD: assigned IP address 10.10.1.94 to client 0100.01c4.21d3.b3",
- "<32>Mar 05 2011 22:21:02: %ASA-6-302013: Built inbound TCP connection 401 for outside:123.123.123.123/4413 (123.123.123.123/4413) to net:BOX/25 (BOX/25)",
- "<32>Mar 16 15:10:26 SyslogAlertForwarder: Attack P2P: HotSpot Shield Traffic Detected (Medium)\u0000\",\"",
- "<13>Mar 15 11:22:40 myhost.com 0 11,03/15/12,11:22:38,§ó·s,10.10.10.171,,40C6A91373B6,"
-]
@@ -1,6 +0,0 @@
-[
- "<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - %% It's time to make the do-nuts.",
- "<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut=\"3\" eventSource= \"Application\" eventID=\"1011\"] BOMAn application event log entry...",
- "<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut=\"3\" eventSource= \"Application\" eventID=\"1011\"][examplePriority@32473 class=\"high\"] ",
- "<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8"
-]
View
@@ -1,28 +1,96 @@
var syslogParser = require('../lib/glossy/parse.js'),
- assert = require('assert'),
- fs = require('fs');
+ assert = require('assert');
assert.ok(syslogParser, 'parser loaded');
-var messages = JSON.parse(fs.readFileSync(__dirname + '/fixtures/RFC3164.json', 'utf8'));
-
-for(message in messages) {
- parsed = syslogParser.parse(messages[message]);
- assert.ok(parsed);
-};
-
-syslogParser.parse(messages[0], function(parsedMessage){
+var doubleSpaced = "<13>Feb 5 17:32:18 10.0.0.99 Use the BFG!";
+syslogParser.parse(doubleSpaced, function(parsedMessage){
var expectedData = {
- originalMessage: '<13>Feb 5 17:32:18 10.0.0.99 Use the BFG!',
+ originalMessage: doubleSpaced,
prival: 13,
facilityID: 1,
severityID: 5,
facility: 'user',
severity: 'notice',
type: 'RFC3164',
- time: new Date('Tue Feb 05 2013 17:32:18 GMT+0000'),
host: '10.0.0.99',
message: 'Use the BFG!' };
+
+ delete parsedMessage.time;
+ assert.deepEqual(parsedMessage, expectedData);
+});
+
+var withCommand = "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8";
+syslogParser.parse(withCommand, function(parsedMessage){
+ var expectedData = {
+ originalMessage: withCommand,
+ prival: 34,
+ facilityID: 4,
+ severityID: 2,
+ facility: 'auth',
+ severity: 'crit',
+ type: 'RFC3164',
+ host: 'mymachine',
+ message: "su: 'su root' failed for lonvick on /dev/pts/8" };
+
+ var parsedDate = parsedMessage.time;
+ delete parsedMessage.time;
+
+ assert.equal(parsedDate.getUTCMonth(), 9);
+ assert.equal(parsedDate.getUTCHours(), 21);
+ assert.deepEqual(parsedMessage, expectedData);
+
+});
+
+var withDifficultTime = "<191>94103: 51w2d: DHCPD: assigned IP address 10.10.1.94 to client 0100.01c4.21d3.b3";
+syslogParser.parse(withDifficultTime, function(parsedMessage){
+ var expectedData = {
+ originalMessage: withDifficultTime,
+ prival: 191,
+ facilityID: 23,
+ severityID: 7,
+ facility: 'local7',
+ severity: 'debug',
+ type: 'RFC3164',
+ time: undefined,
+ message: '51w2d: DHCPD: assigned IP address 10.10.1.94 to client 0100.01c4.21d3.b3'};
+
+ assert.deepEqual(parsedMessage, expectedData);
+});
+
+var withYear = "<32>Mar 05 2011 22:21:02: %ASA-6-302013: Built inbound TCP connection 401 for outside:123.123.123.123/4413 (123.123.123.123/4413) to net:BOX/25 (BOX/25)";
+syslogParser.parse(withYear, function(parsedMessage){
+ var expectedData = {
+ originalMessage: withYear,
+ prival: 32,
+ facilityID: 4,
+ severityID: 0,
+ facility: 'auth',
+ severity: 'emerg',
+ type: 'RFC3164',
+ time: undefined,
+ host: '22:21:02:',
+ message: '%ASA-6-302013: Built inbound TCP connection 401 for outside:123.123.123.123/4413 (123.123.123.123/4413) to net:BOX/25 (BOX/25)' };
+
+ assert.deepEqual(parsedMessage, expectedData);
+});
+
+var withSpaces = "<13>Mar 15 11:22:40 myhost.com 0 11,03/15/12,11:22:38,§ó·s,10.10.10.171,,40C6A91373B6,";
+syslogParser.parse(withSpaces, function(parsedMessage){
+ var expectedData = {
+ originalMessage: withSpaces,
+ prival: 13,
+ facilityID: 1,
+ severityID: 5,
+ facility: 'user',
+ severity: 'notice',
+ type: 'RFC3164',
+ host: 'myhost.com',
+ message: ' 0 11,03/15/12,11:22:38,§ó·s,10.10.10.171,,40C6A91373B6,' };
+ delete parsedMessage.time;
+ console.log(parsedMessage);
assert.deepEqual(parsedMessage, expectedData);
+
});
+
View
@@ -1,14 +1,96 @@
var syslogParser = require('../lib/glossy/parse.js'),
- assert = require('assert'),
- fs = require('fs');
+ assert = require('assert');
assert.ok(syslogParser, 'parser loaded');
-var messages = JSON.parse(fs.readFileSync(__dirname + '/fixtures/RFC5424.json', 'utf8'));
+var withPrecisionTime = "<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - %% It's time to make the do-nuts.";
+syslogParser.parse(withPrecisionTime, function(parsedMessage){
+ var expectedData = {
+ originalMessage: withPrecisionTime,
+ prival: 165,
+ facilityID: 20,
+ severityID: 5,
+ facility: 'local4',
+ severity: 'notice',
+ host: '192.0.2.1',
+ appName: 'myproc',
+ pid: '8710',
+ msgID: null,
+ message: "%% It's time to make the do-nuts." };
+
+ delete parsedMessage.time;
+ assert.deepEqual(parsedMessage, expectedData);
+});
-for(message in messages) {
- parsed = syslogParser.parse(messages[message]);
- assert.ok(parsed);
-};
+// FIXME 3 minute offset from UTC?!
+var with8601 = "<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8";
+syslogParser.parse(with8601, function(parsedMessage){
+ var expectedData = {
+ originalMessage: with8601,
+ prival: 34,
+ facilityID: 4,
+ severityID: 2,
+ facility: 'auth',
+ severity: 'crit',
+ time: new Date('2003-10-11T22:14:15.003Z'),
+ host: 'mymachine.example.com',
+ appName: 'su',
+ pid: null,
+ msgID: 'ID47',
+ message: "BOM'su root' failed for lonvick on /dev/pts/8" };
+
+ assert.deepEqual(parsedMessage, expectedData);
+});
+
+// FIXME 3 minute offset from UTC?!
+var withSD = '<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource= "Application" eventID="1011"] BOMAn application event log entry...';
+syslogParser.parse(withSD, function(parsedMessage){
+ var expectedData = {
+ originalMessage: withSD,
+ prival: 165,
+ facilityID: 20,
+ severityID: 5,
+ facility: 'local4',
+ severity: 'notice',
+ time: new Date('2003-10-11T22:14:15.003Z'),
+ host: 'mymachine.example.com',
+ appName: 'evntslog',
+ pid: null,
+ msgID: 'ID47',
+ structuredData: { 'exampleSDID@32473': { iut: '3', eventID: '1011' } }, //FIXME " shouldn't be there
+ message: 'BOMAn application event log entry...' };
+
+ assert.deepEqual(parsedMessage, expectedData);
+});
+
+// FIXME 3 minute offset from UTC?!
+var withDoubleSD = '<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource= "Application" eventID="1011"][examplePriority@32473 class="high"] ';
+syslogParser.parse(withSD, function(parsedMessage){
+ var expectedStructuredData = {
+ 'exampleSDID@32473': {
+ iut: '3',
+ eventID: '1011'
+ },
+ 'examplePriority@32473': {
+ 'class': 'high'
+ }
+ };
+
+ var expectedData = {
+ originalMessage: withDoubleSD,
+ prival: 165,
+ facilityID: 20,
+ severityID: 5,
+ facility: 'local4',
+ severity: 'notice',
+ time: new Date('2003-10-11T22:14:15.003Z'),
+ host: 'mymachine.example.com',
+ appName: 'evntslog',
+ pid: null,
+ msgID: 'ID47',
+ structuredData: expectedStructuredData, //FIXME Both sets should be there
+ message: 'BOMAn application event log entry...' };
+
+ assert.deepEqual(parsedMessage, expectedData);
+});
-//TODO expand tests further

0 comments on commit 29ad115

Please sign in to comment.