merge(#1915): '4.5' into dev branch

wazuh · Feb 9, 2023 · 876c3b0 · 876c3b0
2 parents d211506 + 67dd63e
commit 876c3b0
Show file tree

Hide file tree

Showing 2 changed files with 101 additions and 61 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,6 +20,7 @@ Release report: TBD
 
 - Update FIM test to new FIM DBSync process  ([#2728](https://github.com/wazuh/wazuh-qa/pull/2728)) \- (Framework + Tests)
 - Update file_limit and registry_limit tests ([#3280](https://github.com/wazuh/wazuh-qa/pull/3280)) \- (Tests)
+- Change expected timestamp for proftpd analysisd test predecoder test case ([#3900](https://github.com/wazuh/wazuh-qa/pull/3900)) \- (Tests)
 - Skip test_large_changes test module ([#3783](https://github.com/wazuh/wazuh-qa/pull/3783)) \- (Tests)
 - Update report_changes tests ([#3405](https://github.com/wazuh/wazuh-qa/pull/3405)) \- (Tests)
 - Update Authd force_insert tests ([#3379](https://github.com/wazuh/wazuh-qa/pull/3379)) \- (Tests)

diff --git a/tests/integration/test_analysisd/test_predecoder_stage/data/syslog_socket_input.yaml b/tests/integration/test_analysisd/test_predecoder_stage/data/syslog_socket_input.yaml
@@ -1,71 +1,110 @@
----
--
-  name: "Syslog date format 1"
-  description: "Check valid input"
+- name: Syslog date format 1
+  description: Check valid input
   test_case:
-  -
-    input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "Dec 29 10:00:01 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}'
-    output: '{"program_name":"sshd","timestamp":"Dec 29 10:00:01","hostname":"linux-agent"}'
--
-  name: "Syslog date format 2"
-  description: "Check valid input"
+    - input: >-
+        {"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"},
+        "command": "log_processing", "parameters": {"location":"master->/var/log/syslog",
+        "log_format": "syslog", "event": "Dec 29 10:00:01 linux-agent sshd[29205]: Invalid user blimey from
+        18.18.18.18 port 48928", "token": "21218e6b"}}
+      output: >-
+        {"program_name":"sshd","timestamp":"Dec 29
+        10:00:01","hostname":"linux-agent"}
+
+- name: Syslog date format 2
+  description: Check valid input
   test_case:
-  -
-    input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "2015 Dec 29 10:00:01 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}'
-    output: '{"program_name":"sshd","timestamp":"2015 Dec 29 10:00:01"}'
--
-  name: "Syslog date format for rsyslog"
-  description: "Check valid input"
+    - input: >-
+        {"version": 1, "origin": {"name": "wazuh-logtest", "module":
+        "wazuh-logtest"}, "command": "log_processing", "parameters":
+        {"location":"master->/var/log/syslog", "log_format": "syslog", "event":
+        "2015 Dec 29 10:00:01 linux-agent sshd[29205]: Invalid user blimey from
+        18.18.18.18 port 48928", "token": "21218e6b"}}
+      output: '{"program_name":"sshd","timestamp":"2015 Dec 29 10:00:01"}'
+
+- name: Syslog date format for rsyslog
+  description: Check valid input
   test_case:
-  -
-    input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "2009-05-22T09:36:46.214994-07:00 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}'
-    output: '{"program_name":"sshd","timestamp":"2009-05-22T09:36:46.214994-07:00"}'
--
-  name: "Syslog date format for proftpd 1.3.5"
-  description: "Check valid input"
+    - input: >-
+        {"version": 1, "origin": {"name": "wazuh-logtest", "module":
+        "wazuh-logtest"}, "command": "log_processing", "parameters":
+        {"location":"master->/var/log/syslog", "log_format": "syslog", "event":
+        "2009-05-22T09:36:46.214994-07:00 linux-agent sshd[29205]: Invalid user
+        blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}
+      output: '{"program_name":"sshd","timestamp":"2009-05-22T09:36:46.214994-07:00"}'
+
+- name: Syslog date format for proftpd 1.3.5
+  description: Check valid input
   test_case:
-  -
-    input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "2015-04-16 21:51:02,805 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}'
-    output: '{"program_name":"sshd","timestamp":"2015-04-16 21:51:02,80"}'
--
-  name: "Syslog date format for xferlog date format"
-  description: "Check valid input"
+    - input: >-
+        {"version": 1, "origin": {"name": "wazuh-logtest", "module":
+        "wazuh-logtest"}, "command": "log_processing", "parameters":
+        {"location":"master->/var/log/syslog", "log_format": "syslog", "event":
+        "2015-04-16 21:51:02,805 linux-agent sshd[29205]: Invalid user blimey
+        from 18.18.18.18 port 48928", "token": "21218e6b"}}
+      output: '{"program_name":"sshd","timestamp":"2015-04-16 21:51:02,805"}'
+
+- name: Syslog date format for xferlog date format
+  description: Check valid input
   test_case:
-  -
-    input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "Mon Apr 17 18:27:14 2006 1 64.160.42.130 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}'
-    output: '{"timestamp":"Mon Apr 17 18:27:14 2006"}'
--
-  name: "Syslog date format for snort date format"
-  description: "Check valid input"
+    - input: >-
+        {"version": 1, "origin": {"name": "wazuh-logtest", "module":
+        "wazuh-logtest"}, "command": "log_processing", "parameters":
+        {"location":"master->/var/log/syslog", "log_format": "syslog", "event":
+        "Mon Apr 17 18:27:14 2006 1 64.160.42.130 linux-agent sshd[29205]:
+        Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}
+      output: '{"timestamp":"Mon Apr 17 18:27:14 2006"}'
+
+- name: Syslog date format for snort date format
+  description: Check valid input
   test_case:
-  -
-    input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "01/28-09:13:16.240702 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}'
-    output: '{"timestamp":"01/28-09:13:16.240702"}'
--
-  name: "Syslog date format for suricata date format"
-  description: "Check valid input"
+    - input: >-
+        {"version": 1, "origin": {"name": "wazuh-logtest", "module":
+        "wazuh-logtest"}, "command": "log_processing", "parameters":
+        {"location":"master->/var/log/syslog", "log_format": "syslog", "event":
+        "01/28-09:13:16.240702 linux-agent sshd[29205]: Invalid user blimey from
+        18.18.18.18 port 48928", "token": "21218e6b"}}
+      output: '{"timestamp":"01/28-09:13:16.240702"}'
+
+- name: Syslog date format for suricata date format
+  description: Check valid input
   test_case:
-  -
-    input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "01/28/1979-09:13:16.240702 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}'
-    output: '{"timestamp":"01/28/1979-09:13:16.240702"}'
--
-  name: "Syslog date format for apache log format"
-  description: "Check valid input"
+    - input: >-
+        {"version": 1, "origin": {"name": "wazuh-logtest", "module":
+        "wazuh-logtest"}, "command": "log_processing", "parameters":
+        {"location":"master->/var/log/syslog", "log_format": "syslog", "event":
+        "01/28/1979-09:13:16.240702 linux-agent sshd[29205]: Invalid user blimey
+        from 18.18.18.18 port 48928", "token": "21218e6b"}}
+      output: '{"timestamp":"01/28/1979-09:13:16.240702"}'
+
+- name: Syslog date format for apache log format
+  description: Check valid input
   test_case:
-  -
-    input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "[Fri Feb 11 18:06:35 2004] [warn] linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}'
-    output: '{"timestamp":"Fri Feb 11 18:06:35 2004"}'
--
-  name: "Syslog date format for macos ULS --syslog output"
-  description: "Check valid input"
+    - input: >-
+        {"version": 1, "origin": {"name": "wazuh-logtest", "module":
+        "wazuh-logtest"}, "command": "log_processing", "parameters":
+        {"location":"master->/var/log/syslog", "log_format": "syslog", "event":
+        "[Fri Feb 11 18:06:35 2004] [warn] linux-agent sshd[29205]: Invalid user
+        blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}
+      output: '{"timestamp":"Fri Feb 11 18:06:35 2004"}'
+
+- name: Syslog date format for macos ULS --syslog output
+  description: Check valid input
   test_case:
-  -
-    input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "2021-04-21 10:16:09.404756-0700 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}'
-    output: '{"program_name":"sshd","timestamp":"2021-04-21 10:16:09.404756-0700"}'
--
-  name: "Syslog Umlaut date format"
-  description: "Check valid input"
+    - input: >-
+        {"version": 1, "origin": {"name": "wazuh-logtest", "module":
+        "wazuh-logtest"}, "command": "log_processing", "parameters":
+        {"location":"master->/var/log/syslog", "log_format": "syslog", "event":
+        "2021-04-21 10:16:09.404756-0700 linux-agent sshd[29205]: Invalid user
+        blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}
+      output: '{"program_name":"sshd","timestamp":"2021-04-21 10:16:09.404756-0700"}'
+
+- name: Syslog Umlaut date format
+  description: Check valid input
   test_case:
-  -
-    input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "Mär 02 17:30:52 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}'
-    output: '{"program_name":"sshd","timestamp":"Mär 02 17:30:5"}'
+    - input: >-
+        {"version": 1, "origin": {"name": "wazuh-logtest", "module":
+        "wazuh-logtest"}, "command": "log_processing", "parameters":
+        {"location":"master->/var/log/syslog", "log_format": "syslog", "event":
+        "Mär 02 17:30:52 linux-agent sshd[29205]: Invalid user blimey from
+        18.18.18.18 port 48928", "token": "21218e6b"}}
+      output: '{"program_name":"sshd","timestamp":"Mär 02 17:30:5"}'