From 67dd63e7af8dc393894976f87d9aaa9ecb776e93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Rebollo=20P=C3=A9rez?= Date: Wed, 8 Feb 2023 11:40:39 +0000 Subject: [PATCH] fix(#3899): update analysisd predecoder test * fix(#3899): expected timestamp * docs(#3899): include 1237 to changelog * style(#3899): predecoder yaml cases --- CHANGELOG.md | 1 + .../data/syslog_socket_input.yaml | 161 +++++++++++------- 2 files changed, 101 insertions(+), 61 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 64439c0e5f..71487d04d3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ Release report: TBD ### Changed +- Change expected timestamp for proftpd analysisd test predecoder test case ([#3900](https://github.com/wazuh/wazuh-qa/pull/3900)) \- (Tests) - Skip test_large_changes test module ([#3783](https://github.com/wazuh/wazuh-qa/pull/3783)) \- (Tests) - Update report_changes tests ([#3405](https://github.com/wazuh/wazuh-qa/pull/3405)) \- (Tests) - Update Authd force_insert tests ([#3379](https://github.com/wazuh/wazuh-qa/pull/3379)) \- (Tests) diff --git a/tests/integration/test_analysisd/test_predecoder_stage/data/syslog_socket_input.yaml b/tests/integration/test_analysisd/test_predecoder_stage/data/syslog_socket_input.yaml index 761b859149..a03d427694 100644 --- a/tests/integration/test_analysisd/test_predecoder_stage/data/syslog_socket_input.yaml +++ b/tests/integration/test_analysisd/test_predecoder_stage/data/syslog_socket_input.yaml @@ -1,71 +1,110 @@ ---- -- - name: "Syslog date format 1" - description: "Check valid input" +- name: Syslog date format 1 + description: Check valid input test_case: - - - input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "Dec 29 10:00:01 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}' - output: '{"program_name":"sshd","timestamp":"Dec 29 10:00:01","hostname":"linux-agent"}' -- - name: "Syslog date format 2" - description: "Check valid input" + - input: >- + {"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, + "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", + "log_format": "syslog", "event": "Dec 29 10:00:01 linux-agent sshd[29205]: Invalid user blimey from + 18.18.18.18 port 48928", "token": "21218e6b"}} + output: >- + {"program_name":"sshd","timestamp":"Dec 29 + 10:00:01","hostname":"linux-agent"} + +- name: Syslog date format 2 + description: Check valid input test_case: - - - input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "2015 Dec 29 10:00:01 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}' - output: '{"program_name":"sshd","timestamp":"2015 Dec 29 10:00:01"}' -- - name: "Syslog date format for rsyslog" - description: "Check valid input" + - input: >- + {"version": 1, "origin": {"name": "wazuh-logtest", "module": + "wazuh-logtest"}, "command": "log_processing", "parameters": + {"location":"master->/var/log/syslog", "log_format": "syslog", "event": + "2015 Dec 29 10:00:01 linux-agent sshd[29205]: Invalid user blimey from + 18.18.18.18 port 48928", "token": "21218e6b"}} + output: '{"program_name":"sshd","timestamp":"2015 Dec 29 10:00:01"}' + +- name: Syslog date format for rsyslog + description: Check valid input test_case: - - - input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "2009-05-22T09:36:46.214994-07:00 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}' - output: '{"program_name":"sshd","timestamp":"2009-05-22T09:36:46.214994-07:00"}' -- - name: "Syslog date format for proftpd 1.3.5" - description: "Check valid input" + - input: >- + {"version": 1, "origin": {"name": "wazuh-logtest", "module": + "wazuh-logtest"}, "command": "log_processing", "parameters": + {"location":"master->/var/log/syslog", "log_format": "syslog", "event": + "2009-05-22T09:36:46.214994-07:00 linux-agent sshd[29205]: Invalid user + blimey from 18.18.18.18 port 48928", "token": "21218e6b"}} + output: '{"program_name":"sshd","timestamp":"2009-05-22T09:36:46.214994-07:00"}' + +- name: Syslog date format for proftpd 1.3.5 + description: Check valid input test_case: - - - input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "2015-04-16 21:51:02,805 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}' - output: '{"program_name":"sshd","timestamp":"2015-04-16 21:51:02,80"}' -- - name: "Syslog date format for xferlog date format" - description: "Check valid input" + - input: >- + {"version": 1, "origin": {"name": "wazuh-logtest", "module": + "wazuh-logtest"}, "command": "log_processing", "parameters": + {"location":"master->/var/log/syslog", "log_format": "syslog", "event": + "2015-04-16 21:51:02,805 linux-agent sshd[29205]: Invalid user blimey + from 18.18.18.18 port 48928", "token": "21218e6b"}} + output: '{"program_name":"sshd","timestamp":"2015-04-16 21:51:02,805"}' + +- name: Syslog date format for xferlog date format + description: Check valid input test_case: - - - input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "Mon Apr 17 18:27:14 2006 1 64.160.42.130 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}' - output: '{"timestamp":"Mon Apr 17 18:27:14 2006"}' -- - name: "Syslog date format for snort date format" - description: "Check valid input" + - input: >- + {"version": 1, "origin": {"name": "wazuh-logtest", "module": + "wazuh-logtest"}, "command": "log_processing", "parameters": + {"location":"master->/var/log/syslog", "log_format": "syslog", "event": + "Mon Apr 17 18:27:14 2006 1 64.160.42.130 linux-agent sshd[29205]: + Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}} + output: '{"timestamp":"Mon Apr 17 18:27:14 2006"}' + +- name: Syslog date format for snort date format + description: Check valid input test_case: - - - input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "01/28-09:13:16.240702 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}' - output: '{"timestamp":"01/28-09:13:16.240702"}' -- - name: "Syslog date format for suricata date format" - description: "Check valid input" + - input: >- + {"version": 1, "origin": {"name": "wazuh-logtest", "module": + "wazuh-logtest"}, "command": "log_processing", "parameters": + {"location":"master->/var/log/syslog", "log_format": "syslog", "event": + "01/28-09:13:16.240702 linux-agent sshd[29205]: Invalid user blimey from + 18.18.18.18 port 48928", "token": "21218e6b"}} + output: '{"timestamp":"01/28-09:13:16.240702"}' + +- name: Syslog date format for suricata date format + description: Check valid input test_case: - - - input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "01/28/1979-09:13:16.240702 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}' - output: '{"timestamp":"01/28/1979-09:13:16.240702"}' -- - name: "Syslog date format for apache log format" - description: "Check valid input" + - input: >- + {"version": 1, "origin": {"name": "wazuh-logtest", "module": + "wazuh-logtest"}, "command": "log_processing", "parameters": + {"location":"master->/var/log/syslog", "log_format": "syslog", "event": + "01/28/1979-09:13:16.240702 linux-agent sshd[29205]: Invalid user blimey + from 18.18.18.18 port 48928", "token": "21218e6b"}} + output: '{"timestamp":"01/28/1979-09:13:16.240702"}' + +- name: Syslog date format for apache log format + description: Check valid input test_case: - - - input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "[Fri Feb 11 18:06:35 2004] [warn] linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}' - output: '{"timestamp":"Fri Feb 11 18:06:35 2004"}' -- - name: "Syslog date format for macos ULS --syslog output" - description: "Check valid input" + - input: >- + {"version": 1, "origin": {"name": "wazuh-logtest", "module": + "wazuh-logtest"}, "command": "log_processing", "parameters": + {"location":"master->/var/log/syslog", "log_format": "syslog", "event": + "[Fri Feb 11 18:06:35 2004] [warn] linux-agent sshd[29205]: Invalid user + blimey from 18.18.18.18 port 48928", "token": "21218e6b"}} + output: '{"timestamp":"Fri Feb 11 18:06:35 2004"}' + +- name: Syslog date format for macos ULS --syslog output + description: Check valid input test_case: - - - input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "2021-04-21 10:16:09.404756-0700 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}' - output: '{"program_name":"sshd","timestamp":"2021-04-21 10:16:09.404756-0700"}' -- - name: "Syslog Umlaut date format" - description: "Check valid input" + - input: >- + {"version": 1, "origin": {"name": "wazuh-logtest", "module": + "wazuh-logtest"}, "command": "log_processing", "parameters": + {"location":"master->/var/log/syslog", "log_format": "syslog", "event": + "2021-04-21 10:16:09.404756-0700 linux-agent sshd[29205]: Invalid user + blimey from 18.18.18.18 port 48928", "token": "21218e6b"}} + output: '{"program_name":"sshd","timestamp":"2021-04-21 10:16:09.404756-0700"}' + +- name: Syslog Umlaut date format + description: Check valid input test_case: - - - input: '{"version": 1, "origin": {"name": "wazuh-logtest", "module": "wazuh-logtest"}, "command": "log_processing", "parameters": {"location":"master->/var/log/syslog", "log_format": "syslog", "event": "Mär 02 17:30:52 linux-agent sshd[29205]: Invalid user blimey from 18.18.18.18 port 48928", "token": "21218e6b"}}' - output: '{"program_name":"sshd","timestamp":"Mär 02 17:30:5"}' + - input: >- + {"version": 1, "origin": {"name": "wazuh-logtest", "module": + "wazuh-logtest"}, "command": "log_processing", "parameters": + {"location":"master->/var/log/syslog", "log_format": "syslog", "event": + "Mär 02 17:30:52 linux-agent sshd[29205]: Invalid user blimey from + 18.18.18.18 port 48928", "token": "21218e6b"}} + output: '{"program_name":"sshd","timestamp":"Mär 02 17:30:5"}'