@Test public void testParse() { JSONObject message = new JSONObject(); MessageParser<JSONObject> parser = new TestMessageParser() { @Override public List<JSONObject> parse(byte[] rawMessage) { return Collections.singletonList(message); } }; Optional<MessageParserResult<JSONObject>> ret = parser.parseOptionalResult("message".getBytes()); Assert.assertTrue(ret.isPresent()); Assert.assertEquals(1, ret.get().getMessages().size()); Assert.assertEquals(message, ret.get().getMessages().get(0)); }
@Test public void testParseOptional() { JSONObject message = new JSONObject(); MessageParser<JSONObject> parser = new TestMessageParser() { @Override public Optional<List<JSONObject>> parseOptional(byte[] rawMessage) { return Optional.of(Collections.singletonList(message)); } }; Optional<MessageParserResult<JSONObject>> ret = parser.parseOptionalResult("message".getBytes()); Assert.assertTrue(ret.isPresent()); Assert.assertEquals(1, ret.get().getMessages().size()); Assert.assertEquals(message, ret.get().getMessages().get(0)); }
@Test public void testReadMultiLine() throws Exception { Syslog3164Parser parser = new Syslog3164Parser(); Map<String, Object> config = new HashMap<>(); parser.configure(config); StringBuilder builder = new StringBuilder(); builder .append(SYSLOG_LINE_ALL) .append("\n") .append(SYSLOG_LINE_MISSING) .append("\n") .append(SYSLOG_LINE_ALL); Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(builder.toString().getBytes()); Assert.assertNotNull(resultOptional); Assert.assertTrue(resultOptional.isPresent()); List<JSONObject> parsedList = resultOptional.get().getMessages(); Assert.assertEquals(3,parsedList.size()); }
@Test public void testReadMultiLineWithErrors() throws Exception { Syslog3164Parser parser = new Syslog3164Parser(); Map<String, Object> config = new HashMap<>(); parser.configure(config); StringBuilder builder = new StringBuilder(); builder .append("HEREWEGO!!!!\n") .append(SYSLOG_LINE_ALL) .append("\n") .append(SYSLOG_LINE_MISSING) .append("\n") .append("BOOM!\n") .append(SYSLOG_LINE_ALL) .append("\nOHMY!"); Optional<MessageParserResult<JSONObject>> output = parser.parseOptionalResult(builder.toString().getBytes()); Assert.assertTrue(output.isPresent()); Assert.assertEquals(3,output.get().getMessages().size()); Assert.assertEquals(3,output.get().getMessageThrowables().size()); } }
@Test public void testReadMultiLineWithErrors() throws Exception { Syslog5424Parser parser = new Syslog5424Parser(); Map<String, Object> config = new HashMap<>(); config.put(Syslog5424Parser.NIL_POLICY_CONFIG, NilPolicy.DASH.name()); parser.configure(config); StringBuilder builder = new StringBuilder(); builder .append("HEREWEGO!!!!\n") .append(SYSLOG_LINE_ALL) .append("\n") .append(SYSLOG_LINE_MISSING) .append("\n") .append("BOOM!\n") .append(SYSLOG_LINE_ALL) .append("\nOHMY!"); Optional<MessageParserResult<JSONObject>> output = parser.parseOptionalResult(builder.toString().getBytes()); Assert.assertTrue(output.isPresent()); Assert.assertEquals(3,output.get().getMessages().size()); Assert.assertEquals(3,output.get().getMessageThrowables().size()); }
@Test public void testReadMultiLine() throws Exception { Syslog5424Parser parser = new Syslog5424Parser(); Map<String, Object> config = new HashMap<>(); config.put(Syslog5424Parser.NIL_POLICY_CONFIG, NilPolicy.DASH.name()); parser.configure(config); StringBuilder builder = new StringBuilder(); builder .append(SYSLOG_LINE_ALL) .append("\n") .append(SYSLOG_LINE_MISSING) .append("\n") .append(SYSLOG_LINE_ALL); Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(builder.toString().getBytes()); Assert.assertNotNull(resultOptional); Assert.assertTrue(resultOptional.isPresent()); List<JSONObject> parsedList = resultOptional.get().getMessages(); Assert.assertEquals(3,parsedList.size()); }
@Test public void testNotNullable() throws Exception { MessageParser<JSONObject> parser = new TestMessageParser() { @Override public List<JSONObject> parse(byte[] rawMessage) { return new ArrayList<>(); } }; Assert.assertNotNull(parser.parseOptionalResult(null)); Optional<MessageParserResult<JSONObject>> ret = parser.parseOptionalResult(null); Assert.assertTrue(ret.isPresent()); Assert.assertEquals(0, ret.get().getMessages().size()); }
@Test public void testParseLoginLine() throws Exception { //Set up parser, parse message GrokWebSphereParser parser = new GrokWebSphereParser(); parser.configure(parserConfig); String testString = "<133>Apr 15 17:47:28 ABCXML1413 [rojOut][0x81000033][auth][notice] user(rick007): " + "[120.43.200.6]: User logged into 'cohlOut'."; Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes()); Assert.assertNotNull(resultOptional); Assert.assertTrue(resultOptional.isPresent()); List<JSONObject> result = resultOptional.get().getMessages(); JSONObject parsedJSON = result.get(0); long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 17, 47, 28, 0, UTC).toInstant().toEpochMilli(); //Compare fields assertEquals(133, parsedJSON.get("priority")); assertEquals(expectedTimestamp, parsedJSON.get("timestamp")); assertEquals("ABCXML1413", parsedJSON.get("hostname")); assertEquals("rojOut", parsedJSON.get("security_domain")); assertEquals("0x81000033", parsedJSON.get("event_code")); assertEquals("auth", parsedJSON.get("event_type")); assertEquals("notice", parsedJSON.get("severity")); assertEquals("login", parsedJSON.get("event_subtype")); assertEquals("rick007", parsedJSON.get("username")); assertEquals("120.43.200.6", parsedJSON.get("ip_src_addr")); }
@Test public void testParseRBMLine() throws Exception { //Set up parser, parse message GrokWebSphereParser parser = new GrokWebSphereParser(); parser.configure(parserConfig); String testString = "<131>Apr 15 17:36:35 ROBXML3QRS [0x80800018][auth][error] rbm(RBM-Settings): " + "trans(3502888135)[request] gtid(3502888135): RBM: Resource access denied."; Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes()); Assert.assertNotNull(resultOptional); Assert.assertTrue(resultOptional.isPresent()); List<JSONObject> result = resultOptional.get().getMessages(); JSONObject parsedJSON = result.get(0); long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 17, 36, 35, 0, UTC).toInstant().toEpochMilli(); //Compare fields assertEquals(131, parsedJSON.get("priority")); assertEquals(expectedTimestamp, parsedJSON.get("timestamp")); assertEquals("ROBXML3QRS", parsedJSON.get("hostname")); assertEquals("0x80800018", parsedJSON.get("event_code")); assertEquals("auth", parsedJSON.get("event_type")); assertEquals("error", parsedJSON.get("severity")); assertEquals("rbm", parsedJSON.get("process")); assertEquals("trans(3502888135)[request] gtid(3502888135): RBM: Resource access denied.", parsedJSON.get("message")); }
@Test public void testMissingTimestamp() { Syslog5424Parser parser = new Syslog5424Parser(); Map<String, Object> config = new HashMap<>(); String timeStampString = null; config.put(Syslog5424Parser.NIL_POLICY_CONFIG, NilPolicy.DASH.name()); parser.configure(config); Optional<MessageParserResult<JSONObject>> output = parser.parseOptionalResult(SYSLOG_LINE_MISSING_DATE.getBytes()); Assert.assertNotNull(output); Assert.assertTrue(output.isPresent()); Assert.assertNotNull(output.get().getMessages().get(0).get("timestamp").toString()); config.clear(); config.put(Syslog5424Parser.NIL_POLICY_CONFIG, NilPolicy.NULL.name()); parser.configure(config); output = parser.parseOptionalResult(SYSLOG_LINE_MISSING_DATE.getBytes()); Assert.assertNotNull(output); Assert.assertTrue(output.isPresent()); timeStampString = output.get().getMessages().get(0).get("timestamp").toString(); Assert.assertNotNull(timeStampString); config.clear(); config.put(Syslog5424Parser.NIL_POLICY_CONFIG, NilPolicy.OMIT.name()); parser.configure(config); output = parser.parseOptionalResult(SYSLOG_LINE_MISSING_DATE.getBytes()); Assert.assertNotNull(output); Assert.assertTrue(output.isPresent()); } }
@Test public void test() throws IOException, ParseException { Map<String, Object> parserConfig = new HashMap<>(); parserConfig.put("grokPath", getGrokPath()); parserConfig.put("patternLabel", getGrokPatternLabel()); parserConfig.put("timestampField", getTimestampField()); parserConfig.put("dateFormat", getDateFormat()); parserConfig.put("timeFields", getTimeFields()); GrokParser grokParser = new GrokParser(); grokParser.configure(parserConfig); grokParser.init(); JSONParser jsonParser = new JSONParser(); Map<String,String> testData = getTestData(); for( Map.Entry<String,String> e : testData.entrySet() ){ JSONObject expected = (JSONObject) jsonParser.parse(e.getValue()); byte[] rawMessage = e.getKey().getBytes(); Optional<MessageParserResult<JSONObject>> resultOptional = grokParser.parseOptionalResult(rawMessage); Assert.assertNotNull(resultOptional); Assert.assertTrue(resultOptional.isPresent()); List<JSONObject> parsedList = resultOptional.get().getMessages(); Assert.assertEquals(1, parsedList.size()); compare(expected, parsedList.get(0)); } }
@Test public void testParseMalformedLogoutLine() throws Exception { //Set up parser, attempt to parse malformed message GrokWebSphereParser parser = new GrokWebSphereParser(); parser.configure(parserConfig); String testString = "<134>Apr 15 18:02:27 PHIXML3RWD [0x81000019][auth][info] [14.122.2.201: " + "User 'hjpotter' logged out from 'default."; Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes()); Assert.assertNotNull(resultOptional); Assert.assertTrue(resultOptional.isPresent()); List<JSONObject> result = resultOptional.get().getMessages(); JSONObject parsedJSON = result.get(0); long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 18, 2, 27, 0, UTC).toInstant().toEpochMilli(); //Compare fields assertEquals(134, parsedJSON.get("priority")); assertEquals(expectedTimestamp, parsedJSON.get("timestamp")); assertEquals("PHIXML3RWD", parsedJSON.get("hostname")); assertEquals("0x81000019", parsedJSON.get("event_code")); assertEquals("auth", parsedJSON.get("event_type")); assertEquals("info", parsedJSON.get("severity")); assertEquals(null, parsedJSON.get("ip_src_addr")); assertEquals(null, parsedJSON.get("username")); assertEquals(null, parsedJSON.get("security_domain")); }
@Test public void testParseMalformedLoginLine() throws Exception { //Set up parser, attempt to parse malformed message GrokWebSphereParser parser = new GrokWebSphereParser(); parser.configure(parserConfig); String testString = "<133>Apr 15 17:47:28 ABCXML1413 [rojOut][0x81000033][auth][notice] rick007): " + "[120.43.200. User logged into 'cohlOut'."; Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes()); Assert.assertNotNull(resultOptional); Assert.assertTrue(resultOptional.isPresent()); List<JSONObject> result = resultOptional.get().getMessages(); JSONObject parsedJSON = result.get(0); long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 17, 47, 28, 0, UTC).toInstant().toEpochMilli(); //Compare fields assertEquals(133, parsedJSON.get("priority")); assertEquals(expectedTimestamp, parsedJSON.get("timestamp")); assertEquals("ABCXML1413", parsedJSON.get("hostname")); assertEquals("rojOut", parsedJSON.get("security_domain")); assertEquals("0x81000033", parsedJSON.get("event_code")); assertEquals("auth", parsedJSON.get("event_type")); assertEquals("notice", parsedJSON.get("severity")); assertEquals("login", parsedJSON.get("event_subtype")); assertEquals(null, parsedJSON.get("username")); assertEquals(null, parsedJSON.get("ip_src_addr")); }
@Test public void testParseOtherLine() throws Exception { //Set up parser, parse message GrokWebSphereParser parser = new GrokWebSphereParser(); parser.configure(parserConfig); String testString = "<134>Apr 15 17:17:34 SAGPXMLQA333 [0x8240001c][audit][info] trans(191): (admin:default:system:*): " + "ntp-service 'NTP Service' - Operational state down"; Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes()); Assert.assertNotNull(resultOptional); Assert.assertTrue(resultOptional.isPresent()); List<JSONObject> result = resultOptional.get().getMessages(); JSONObject parsedJSON = result.get(0); long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 17, 17, 34, 0, UTC).toInstant().toEpochMilli(); //Compare fields assertEquals(134, parsedJSON.get("priority")); assertEquals(expectedTimestamp, parsedJSON.get("timestamp")); assertEquals("SAGPXMLQA333", parsedJSON.get("hostname")); assertEquals("0x8240001c", parsedJSON.get("event_code")); assertEquals("audit", parsedJSON.get("event_type")); assertEquals("info", parsedJSON.get("severity")); assertEquals("trans", parsedJSON.get("process")); assertEquals("(admin:default:system:*): ntp-service 'NTP Service' - Operational state down", parsedJSON.get("message")); }
@Test public void testParseMalformedRBMLine() throws Exception { //Set up parser, parse message GrokWebSphereParser parser = new GrokWebSphereParser(); parser.configure(parserConfig); String testString = "<131>Apr 15 17:36:35 ROBXML3QRS [0x80800018][auth][error] rbmRBM-Settings): " + "trans3502888135)[request] gtid3502888135) RBM: Resource access denied."; Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes()); Assert.assertNotNull(resultOptional); Assert.assertTrue(resultOptional.isPresent()); List<JSONObject> result = resultOptional.get().getMessages(); JSONObject parsedJSON = result.get(0); long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 17, 36, 35, 0, UTC).toInstant().toEpochMilli(); //Compare fields assertEquals(131, parsedJSON.get("priority")); assertEquals(expectedTimestamp, parsedJSON.get("timestamp")); assertEquals("ROBXML3QRS", parsedJSON.get("hostname")); assertEquals("0x80800018", parsedJSON.get("event_code")); assertEquals("auth", parsedJSON.get("event_type")); assertEquals("error", parsedJSON.get("severity")); assertEquals(null, parsedJSON.get("process")); assertEquals("rbmRBM-Settings): trans3502888135)[request] gtid3502888135) RBM: Resource access denied.", parsedJSON.get("message")); }
@Test public void testParseMalformedOtherLine() throws Exception { //Set up parser, parse message GrokWebSphereParser parser = new GrokWebSphereParser(); parser.configure(parserConfig); String testString = "<134>Apr 15 17:17:34 SAGPXMLQA333 [0x8240001c][audit][info] trans 191) admindefaultsystem*): " + "ntp-service 'NTP Service' - Operational state down:"; Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes()); Assert.assertNotNull(resultOptional); Assert.assertTrue(resultOptional.isPresent()); List<JSONObject> result = resultOptional.get().getMessages(); JSONObject parsedJSON = result.get(0); long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 17, 17, 34, 0, UTC).toInstant().toEpochMilli(); //Compare fields assertEquals(134, parsedJSON.get("priority")); assertEquals(expectedTimestamp, parsedJSON.get("timestamp")); assertEquals("SAGPXMLQA333", parsedJSON.get("hostname")); assertEquals("0x8240001c", parsedJSON.get("event_code")); assertEquals("audit", parsedJSON.get("event_type")); assertEquals("info", parsedJSON.get("severity")); assertEquals(null, parsedJSON.get("process")); assertEquals("trans 191) admindefaultsystem*): ntp-service 'NTP Service' - Operational state down:", parsedJSON.get("message")); }
@Test public void testParseLogoutLine() throws Exception { //Set up parser, parse message GrokWebSphereParser parser = new GrokWebSphereParser(); parser.configure(parserConfig); String testString = "<134>Apr 15 18:02:27 PHIXML3RWD [0x81000019][auth][info] [14.122.2.201]: " + "User 'hjpotter' logged out from 'default'."; Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes()); Assert.assertNotNull(resultOptional); Assert.assertTrue(resultOptional.isPresent()); List<JSONObject> result = resultOptional.get().getMessages(); JSONObject parsedJSON = result.get(0); long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 18, 2, 27, 0, UTC).toInstant().toEpochMilli(); //Compare fields assertEquals(134, parsedJSON.get("priority")); assertEquals(expectedTimestamp, parsedJSON.get("timestamp")); assertEquals("PHIXML3RWD", parsedJSON.get("hostname")); assertEquals("0x81000019", parsedJSON.get("event_code")); assertEquals("auth", parsedJSON.get("event_type")); assertEquals("info", parsedJSON.get("severity")); assertEquals("14.122.2.201", parsedJSON.get("ip_src_addr")); assertEquals("hjpotter", parsedJSON.get("username")); assertEquals("default", parsedJSON.get("security_domain")); }
/** * Test that if a byte[] with multiple lines of log is passed in * it will be parsed into the correct number of messages. * @throws IOException if we can't read from disk * @throws ParseException if we can't parse */ @Test @SuppressWarnings("unchecked") public void testLegacyInterfaceReturnsMultiline() throws IOException, ParseException { Map<String, Object> parserConfig = new HashMap<>(); parserConfig.put("grokPath", getGrokPath()); parserConfig.put("patternLabel", getGrokPatternLabel()); parserConfig.put("timestampField", getTimestampField()); parserConfig.put("dateFormat", getDateFormat()); parserConfig.put("timeFields", getTimeFields()); parserConfig.put("multiLine", getMultiLine()); GrokParser grokParser = new GrokParser(); grokParser.configure(parserConfig); grokParser.init(); JSONParser jsonParser = new JSONParser(); Map<String, String> testData = getTestData(); for (Map.Entry<String, String> e : testData.entrySet()) { byte[] rawMessage = e.getKey().getBytes(); Optional<MessageParserResult<JSONObject>> resultOptional = grokParser.parseOptionalResult(rawMessage); Assert.assertNotNull(resultOptional); Assert.assertTrue(resultOptional.isPresent()); List<JSONObject> parsedList = resultOptional.get().getMessages(); Assert.assertEquals(10, parsedList.size()); } }
Assert.assertTrue(resultOptional.isPresent()); Optional<Throwable> throwableOptional = resultOptional.get().getMasterThrowable(); List<JSONObject> resultList = resultOptional.get().getMessages(); Map<Object,Throwable> errorMap = resultOptional.get().getMessageThrowables(); Assert.assertFalse(throwableOptional.isPresent());
Assert.assertTrue(resultOptional.isPresent()); Optional<Throwable> throwableOptional = resultOptional.get().getMasterThrowable(); List<JSONObject> resultList = resultOptional.get().getMessages(); Map<Object,Throwable> errorMap = resultOptional.get().getMessageThrowables(); Assert.assertFalse(throwableOptional.isPresent());