Fix

CSVD · May 19, 2020 · bc6319e · bc6319e
1 parent 220c37b
commit bc6319e
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 10 deletions.
diff --git a/package/etc/conf.d/filters/cisco/cisco_syslog.conf b/package/etc/conf.d/filters/cisco/cisco_syslog.conf
@@ -52,7 +52,9 @@ parser cisco-parser-ex{
                 set(
                     "${13}",
                     value("HOST")                
-                    condition(not match('^\d+$', value('13')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('13')))
+                    condition(not match('^\d+$', value('13')) 
+                    and not match('^[A-Za-z]{1,3}' value('13'))
+                    and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('13')))
                 );                        
                 set(        
                     "${15}",

diff --git a/tests/test_cisco_nx_os.py b/tests/test_cisco_nx_os.py
@@ -13,7 +13,9 @@
 env = Environment()
 
 # Nov 1 14:07:58 excal-113 %MODULE-5-MOD_OK: Module 1 is online
-def test_cisco_nx_os(record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s):
+def test_cisco_nx_os(
+    record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s
+):
     host = get_host_key
 
     dt = datetime.datetime.now()
@@ -23,12 +25,17 @@ def test_cisco_nx_os(record_property, setup_wordlist, get_host_key, setup_splunk
     epoch = epoch[:-7]
 
     mt = env.from_string(
-        "{{ mark }} {{ bsd }} csconx-{{ host }} %MODULE-5-MOD_OK: Module 1 is online")
-    message = mt.render(mark="<111>", bsd=bsd, host=host, date=date, time=time, tzoffset=tzoffset)
+        "{{ mark }} {{ bsd }} csconx-{{ host }} %MODULE-5-MOD_OK: Module 1 is online"
+    )
+    message = mt.render(
+        mark="<111>", bsd=bsd, host=host, date=date, time=time, tzoffset=tzoffset
+    )
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
-    st = env.from_string("search _time={{ epoch }} index=netops host=\"csconx-{{ host }}\" sourcetype=\"cisco:ios\"")
+    st = env.from_string(
+        'search _time={{ epoch }} index=netops host="csconx-{{ host }}" sourcetype="cisco:ios"'
+    )
     search = st.render(epoch=epoch, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -39,7 +46,10 @@ def test_cisco_nx_os(record_property, setup_wordlist, get_host_key, setup_splunk
 
     assert resultCount == 1
 
-def test_cisco_nx_os_soup(record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s):
+
+def test_cisco_nx_os_soup(
+    record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s
+):
     host = get_host_key
 
     dt = datetime.datetime.now()
@@ -49,12 +59,17 @@ def test_cisco_nx_os_soup(record_property, setup_wordlist, get_host_key, setup_s
     epoch = epoch[:-7]
 
     mt = env.from_string(
-        "{{ mark }} {{ bsd }} {{ host }} %MODULE-5-MOD_OK: Module 1 is online")
-    message = mt.render(mark="<111>", bsd=bsd, host=host, date=date, time=time, tzoffset=tzoffset)
+        "{{ mark }} {{ bsd }} {{ host }} %MODULE-5-MOD_OK: Module 1 is online"
+    )
+    message = mt.render(
+        mark="<111>", bsd=bsd, host=host, date=date, time=time, tzoffset=tzoffset
+    )
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
-    st = env.from_string("search _time={{ epoch }} index=netops host=\"{{ host }}\" sourcetype=\"cisco:ios\"")
+    st = env.from_string(
+        'search _time={{ epoch }} index=netops host="{{ host }}" sourcetype="cisco:ios"'
+    )
     search = st.render(epoch=epoch, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -65,9 +80,46 @@ def test_cisco_nx_os_soup(record_property, setup_wordlist, get_host_key, setup_s
 
     assert resultCount == 1
 
+
+# <187>364241: May 19 16:58:44.814 GMT: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 1.1.1.1 Vlan1
+def test_cisco_nx_os_soup2(
+    record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s
+):
+    host = get_host_key
+
+    dt = datetime.datetime.now()
+    iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt)
+
+    # Tune time functions
+    epoch = epoch[:-7]
+
+    mt = env.from_string(
+        "{{ mark }}364241: {{ bsd }} GMT: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve {{ host }} Vlan1\n"
+    )
+    message = mt.render(
+        mark="<111>", bsd=bsd, host=host, date=date, time=time, tzoffset=tzoffset
+    )
+
+    sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
+
+    st = env.from_string(
+        'search _time={{ epoch }} host!=GMT index=netops sourcetype="cisco:ios" {{ host }}'
+    )
+    search = st.render(epoch=epoch, host=host)
+
+    resultCount, eventCount = splunk_single(setup_splunk, search)
+
+    record_property("host", host)
+    record_property("resultCount", resultCount)
+    record_property("message", message)
+
+    assert resultCount == 1
+
+
+#%ADJ-3-RESOLVE_REQ
 # Nov 1 14:07:58 excal-113 %MODULE-5-MOD_OK: Module 1 is online
 # @pytest.mark.xfail
-#def test_cisco_nx_os_singleport(record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s):
+# def test_cisco_nx_os_singleport(record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s):
 #    host = get_host_key
 #
 #    dt = datetime.datetime.now()