diff --git a/tests/test_common.py b/tests/test_common.py index 166d824..012e294 100644 --- a/tests/test_common.py +++ b/tests/test_common.py @@ -16,8 +16,10 @@ env = Environment() + def test_defaultroute(record_property, setup_wordlist, setup_splunk, setup_sc4s): - host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist)) + host = "{}-{}".format(random.choice(setup_wordlist), + random.choice(setup_wordlist)) dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -25,12 +27,14 @@ def test_defaultroute(record_property, setup_wordlist, setup_splunk, setup_sc4s) # Tune time functions epoch = epoch[:-7] - mt = env.from_string("{{ mark }} {{ bsd }} {{ host }} test something else\n") + mt = env.from_string( + "{{ mark }} {{ bsd }} {{ host }} test something else\n") message = mt.render(mark="<111>", bsd=bsd, host=host) sendsingle(message, setup_sc4s[0], setup_sc4s[1][514]) - st = env.from_string("search _time={{ epoch }} index=main host=\"{{ host }}\" sourcetype=\"sc4s:fallback\" PROGRAM=\"test\"") + st = env.from_string( + "search _time={{ epoch }} index=main host=\"{{ host }}\" sourcetype=\"sc4s:fallback\" PROGRAM=\"test\"") search = st.render(epoch=epoch, host=host) resultCount, eventCount = splunk_single(setup_splunk, search) @@ -41,9 +45,11 @@ def test_defaultroute(record_property, setup_wordlist, setup_splunk, setup_sc4s) assert resultCount == 1 + @mark.skip() def test_internal(record_property, setup_wordlist, setup_splunk, setup_sc4s): - host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist)) + host = "{}-{}".format(random.choice(setup_wordlist), + random.choice(setup_wordlist)) dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -51,12 +57,14 @@ def test_internal(record_property, setup_wordlist, setup_splunk, setup_sc4s): # Tune time functions epoch = epoch[:-7] - mt = env.from_string("{{ mark }} {{ bsd }} {{ host }} sc4sdefault[0]: test\n") + mt = env.from_string( + "{{ mark }} {{ bsd }} {{ host }} sc4sdefault[0]: test\n") message = mt.render(mark="<111>", bsd=bsd, host=host) sendsingle(message, setup_sc4s[0], setup_sc4s[1][514]) - st = env.from_string("search _time={{ epoch }} index=main NOT host=\"{{ host }}\" sourcetype=\"sc4s:events\"") + st = env.from_string( + "search _time={{ epoch }} index=main NOT host=\"{{ host }}\" sourcetype=\"sc4s:events\"") search = st.render(epoch=epoch, host=host) resultCount, eventCount = splunk_single(setup_splunk, search) @@ -67,8 +75,10 @@ def test_internal(record_property, setup_wordlist, setup_splunk, setup_sc4s): assert resultCount == 1 + def test_fallback(record_property, setup_wordlist, setup_splunk, setup_sc4s): - host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist)) + host = "{}-{}".format(random.choice(setup_wordlist), + random.choice(setup_wordlist)) dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -81,7 +91,8 @@ def test_fallback(record_property, setup_wordlist, setup_splunk, setup_sc4s): sendsingle(message, setup_sc4s[0], setup_sc4s[1][514]) - st = env.from_string("search _time={{ epoch }} index=main host=\"testvp-{{ host }}\" sourcetype=\"sc4s:fallback\"") + st = env.from_string( + "search _time={{ epoch }} index=main host=\"testvp-{{ host }}\" sourcetype=\"sc4s:fallback\"") search = st.render(epoch=epoch, host=host) resultCount, eventCount = splunk_single(setup_splunk, search) @@ -93,9 +104,12 @@ def test_fallback(record_property, setup_wordlist, setup_splunk, setup_sc4s): assert resultCount == 1 # + + def test_metrics(record_property, setup_wordlist, setup_splunk, setup_sc4s): - st = env.from_string('mcatalog values(metric_name) WHERE metric_name="syslogng.d_*#0" AND ("index"="*" OR "index"="_*") BY index | fields index') + st = env.from_string( + 'mcatalog values(metric_name) WHERE metric_name="syslogng.d_*#0" AND ("index"="*" OR "index"="_*") BY index | fields index') search = st.render() resultCount, eventCount = splunk_single(setup_splunk, search) @@ -104,9 +118,11 @@ def test_metrics(record_property, setup_wordlist, setup_splunk, setup_sc4s): assert resultCount == 1 + def test_tz_guess(record_property, setup_wordlist, setup_splunk, setup_sc4s): - host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist)) + host = "{}-{}".format(random.choice(setup_wordlist), + random.choice(setup_wordlist)) dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -116,11 +132,13 @@ def test_tz_guess(record_property, setup_wordlist, setup_splunk, setup_sc4s): mt = env.from_string( "{{ mark }} {{ bsd }} {{ host }} : %ASA-3-003164: TCP access denied by ACL from 179.236.133.160/3624 to outside:72.142.18.38/23\n") - message = mt.render(mark="<111>", bsd=bsd, host=host, date=date, time=time, tzoffset=tzoffset) + message = mt.render(mark="<111>", bsd=bsd, host=host, + date=date, time=time, tzoffset=tzoffset) sendsingle(message, setup_sc4s[0], setup_sc4s[1][514]) - st = env.from_string("search _time={{ epoch }} index=netfw host=\"{{ host }}\" sourcetype=\"cisco:asa\" \"%ASA-3-003164\"") + st = env.from_string( + "search _time={{ epoch }} index=netfw host=\"{{ host }}\" sourcetype=\"cisco:asa\" \"%ASA-3-003164\"") search = st.render(epoch=epoch, host=host) resultCount, eventCount = splunk_single(setup_splunk, search) @@ -134,7 +152,8 @@ def test_tz_guess(record_property, setup_wordlist, setup_splunk, setup_sc4s): def test_tz_fix_hst(record_property, setup_wordlist, setup_splunk, setup_sc4s): - host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist)) + host = "{}-{}".format(random.choice(setup_wordlist), + random.choice(setup_wordlist)) # 10 minute offset (reserved for future use) # dt = datetime.datetime.utcnow() - datetime.timedelta(hours=10, minutes=10) @@ -142,7 +161,8 @@ def test_tz_fix_hst(record_property, setup_wordlist, setup_splunk, setup_sc4s): # dt = datetime.datetime.utcnow() - datetime.timedelta(hours=10) # Set the date to Hawaii time - dt = datetime.datetime.now(datetime.timezone.utc) - datetime.timedelta(hours=10) + dt = datetime.datetime.now(datetime.timezone.utc) - \ + datetime.timedelta(hours=10) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) mt = env.from_string( @@ -157,7 +177,8 @@ def test_tz_fix_hst(record_property, setup_wordlist, setup_splunk, setup_sc4s): epoch = epoch[:-7] - st = env.from_string("search _time={{ epoch }} index=netfw host=\"tzfhst-{{ host }}\" sourcetype=\"cisco:asa\"") + st = env.from_string( + "search _time={{ epoch }} index=netfw host=\"tzfhst-{{ host }}\" sourcetype=\"cisco:asa\"") search = st.render(epoch=epoch, host=host) resultCount, eventCount = splunk_single(setup_splunk, search) @@ -168,9 +189,11 @@ def test_tz_fix_hst(record_property, setup_wordlist, setup_splunk, setup_sc4s): assert resultCount == 1 + def test_tz_fix_ny(record_property, setup_wordlist, setup_splunk, setup_sc4s): - host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist)) + host = "{}-{}".format(random.choice(setup_wordlist), + random.choice(setup_wordlist)) # 10 minute offset (reserved for future use) # dt = datetime.datetime.now(pytz.timezone('America/New_York')) - datetime.timedelta(minutes=10) @@ -187,7 +210,8 @@ def test_tz_fix_ny(record_property, setup_wordlist, setup_splunk, setup_sc4s): sendsingle(message, setup_sc4s[0], setup_sc4s[1][514]) - st = env.from_string("search _time={{ epoch }} index=netfw host=\"tzfny-{{ host }}\" sourcetype=\"cisco:asa\"") + st = env.from_string( + "search _time={{ epoch }} index=netfw host=\"tzfny-{{ host }}\" sourcetype=\"cisco:asa\"") search = st.render(epoch=epoch, host=host) resultCount, eventCount = splunk_single(setup_splunk, search) @@ -200,8 +224,9 @@ def test_tz_fix_ny(record_property, setup_wordlist, setup_splunk, setup_sc4s): def test_check_config_version(record_property, setup_wordlist, setup_splunk, setup_sc4s): - - st = env.from_string("search earliest=-1m@m latest=+1m@m index=main sourcetype=\"sc4s:events:startup:err\" \"Configuration file format is too old\" ") + + st = env.from_string( + "search earliest=-50m@m latest=+1m@m index=main sourcetype=\"sc4s:events:startup:err\" \"Configuration file format is too old\" ") search = st.render() resultCount, eventCount = splunk_single(setup_splunk, search) @@ -210,9 +235,11 @@ def test_check_config_version(record_property, setup_wordlist, setup_splunk, set assert resultCount == 0 + def test_check_config_version_multiple(record_property, setup_wordlist, setup_splunk, setup_sc4s): - st = env.from_string("search earliest=-1m@m latest=+1m@m index=main sourcetype=\"sc4s:events:startup:err\" \"you have multiple @version directives\" ") + st = env.from_string( + "search earliest=-50m@m latest=+1m@m index=main sourcetype=\"sc4s:events:startup:err\" \"you have multiple @version directives\" ") search = st.render() resultCount, eventCount = splunk_single(setup_splunk, search) @@ -221,9 +248,11 @@ def test_check_config_version_multiple(record_property, setup_wordlist, setup_sp assert resultCount == 0 + def test_check_sc4s_version(record_property, setup_wordlist, setup_splunk, setup_sc4s): - st = env.from_string("search earliest=-1m@m latest=+1m@m index=main sourcetype=\"sc4s:events:startup:out\" \"sc4s version=\" NOT \"UNKNOWN\"") + st = env.from_string( + "search earliest=-50m@m latest=+1m@m index=main sourcetype=\"sc4s:events:startup:out\" \"sc4s version=\" NOT \"UNKNOWN\"") search = st.render() resultCount, eventCount = splunk_single(setup_splunk, search)