[fix] lookup host by sourceip (#621)

* [fix] lookup host by sourceip * Update test_common.py
CSVD · Aug 7, 2020 · e8500c5 · e8500c5
1 parent feef892
commit e8500c5
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 66 deletions.
diff --git a/package/etc/conf.d/conflib/_splunk/fix_dns.conf b/package/etc/conf.d/conflib/_splunk/fix_dns.conf
@@ -45,7 +45,7 @@ parser p_fix_host_resolver {
 
 parser p_add_context_host {
     add-contextual-data(
-        selector("${HOST}"),
+        selector("${SOURCEIP}"),
         database("conf.d/local/context/host.csv"),
     );
 };
diff --git a/tests/test_common.py b/tests/test_common.py
@@ -102,71 +102,6 @@ def test_fallback(record_property, setup_wordlist, setup_splunk, setup_sc4s):
     assert resultCount == 1
 
 
-#
-
-
-def test_fix_dns_context(record_property, setup_wordlist, setup_splunk, setup_sc4s):
-    host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist))
-    pid = random.randint(1000, 32000)
-
-    dt = datetime.datetime.now()
-    iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt)
-
-    # Tune time functions
-    epoch = epoch[:-7]
-
-    mt = env.from_string(
-        "{{ mark }} {{ bsd }} 169.254.0.2 dnstest[{{ pid }}]: {{ host }}\n"
-    )
-    message = mt.render(mark="<111>", bsd=bsd, host=host, pid=pid)
-
-    sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
-
-    st = env.from_string(
-        'search _time={{ epoch }} host=foo.example index=osnix "[{{ pid }}]" {{ host }} sourcetype="nix:syslog"'
-    )
-    search = st.render(epoch=epoch, pid=pid, host=host)
-
-    resultCount, eventCount = splunk_single(setup_splunk, search)
-
-    record_property("host", host)
-    record_property("resultCount", resultCount)
-    record_property("message", message)
-
-    assert resultCount == 1
-
-
-def test_fix_dns_notfound(record_property, setup_wordlist, setup_splunk, setup_sc4s):
-    host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist))
-    pid = random.randint(1000, 32000)
-
-    dt = datetime.datetime.now()
-    iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt)
-
-    # Tune time functions
-    epoch = epoch[:-7]
-
-    mt = env.from_string(
-        "{{ mark }} {{ bsd }} 169.254.0.1 dnstest[{{ pid }}]: {{ host }}\n"
-    )
-    message = mt.render(mark="<111>", bsd=bsd, host=host, pid=pid)
-
-    sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
-
-    st = env.from_string(
-        'search _time={{ epoch }} host=169.254.0.1 index=osnix "[{{ pid }}]" {{ host }} sourcetype="nix:syslog"'
-    )
-    search = st.render(epoch=epoch, pid=pid, host=host)
-
-    resultCount, eventCount = splunk_single(setup_splunk, search)
-
-    record_property("host", host)
-    record_property("resultCount", resultCount)
-    record_property("message", message)
-
-    assert resultCount == 1
-
-
 def test_metrics(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
     st = env.from_string(