Merge pull request #348 from splunk/fix/startuplogs

Correct sc4s:events:startup:out sourcetype
CSVD · Mar 12, 2020 · fab4d7b · fab4d7b
2 parents 9102bc3 + dca8040
commit fab4d7b
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 23 deletions.
diff --git a/package/etc/conf.d/log_paths/lp-sc4s_startup.conf.tmpl b/package/etc/conf.d/log_paths/lp-sc4s_startup.conf.tmpl
@@ -3,7 +3,7 @@
 log {
     source(s_startup_out);
 
-    rewrite { r_set_splunk_dest_default(sourcetype("sc4s_events:startup:out"), index("main"))};
+    rewrite { r_set_splunk_dest_default(sourcetype("sc4s:events:startup:out"), index("main"))};
     parser {p_add_context_splunk(key("sc4s_events")); };
 
     {{- if or (conv.ToBool (getenv "SC4S_DEST_SPLUNK_HEC_GLOBAL" "yes")) (conv.ToBool (getenv "SC4S_DEST_INTERNAL_EVENTS_HEC" "no")) }}

diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml
@@ -14,7 +14,7 @@ services:
       context: ../package
     hostname: sc4s
     #When this is enabled test_common will fail
-    command: -det
+    #command: -det
     ports:
       - "514"
       - "601"

diff --git a/tests/test_common.py b/tests/test_common.py
@@ -16,21 +16,25 @@
 
 env = Environment()
 
+
 def test_defaultroute(record_property, setup_wordlist, setup_splunk, setup_sc4s):
-    host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist))
+    host = "{}-{}".format(random.choice(setup_wordlist),
+                          random.choice(setup_wordlist))
 
     dt = datetime.datetime.now()
     iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt)
 
     # Tune time functions
     epoch = epoch[:-7]
 
-    mt = env.from_string("{{ mark }} {{ bsd }} {{ host }} test something else\n")
+    mt = env.from_string(
+        "{{ mark }} {{ bsd }} {{ host }} test something else\n")
     message = mt.render(mark="<111>", bsd=bsd, host=host)
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
-    st = env.from_string("search _time={{ epoch }} index=main host=\"{{ host }}\" sourcetype=\"sc4s:fallback\" PROGRAM=\"test\"")
+    st = env.from_string(
+        "search _time={{ epoch }} index=main host=\"{{ host }}\" sourcetype=\"sc4s:fallback\" PROGRAM=\"test\"")
     search = st.render(epoch=epoch, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -41,22 +45,26 @@ def test_defaultroute(record_property, setup_wordlist, setup_splunk, setup_sc4s)
 
     assert resultCount == 1
 
+
 @mark.skip()
 def test_internal(record_property, setup_wordlist, setup_splunk, setup_sc4s):
-    host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist))
+    host = "{}-{}".format(random.choice(setup_wordlist),
+                          random.choice(setup_wordlist))
 
     dt = datetime.datetime.now()
     iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt)
 
     # Tune time functions
     epoch = epoch[:-7]
 
-    mt = env.from_string("{{ mark }} {{ bsd }} {{ host }} sc4sdefault[0]: test\n")
+    mt = env.from_string(
+        "{{ mark }} {{ bsd }} {{ host }} sc4sdefault[0]: test\n")
     message = mt.render(mark="<111>", bsd=bsd, host=host)
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
-    st = env.from_string("search _time={{ epoch }} index=main NOT host=\"{{ host }}\" sourcetype=\"sc4s:events\"")
+    st = env.from_string(
+        "search _time={{ epoch }} index=main NOT host=\"{{ host }}\" sourcetype=\"sc4s:events\"")
     search = st.render(epoch=epoch, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -67,8 +75,10 @@ def test_internal(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
     assert resultCount == 1
 
+
 def test_fallback(record_property, setup_wordlist, setup_splunk, setup_sc4s):
-    host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist))
+    host = "{}-{}".format(random.choice(setup_wordlist),
+                          random.choice(setup_wordlist))
 
     dt = datetime.datetime.now()
     iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt)
@@ -81,7 +91,8 @@ def test_fallback(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
-    st = env.from_string("search _time={{ epoch }} index=main host=\"testvp-{{ host }}\" sourcetype=\"sc4s:fallback\"")
+    st = env.from_string(
+        "search _time={{ epoch }} index=main host=\"testvp-{{ host }}\" sourcetype=\"sc4s:fallback\"")
     search = st.render(epoch=epoch, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -93,9 +104,12 @@ def test_fallback(record_property, setup_wordlist, setup_splunk, setup_sc4s):
     assert resultCount == 1
 
 #
+
+
 def test_metrics(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
-    st = env.from_string('mcatalog values(metric_name) WHERE metric_name="syslogng.d_*#0" AND ("index"="*" OR "index"="_*") BY index | fields index')
+    st = env.from_string(
+        'mcatalog values(metric_name) WHERE metric_name="syslogng.d_*#0" AND ("index"="*" OR "index"="_*") BY index | fields index')
     search = st.render()
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -104,9 +118,11 @@ def test_metrics(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
     assert resultCount == 1
 
+
 def test_tz_guess(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
-    host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist))
+    host = "{}-{}".format(random.choice(setup_wordlist),
+                          random.choice(setup_wordlist))
 
     dt = datetime.datetime.now()
     iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt)
@@ -116,11 +132,13 @@ def test_tz_guess(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
     mt = env.from_string(
         "{{ mark }} {{ bsd }} {{ host }} : %ASA-3-003164: TCP access denied by ACL from 179.236.133.160/3624 to outside:72.142.18.38/23\n")
-    message = mt.render(mark="<111>", bsd=bsd, host=host, date=date, time=time, tzoffset=tzoffset)
+    message = mt.render(mark="<111>", bsd=bsd, host=host,
+                        date=date, time=time, tzoffset=tzoffset)
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
-    st = env.from_string("search _time={{ epoch }} index=netfw host=\"{{ host }}\" sourcetype=\"cisco:asa\" \"%ASA-3-003164\"")
+    st = env.from_string(
+        "search _time={{ epoch }} index=netfw host=\"{{ host }}\" sourcetype=\"cisco:asa\" \"%ASA-3-003164\"")
     search = st.render(epoch=epoch, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -134,15 +152,17 @@ def test_tz_guess(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
 def test_tz_fix_hst(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
-    host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist))
+    host = "{}-{}".format(random.choice(setup_wordlist),
+                          random.choice(setup_wordlist))
 
 # 10 minute offset (reserved for future use)
 #   dt = datetime.datetime.utcnow() - datetime.timedelta(hours=10, minutes=10)
 
 #   dt = datetime.datetime.utcnow() - datetime.timedelta(hours=10)
 
 # Set the date to Hawaii time
-    dt = datetime.datetime.now(datetime.timezone.utc) - datetime.timedelta(hours=10)
+    dt = datetime.datetime.now(datetime.timezone.utc) - \
+        datetime.timedelta(hours=10)
     iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt)
 
     mt = env.from_string(
@@ -157,7 +177,8 @@ def test_tz_fix_hst(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
     epoch = epoch[:-7]
 
-    st = env.from_string("search _time={{ epoch }} index=netfw host=\"tzfhst-{{ host }}\" sourcetype=\"cisco:asa\"")
+    st = env.from_string(
+        "search _time={{ epoch }} index=netfw host=\"tzfhst-{{ host }}\" sourcetype=\"cisco:asa\"")
     search = st.render(epoch=epoch, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -168,9 +189,11 @@ def test_tz_fix_hst(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
     assert resultCount == 1
 
+
 def test_tz_fix_ny(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
-    host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist))
+    host = "{}-{}".format(random.choice(setup_wordlist),
+                          random.choice(setup_wordlist))
 
 # 10 minute offset (reserved for future use)
 #   dt = datetime.datetime.now(pytz.timezone('America/New_York')) - datetime.timedelta(minutes=10)
@@ -187,7 +210,8 @@ def test_tz_fix_ny(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
-    st = env.from_string("search _time={{ epoch }} index=netfw host=\"tzfny-{{ host }}\" sourcetype=\"cisco:asa\"")
+    st = env.from_string(
+        "search _time={{ epoch }} index=netfw host=\"tzfny-{{ host }}\" sourcetype=\"cisco:asa\"")
     search = st.render(epoch=epoch, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -200,8 +224,9 @@ def test_tz_fix_ny(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
 
 def test_check_config_version(record_property, setup_wordlist, setup_splunk, setup_sc4s):
-
-    st = env.from_string("search earliest=-1m@m latest=+1m@m index=main sourcetype=\"sc4s:events:startup:err\" \"Configuration file format is too old\" ")
+
+    st = env.from_string(
+        "search earliest=-50m@m latest=+1m@m index=main sourcetype=\"sc4s:events:startup:err\" \"Configuration file format is too old\" ")
     search = st.render()
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -210,9 +235,11 @@ def test_check_config_version(record_property, setup_wordlist, setup_splunk, set
 
     assert resultCount == 0
 
+
 def test_check_config_version_multiple(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
-    st = env.from_string("search earliest=-1m@m latest=+1m@m index=main sourcetype=\"sc4s:events:startup:err\" \"you have multiple @version directives\" ")
+    st = env.from_string(
+        "search earliest=-50m@m latest=+1m@m index=main sourcetype=\"sc4s:events:startup:err\" \"you have multiple @version directives\" ")
     search = st.render()
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -221,9 +248,11 @@ def test_check_config_version_multiple(record_property, setup_wordlist, setup_sp
 
     assert resultCount == 0
 
+
 def test_check_sc4s_version(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
-    st = env.from_string("search earliest=-1m@m latest=+1m@m index=main sourcetype=\"sc4s:events:startup:out\" \"sc4s version=\" NOT \"UNKNOWN\"")
+    st = env.from_string(
+        "search earliest=-50m@m latest=+1m@m index=main sourcetype=\"sc4s:events:startup:out\" \"sc4s version=\" NOT \"UNKNOWN\"")
     search = st.render()
 
     resultCount, eventCount = splunk_single(setup_splunk, search)