private static void TestSysLogInternal(DateTime expectedTime, DateTimeKind timeZoneKind)
        {
            string log = @"Mar 12 12:00:08 server2 rcd[308]: Unable to downloaded licenses info: Unable to authenticate - Authorization Required (https://server2/data/red-carpet.rdf)
Mar 12 12:10:00 server2 /USR/SBIN/CRON[6808]: (root) CMD ( /usr/lib/sa/sa1 )
Mar 7 04:22:00 avas CROND[11460]: (cronjob) CMD (run-parts /etc/cron.weekly)
Mar 7 04:22:00 avas anacron[11464]: Updated timestamp for job `cron.weekly' to 2004-03-07
Mar 12 12:01:02 server4 snort: alert_multiple_requests: ACTIVE
Mar 12 12:17:03 server7 sshd[26501]: pam_authenticate: error Authentication failed";

            using (Stream stream = Utility.StringToStream(log))
                using (StreamReader sr = new StreamReader(stream))
                {
                    SysLogParser parser  = new SysLogParser(null, timeZoneKind);
                    var          records = parser.ParseRecords(sr, new LogContext()).ToList();

                    Assert.Equal(expectedTime, records[0].Timestamp);
                    Assert.Equal("Mar 12 12:00:08", records[0].Data["SysLogTimeStamp"]);
                    Assert.Equal("server2", records[0].Data["Hostname"]);
                    Assert.Equal("rcd[308]:", records[0].Data["Program"]);
                    Assert.Equal("Unable to downloaded licenses info: Unable to authenticate - Authorization Required (https://server2/data/red-carpet.rdf)", records[0].Data["Message"]);

                    var envelope = (ILogEnvelope)records[5];
                    Assert.Equal(6, envelope.LineNumber);
                }
        }
Beispiel #2
0
        public void TestSyslogParser(string logLine, DateTime expectedDateTime, string hostname, string program, string message)
        {
            using (Stream logStream = Utility.StringToStream(logLine))
                using (StreamReader logStreamReader = new StreamReader(logStream))
                {
                    SysLogParser parser  = new SysLogParser(null, DateTimeKind.Utc);
                    var          records = parser.ParseRecords(logStreamReader, new LogContext()).ToArray();
                    Assert.NotNull(records);
                    Assert.Single(records);

                    var record = records[0];
                    Assert.Equal(expectedDateTime, record.Timestamp);
                    VerifySyslogDataItem(record, "Hostname", hostname);
                    VerifySyslogDataItem(record, "Program", program);
                    VerifySyslogDataItem(record, "Message", message);
                }
        }