public void Validate_ConstructedMessage_IsValid()
{
var rule = new CefMessageRule();
var msg = new CefMessage(DateTimeOffset.UtcNow, "host", "Security", "threatmanager", "1.0", 100, "worm successfullystopped",
CefSeverity.Emergency);
var result = rule.Validate(msg, null);
Assert.That(result.IsValid, Is.True);
}
public void Send_OneMessage_SyslogSenderCalled()
{
var message = new CefMessage(new DateTime(2016, 1, 1), "host", "Security", "threatmanager", "1.0", 100, "worm successfullystopped",
CefSeverity.Emergency);
_cefSender.Send(message, _serializer);
_syslogSenderMock.Verify(x => x.Send(It.IsAny <SyslogMessage>(), It.IsAny <CefMessageSerializer>()), Times.Once);
}
public void CefSender_SendCef()
{
var serializer = new CefMessageSerializer(new SyslogRfc3164MessageSerializer());
using (var sender = new CefSender(new SyslogTcpSender("127.0.0.1", 514)))
{
var cef = new CefMessage(DateTimeOffset.UtcNow, "host", "Raiff", "ICDB", "1.1", 555, "test", CefSeverity.Error);
Assert.That(() => sender.Send(cef, serializer), Throws.Nothing);
}
}
public void Validate_ConstructedWithAdditionalInfo_IsValid()
{
var rule = new CefMessageRule();
var msg = new CefMessage(DateTimeOffset.UtcNow, "host", "Security", "threatmanager", "1.0", 100, "worm successfullystopped",
CefSeverity.Emergency);
msg.Extensions.FileModificationTime = DateTimeOffset.UtcNow;
var result = rule.Validate(msg, null);
Assert.That(result.IsValid, Is.True);
}
public void Escape(CefMessage orig, CefMessage escaped)
{
var origDeviceVendor = CefEncoder.EncodeHeader(orig.DeviceVendor);
var origDeviceProduct = CefEncoder.EncodeHeader(orig.DeviceProduct);
var origDeviceVersion = CefEncoder.EncodeHeader(orig.DeviceVersion);
var origName = CefEncoder.EncodeHeader(orig.Name);
var extensionsSourceHostName = CefEncoder.EncodeExtension(orig.Extensions.SourceHostName);
Assert.That(origDeviceVendor, Is.EqualTo(escaped.DeviceVendor));
Assert.That(origDeviceProduct, Is.EqualTo(escaped.DeviceProduct));
Assert.That(origDeviceVersion, Is.EqualTo(escaped.DeviceVersion));
Assert.That(origName, Is.EqualTo(escaped.Name));
Assert.That(extensionsSourceHostName, Is.EqualTo(escaped.Extensions.SourceHostName));
}
public void Send_TwoMessages_SyslogSenderCalledTwice()
{
var firstMessage = new CefMessage(new DateTime(2016, 1, 1), "host", "Security", "threatmanager", "1.0", 100,
"worm successfullystopped", CefSeverity.Emergency);
var secondMessage = new CefMessage(new DateTime(2016, 1, 1), "host", "Security", "threatmanager", "1.0", 100,
"worm successfullystopped", CefSeverity.Emergency);
var serializer = new CefMessageSerializer(new Mock <ISyslogMessageSerializer>().Object);
var syslogSenderMock = new Mock <ISyslogMessageSender>();
var cefSender = new CefSender(syslogSenderMock.Object);
cefSender.Send(new CefMessage[] { firstMessage, secondMessage }, serializer);
syslogSenderMock.Verify(x => x.Send(It.IsAny <SyslogMessage>(), It.IsAny <CefMessageSerializer>()), Times.Exactly(2));
}
public void CefMessageCasesTest(CefMessage cefMessage, string expectedMessage)
{
var serializer = new CefMessageSerializer(new SyslogRfc3164MessageSerializer());
string result;
using (var stream = new MemoryStream())
{
var syslogMessage = serializer.Serialize(cefMessage);
serializer.Serialize(syslogMessage, stream);
stream.Flush();
stream.Position = 0;
using (var reader = new StreamReader(stream, Encoding.UTF8))
{
result = reader.ReadLine();
}
}
Assert.That(result, Is.EqualTo($"<8>{expectedMessage}"));
}