private static void TestSysLogInternal(DateTime expectedTime, DateTimeKind timeZoneKind)
{
string log = @"Mar 12 12:00:08 server2 rcd[308]: Unable to downloaded licenses info: Unable to authenticate - Authorization Required (https://server2/data/red-carpet.rdf)
Mar 12 12:10:00 server2 /USR/SBIN/CRON[6808]: (root) CMD ( /usr/lib/sa/sa1 )
Mar 7 04:22:00 avas CROND[11460]: (cronjob) CMD (run-parts /etc/cron.weekly)
Mar 7 04:22:00 avas anacron[11464]: Updated timestamp for job `cron.weekly' to 2004-03-07
Mar 12 12:01:02 server4 snort: alert_multiple_requests: ACTIVE
Mar 12 12:17:03 server7 sshd[26501]: pam_authenticate: error Authentication failed";
using (Stream stream = Utility.StringToStream(log))
using (StreamReader sr = new StreamReader(stream))
{
SysLogParser parser = new SysLogParser(null, timeZoneKind);
var records = parser.ParseRecords(sr, new LogContext()).ToList();
Assert.Equal(expectedTime, records[0].Timestamp);
Assert.Equal("Mar 12 12:00:08", records[0].Data["SysLogTimeStamp"]);
Assert.Equal("server2", records[0].Data["Hostname"]);
Assert.Equal("rcd[308]:", records[0].Data["Program"]);
Assert.Equal("Unable to downloaded licenses info: Unable to authenticate - Authorization Required (https://server2/data/red-carpet.rdf)", records[0].Data["Message"]);
var envelope = (ILogEnvelope)records[5];
Assert.Equal(6, envelope.LineNumber);
}
}
public void TestSyslogParser(string logLine, DateTime expectedDateTime, string hostname, string program, string message)
{
using (Stream logStream = Utility.StringToStream(logLine))
using (StreamReader logStreamReader = new StreamReader(logStream))
{
SysLogParser parser = new SysLogParser(null, DateTimeKind.Utc);
var records = parser.ParseRecords(logStreamReader, new LogContext()).ToArray();
Assert.NotNull(records);
Assert.Single(records);
var record = records[0];
Assert.Equal(expectedDateTime, record.Timestamp);
VerifySyslogDataItem(record, "Hostname", hostname);
VerifySyslogDataItem(record, "Program", program);
VerifySyslogDataItem(record, "Message", message);
}
}