public void TestStringPipe(bool negate)
{
var config = TestUtility.GetConfig("Pipes", "TestPipe");
if (negate)
{
config["Negate"] = "true";
}
var context = new PluginContext(config, null, null);
var source = new MockEventSource <string>(context);
var sink = new MockEventSink(context);
context.ContextData[PluginContext.SOURCE_TYPE] = source.GetType();
context.ContextData[PluginContext.SOURCE_OUTPUT_TYPE] = source.GetOutputType();
context.ContextData[PluginContext.SINK_TYPE] = sink.GetType();
var pipe = new PipeFactory().CreateInstance(PipeFactory.REGEX_FILTER_PIPE, context);
source.Subscribe(pipe);
pipe.Subscribe(sink);
string record1 = "24,09/29/17,00:00:04,Database Cleanup Begin,,,,,0,6,,,,,,,,,0";
string record2 = "25,09/29/17,00:00:04,0 leases expired and 0 leases deleted,,,,,0,6,,,,,,,,,0";
source.MockEvent(record1);
source.MockEvent(record2);
Assert.Single(sink.Records);
Assert.Equal(negate ? record2 : record1, sink.Records[0]);
}
private MockEventSource <T> CreateEventsource <T>(string id)
{
var config = TestUtility.GetConfig("Sources", id);
var source = new MockEventSource <T>(new PluginContext(config, null, null, _bookmarkManager));
EventSource <T> .LoadCommonSourceConfig(config, source);
return(source);
}
private static EventSource <string> RunInitialPositionTest(string id, InitialPositionEnum expectedInitialPosition)
{
var config = TestUtility.GetConfig("Sources", id);
var source = new MockEventSource <string>(new PluginContext(config, null, null));
EventSource <string> .LoadCommonSourceConfig(config, source);
Assert.Equal(expectedInitialPosition, source.InitialPosition);
return(source);
}
public void ConvertsIISLogs()
{
string log = @"#Software: Microsoft Internet Information Services 10.0
#Version: 1.0
#Date: 2017-05-31 06:00:30
#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2017-05-31 06:00:30 W3SVC1 EC2AMAZ-HCNHA1G 10.10.10.10 POST /DoWork - 443 EXAMPLE\jonsmith 11.11.11.11 HTTP/1.1 SEA-HDFEHW23455/1.0.9/jonsmith - - localhost 500 2 0 1950 348 158
2017-05-31 06:00:30 W3SVC1 EC2AMAZ-HCNHA1G ::1 GET / - 80 - ::1 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - - localhost 200 0 0 950 348 128
2017-05-31 06:00:30 W3SVC1 EC2AMAZ-HCNHA1G ::1 GET / - 80 - ::1 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - - localhost 401 1 0 50 348 150
2017-05-31 06:00:30 W3SVC1 EC2AMAZ-HCNHA1G ::1 GET / - 80 - ::1 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - - localhost 503 7 0 550 348 192
2017-05-31 06:00:30 W3SVC1 EC2AMAZ-HCNHA1G ::1 GET /iisstart.png - 80 - ::1 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - http://localhost/ localhost 200 0 0 99960 317 3";
var config = TestUtility.GetConfig("Pipes", "IISEMFTestPipe");
using (var logger = new MemoryLogger(nameof(EMFPipeTests)))
{
var context = new PluginContext(config, logger, null);
var source = new MockEventSource <W3SVCLogRecord>(context);
var sink = new MockEventSink(context);
context.ContextData[PluginContext.SOURCE_TYPE] = source.GetType();
context.ContextData[PluginContext.SOURCE_OUTPUT_TYPE] = source.GetOutputType();
context.ContextData[PluginContext.SINK_TYPE] = sink.GetType();
//var pipe = new PipeFactory().CreateInstance(PipeFactory.REGEX_FILTER_PIPE, context);
var pipe = new EMFPipe <W3SVCLogRecord>(context);
source.Subscribe(pipe);
pipe.Subscribe(sink);
using (var sr = new StreamReader(Utility.StringToStream(log)))
{
var parser = new W3SVCLogParser(null);
var records = parser.ParseRecords(sr, new DelimitedLogContext {
FilePath = "Memory"
});
foreach (var r in records)
{
source.MockEvent(r.Data);
}
Assert.Equal(5, sink.Records.Count);
var jo = JObject.Parse(sink.Records.First());
Assert.Equal("10.10.10.10", jo["s-ip"].ToString());
Assert.Equal("POST", jo["cs-method"].ToString());
Assert.Equal("/DoWork", jo["cs-uri-stem"].ToString());
Assert.Equal("443", jo["s-port"].ToString());
Assert.Equal("11.11.11.11", jo["c-ip"].ToString());
Assert.Equal(@"EXAMPLE\jonsmith", jo["cs-username"].ToString());
Assert.Equal(@"SEA-HDFEHW23455/1.0.9/jonsmith", jo["cs-User-Agent"].ToString());
Assert.Equal("500", jo["sc-status"].ToString());
Assert.Equal("2", jo["sc-substatus"].ToString());
Assert.Equal("0", jo["Version"].ToString());
Assert.Equal("IISNamespace", jo["CloudWatchMetrics"][0]["Namespace"].ToString());
Assert.Equal("time-taken", jo["CloudWatchMetrics"][0]["Metrics"][0]["Name"].ToString());
}
}
}
public void TestObjectDecorationResolutionOrder(string input, string attribute, string value)
{
MemoryLogger logger = new MemoryLogger(null);
MockEventSource <JObject> mockEventSource = CreateEventsource <JObject>("InitialPositionUnspecified");
MockEventSink sink = CreateEventSink("ObjectDecorationExResolutionOrder", logger);
mockEventSource.Subscribe(sink);
DateTime timestamp = DateTime.UtcNow;
JObject data = JObject.Parse(input);
mockEventSource.MockEvent(data, timestamp);
Assert.Contains($"\"{attribute}\":\"{value}\"", sink.Records[0]);
}
public void TestTextDecorationExJson()
{
MemoryLogger logger = new MemoryLogger(null);
MockEventSource <JObject> mockEventSource = CreateEventsource <JObject>("InitialPositionUnspecified");
MockEventSink sink = CreateEventSink("TextDecorationExJson", logger);
mockEventSource.Subscribe(sink);
var data1 = JObject.Parse("{\"myvar1\": \"myval1\"}");
DateTime timestamp = DateTime.UtcNow;
mockEventSource.MockEvent(data1, timestamp);
Assert.Equal("{ \"var\": \"MYVAL1\" }", sink.Records[0]);
}
public void TestObjectDecorationWithExpression(string input, string attribute, string value)
{
MemoryLogger logger = new MemoryLogger(null);
MockEventSource <JObject> mockEventSource = CreateEventsource <JObject>("InitialPositionUnspecified");
MockEventSink sink = CreateEventSink("ObjectDecorationExWithExpression", logger);
mockEventSource.Subscribe(sink);
DateTime timestamp = DateTime.UtcNow;
JObject data = JObject.Parse(input);
mockEventSource.MockEvent(data, timestamp);
data.Add(attribute, value);
Assert.Equal(data.ToString(Formatting.None), sink.Records[0]);
}
public void TestTextDecoration(string sinkId)
{
string id = sinkId + (Utility.IsWindows ? string.Empty : TestUtility.LINUX);
MemoryLogger logger = new MemoryLogger(null);
MockEventSource <string> mockEventSource = CreateEventsource <string>("InitialPositionUnspecified");
MockEventSink sink = CreateEventSink(id, logger);
mockEventSource.Subscribe(sink);
string data = "some text";
DateTime timestamp = DateTime.UtcNow;
mockEventSource.MockEvent(data, timestamp);
Assert.Equal($"{ComputerOrHostName}:::{timestamp.ToString("yyyy-MM-dd HH:mm:ss")}:::{data}",
sink.Records[0]);
}
public void TestLocalVariableJObject(string sinkId)
{
MemoryLogger logger = new MemoryLogger(null);
MockEventSource <JObject> mockEventSource = CreateEventsource <JObject>("InitialPositionUnspecified");
MockEventSink sink = CreateEventSink(sinkId, logger); //"TextDecoration": "{$myvar2}"
mockEventSource.Subscribe(sink);
var data1 = JObject.Parse("{\"myvar1\": \"myval1\"}");
var data2 = JObject.Parse("{\"myvar2\": \"myval2\"}");
DateTime timestamp = DateTime.UtcNow;
mockEventSource.MockEvent(data1, timestamp);
Assert.Empty(sink.Records);
mockEventSource.MockEvent(data2, timestamp);
Assert.Equal("myval2", sink.Records[0]);
}
public void ConvertsPowerShellSource()
{
var records = new List <Envelope <JObject> >
{
new Envelope <JObject>(JObject.Parse("{\"ComputerName\":\"MyComputer\",\"Name\":\"TrustedInstaller\",\"Status\":\"Running\"}")),
new Envelope <JObject>(JObject.Parse("{\"ComputerName\":\"MyComputer\",\"Name\":\"WinRM\",\"Status\":\"Stopped\"}"))
};
var config = TestUtility.GetConfig("Pipes", "PSEMFTestPipe");
using (var logger = new MemoryLogger(nameof(EMFPipeTests)))
{
var context = new PluginContext(config, logger, null);
var source = new MockEventSource <JObject>(context);
var sink = new MockEventSink(context);
context.ContextData[PluginContext.SOURCE_TYPE] = source.GetType();
context.ContextData[PluginContext.SOURCE_OUTPUT_TYPE] = source.GetOutputType();
context.ContextData[PluginContext.SINK_TYPE] = sink.GetType();
var pipe = new EMFPipe <JObject>(context);
source.Subscribe(pipe);
pipe.Subscribe(sink);
foreach (var r in records)
{
source.MockEvent(r.Data);
}
Assert.Equal(2, sink.Records.Count);
var jo = JObject.Parse(sink.Records.First());
Assert.Equal("PSNamespace", jo["_aws"]["CloudWatchMetrics"][0]["Namespace"].ToString());
Assert.Equal("ServiceStatus", jo["_aws"]["CloudWatchMetrics"][0]["Metrics"][0]["Name"].ToString());
Assert.Equal(1, jo["ServiceStatus"].ToObject <int>());
Assert.Equal("Running", jo["Status"].ToString());
Assert.Equal("TrustedInstaller", jo["Name"].ToString());
var dims = jo["_aws"]["CloudWatchMetrics"][0]["Dimensions"][0].ToArray().Select(i => i.ToString()).ToList();
Assert.Equal(3, dims.Count);
Assert.Contains("Name", dims);
Assert.Contains("ComputerName", dims);
Assert.Contains("Status", dims);
jo = JObject.Parse(sink.Records.Last());
Assert.Equal("Stopped", jo["Status"].ToString());
Assert.Equal("WinRM", jo["Name"].ToString());
}
}
public void TextDecorationWithFileName(string sinkId)
{
string id = sinkId + (Utility.IsWindows ? string.Empty : TestUtility.LINUX);
MemoryLogger logger = new MemoryLogger(null);
MockEventSource <string> mockEventSource = CreateEventsource <string>("InitialPositionUnspecified");
MockEventSink sink = CreateEventSink(id, logger);
mockEventSource.Subscribe(sink);
string data = "some text";
DateTime timestamp = DateTime.UtcNow;
string filePath = Path.Combine(TestUtility.GetTestHome(), "test.log");
long position = 11;
long lineNumber = 1;
mockEventSource.MockLogEvent(data, timestamp, data, filePath, position, lineNumber);
Assert.Equal($"{ComputerOrHostName}:::{Path.GetFileName(filePath)}:::{position}:::{data}",
sink.Records[0]);
}
public void TestObjectDecoration(string sinkId)
{
string id = sinkId + (Utility.IsWindows ? string.Empty : TestUtility.LINUX);
MemoryLogger logger = new MemoryLogger(null);
MockEventSource <IDictionary <string, string> > mockEventSource = CreateEventsource <IDictionary <string, string> >("InitialPositionUnspecified");
MockEventSink sink = CreateEventSink(id, logger);
mockEventSource.Subscribe(sink);
string text = "some text";
Dictionary <string, string> data = new Dictionary <string, string>()
{
{ "data", text }
};
DateTime timestamp = DateTime.UtcNow;
mockEventSource.MockEvent(data, timestamp);
string result = sink.Records[0];
Assert.Equal($"{{\"data\":\"{text}\",\"ComputerName\":\"{ComputerOrHostName}\",\"DT\":\"{timestamp.ToString("yyyy-MM-dd HH:mm:ss")}\"}}",
result);
}
public void TestLocalVariableDictionary(string sinkId)
{
MemoryLogger logger = new MemoryLogger(null);
MockEventSource <IDictionary <string, string> > mockEventSource = CreateEventsource <IDictionary <string, string> >("InitialPositionUnspecified");
MockEventSink sink = CreateEventSink(sinkId, logger); //"TextDecoration": "{$myvar2}"
mockEventSource.Subscribe(sink);
var data1 = new Dictionary <string, string>()
{
{ "myvar1", "myval1" }
};
var data2 = new Dictionary <string, string>()
{
{ "myvar2", "myval2" }
};
DateTime timestamp = DateTime.UtcNow;
mockEventSource.MockEvent(data1, timestamp);
Assert.Empty(sink.Records);
mockEventSource.MockEvent(data2, timestamp);
Assert.Equal("myval2", sink.Records[0]);
}
public void TestLocalVariableAnonymousObject()
{
MemoryLogger logger = new MemoryLogger(null);
MockEventSource <object> mockEventSource = CreateEventsource <object>("InitialPositionUnspecified");
MockEventSink sink = CreateEventSink("TextDecorationLocalVariable", logger); //"TextDecoration": "{$myvar2}"
mockEventSource.Subscribe(sink);
var data1 = new
{
myvar1 = "myval1"
};
var data2 = new
{
myvar2 = "myval2"
};
DateTime timestamp = DateTime.UtcNow;
mockEventSource.MockEvent(data1, timestamp);
Assert.Empty(sink.Records);
mockEventSource.MockEvent(data2, timestamp);
Assert.Equal("myval2", sink.Records[0]);
}
public void TestObjectDecorationWithFileName(string sinkId)
{
string id = sinkId + (Utility.IsWindows ? string.Empty : TestUtility.LINUX);
MemoryLogger logger = new MemoryLogger(null);
MockEventSource <IDictionary <string, string> > mockEventSource = CreateEventsource <IDictionary <string, string> >("InitialPositionUnspecified");
MockEventSink sink = CreateEventSink(id, logger);
mockEventSource.Subscribe(sink);
string text = "some text";
Dictionary <string, string> data = new Dictionary <string, string>()
{
{ "data", text }
};
DateTime timestamp = DateTime.UtcNow;
string filePath = Path.Combine(TestUtility.GetTestHome(), "test.log");
long position = 11;
long lineNumber = 1;
mockEventSource.MockLogEvent(data, timestamp, text, filePath, position, lineNumber);
string result = sink.Records[0];
Assert.Equal($"{{\"data\":\"{text}\",\"ComputerName\":\"{ComputerOrHostName}\",\"FileName\":\"{Path.GetFileName(filePath)}\",\"Position\":\"{position}\"}}",
result);
}