/*
* Copyright 2012 Future Systems
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.krakenapps.logparser.syslog.radware;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.junit.Test;
import static org.junit.Assert.*;
public class DefenseProLogParserTest {
@Test
public void testAccessLog() {
String log = "DefensePro: 04-04-2012 22:07:04 WARNING 8 Access \"black_2012_02_13\" IP 0.0.0.0 0 0.0.0.0 0 1 Regular \"Black List\" occur 6 2 N/A 0 N/A low drop";
Map<String, Object> m = new DefenseProLogParser().parse(line(log));
assertEquals(date(2012, 4, 4, 22, 7, 4), m.get("date"));
assertEquals("WARNING", m.get("priority"));
assertEquals("8", m.get("attack_id"));
assertEquals("Access", m.get("category"));
assertEquals("black_2012_02_13", m.get("attack_name"));
assertEquals("IP", m.get("protocol"));
assertEquals("0.0.0.0", m.get("src"));
assertEquals(0, m.get("src_port"));
assertEquals("0.0.0.0", m.get("dst"));
assertEquals(0, m.get("dst_port"));
assertEquals(1, m.get("phy_port"));
assertEquals("Regular", m.get("sig_type"));
assertEquals("Black List", m.get("policy_name"));
assertEquals("occur", m.get("attack_status"));
assertEquals(6, m.get("attack_count"));
assertEquals(2, m.get("bandwidth"));
assertEquals("N/A", m.get("vlan"));
assertEquals("low", m.get("criticity"));
assertEquals("drop", m.get("action"));
}
@Test
public void testIntrusionLog() {
String log = "DefensePro: 04-04-2012 22:07:04 WARNING 300039 Intrusions \"Dfweb_post_30s\" TCP 59.86.235.202 54255 175.207.24.20 80 13 Regular \"rule17\" term 0 11 N/A 0 N/A low forward";
Map<String, Object> m = new DefenseProLogParser().parse(line(log));
assertEquals(date(2012, 4, 4, 22, 7, 4), m.get("date"));
assertEquals("WARNING", m.get("priority"));
assertEquals("300039", m.get("attack_id"));
assertEquals("Intrusions", m.get("category"));
assertEquals("Dfweb_post_30s", m.get("attack_name"));
assertEquals("TCP", m.get("protocol"));
assertEquals("59.86.235.202", m.get("src"));
assertEquals(54255, m.get("src_port"));
assertEquals("175.207.24.20", m.get("dst"));
assertEquals(80, m.get("dst_port"));
assertEquals(13, m.get("phy_port"));
assertEquals("Regular", m.get("sig_type"));
assertEquals("rule17", m.get("policy_name"));
assertEquals("term", m.get("attack_status"));
assertEquals(0, m.get("attack_count"));
assertEquals(11, m.get("bandwidth"));
assertEquals("N/A", m.get("vlan"));
assertEquals("low", m.get("criticity"));
assertEquals("forward", m.get("action"));
}
@Test
public void testDosLog() {
String log = "DefensePro: 04-04-2012 22:07:04 WARNING 450008 DoS \"CyWeb_conn_1s\" TCP 115.89.124.56 1463 175.207.23.64 80 13 Regular \"rule8-6\" start 1 0 N/A 0 N/A medium drop";
Map<String, Object> m = new DefenseProLogParser().parse(line(log));
assertEquals(date(2012, 4, 4, 22, 7, 4), m.get("date"));
assertEquals("WARNING", m.get("priority"));
assertEquals("450008", m.get("attack_id"));
assertEquals("DoS", m.get("category"));
assertEquals("CyWeb_conn_1s", m.get("attack_name"));
assertEquals("TCP", m.get("protocol"));
assertEquals("115.89.124.56", m.get("src"));
assertEquals(1463, m.get("src_port"));
assertEquals("175.207.23.64", m.get("dst"));
assertEquals(80, m.get("dst_port"));
assertEquals(13, m.get("phy_port"));
assertEquals("Regular", m.get("sig_type"));
assertEquals("rule8-6", m.get("policy_name"));
assertEquals("start", m.get("attack_status"));
assertEquals(1, m.get("attack_count"));
assertEquals(0, m.get("bandwidth"));
assertEquals("N/A", m.get("vlan"));
assertEquals("medium", m.get("criticity"));
assertEquals("drop", m.get("action"));
}
private Date date(int year, int mon, int day, int hour, int min, int sec) {
Calendar c = Calendar.getInstance();
c.set(Calendar.YEAR, year);
c.set(Calendar.MONTH, mon - 1);
c.set(Calendar.DAY_OF_MONTH, day);
c.set(Calendar.HOUR_OF_DAY, hour);
c.set(Calendar.MINUTE, min);
c.set(Calendar.SECOND, sec);
c.set(Calendar.MILLISECOND, 0);
return c.getTime();
}
private Map<String, Object> line(String s) {
Map<String, Object> m = new HashMap<String, Object>();
m.put("line", s);
return m;
}
}