/*
* Copyright 2013 Eediom Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.araqne.logparser.krsyslog.secui;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import static org.junit.Assert.*;
import org.araqne.logparser.krsyslog.secui.NxgLogParser;
import org.junit.Test;
public class NxgLogParserTest {
@Test
public void testPocSample1() {
String log = "<398>[LOG_AUDIT] 높음 2013-05-14 14:39:38 secui 130.1.185.24 130.1.254.197 130.1.254.198 HA SYNC 쉘명령 - /fw/bin/do_jni_action LOG 적용 성공 ";
NxgLogParser p = new NxgLogParser();
Map<String, Object> m = p.parse(line(log));
assertEquals("audit", m.get("type"));
assertEquals("높음", m.get("level"));
assertEquals(date(2013, 5, 14, 14, 39, 38), m.get("_time"));
assertEquals("secui 130.1.185.24 130.1.254.197 130.1.254.198 HA SYNC 쉘명령 - /fw/bin/do_jni_action LOG 적용 성공 ",
m.get("msg"));
}
@Test
public void testPocSample2() {
String log = "<398>[LOG_AUDIT] 높음 2013-05-14 14:39:37 secui 130.1.185.24 130.1.254.197 로그/리포트 로그/경고 로그 적용 - - 적용 성공 ";
NxgLogParser p = new NxgLogParser();
Map<String, Object> m = p.parse(line(log));
assertEquals(date(2013, 5, 14, 14, 39, 37), m.get("_time"));
assertEquals("audit", m.get("type"));
assertEquals("높음", m.get("level"));
assertEquals(date(2013, 5, 14, 14, 39, 37), m.get("_time"));
assertEquals("secui 130.1.185.24 130.1.254.197 로그/리포트 로그/경고 로그 적용 - - 적용 성공 ", m.get("msg"));
}
@Test
public void testPocSample3() {
String log = "<206>[LOG_ADMITTED] 2013-05-14 14:40:12,1966,211.181.254.201,0,0/icmp,130.1.194.69,0,78,0,0,External";
NxgLogParser p = new NxgLogParser();
Map<String, Object> m = p.parse(line(log));
assertEquals(date(2013, 5, 14, 14, 40, 12), m.get("_time"));
assertEquals("allow", m.get("type"));
assertEquals("0/icmp", m.get("protocol"));
assertEquals("211.181.254.201", m.get("src_ip"));
assertEquals("130.1.194.69", m.get("dst_ip"));
assertEquals("External", m.get("interface"));
}
@Test
public void testPocSample4() {
String log = "<214>[LOG_DENIED] 2013-05-14 14:39:37,1700,130.1.111.210,211.181.255.1,3/icmp,0,3,DENY,1,Internal";
NxgLogParser p = new NxgLogParser();
Map<String, Object> m = p.parse(line(log));
assertEquals("deny", m.get("type"));
assertEquals(date(2013, 5, 14, 14, 39, 37), m.get("_time"));
assertEquals("130.1.111.210", m.get("src_ip"));
assertEquals("211.181.255.1", m.get("dst_ip"));
assertEquals("3/icmp", m.get("protocol"));
assertEquals("Internal", m.get("interface"));
}
@Test
public void testPocSample5() {
String log = "<214>[LOG_DENIED] 2013-05-14 14:40:13,1700,130.1.101.78,211.115.106.203,80/tcp,54576,80,DENY,1,Internal";
NxgLogParser p = new NxgLogParser();
Map<String, Object> m = p.parse(line(log));
assertEquals(date(2013, 5, 14, 14, 40, 13), m.get("_time"));
assertEquals("deny", m.get("type"));
assertEquals("80/tcp", m.get("protocol"));
assertEquals("130.1.101.78", m.get("src_ip"));
assertEquals("211.115.106.203", m.get("dst_ip"));
assertEquals(54576, m.get("src_port"));
assertEquals(80, m.get("dst_port"));
assertEquals("Internal", m.get("interface"));
}
@Test
public void testPocSample6() {
String log = "<382>[LOG_NAT] 2013-05-14 14:40:12,130.1.181.16,55526,211.181.253.38,55526,55526/udp,Outbound";
NxgLogParser p = new NxgLogParser();
Map<String, Object> m = p.parse(line(log));
assertEquals("nat", m.get("type"));
assertEquals("55526/udp", m.get("protocol"));
assertEquals("Outbound", m.get("direction"));
assertEquals("130.1.181.16", m.get("src_ip"));
assertEquals(55526, m.get("src_port"));
assertEquals("211.181.253.38", m.get("nat_src_ip"));
assertEquals(55526, m.get("nat_src_port"));
}
@Test
public void testPocSample7() {
String log = "<382>[LOG_DENIED] 2015-04-14 20:17:18,1,176.34.254.176,137.68.247.120,15094/tcp,80,15094,DENY,1,External";
NxgLogParser p = new NxgLogParser();
Map<String, Object> m = p.parse(line(log));
assertEquals("deny", m.get("type"));
assertEquals(1, m.get("rule_id"));
assertEquals("176.34.254.176", m.get("src_ip"));
assertEquals("137.68.247.120", m.get("dst_ip"));
assertEquals("15094/tcp", m.get("protocol"));
assertEquals(80, m.get("src_port"));
assertEquals(15094, m.get("dst_port"));
assertEquals("DENY", m.get("denied_action"));
assertEquals(1, m.get("count"));
assertEquals("External", m.get("interface"));
}
private Date date(int year, int mon, int day, int hour, int min, int sec) {
Calendar c = Calendar.getInstance();
c.set(Calendar.YEAR, 2013);
c.set(Calendar.MONTH, mon - 1);
c.set(Calendar.DAY_OF_MONTH, day);
c.set(Calendar.HOUR_OF_DAY, hour);
c.set(Calendar.MINUTE, min);
c.set(Calendar.SECOND, sec);
c.set(Calendar.MILLISECOND, 0);
return c.getTime();
}
private Map<String, Object> line(String log) {
Map<String, Object> m = new HashMap<String, Object>();
m.put("line", log);
return m;
}
}