StructuredSyslogServerEventTest.java example

Explorer

syslog4j-graylog2-master
- src
  - main
    - java
      - org
        graylog2
        syslog4j
        Syslog.java
        Syslog4jVersion.java
        SyslogBackLogHandlerIF.java
        SyslogCharSetIF.java
        SyslogConfigIF.java
        SyslogConstants.java
        SyslogIF.java
        SyslogMain.java
        SyslogMessageIF.java
        SyslogMessageModifierConfigIF.java
        SyslogMessageModifierIF.java
        SyslogMessageProcessorIF.java
        SyslogPoolConfigIF.java
        SyslogRuntimeException.java
        impl
        AbstractSyslog.java
        AbstractSyslogConfig.java
        AbstractSyslogConfigIF.java
        AbstractSyslogWriter.java
        backlog
        AbstractSyslogBackLogHandler.java
        NullSyslogBackLogHandler.java
        Syslog4jBackLogHandler.java
        log4j
        Log4jSyslogBackLogHandler.java
        printstream
        PrintStreamSyslogBackLogHandler.java
        SystemErrSyslogBackLogHandler.java
        SystemOutSyslogBackLogHandler.java
        log4j
        Syslog4jAppender.java
        Syslog4jAppenderSkeleton.java
        message
        AbstractSyslogMessage.java
        modifier
        AbstractSyslogMessageModifier.java
        AbstractSyslogMessageModifierConfig.java
        checksum
        ChecksumSyslogMessageModifier.java
        ChecksumSyslogMessageModifierConfig.java
        escape
        HTMLEntityEscapeSyslogMessageModifier.java
        hash
        HashSyslogMessageModifier.java
        HashSyslogMessageModifierConfig.java
        mac
        MacSyslogMessageModifier.java
        MacSyslogMessageModifierConfig.java
        sequential
        SequentialSyslogMessageModifier.java
        SequentialSyslogMessageModifierConfig.java
        text
        PrefixSyslogMessageModifier.java
        StringCaseSyslogMessageModifier.java
        SuffixSyslogMessageModifier.java
        pci
        PCISyslogMessage.java
        PCISyslogMessageIF.java
        processor
        AbstractSyslogMessageProcessor.java
        SyslogMessageProcessor.java
        structured
        StructuredSyslogMessageProcessor.java
        structured
        StructuredSyslogMessage.java
        StructuredSyslogMessageIF.java
        multiple
        MultipleSyslog.java
        MultipleSyslogConfig.java
        net
        AbstractNetSyslog.java
        AbstractNetSyslogConfig.java
        AbstractNetSyslogConfigIF.java
        tcp
        TCPNetSyslog.java
        TCPNetSyslogConfig.java
        TCPNetSyslogConfigIF.java
        TCPNetSyslogWriter.java
        pool
        PooledTCPNetSyslog.java
        PooledTCPNetSyslogConfig.java
        ssl
        SSLTCPNetSyslog.java
        SSLTCPNetSyslogConfig.java
        SSLTCPNetSyslogConfigIF.java
        SSLTCPNetSyslogWriter.java
        pool
        PooledSSLTCPNetSyslogConfig.java
        udp
        UDPNetSyslog.java
        UDPNetSyslogConfig.java
        pool
        AbstractSyslogPoolFactory.java
        generic
        GenericSyslogPoolFactory.java
        unix
        UnixSyslog.java
        UnixSyslogConfig.java
        socket
        UnixSocketSyslog.java
        UnixSocketSyslogConfig.java
        server
        SyslogServer.java
        SyslogServerConfigIF.java
        SyslogServerEventHandlerIF.java
        SyslogServerEventIF.java
        SyslogServerIF.java
        SyslogServerMain.java
        SyslogServerSessionEventHandlerIF.java
        SyslogServerSessionlessEventHandlerIF.java
        impl
        AbstractSyslogServer.java
        AbstractSyslogServerConfig.java
        event
        CiscoSyslogServerEvent.java
        FortiGateSyslogEvent.java
        SyslogServerEvent.java
        printstream
        FileSyslogServerEventHandler.java
        PrintStreamSyslogServerEventHandler.java
        SystemErrSyslogServerEventHandler.java
        SystemOutSyslogServerEventHandler.java
        structured
        StructuredSyslogServerEvent.java
        net
        AbstractNetSyslogServerConfig.java
        tcp
        TCPNetSyslogServer.java
        TCPNetSyslogServerConfig.java
        TCPNetSyslogServerConfigIF.java
        ssl
        SSLTCPNetSyslogServer.java
        SSLTCPNetSyslogServerConfig.java
        SSLTCPNetSyslogServerConfigIF.java
        udp
        UDPNetSyslogServer.java
        UDPNetSyslogServerConfig.java
        util
        Base64.java
        OSDetectUtility.java
        Preconditions.java
        SyslogUtility.java
  - test
    - java
      - org
        graylog2
        syslog4j
        impl
        message
        processor
        AbstractSyslogMessageProcessorTest.java
        unix
        UnixSyslogTest.java
        server
        impl
        event
        CiscoSyslogServerEventTest.java
        FortiGateSyslogEventTest.java
        SyslogServerEventTest.java
        structured
        StructuredSyslogServerEventTest.java
        structured
        TestMatchChar.java
        test
        message
        structured
        StructuredSyslogMessageTest.java

package org.graylog2.syslog4j.server.impl.event.structured;

import org.joda.time.DateTime;
import org.junit.Test;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.HashMap;
import java.util.Map;

import static org.junit.Assert.assertEquals;


public class StructuredSyslogServerEventTest {
    private final InetAddress INET_ADDR = new InetSocketAddress(514).getAddress();

    private StructuredSyslogServerEvent buildEvent(String message) {
        return new StructuredSyslogServerEvent(message, INET_ADDR);
    }

    @Test
    public void testStructured1() throws Exception {
        // Message from: https://tools.ietf.org/html/rfc5424#section-6.5
        final String message = "<165>1 2012-12-25T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut=\"3\" eventSource=\"Application\" eventID=\"1011\"] BOMAn application event log entry";

        final StructuredSyslogServerEvent event = buildEvent(message);

        Map<String, Map<String, String>> structuredData = new HashMap<String, Map<String, String>>() {
            {
                put("exampleSDID@32473", new HashMap<String, String>() {
                    {
                        put("eventSource", "Application");
                        put("eventID", "1011");
                        put("iut", "3");
                    }
                });
            }
        };

        assertEquals("evntslog", event.getApplicationName());
        assertEquals(new DateTime("2012-12-25T22:14:15.003Z"), event.getDateTime());
        assertEquals(20, event.getFacility());
        assertEquals("mymachine.example.com", event.getHost());
        assertEquals(5, event.getLevel());
        assertEquals("ID47 [exampleSDID@32473 iut=\"3\" eventSource=\"Application\" eventID=\"1011\"] BOMAn application event log entry", event.getMessage());
        assertEquals(null, event.getProcessId());

        assertEquals(structuredData, event.getStructuredMessage().getStructuredData());
        assertEquals("ID47", event.getStructuredMessage().getMessageId());
        assertEquals("BOMAn application event log entry", event.getStructuredMessage().getMessage());
    }

    @Test
    public void testStructured2() throws Exception {
        // Message from: https://github.com/Graylog2/graylog2-server/issues/845
        final String message = "<190>1 2015-01-06T20:56:33.287Z app-1 app - - [mdc@18060 ip=\"::ffff:132.213.51.30\" logger=\"{c.corp.Handler}\" session=\"4ot7\" user=\"user@example.com\" user-agent=\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/7.1.2 Safari/537.85.11\"] User page 13 requested";

        final StructuredSyslogServerEvent event = buildEvent(message);

        Map<String, Map<String, String>> structuredData = new HashMap<String, Map<String, String>>() {
            {
                put("mdc@18060", new HashMap<String, String>() {
                    {
                        put("ip", "::ffff:132.213.51.30");
                        put("logger", "{c.corp.Handler}");
                        put("session", "4ot7");
                        put("user", "user@example.com");
                        put("user-agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/7.1.2 Safari/537.85.11");
                    }
                });
            }
        };

        assertEquals("app", event.getApplicationName());
        assertEquals(new DateTime("2015-01-06T20:56:33.287Z"), event.getDateTime());
        assertEquals(23, event.getFacility());
        assertEquals("app-1", event.getHost());
        assertEquals(6, event.getLevel());
        assertEquals("- [mdc@18060 ip=\"::ffff:132.213.51.30\" logger=\"{c.corp.Handler}\" session=\"4ot7\" user=\"user@example.com\" user-agent=\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/7.1.2 Safari/537.85.11\"] User page 13 requested", event.getMessage());
        assertEquals(null, event.getProcessId());

        assertEquals(structuredData, event.getStructuredMessage().getStructuredData());
        assertEquals(null, event.getStructuredMessage().getMessageId());
        assertEquals("User page 13 requested", event.getStructuredMessage().getMessage());
    }

    @Test
    public void testStructured3() throws Exception {
        // Message from: https://github.com/Graylog2/graylog2-server/issues/845
        final String message = "<128>1 2015-01-11T16:35:21.335797+01:00 s000000.example.com - - - - tralala";

        final StructuredSyslogServerEvent event = buildEvent(message);

        assertEquals(null, event.getApplicationName());
        assertEquals(new DateTime("2015-01-11T15:35:21.335797Z"), event.getDateTime());
        assertEquals(16, event.getFacility());
        assertEquals("s000000.example.com", event.getHost());
        assertEquals(0, event.getLevel());
        assertEquals("- - tralala", event.getMessage());
        assertEquals(null, event.getProcessId());

        assertEquals(null, event.getStructuredMessage().getStructuredData());
        assertEquals(null, event.getStructuredMessage().getMessageId());
        assertEquals("tralala", event.getStructuredMessage().getMessage());
    }

    @Test
    public void testStructuredWithOnlyStructuredData() throws Exception {
        // Message from: https://tools.ietf.org/html/rfc5424#section-6.5
        final String message = "<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut=\"3\" eventSource=\"Application\" eventID=\"1011\"][examplePriority@32473 class=\"high\"]";

        final StructuredSyslogServerEvent event = buildEvent(message);

        Map<String, Map<String, String>> structuredData = new HashMap<String, Map<String, String>>() {
            {
                put("exampleSDID@32473", new HashMap<String, String>() {
                    {
                        put("eventSource", "Application");
                        put("eventID", "1011");
                        put("iut", "3");
                    }
                });

                put("examplePriority@32473", new HashMap<String, String>() {
                    {
                        put("class", "high");
                    }
                });
            }
        };

        assertEquals("evntslog", event.getApplicationName());
        assertEquals(new DateTime("2003-10-11T22:14:15.003Z"), event.getDateTime());
        assertEquals(20, event.getFacility());
        assertEquals("mymachine.example.com", event.getHost());
        assertEquals(5, event.getLevel());
        assertEquals("ID47 [exampleSDID@32473 iut=\"3\" eventSource=\"Application\" eventID=\"1011\"][examplePriority@32473 class=\"high\"]", event.getMessage());
        assertEquals(null, event.getProcessId());

        assertEquals(structuredData, event.getStructuredMessage().getStructuredData());
        assertEquals("ID47", event.getStructuredMessage().getMessageId());
        assertEquals("", event.getStructuredMessage().getMessage());
    }


    @Test
    public void testStructuredWithoutStructuredData() throws Exception {
        // Message from: https://tools.ietf.org/html/rfc5424#section-6.5
        final String message = "<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - %% It's time to make the do-nuts.";

        final StructuredSyslogServerEvent event = buildEvent(message);

        assertEquals("myproc", event.getApplicationName());
        assertEquals(new DateTime("2003-08-24T05:14:15.000003-07:00"), event.getDateTime());
        assertEquals(20, event.getFacility());
        assertEquals("192.0.2.1", event.getHost());
        assertEquals(5, event.getLevel());
        assertEquals("- - %% It's time to make the do-nuts.", event.getMessage());
        assertEquals("8710", event.getProcessId());

        assertEquals(null, event.getStructuredMessage().getStructuredData());
        assertEquals(null, event.getStructuredMessage().getMessageId());
        assertEquals("%% It's time to make the do-nuts.", event.getStructuredMessage().getMessage());
    }

    @Test
    public void testStructuredSyslogNg1() throws Exception {
        // Message from: syslog-ng-core 3.5.3-1 package in Ubuntu 14.04 (default config)
        // Manually added ".000" to timestamp!
        final String message = "<45>1 2014-10-21T10:21:09.000+00:00 c4dc57ba1ebb syslog-ng 7120 - [meta sequenceId=\"1\"] syslog-ng starting up; version='3.5.3'";

        final StructuredSyslogServerEvent event = buildEvent(message);

        Map<String, Map<String, String>> structuredData = new HashMap<String, Map<String, String>>() {
            {
                put("meta", new HashMap<String, String>() {
                    {
                        put("sequenceId", "1");
                    }
                });
            }
        };

        assertEquals("syslog-ng", event.getApplicationName());
        assertEquals(new DateTime("2014-10-21T10:21:09.000Z"), event.getDateTime());
        assertEquals(5, event.getFacility());
        assertEquals("c4dc57ba1ebb", event.getHost());
        assertEquals(5, event.getLevel());
        assertEquals("- [meta sequenceId=\"1\"] syslog-ng starting up; version='3.5.3'", event.getMessage());
        assertEquals("7120", event.getProcessId());

        assertEquals(structuredData, event.getStructuredMessage().getStructuredData());
        assertEquals(null, event.getStructuredMessage().getMessageId());
        assertEquals("syslog-ng starting up; version='3.5.3'", event.getStructuredMessage().getMessage());
    }

    @Test
    public void testStructuredSyslogNgNoMillisecTimestamp() throws Exception {
        // Message from: syslog-ng-core 3.5.3-1 package in Ubuntu 14.04 (default config)
        final String message = "<45>1 2014-10-21T10:21:09+00:00 c4dc57ba1ebb syslog-ng 7120 - [meta sequenceId=\"1\"] syslog-ng starting up; version='3.5.3'";

        final StructuredSyslogServerEvent event = buildEvent(message);

        Map<String, Map<String, String>> structuredData = new HashMap<String, Map<String, String>>() {
            {
                put("meta", new HashMap<String, String>() {
                    {
                        put("sequenceId", "1");
                    }
                });
            }
        };

        assertEquals("syslog-ng", event.getApplicationName());
        assertEquals(new DateTime("2014-10-21T10:21:09.000Z"), event.getDateTime());
        assertEquals(5, event.getFacility());
        assertEquals("c4dc57ba1ebb", event.getHost());
        assertEquals(5, event.getLevel());
        assertEquals("- [meta sequenceId=\"1\"] syslog-ng starting up; version='3.5.3'", event.getMessage());
        assertEquals("7120", event.getProcessId());

        assertEquals(structuredData, event.getStructuredMessage().getStructuredData());
        assertEquals(null, event.getStructuredMessage().getMessageId());
        assertEquals("syslog-ng starting up; version='3.5.3'", event.getStructuredMessage().getMessage());
    }
}