-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2162 from wazuh/1796-migrate-doc-logc-age-commnad…
…-keep Migrate `test_age`, `test_command_monitoring`, and `test_keep_running` of `test_logcollector` documentation to `qa-docs`
- Loading branch information
Showing
7 changed files
with
689 additions
and
89 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,70 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <[email protected]>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
''' | ||
copyright: Copyright (C) 2015-2021, Wazuh Inc. | ||
Created by Wazuh, Inc. <[email protected]>. | ||
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
type: integration | ||
brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. | ||
Specifically, these tests will check if the 'age' option work as expected, ignoring files that | ||
have not been modified for a time greater than the 'age' value using the current date. | ||
Log data collection is the real-time process of making sense out of the records generated by | ||
servers or devices. This component can receive logs through text files or Windows event logs. | ||
It can also directly receive logs via remote syslog which is useful for firewalls and | ||
other such devices. | ||
tier: 0 | ||
modules: | ||
- logcollector | ||
components: | ||
- agent | ||
- manager | ||
daemons: | ||
- wazuh-logcollector | ||
os_platform: | ||
- linux | ||
- windows | ||
os_version: | ||
- Arch Linux | ||
- Amazon Linux 2 | ||
- Amazon Linux 1 | ||
- CentOS 8 | ||
- CentOS 7 | ||
- CentOS 6 | ||
- Ubuntu Focal | ||
- Ubuntu Bionic | ||
- Ubuntu Xenial | ||
- Ubuntu Trusty | ||
- Debian Buster | ||
- Debian Stretch | ||
- Debian Jessie | ||
- Debian Wheezy | ||
- Red Hat 8 | ||
- Red Hat 7 | ||
- Red Hat 6 | ||
- Windows 10 | ||
- Windows 8 | ||
- Windows 7 | ||
- Windows Server 2019 | ||
- Windows Server 2016 | ||
- Windows Server 2012 | ||
- Windows Server 2003 | ||
- Windows XP | ||
references: | ||
- https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html | ||
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#age | ||
tags: | ||
- logcollector_age | ||
''' | ||
import os | ||
import tempfile | ||
|
||
|
@@ -96,16 +160,60 @@ def get_local_internal_options(): | |
def test_configuration_age_basic(configure_local_internal_options_module, get_files_list, | ||
create_file_structure_function, get_configuration, configure_environment, | ||
file_monitoring, restart_logcollector): | ||
"""Check if logcollector works correctly and uses the specified age value. | ||
Check that those files that have not been modified for a time greater than age value, are ignored for logcollector. | ||
Otherwise, files should not be ignored. Also, it checks logcollector detect modification time changes in monitored | ||
files and catch new logs from ignored and not ignored files. | ||
Raises: | ||
TimeoutError: If the expected callbacks are not generated. | ||
""" | ||
|
||
''' | ||
description: Check if the 'wazuh-logcollector' daemon ignores the monitored files that have not been modified | ||
for a time greater than the value set in the 'age' tag. For this purpose, the test will create a | ||
folder with a testing log file to be monitored and configure different values for the 'age' option. | ||
Once the logcollector has started, it will wait for the event that indicates that the log file is | ||
being monitored, and depending on the 'age' value, check if the 'ignore' event is triggered or not. | ||
Finally, the test will modify the logs and verify that 'read' events are generated from ignored | ||
and not ignored files. | ||
wazuh_min_version: 4.2.0 | ||
parameters: | ||
- configure_local_internal_options_module: | ||
type: fixture | ||
brief: Configure the Wazuh local internal options file. | ||
- get_files_list: | ||
type: fixture | ||
brief: Get file list to create from the module. | ||
- create_file_structure_function: | ||
type: fixture | ||
brief: Create the specified file tree structure. | ||
- get_configuration: | ||
type: fixture | ||
brief: Get configurations from the module. | ||
- configure_environment: | ||
type: fixture | ||
brief: Configure a custom environment for testing. | ||
- file_monitoring: | ||
type: fixture | ||
brief: Handle the monitoring of a specified file. | ||
- restart_logcollector: | ||
type: fixture | ||
brief: Clear the 'ossec.log' file and start a new monitor. | ||
assertions: | ||
- Verify that the logcollector detects the testing log file to monitor. | ||
- Verify that the logcollector ignores the monitored files that have not been modified | ||
for a time greater than the 'age' value. | ||
- Verify that the logcollector does not ignore the monitored files that have been modified | ||
for a time greater than the 'age' value. | ||
input_description: A configuration template (test_age) is contained in an external YAML file (wazuh_age.yaml), | ||
which includes configuration settings for the 'wazuh-logcollector' daemon and, it is | ||
combined with the test cases (settings and files to monitor) defined in the module. | ||
expected_output: | ||
- r'New file that matches the .* pattern.*' | ||
- r'DEBUG: Ignoring file .* due to modification time' | ||
- r'DEBUG: Reading syslog message.*' | ||
- r'DEBUG: Read .* lines from.*' | ||
tags: | ||
- logs | ||
''' | ||
cfg = get_configuration['metadata'] | ||
age_seconds = time_to_seconds(cfg['age']) | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,71 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <[email protected]>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
''' | ||
copyright: Copyright (C) 2015-2021, Wazuh Inc. | ||
Created by Wazuh, Inc. <[email protected]>. | ||
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
type: integration | ||
brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. | ||
Specifically, these tests will check if the 'age' option work as expected, ignoring files | ||
that have not been modified for a time greater than the 'age' value when the system datetime | ||
is changed while the logcollector process is running. | ||
Log data collection is the real-time process of making sense out of the records generated by | ||
servers or devices. This component can receive logs through text files or Windows event logs. | ||
It can also directly receive logs via remote syslog which is useful for firewalls and | ||
other such devices. | ||
tier: 0 | ||
modules: | ||
- logcollector | ||
components: | ||
- agent | ||
- manager | ||
daemons: | ||
- wazuh-logcollector | ||
os_platform: | ||
- linux | ||
- windows | ||
os_version: | ||
- Arch Linux | ||
- Amazon Linux 2 | ||
- Amazon Linux 1 | ||
- CentOS 8 | ||
- CentOS 7 | ||
- CentOS 6 | ||
- Ubuntu Focal | ||
- Ubuntu Bionic | ||
- Ubuntu Xenial | ||
- Ubuntu Trusty | ||
- Debian Buster | ||
- Debian Stretch | ||
- Debian Jessie | ||
- Debian Wheezy | ||
- Red Hat 8 | ||
- Red Hat 7 | ||
- Red Hat 6 | ||
- Windows 10 | ||
- Windows 8 | ||
- Windows 7 | ||
- Windows Server 2019 | ||
- Windows Server 2016 | ||
- Windows Server 2012 | ||
- Windows Server 2003 | ||
- Windows XP | ||
references: | ||
- https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html | ||
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#age | ||
tags: | ||
- logcollector_age | ||
''' | ||
import os | ||
import time | ||
import tempfile | ||
|
@@ -82,14 +147,65 @@ def restart_logcollector_function(): | |
def test_configuration_age_datetime(get_configuration, configure_environment, configure_local_internal_options_module, | ||
restart_monitord, restart_logcollector_function, file_monitoring, | ||
new_datetime, get_files_list, create_file_structure_function): | ||
"""Check if logcollector age option works correctly when date time of the system changes. | ||
Ensure that when date of the system change logcollector use properly age value, ignoring files that have not been | ||
modified for a time greater than age value using current date. | ||
Raises: | ||
TimeoutError: If the expected callbacks are not generated. | ||
""" | ||
''' | ||
description: Check if the 'wazuh-logcollector' daemon ignores the monitored files that have not been modified | ||
for a time greater than the value set in the 'age' tag, and the system datetime is changed. For | ||
this purpose, the test will create a folder with a testing log file to be monitored and configure | ||
different values for the 'age' option. Once the logcollector has started, it will change the system | ||
datetime and wait for the event that indicates that the log file is being monitored. Finally, | ||
depending on the 'age' value, the test will verify that the 'ignore' event is triggered or not | ||
and restore the system datetime to its initial value. | ||
wazuh_min_version: 4.2.0 | ||
parameters: | ||
- get_configuration: | ||
type: fixture | ||
brief: Get configurations from the module. | ||
- configure_environment: | ||
type: fixture | ||
brief: Configure a custom environment for testing. | ||
- configure_local_internal_options_module: | ||
type: fixture | ||
brief: Configure the Wazuh local internal options. | ||
- restart_monitord: | ||
type: fixture | ||
brief: Reset the log file and start a new monitor. | ||
- restart_logcollector_function: | ||
type: fixture | ||
brief: Clear the 'ossec.log' file and start a new monitor | ||
- file_monitoring: | ||
type: fixture | ||
brief: Handle the monitoring of a specified file. | ||
- new_datetime: | ||
type: str | ||
brief: Time to forward/backward the current datetime. | ||
- get_files_list: | ||
type: fixture | ||
brief: Get file list to create from the module. | ||
- create_file_structure_function: | ||
type: fixture | ||
brief: Create the specified file tree structure. | ||
assertions: | ||
- Verify that the logcollector detects the testing log file to monitor. | ||
- Verify that the logcollector ignores the monitored files that have not been modified | ||
for a time greater than the 'age' value. | ||
- Verify that the logcollector does not ignore the monitored files that have been modified | ||
for a time greater than the 'age' value. | ||
input_description: A configuration template (test_age) is contained in an external YAML file (wazuh_age.yaml), | ||
which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined | ||
with the test cases (settings, time offset, and files to monitor) defined in the module. | ||
expected_output: | ||
- r'New file that matches the .* pattern.*' | ||
- r'DEBUG: Ignoring file .* due to modification time'' | ||
tags: | ||
- logs | ||
- time_travel | ||
''' | ||
cfg = get_configuration['metadata'] | ||
age_seconds = time_to_seconds(cfg['age']) | ||
|
||
|
Oops, something went wrong.