Merge pull request #2162 from wazuh/1796-migrate-doc-logc-age-commnad…

…-keep Migrate `test_age`, `test_command_monitoring`, and `test_keep_running` of `test_logcollector` documentation to `qa-docs`
wazuh · Jan 27, 2022 · 5d200df · 5d200df
2 parents b45bf8d + 68b0974
commit 5d200df
Show file tree

Hide file tree

Showing 7 changed files with 689 additions and 89 deletions.
diff --git a/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml b/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml
@@ -254,6 +254,10 @@ predefined_values:
  - key_polling
  - limits
  - logcollector
+ - logcollector_age
+ - logcollector_cmd_exec
+ - logcollector_configuration
+ - logcollector_keep_running
  - logging
  - logs
  - logs

diff --git a/tests/integration/test_logcollector/test_age/test_age_basic.py b/tests/integration/test_logcollector/test_age/test_age_basic.py
@@ -1,6 +1,70 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <[email protected]>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages.
+ Specifically, these tests will check if the 'age' option work as expected, ignoring files that
+ have not been modified for a time greater than the 'age' value using the current date.
+ Log data collection is the real-time process of making sense out of the records generated by
+ servers or devices. This component can receive logs through text files or Windows event logs.
+ It can also directly receive logs via remote syslog which is useful for firewalls and
+ other such devices.
+
+tier: 0
+
+modules:
+ - logcollector
+
+components:
+ - agent
+ - manager
+
+daemons:
+ - wazuh-logcollector
+
+os_platform:
+ - linux
+ - windows
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+ - Windows 10
+ - Windows 8
+ - Windows 7
+ - Windows Server 2019
+ - Windows Server 2016
+ - Windows Server 2012
+ - Windows Server 2003
+ - Windows XP
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#age
+
+tags:
+ - logcollector_age
+'''
 import os
 import tempfile
 
@@ -96,16 +160,60 @@ def get_local_internal_options():
 def test_configuration_age_basic(configure_local_internal_options_module, get_files_list,
  create_file_structure_function, get_configuration, configure_environment,
  file_monitoring, restart_logcollector):
- """Check if logcollector works correctly and uses the specified age value.
-
- Check that those files that have not been modified for a time greater than age value, are ignored for logcollector.
- Otherwise, files should not be ignored. Also, it checks logcollector detect modification time changes in monitored
- files and catch new logs from ignored and not ignored files.
-
- Raises:
- TimeoutError: If the expected callbacks are not generated.
- """
-
+ '''
+ description: Check if the 'wazuh-logcollector' daemon ignores the monitored files that have not been modified
+ for a time greater than the value set in the 'age' tag. For this purpose, the test will create a
+ folder with a testing log file to be monitored and configure different values for the 'age' option.
+ Once the logcollector has started, it will wait for the event that indicates that the log file is
+ being monitored, and depending on the 'age' value, check if the 'ignore' event is triggered or not.
+ Finally, the test will modify the logs and verify that 'read' events are generated from ignored
+ and not ignored files.
+
+ wazuh_min_version: 4.2.0
+
+ parameters:
+ - configure_local_internal_options_module:
+ type: fixture
+ brief: Configure the Wazuh local internal options file.
+ - get_files_list:
+ type: fixture
+ brief: Get file list to create from the module.
+ - create_file_structure_function:
+ type: fixture
+ brief: Create the specified file tree structure.
+ - get_configuration:
+ type: fixture
+ brief: Get configurations from the module.
+ - configure_environment:
+ type: fixture
+ brief: Configure a custom environment for testing.
+ - file_monitoring:
+ type: fixture
+ brief: Handle the monitoring of a specified file.
+ - restart_logcollector:
+ type: fixture
+ brief: Clear the 'ossec.log' file and start a new monitor.
+
+ assertions:
+ - Verify that the logcollector detects the testing log file to monitor.
+ - Verify that the logcollector ignores the monitored files that have not been modified
+ for a time greater than the 'age' value.
+ - Verify that the logcollector does not ignore the monitored files that have been modified
+ for a time greater than the 'age' value.
+
+ input_description: A configuration template (test_age) is contained in an external YAML file (wazuh_age.yaml),
+ which includes configuration settings for the 'wazuh-logcollector' daemon and, it is
+ combined with the test cases (settings and files to monitor) defined in the module.
+
+ expected_output:
+ - r'New file that matches the .* pattern.*'
+ - r'DEBUG: Ignoring file .* due to modification time'
+ - r'DEBUG: Reading syslog message.*'
+ - r'DEBUG: Read .* lines from.*'
+
+ tags:
+ - logs
+ '''
  cfg = get_configuration['metadata']
  age_seconds = time_to_seconds(cfg['age'])
 

diff --git a/tests/integration/test_logcollector/test_age/test_age_datetime_changed.py b/tests/integration/test_logcollector/test_age/test_age_datetime_changed.py
@@ -1,6 +1,71 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <[email protected]>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages.
+ Specifically, these tests will check if the 'age' option work as expected, ignoring files
+ that have not been modified for a time greater than the 'age' value when the system datetime
+ is changed while the logcollector process is running.
+ Log data collection is the real-time process of making sense out of the records generated by
+ servers or devices. This component can receive logs through text files or Windows event logs.
+ It can also directly receive logs via remote syslog which is useful for firewalls and
+ other such devices.
+
+tier: 0
+
+modules:
+ - logcollector
+
+components:
+ - agent
+ - manager
+
+daemons:
+ - wazuh-logcollector
+
+os_platform:
+ - linux
+ - windows
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+ - Windows 10
+ - Windows 8
+ - Windows 7
+ - Windows Server 2019
+ - Windows Server 2016
+ - Windows Server 2012
+ - Windows Server 2003
+ - Windows XP
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#age
+
+tags:
+ - logcollector_age
+'''
 import os
 import time
 import tempfile
@@ -82,14 +147,65 @@ def restart_logcollector_function():
 def test_configuration_age_datetime(get_configuration, configure_environment, configure_local_internal_options_module,
  restart_monitord, restart_logcollector_function, file_monitoring,
  new_datetime, get_files_list, create_file_structure_function):
- """Check if logcollector age option works correctly when date time of the system changes.
-
- Ensure that when date of the system change logcollector use properly age value, ignoring files that have not been
- modified for a time greater than age value using current date.
-
- Raises:
- TimeoutError: If the expected callbacks are not generated.
- """
+ '''
+ description: Check if the 'wazuh-logcollector' daemon ignores the monitored files that have not been modified
+ for a time greater than the value set in the 'age' tag, and the system datetime is changed. For
+ this purpose, the test will create a folder with a testing log file to be monitored and configure
+ different values for the 'age' option. Once the logcollector has started, it will change the system
+ datetime and wait for the event that indicates that the log file is being monitored. Finally,
+ depending on the 'age' value, the test will verify that the 'ignore' event is triggered or not
+ and restore the system datetime to its initial value.
+
+ wazuh_min_version: 4.2.0
+
+ parameters:
+ - get_configuration:
+ type: fixture
+ brief: Get configurations from the module.
+ - configure_environment:
+ type: fixture
+ brief: Configure a custom environment for testing.
+ - configure_local_internal_options_module:
+ type: fixture
+ brief: Configure the Wazuh local internal options.
+ - restart_monitord:
+ type: fixture
+ brief: Reset the log file and start a new monitor.
+ - restart_logcollector_function:
+ type: fixture
+ brief: Clear the 'ossec.log' file and start a new monitor
+ - file_monitoring:
+ type: fixture
+ brief: Handle the monitoring of a specified file.
+ - new_datetime:
+ type: str
+ brief: Time to forward/backward the current datetime.
+ - get_files_list:
+ type: fixture
+ brief: Get file list to create from the module.
+ - create_file_structure_function:
+ type: fixture
+ brief: Create the specified file tree structure.
+
+ assertions:
+ - Verify that the logcollector detects the testing log file to monitor.
+ - Verify that the logcollector ignores the monitored files that have not been modified
+ for a time greater than the 'age' value.
+ - Verify that the logcollector does not ignore the monitored files that have been modified
+ for a time greater than the 'age' value.
+
+ input_description: A configuration template (test_age) is contained in an external YAML file (wazuh_age.yaml),
+ which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined
+ with the test cases (settings, time offset, and files to monitor) defined in the module.
+
+ expected_output:
+ - r'New file that matches the .* pattern.*'
+ - r'DEBUG: Ignoring file .* due to modification time''
+
+ tags:
+ - logs
+ - time_travel
+ '''
  cfg = get_configuration['metadata']
  age_seconds = time_to_seconds(cfg['age'])