doc: Add of test_logcollector documentation in QA Docs style

The following tests have been documentated: * test_basic_configuration_log_format.py * test_basic_configuration_out_format.py * test_basic_configuration_query.py * test_basic_configuration_reconnect_time.py * test_basic_configuration_target.py * test_keep_running.py * test_location.py * test_location_exclude.py * test_location_custom_sockets.py Minor fixes in the remaining tests. The current scheme of the issue #1694 has been used. PEP-8 fixes. Closes: #1813
wazuh · Nov 2, 2021 · 7ba3c97 · 7ba3c97
1 parent f7c2172
commit 7ba3c97
Show file tree

Hide file tree

Showing 14 changed files with 967 additions and 121 deletions.
diff --git a/tests/integration/test_logcollector/test_configuration/test_basic_configuration_age.py b/tests/integration/test_logcollector/test_configuration/test_basic_configuration_age.py
@@ -219,6 +219,7 @@ def test_configuration_age(get_configuration, configure_environment):
 
  assertions:
  - Verify that the logcollector generates error events when using invalid values for the 'age' tag.
+ - Verify that the logcollector generates 'analyzing' events when using valid values for the 'age' tag.
  - Verify that the Wazuh API returns the same values for the 'localfile' section as the configured one.
 
  input_description: A configuration template (test_basic_configuration_age) is contained in an external YAML file

diff --git a/tests/integration/test_logcollector/test_configuration/test_basic_configuration_frequency.py b/tests/integration/test_logcollector/test_configuration/test_basic_configuration_frequency.py
@@ -254,6 +254,7 @@ def test_configuration_frequency(get_local_internal_options, configure_local_int
 
  assertions:
  - Verify that the logcollector generates error events when using invalid values for the 'frequency' tag.
+ - Verify that the logcollector generates 'monitoring' events when using valid values for the 'frequency' tag.
  - Verify that the Wazuh API returns the same values for the 'localfile' section as the configured one.
 
  input_description: A configuration template (test_basic_configuration_frequency) is contained in an external

diff --git a/tests/integration/test_logcollector/test_configuration/test_basic_configuration_label.py b/tests/integration/test_logcollector/test_configuration/test_basic_configuration_label.py
@@ -160,6 +160,7 @@ def test_configuration_label(get_configuration, configure_environment, restart_l
  - r'Analyzing file.*'
 
  tags:
+ - invalid_settings
  - logs
  '''
  cfg = get_configuration['metadata']

diff --git a/tests/integration/test_logcollector/test_configuration/test_basic_configuration_location.py b/tests/integration/test_logcollector/test_configuration/test_basic_configuration_location.py
@@ -158,6 +158,9 @@ def test_configuration_location(get_configuration, configure_environment, restar
 
  expected_output:
  - Boolean values to indicate the state of the Wazuh component.
+
+ tags:
+ - invalid_settings
  '''
  cfg = get_configuration['metadata']
 

diff --git a/...s/integration/test_logcollector/test_configuration/test_basic_configuration_log_format.py b/...s/integration/test_logcollector/test_configuration/test_basic_configuration_log_format.py
@@ -1,7 +1,75 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <[email protected]>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
-
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages.
+ Specifically, these tests will check if the logcollector detects invalid values for
+ the 'log_format' tag and the Wazuh API returns the same values for the configured
+ 'localfile' section. They also check some special aspects when macOS is used.
+ Log data collection is the real-time process of making sense out of
+ the records generated by servers or devices. This component can receive logs through
+ text files or Windows event logs. It can also directly receive logs via remote syslog
+ which is useful for firewalls and other such devices.
+
+tier: 0
+
+modules:
+ - logcollector
+
+components:
+ - agent
+ - manager
+
+daemons:
+ - wazuh-logcollector
+ - wazuh-apid
+
+os_platform:
+ - linux
+ - macos
+ - windows
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+ - Windows 10
+ - Windows 8
+ - Windows 7
+ - Windows Server 2019
+ - Windows Server 2016
+ - Windows Server 2012
+ - Windows Server 2003
+ - Windows XP
+ - macOS Catalina
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#log-format
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#location
+
+tags:
+ - logcollector_configuration
+'''
 import os
 import subprocess as sb
 import sys
@@ -116,7 +184,8 @@
  'configuration' in metadata_value and
  metadata_value['configuration'] == multiple_logcollector_configuration]
 
-configuration_ids += [f"{x['location1']}_{x['log_format1']}_{x['location1']}_{x['log_format2']}" for x in metadata_multiple_logcollector_configuration]
+configuration_ids += [f"{x['location1']}_{x['log_format1']}_{x['location1']}_{x['log_format2']}"
+ for x in metadata_multiple_logcollector_configuration]
 
 configurations += load_wazuh_configurations(configurations_path_multiple_logcollector, __name__,
  params=parameters_multiple_logcollector_configuration,
@@ -138,6 +207,7 @@
 
 log_format_not_print_analyzing_info = ['command', 'full_command', 'eventlog', 'eventchannel', 'macos']
 
+
 # fixtures
 @pytest.fixture(scope="module", params=configurations, ids=configuration_ids)
 def get_configuration(request):
@@ -227,9 +297,6 @@ def check_log_format_invalid(cfg):
  wazuh_log_monitor.start(timeout=5, callback=log_callback,
  error_message=gc.GENERIC_CALLBACK_ERROR_MESSAGE)
 
-
-
-
  if sys.platform != 'win32':
  log_callback = gc.callback_error_in_configuration('CRITICAL', prefix,
  conf_path=f'{wazuh_configuration}')
@@ -239,14 +306,60 @@ def check_log_format_invalid(cfg):
 
 def test_log_format(get_local_internal_options, configure_local_internal_options, get_configuration,
  configure_environment):
- """Check if Wazuh log format field of logcollector works properly.
-
- Ensure Wazuh component fails in case of invalid values and works properly in case of valid
- log format values.
-
- Raises:
- TimeoutError: If expected callbacks are not generated.
- """
+ '''
+ description: Check if the 'wazuh-logcollector' daemon detects invalid configurations for the 'log_format' tag.
+ It also checks some special aspects when using macOS. For this purpose, the test will set a
+ 'localfile' section using valid/invalid values for the 'log_format' tag. Then, it will check if
+ an error event is generated when using an invalid value. If macOS is the host system, the test
+ will verify that only one configuration block is used, and the 'location' tag allows invalid values.
+ Finally, the test will verify that the Wazuh API returns the same values for the 'localfile' section
+ that the configured one.
+
+ wazuh_min_version: 4.2.0
+
+ parameters:
+ - get_local_internal_options:
+ type: fixture
+ brief: Get local internal options from the module.
+ - configure_local_internal_options:
+ type: fixture
+ brief: Configure the Wazuh local internal options.
+ - get_configuration:
+ type: fixture
+ brief: Get configurations from the module.
+ - configure_environment:
+ type: fixture
+ brief: Configure a custom environment for testing.
+
+ assertions:
+ - Verify that the logcollector generates error events when using invalid values for the 'log_format' tag.
+ - Verify that the logcollector accepts invalid values for the 'location' tag when 'macos' log format is set.
+ - Verify that the logcollector uses the default macOS value for the 'location' tag when it is not defined.
+ - Verify that the logcollector allows only one macOS configuration section.
+ - Verify that the Wazuh API returns the same values for the 'localfile' section as the configured one.
+
+
+ input_description: A configuration templates (test_basic_configuration_log_format) are contained in externals
+ YAML files (wazuh_basic_configuration.yaml, wazuh_duplicated_macos_configuration.yaml, and
+ wazuh_no_defined_location_macos_configuration.yaml). Those templates are combined with
+ different test cases defined in the module. Those include configuration settings for
+ the 'wazuh-logcollector' daemon.
+
+ expected_output:
+ - r'Analyzing file.*'
+ - r'INFO: Monitoring .* of command.*'
+ - r'INFO: Using program name .* for DJB multilog file.*'
+ - r'Invalid value for element .*'
+ - r'Configuration error at .*'
+ - r"Can't add more than one 'macos' block"
+ - r'Monitoring macOS logs with'
+ - r"Invalid location value .* when using 'macos' as 'log_format'. Default value will be used."
+ - r"Missing 'location' element when using 'macos' as 'log_format'. Default value will be used."
+
+ tags:
+ - invalid_settings
+ - logs
+ '''
  cfg = get_configuration['metadata']
 
  control_service('stop', daemon=LOGCOLLECTOR_DAEMON)

diff --git a/...ation/test_logcollector/test_configuration/test_basic_configuration_only_future_events.py b/...ation/test_logcollector/test_configuration/test_basic_configuration_only_future_events.py
@@ -241,10 +241,10 @@ def get_configuration(request):
 def test_only_future_events(get_configuration, configure_environment, restart_logcollector):
  '''
  description: Check if the 'wazuh-logcollector' daemon detects invalid settings for the 'only-future-events',
- and 'max-size' tags. For this purpose, the test will set a 'localfile' section using both,
- valida and invalid values for those tags. Then, it will check if the 'analyzing' or
- 'monitoring' event (depending on the OS) is triggered when using a valid value,
- or if an error event is generated when using an invalid one.
+ and 'max-size' tags. For this purpose, the test will set a 'localfile' section using both
+ valid and invalid values for those tags. Finally, it will verify that the 'analyzing' or
+ 'monitoring' event (depending on the OS) is triggered when using a valid value, or if an
+ error event is generated when using an invalid one.
 
  wazuh_min_version: 4.2.0
 
@@ -262,6 +262,8 @@ def test_only_future_events(get_configuration, configure_environment, restart_lo
  assertions:
  - Verify that the logcollector generates error events when using invalid values
  for the 'only-future-events' tag.
+ - Verify that the logcollector generates 'analyzing' or 'monitoring' events when using valid values
+ for the 'only-future-events' tag.
 
  input_description: A configuration template (test_basic_configuration_only_future_events) is contained in an
  external YAML file (wazuh_basic_configuration.yaml). That template is combined with
@@ -277,6 +279,7 @@ def test_only_future_events(get_configuration, configure_environment, restart_lo
 
  tags:
  - invalid_settings
+ - logs
  '''
  cfg = get_configuration['metadata']
 

diff --git a/...s/integration/test_logcollector/test_configuration/test_basic_configuration_out_format.py b/...s/integration/test_logcollector/test_configuration/test_basic_configuration_out_format.py
@@ -1,7 +1,71 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <[email protected]>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
 
+ Created by Wazuh, Inc. <[email protected]>.
+
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages.
+ Specifically, these tests will check if the logcollector detects invalid values for
+ the 'out_format' tag and the Wazuh API returns the same values for the configured
+ 'localfile' section. Log data collection is the real-time process of making sense out
+ of the records generated by servers or devices. This component can receive logs through
+ text files or Windows event logs. It can also directly receive logs via remote syslog
+ which is useful for firewalls and other such devices.
+
+tier: 0
+
+modules:
+ - logcollector
+
+components:
+ - agent
+ - manager
+
+daemons:
+ - wazuh-logcollector
+ - wazuh-apid
+
+os_platform:
+ - linux
+ - windows
+
+os_version:
+ - Arch Linux
+ - Amazon Linux 2
+ - Amazon Linux 1
+ - CentOS 8
+ - CentOS 7
+ - CentOS 6
+ - Ubuntu Focal
+ - Ubuntu Bionic
+ - Ubuntu Xenial
+ - Ubuntu Trusty
+ - Debian Buster
+ - Debian Stretch
+ - Debian Jessie
+ - Debian Wheezy
+ - Red Hat 8
+ - Red Hat 7
+ - Red Hat 6
+ - Windows 10
+ - Windows 8
+ - Windows 7
+ - Windows Server 2019
+ - Windows Server 2016
+ - Windows Server 2012
+ - Windows Server 2003
+ - Windows XP
+
+references:
+ - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html
+ - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#out-format
+
+tags:
+ - logcollector_configuration
+'''
 import os
 import pytest
 import wazuh_testing.api as api
@@ -102,7 +166,7 @@
  params=parameters,
  metadata=metadata)
 configuration_ids = [
- f"{x['log_format']}_{x['target']}_{x['socket_name']}_{x['location']}_{x['socket_path']}_" \
+ f"{x['log_format']}_{x['target']}_{x['socket_name']}_{x['location']}_{x['socket_path']}_"
  f"{x['target_out_format']}_{x['out_format']}" for x in metadata
 ]
 
@@ -152,13 +216,46 @@ def get_configuration(request):
 
 
 def test_configuration_out_format(get_configuration, configure_environment, restart_logcollector):
- """Check if the Wazuh out format field of logcollector works properly.
+ '''
+ description: Check if the 'wazuh-logcollector' daemon detects invalid settings for the 'out_format' tag.
+ For this purpose, the test will set a 'localfile' section using both valid and invalid values
+ for that tag. It also will set a 'socket' section to specify a custom socket. Finally, the
+ test will verify that the 'socket target' event is triggered when using a valid value or if
+ an error event is generated when using an invalid one.
 
- Ensure Wazuh component fails in case of invalid values and works properly in case of valid out format values.
+ wazuh_min_version: 4.2.0
 
- Raises:
- TimeoutError: If expected callbacks are not generated.
- """
+ parameters:
+ - get_configuration:
+ type: fixture
+ brief: Get configurations from the module.
+ - configure_environment:
+ type: fixture
+ brief: Configure a custom environment for testing.
+ - restart_logcollector:
+ type: fixture
+ brief: Clear the 'ossec.log' file and start a new monitor.
+
+ assertions:
+ - Verify that the logcollector generates error events when using invalid values
+ for the 'out_format' tag.
+ - Verify that the logcollector generates 'socket target' events when using valid values
+ for the 'out_format' tag.
+ - Verify that the Wazuh API returns the same values for the 'localfile' section as the configured one.
+
+ input_description: A configuration template (test_basic_configuration_out_format) is contained in an
+ external YAML file (wazuh_basic_configuration.yaml). That template is combined with
+ different test cases defined in the module. Those include configuration settings
+ for the 'wazuh-logcollector' daemon.
+
+ expected_output:
+ - r'DEBUG: Socket target for .* -> .*'
+ - r'WARNING: Log target .* not found for the output format of localfile .*'
+
+ tags:
+ - invalid_settings
+ - logs
+ '''
  cfg = get_configuration['metadata']
  if cfg['valid_value']:
  check_configuration_out_format_valid(cfg)