-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
doc: Add of test_logcollector documentation in QA Docs style
The following tests have been documentated: * test_basic_configuration_log_format.py * test_basic_configuration_out_format.py * test_basic_configuration_query.py * test_basic_configuration_reconnect_time.py * test_basic_configuration_target.py * test_keep_running.py * test_location.py * test_location_exclude.py * test_location_custom_sockets.py Minor fixes in the remaining tests. The current scheme of the issue #1694 has been used. PEP-8 fixes. Closes: #1813
- Loading branch information
Showing
14 changed files
with
967 additions
and
121 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,75 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <[email protected]>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
|
||
''' | ||
copyright: Copyright (C) 2015-2021, Wazuh Inc. | ||
Created by Wazuh, Inc. <[email protected]>. | ||
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
type: integration | ||
brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. | ||
Specifically, these tests will check if the logcollector detects invalid values for | ||
the 'log_format' tag and the Wazuh API returns the same values for the configured | ||
'localfile' section. They also check some special aspects when macOS is used. | ||
Log data collection is the real-time process of making sense out of | ||
the records generated by servers or devices. This component can receive logs through | ||
text files or Windows event logs. It can also directly receive logs via remote syslog | ||
which is useful for firewalls and other such devices. | ||
tier: 0 | ||
modules: | ||
- logcollector | ||
components: | ||
- agent | ||
- manager | ||
daemons: | ||
- wazuh-logcollector | ||
- wazuh-apid | ||
os_platform: | ||
- linux | ||
- macos | ||
- windows | ||
os_version: | ||
- Arch Linux | ||
- Amazon Linux 2 | ||
- Amazon Linux 1 | ||
- CentOS 8 | ||
- CentOS 7 | ||
- CentOS 6 | ||
- Ubuntu Focal | ||
- Ubuntu Bionic | ||
- Ubuntu Xenial | ||
- Ubuntu Trusty | ||
- Debian Buster | ||
- Debian Stretch | ||
- Debian Jessie | ||
- Debian Wheezy | ||
- Red Hat 8 | ||
- Red Hat 7 | ||
- Red Hat 6 | ||
- Windows 10 | ||
- Windows 8 | ||
- Windows 7 | ||
- Windows Server 2019 | ||
- Windows Server 2016 | ||
- Windows Server 2012 | ||
- Windows Server 2003 | ||
- Windows XP | ||
- macOS Catalina | ||
references: | ||
- https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html | ||
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#log-format | ||
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#location | ||
tags: | ||
- logcollector_configuration | ||
''' | ||
import os | ||
import subprocess as sb | ||
import sys | ||
|
@@ -116,7 +184,8 @@ | |
'configuration' in metadata_value and | ||
metadata_value['configuration'] == multiple_logcollector_configuration] | ||
|
||
configuration_ids += [f"{x['location1']}_{x['log_format1']}_{x['location1']}_{x['log_format2']}" for x in metadata_multiple_logcollector_configuration] | ||
configuration_ids += [f"{x['location1']}_{x['log_format1']}_{x['location1']}_{x['log_format2']}" | ||
for x in metadata_multiple_logcollector_configuration] | ||
|
||
configurations += load_wazuh_configurations(configurations_path_multiple_logcollector, __name__, | ||
params=parameters_multiple_logcollector_configuration, | ||
|
@@ -138,6 +207,7 @@ | |
|
||
log_format_not_print_analyzing_info = ['command', 'full_command', 'eventlog', 'eventchannel', 'macos'] | ||
|
||
|
||
# fixtures | ||
@pytest.fixture(scope="module", params=configurations, ids=configuration_ids) | ||
def get_configuration(request): | ||
|
@@ -227,9 +297,6 @@ def check_log_format_invalid(cfg): | |
wazuh_log_monitor.start(timeout=5, callback=log_callback, | ||
error_message=gc.GENERIC_CALLBACK_ERROR_MESSAGE) | ||
|
||
|
||
|
||
|
||
if sys.platform != 'win32': | ||
log_callback = gc.callback_error_in_configuration('CRITICAL', prefix, | ||
conf_path=f'{wazuh_configuration}') | ||
|
@@ -239,14 +306,60 @@ def check_log_format_invalid(cfg): | |
|
||
def test_log_format(get_local_internal_options, configure_local_internal_options, get_configuration, | ||
configure_environment): | ||
"""Check if Wazuh log format field of logcollector works properly. | ||
Ensure Wazuh component fails in case of invalid values and works properly in case of valid | ||
log format values. | ||
Raises: | ||
TimeoutError: If expected callbacks are not generated. | ||
""" | ||
''' | ||
description: Check if the 'wazuh-logcollector' daemon detects invalid configurations for the 'log_format' tag. | ||
It also checks some special aspects when using macOS. For this purpose, the test will set a | ||
'localfile' section using valid/invalid values for the 'log_format' tag. Then, it will check if | ||
an error event is generated when using an invalid value. If macOS is the host system, the test | ||
will verify that only one configuration block is used, and the 'location' tag allows invalid values. | ||
Finally, the test will verify that the Wazuh API returns the same values for the 'localfile' section | ||
that the configured one. | ||
wazuh_min_version: 4.2.0 | ||
parameters: | ||
- get_local_internal_options: | ||
type: fixture | ||
brief: Get local internal options from the module. | ||
- configure_local_internal_options: | ||
type: fixture | ||
brief: Configure the Wazuh local internal options. | ||
- get_configuration: | ||
type: fixture | ||
brief: Get configurations from the module. | ||
- configure_environment: | ||
type: fixture | ||
brief: Configure a custom environment for testing. | ||
assertions: | ||
- Verify that the logcollector generates error events when using invalid values for the 'log_format' tag. | ||
- Verify that the logcollector accepts invalid values for the 'location' tag when 'macos' log format is set. | ||
- Verify that the logcollector uses the default macOS value for the 'location' tag when it is not defined. | ||
- Verify that the logcollector allows only one macOS configuration section. | ||
- Verify that the Wazuh API returns the same values for the 'localfile' section as the configured one. | ||
input_description: A configuration templates (test_basic_configuration_log_format) are contained in externals | ||
YAML files (wazuh_basic_configuration.yaml, wazuh_duplicated_macos_configuration.yaml, and | ||
wazuh_no_defined_location_macos_configuration.yaml). Those templates are combined with | ||
different test cases defined in the module. Those include configuration settings for | ||
the 'wazuh-logcollector' daemon. | ||
expected_output: | ||
- r'Analyzing file.*' | ||
- r'INFO: Monitoring .* of command.*' | ||
- r'INFO: Using program name .* for DJB multilog file.*' | ||
- r'Invalid value for element .*' | ||
- r'Configuration error at .*' | ||
- r"Can't add more than one 'macos' block" | ||
- r'Monitoring macOS logs with' | ||
- r"Invalid location value .* when using 'macos' as 'log_format'. Default value will be used." | ||
- r"Missing 'location' element when using 'macos' as 'log_format'. Default value will be used." | ||
tags: | ||
- invalid_settings | ||
- logs | ||
''' | ||
cfg = get_configuration['metadata'] | ||
|
||
control_service('stop', daemon=LOGCOLLECTOR_DAEMON) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,71 @@ | ||
# Copyright (C) 2015-2021, Wazuh Inc. | ||
# Created by Wazuh, Inc. <[email protected]>. | ||
# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
''' | ||
copyright: Copyright (C) 2015-2021, Wazuh Inc. | ||
Created by Wazuh, Inc. <[email protected]>. | ||
This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 | ||
type: integration | ||
brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. | ||
Specifically, these tests will check if the logcollector detects invalid values for | ||
the 'out_format' tag and the Wazuh API returns the same values for the configured | ||
'localfile' section. Log data collection is the real-time process of making sense out | ||
of the records generated by servers or devices. This component can receive logs through | ||
text files or Windows event logs. It can also directly receive logs via remote syslog | ||
which is useful for firewalls and other such devices. | ||
tier: 0 | ||
modules: | ||
- logcollector | ||
components: | ||
- agent | ||
- manager | ||
daemons: | ||
- wazuh-logcollector | ||
- wazuh-apid | ||
os_platform: | ||
- linux | ||
- windows | ||
os_version: | ||
- Arch Linux | ||
- Amazon Linux 2 | ||
- Amazon Linux 1 | ||
- CentOS 8 | ||
- CentOS 7 | ||
- CentOS 6 | ||
- Ubuntu Focal | ||
- Ubuntu Bionic | ||
- Ubuntu Xenial | ||
- Ubuntu Trusty | ||
- Debian Buster | ||
- Debian Stretch | ||
- Debian Jessie | ||
- Debian Wheezy | ||
- Red Hat 8 | ||
- Red Hat 7 | ||
- Red Hat 6 | ||
- Windows 10 | ||
- Windows 8 | ||
- Windows 7 | ||
- Windows Server 2019 | ||
- Windows Server 2016 | ||
- Windows Server 2012 | ||
- Windows Server 2003 | ||
- Windows XP | ||
references: | ||
- https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html | ||
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#out-format | ||
tags: | ||
- logcollector_configuration | ||
''' | ||
import os | ||
import pytest | ||
import wazuh_testing.api as api | ||
|
@@ -102,7 +166,7 @@ | |
params=parameters, | ||
metadata=metadata) | ||
configuration_ids = [ | ||
f"{x['log_format']}_{x['target']}_{x['socket_name']}_{x['location']}_{x['socket_path']}_" \ | ||
f"{x['log_format']}_{x['target']}_{x['socket_name']}_{x['location']}_{x['socket_path']}_" | ||
f"{x['target_out_format']}_{x['out_format']}" for x in metadata | ||
] | ||
|
||
|
@@ -152,13 +216,46 @@ def get_configuration(request): | |
|
||
|
||
def test_configuration_out_format(get_configuration, configure_environment, restart_logcollector): | ||
"""Check if the Wazuh out format field of logcollector works properly. | ||
''' | ||
description: Check if the 'wazuh-logcollector' daemon detects invalid settings for the 'out_format' tag. | ||
For this purpose, the test will set a 'localfile' section using both valid and invalid values | ||
for that tag. It also will set a 'socket' section to specify a custom socket. Finally, the | ||
test will verify that the 'socket target' event is triggered when using a valid value or if | ||
an error event is generated when using an invalid one. | ||
Ensure Wazuh component fails in case of invalid values and works properly in case of valid out format values. | ||
wazuh_min_version: 4.2.0 | ||
Raises: | ||
TimeoutError: If expected callbacks are not generated. | ||
""" | ||
parameters: | ||
- get_configuration: | ||
type: fixture | ||
brief: Get configurations from the module. | ||
- configure_environment: | ||
type: fixture | ||
brief: Configure a custom environment for testing. | ||
- restart_logcollector: | ||
type: fixture | ||
brief: Clear the 'ossec.log' file and start a new monitor. | ||
assertions: | ||
- Verify that the logcollector generates error events when using invalid values | ||
for the 'out_format' tag. | ||
- Verify that the logcollector generates 'socket target' events when using valid values | ||
for the 'out_format' tag. | ||
- Verify that the Wazuh API returns the same values for the 'localfile' section as the configured one. | ||
input_description: A configuration template (test_basic_configuration_out_format) is contained in an | ||
external YAML file (wazuh_basic_configuration.yaml). That template is combined with | ||
different test cases defined in the module. Those include configuration settings | ||
for the 'wazuh-logcollector' daemon. | ||
expected_output: | ||
- r'DEBUG: Socket target for .* -> .*' | ||
- r'WARNING: Log target .* not found for the output format of localfile .*' | ||
tags: | ||
- invalid_settings | ||
- logs | ||
''' | ||
cfg = get_configuration['metadata'] | ||
if cfg['valid_value']: | ||
check_configuration_out_format_valid(cfg) | ||
|
Oops, something went wrong.