From ab10e045dcd82cc5ca86b65add58e99b8d1ba303 Mon Sep 17 00:00:00 2001 From: mdengra Date: Thu, 4 Nov 2021 17:41:04 +0100 Subject: [PATCH 1/3] doc: Add test_macos of test_logcollector documentation in QA Docs style The current scheme of the issue #1694 has been used. PEP-8 fixes. Related: #1813 --- .../test_macos_file_status_basic.py | 116 +++++++-- .../test_macos_file_status_predicate.py | 111 +++++++-- .../test_macos_file_status_when_no_macos.py | 119 +++++++-- .../test_macos/test_macos_format_basic.py | 136 ++++++++--- .../test_macos_format_only_future_events.py | 130 ++++++++-- .../test_macos/test_macos_format_query.py | 113 +++++++-- .../test_macos/test_macos_log_process.py | 228 +++++++++++++++--- .../test_macos/test_macos_multiline_values.py | 101 +++++++- 8 files changed, 893 insertions(+), 161 deletions(-) diff --git a/tests/integration/test_logcollector/test_macos/test_macos_file_status_basic.py b/tests/integration/test_logcollector/test_macos/test_macos_file_status_basic.py index 5971eff704..7a723a1aba 100644 --- a/tests/integration/test_logcollector/test_macos/test_macos_file_status_basic.py +++ b/tests/integration/test_logcollector/test_macos/test_macos_file_status_basic.py @@ -1,7 +1,45 @@ -# Copyright (C) 2015-2021, Wazuh Inc. -# Created by Wazuh, Inc. . -# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. + Specifically, these tests will check if the logcollector generates the 'file_status.json' + file used by the 'only future events' option when using ULS (unified logging system) events in + macOS systems. Log data collection is the real-time process of making sense out of the records + generated by servers or devices. This component can receive logs through text files or Windows + event logs. It can also directly receive logs via remote syslog which is useful + for firewalls and other such devices. + +tier: 0 + +modules: + - logcollector + +components: + - agent + +daemons: + - wazuh-logcollector + +os_platform: + - macos + +os_version: + - macOS Catalina + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html + - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html + - https://developer.apple.com/documentation/os/logging + +tags: + - logcollector_macos +''' import pytest import wazuh_testing.logcollector as logcollector @@ -53,19 +91,63 @@ def get_configuration(request): return request.param -def test_macos_file_status_basic(restart_logcollector_required_daemons_package, truncate_log_file, delete_file_status_json, - configure_local_internal_options_module, - get_configuration, configure_environment, - file_monitoring, daemons_handler): - """Checks if logcollector stores correctly "macos"-formatted localfile data. - - This test uses logger tool and a custom log to generate an ULS event. When logcollector receives a valid log, then - the file_status.json is updated. - - Raises: - TimeoutError: If the callbacks, that checks the expected logs, are not satisfied in the expected time. - FileNotFoundError: If the file_status.json is not available in the expected time. - """ +def test_macos_file_status_basic(restart_logcollector_required_daemons_package, truncate_log_file, + delete_file_status_json, configure_local_internal_options_module, + get_configuration, configure_environment, file_monitoring, daemons_handler): + ''' + description: Check if the 'wazuh-logcollector' builds and updates the 'file_status.json' file from ULS events. + For this purpose, the test will configure a 'localfile' section using the macOS settings. + Once the logcollector is started, it will wait until the macOS ULS module is ready, and then, + the test will generate 'unified logging system' (ULS) events by using a logger tool. After this, + it will check if the 'file_status.json' file has been created and if the 'macos' key is inside it. + Finally, the test will verify that the 'file_status.json' file has valid content. + + wazuh_min_version: 4.2.0 + + parameters: + - restart_logcollector_required_daemons_package: + type: fixture + brief: Restart the 'wazuh-agentd', 'wazuh-logcollector', and 'wazuh-modulesd' daemons. + - truncate_log_file: + type: fixture + brief: Clear the 'ossec.log' file. + - delete_file_status_json: + type: fixture + brief: Delete the 'file_status.json' file from logcollector. + - configure_local_internal_options_module: + type: fixture + brief: Set internal configuration for testing. + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + - daemons_handler: + type: fixture + brief: Handler of Wazuh daemons. + + assertions: + - Verify that the logcollector detects the macOS ULS events. + - Verify that the logcollector generates the 'file_status.json' file with valid content. + + input_description: A configuration template (test_macos_file_status_basic) is contained in an external YAML + file (wazuh_macos_file_status_basic.yaml). That template is combined with two test cases + defined in the module. Those include configuration settings + for the 'wazuh-logcollector' daemon. + + expected_output: + - r'Monitoring macOS logs with.*' + - r'Monitoring macOS logs with.*log stream' + - r'Logger testing message - file status' (testing macOS ULS message) + - r'"macos"' + + tags: + - logs + ''' log_monitor.start(timeout=LOG_COLLECTOR_GLOBAL_TIMEOUT, callback=logcollector.callback_monitoring_macos_logs, error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) @@ -108,4 +190,4 @@ def test_macos_file_status_basic(restart_logcollector_required_daemons_package, assert file_status_json['macos']['settings'], "Error finding 'settings' key inside 'macos'" assert file_status_json['macos']['settings'] \ - == logcollector.compose_macos_log_command(conf_type, conf_level, conf_predicate) \ No newline at end of file + == logcollector.compose_macos_log_command(conf_type, conf_level, conf_predicate) diff --git a/tests/integration/test_logcollector/test_macos/test_macos_file_status_predicate.py b/tests/integration/test_logcollector/test_macos/test_macos_file_status_predicate.py index 88c1a9d64f..5591645168 100644 --- a/tests/integration/test_logcollector/test_macos/test_macos_file_status_predicate.py +++ b/tests/integration/test_logcollector/test_macos/test_macos_file_status_predicate.py @@ -1,7 +1,43 @@ -# Copyright (C) 2015-2021, Wazuh Inc. -# Created by Wazuh, Inc. . -# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. + Specifically, these tests will verify that the logcollector does not add to the 'file_status.json' + file event-related data when the predicate used in the 'query' tag is invalid. Log data collection + is the real-time process of making sense out of the records generated by servers or devices. + This component can receive logs through text files or Windows event logs. It can also directly + receive logs via remote syslog which is useful for firewalls and other such devices. + +tier: 0 + +modules: + - logcollector + +components: + - agent + +daemons: + - wazuh-logcollector + +os_platform: + - macos + +os_version: + - macOS Catalina + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html + - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#query + +tags: + - logcollector_macos +''' import pytest from wazuh_testing.logcollector import (LOG_COLLECTOR_GLOBAL_TIMEOUT, @@ -42,20 +78,65 @@ def get_configuration(request): return request.param -def test_macos_file_status_predicate(restart_logcollector_required_daemons_package, truncate_log_file, - delete_file_status_json, - configure_local_internal_options_module, +def test_macos_file_status_predicate(restart_logcollector_required_daemons_package, truncate_log_file, + delete_file_status_json, configure_local_internal_options_module, get_configuration, configure_environment, file_monitoring, daemons_handler): - """Checks that logcollector does not store 'macos'-formatted localfile data since its predicate is erroneous. - - The agent uses a dummy localfile (/Library/Ossec/logs/active-responses.log) which triggers the creation of - file_status.json file. - - Raises: - TimeoutError: If the callbacks, that checks the expected logs, are not satisfied in the expected time. - FileNotFoundError: If the file_status.json is not available in the expected time. - """ + ''' + description: Check if the 'wazuh-logcollector' does not update the 'file_status.json' file from logging + events when using an invalid predicate in the 'query' tag of the 'localfile' section. + The agent uses a dummy localfile (/Library/Ossec/logs/active-responses.log) which triggers + the creation of the 'file_status.json' file. + For this purpose, the test will configure a 'localfile' section using the macOS settings + but using an invalid predicate. Once the logcollector is started, it will verify that + event errors are generated, indicating that an invalid setting has been detected. After + this, the test will check if the 'file_status.json' file has been created, and finally, + it will verify that the 'macos' key is not inside it since the predicate used is invalid. + + wazuh_min_version: 4.2.0 + + parameters: + - restart_logcollector_required_daemons_package: + type: fixture + brief: Restart the 'wazuh-agentd', 'wazuh-logcollector', and 'wazuh-modulesd' daemons. + - truncate_log_file: + type: fixture + brief: Clear the 'ossec.log' file. + - delete_file_status_json: + type: fixture + brief: Delete the 'file_status.json' file from logcollector. + - configure_local_internal_options_module: + type: fixture + brief: Set internal configuration for testing. + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + - daemons_handler: + type: fixture + brief: Handler of Wazuh daemons. + + assertions: + - Verify that the logcollector generates error events when it detects an invalid predicate. + - Verify that the logcollector generates the 'file_status.json' file without the 'macos' key. + + input_description: A configuration template (test_macos_file_status_predicate) is contained in an external + YAML file (wazuh_macos_file_status_predicate.yaml). That template is combined with + two test cases defined in the module. Those include configuration settings + for the 'wazuh-logcollector' daemon. + + expected_output: + - r'Execution error .*' + - r"macOS 'log stream' process exited" + + tags: + - logs + ''' log_monitor.start(timeout=LOG_COLLECTOR_GLOBAL_TIMEOUT, callback=callback_log_bad_predicate(), error_message='Expected log that matches the regex ".*Execution error \'log:" could not be found') diff --git a/tests/integration/test_logcollector/test_macos/test_macos_file_status_when_no_macos.py b/tests/integration/test_logcollector/test_macos/test_macos_file_status_when_no_macos.py index 41c0349c1f..36124e9e19 100644 --- a/tests/integration/test_logcollector/test_macos/test_macos_file_status_when_no_macos.py +++ b/tests/integration/test_logcollector/test_macos/test_macos_file_status_when_no_macos.py @@ -1,7 +1,43 @@ -# Copyright (C) 2015-2021, Wazuh Inc. -# Created by Wazuh, Inc. . -# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. + Specifically, these tests will verify that the logcollector does not add to the 'file_status.json' + file event-related data when the predicate used in the 'query' tag is invalid. Log data collection + is the real-time process of making sense out of the records generated by servers or devices. + This component can receive logs through text files or Windows event logs. It can also directly + receive logs via remote syslog which is useful for firewalls and other such devices. + +tier: 0 + +modules: + - logcollector + +components: + - agent + +daemons: + - wazuh-logcollector + +os_platform: + - macos + +os_version: + - macOS Catalina + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html + - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#query + +tags: + - logcollector_macos +''' import pytest from wazuh_testing.logcollector import LOG_COLLECTOR_GLOBAL_TIMEOUT, callback_logcollector_started @@ -58,21 +94,66 @@ def get_configuration(request): def test_macos_file_status_when_no_macos(restart_logcollector_required_daemons_package, truncate_log_file, handle_files, - delete_file_status_json, - configure_local_internal_options_module, - get_configuration, - configure_environment, - file_monitoring, daemons_handler): - """Checks that logcollector does not store and removes, if exists, previous "macos"-formatted localfile data in the - file_status.json - - Given a file_status.json that contains a valid combination of "settings" and "timestamp" of "macos", when starting - an agent that has no "macos" localfile configured on its ossec.conf file, it should happen that, when - file_status.json is updated after a certain time, no "macos" status should remain stored on the status file. - - Raises: - TimeoutError: If the callbacks, that checks the expected logs, are not satisfied in the expected time. - """ + delete_file_status_json, configure_local_internal_options_module, + get_configuration, configure_environment, file_monitoring, daemons_handler): + ''' + description: Check if the 'wazuh-logcollector' does not store and removes if exists, previous + macos-formatted localfile data in the 'file_status.json' file when the macOS localfile + section does not exist in the configuration. For this purpose, the test will create a + testing log file and configure a 'localfile' section to monitor it. Once the logcollector + is started, it will check if the 'file_status.json' file exists, if not, the test + will create it. Then it will verify that the 'macos' key is inside of that file, adding + the key if necessary. After this, it will wait for the update of the 'file_status.json' + file, and finally, the test will verify that the macOS key is not inside it since + the localfile related section does not exist in the main configuration file. + + wazuh_min_version: 4.2.0 + + parameters: + - restart_logcollector_required_daemons_package: + type: fixture + brief: Restart the 'wazuh-agentd', 'wazuh-logcollector', and 'wazuh-modulesd' daemons. + - truncate_log_file: + type: fixture + brief: Clear the 'ossec.log' file. + - handle_files: + type: fixture + brief: Create a dummy file to be monitored by logcollector. + - delete_file_status_json: + type: fixture + brief: Delete the 'file_status.json' file from logcollector. + - configure_local_internal_options_module: + type: fixture + brief: Set internal configuration for testing. + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + - daemons_handler: + type: fixture + brief: Handler of Wazuh daemons. + + assertions: + - Verify that the logcollector starts to monitor a log file. + - Verify that the logcollector removes the 'macos' key from the 'file_status.json' + when no localfile is configured with macOS settings. + + input_description: A configuration template (test_macos_file_status_when_no_macos) is contained in an external + YAML file (wazuh_macos_file_status_when_no_macos.yaml). That template is combined with + a test case defined in the module. That include configuration settings + for the 'wazuh-logcollector' daemon. + + expected_output: + - r'Started' + + tags: + - logs + ''' file_status_json = {} log_monitor.start(timeout=LOG_COLLECTOR_GLOBAL_TIMEOUT, @@ -98,7 +179,7 @@ def test_macos_file_status_when_no_macos(restart_logcollector_required_daemons_p # Waits for file_status.json to be created, with a timeout about the time needed to update the file wait_file(LOGCOLLECTOR_FILE_STATUS_PATH, LOG_COLLECTOR_GLOBAL_TIMEOUT) - + # Waits about the time needed to update the file status sleep(wait_file_status_update_time) diff --git a/tests/integration/test_logcollector/test_macos/test_macos_format_basic.py b/tests/integration/test_logcollector/test_macos/test_macos_format_basic.py index 855d38035f..0cd645b148 100644 --- a/tests/integration/test_logcollector/test_macos/test_macos_format_basic.py +++ b/tests/integration/test_logcollector/test_macos/test_macos_format_basic.py @@ -1,7 +1,44 @@ -# Copyright (C) 2015-2021, Wazuh Inc. -# Created by Wazuh, Inc. . -# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. + Specifically, these tests will check if the logcollector properly processes the macOS + unified logging system (ULS) events. Log data collection is the real-time process of making + sense out of the records generated by servers or devices. This component can receive logs + through text files or Windows event logs. It can also directly receive logs via remote + syslog which is useful for firewalls and other such devices. + +tier: 0 + +modules: + - logcollector + +components: + - agent + +daemons: + - wazuh-logcollector + +os_platform: + - macos + +os_version: + - macOS Catalina + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html + - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html + - https://developer.apple.com/documentation/os/logging + +tags: + - logcollector_macos +''' import os import pytest import time @@ -43,6 +80,7 @@ macos_log_message_timeout = 40 macos_monitoring_macos_log_timeout = 30 + # fixtures @pytest.fixture(scope="module", params=configurations) def get_configuration(request): @@ -55,27 +93,70 @@ def restart_logcollector_function(): control_service('restart', 'wazuh-logcollector') - @pytest.mark.parametrize('macos_message', macos_log_messages, ids=[log_message['id'] for log_message in macos_log_messages]) -def test_macos_format_basic(restart_logcollector_required_daemons_package, get_configuration, configure_environment, - configure_local_internal_options_module, - macos_message, file_monitoring, daemons_handler, +def test_macos_format_basic(restart_logcollector_required_daemons_package, get_configuration, configure_environment, + configure_local_internal_options_module, macos_message, file_monitoring, daemons_handler, restart_logcollector_function): - - """Check if logcollector gather correctly macOS unified logging system events. - - This test uses logger tool and a custom log to generate ULS events. The agent is connected to a authd simulator - and sended events are gather using remoted simulator tool. - - Raises: - TimeoutError: If the expected callback is not generated. - """ + ''' + description: Check if the 'wazuh-logcollector' gathers properly macOS unified logging system (ULS) events. + For this purpose, the test will configure a 'localfile' section using the macOS settings. + Once the logcollector is started, it will check if the 'monitoring' event is triggered, + indicating that the logcollector starts to monitor the macOS logs, and then, the test + will generate a ULS event by using a logger tool. After this, it will create a custom + callback from the testing ULS event, and finally, the test will verify that + the logcollector event with the testing log message has been generated. + + wazuh_min_version: 4.2.0 + + parameters: + - restart_logcollector_required_daemons_package: + type: fixture + brief: Restart the 'wazuh-agentd', 'wazuh-logcollector', and 'wazuh-modulesd' daemons. + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - configure_local_internal_options_module: + type: fixture + brief: Set internal configuration for testing. + - macos_message: + type: dict + brief: Dictionary with the testing macOS ULS event. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + - daemons_handler: + type: fixture + brief: Handler of Wazuh daemons. + - restart_logcollector_function: + type: fixture + brief: Restart the 'wazuh-logcollector' daemon on each test case. + + assertions: + - Verify that the logcollector starts monitoring the macOS ULS log messages. + - Verify that the logcollector generates events from the macOS ULS log messages. + + input_description: A configuration template (test_macos_format_basic) is contained in an external YAML file + (wazuh_macos_format_basic.yaml). That template is combined with two test cases defined + in the module. Those include configuration settings for the 'wazuh-logcollector' daemon. + + expected_output: + - r'Monitoring macOS logs with.*' + - r'Logger message example' + - r'Custom os_log event message' + + tags: + - logs + ''' expected_macos_message = "" log_command = macos_message['command'] - log_monitor.start(timeout=macos_monitoring_macos_log_timeout, callback=logcollector.callback_monitoring_macos_logs, - error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) + log_monitor.start(timeout=macos_monitoring_macos_log_timeout, + callback=logcollector.callback_monitoring_macos_logs, + error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) time.sleep(3) @@ -85,12 +166,13 @@ def test_macos_format_basic(restart_logcollector_required_daemons_package, get_c macos_message['message']) elif log_command == 'os_log': - logcollector.generate_macos_custom_log(macos_message['type'],macos_message['level'], macos_message['subsystem'], - macos_message['category']) - expected_macos_message = logcollector.format_macos_message_pattern( - 'custom_log', - logcollector.TEMPLATE_OSLOG_MESSAGE, 'log', macos_message['subsystem'], - macos_message['category']) - - log_monitor.start(timeout=macos_log_message_timeout, callback=logcollector.callback_macos_log(expected_macos_message), - error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) + logcollector.generate_macos_custom_log(macos_message['type'], macos_message['level'], + macos_message['subsystem'], macos_message['category']) + expected_macos_message = logcollector.format_macos_message_pattern('custom_log', + logcollector.TEMPLATE_OSLOG_MESSAGE, + 'log', macos_message['subsystem'], + macos_message['category']) + + log_monitor.start(timeout=macos_log_message_timeout, + callback=logcollector.callback_macos_log(expected_macos_message), + error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) diff --git a/tests/integration/test_logcollector/test_macos/test_macos_format_only_future_events.py b/tests/integration/test_logcollector/test_macos/test_macos_format_only_future_events.py index 7c3dd2d199..18be433900 100644 --- a/tests/integration/test_logcollector/test_macos/test_macos_format_only_future_events.py +++ b/tests/integration/test_logcollector/test_macos/test_macos_format_only_future_events.py @@ -1,6 +1,44 @@ -# Copyright (C) 2015-2021, Wazuh Inc. -# Created by Wazuh, Inc. . -# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. + Specifically, these tests will check if the 'only-future-events' option of the logcollector + properly works when using the macOS unified logging system (ULS). Log data collection is + the real-time process of making sense out of the records generated by servers or devices. + This component can receive logs through text files or Windows event logs. It can also directly + receive logs via remote syslog which is useful for firewalls and other such devices. + +tier: 0 + +modules: + - logcollector + +components: + - agent + +daemons: + - wazuh-logcollector + +os_platform: + - macos + +os_version: + - macOS Catalina + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html + - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#only-future-events + - https://developer.apple.com/documentation/os/logging + +tags: + - logcollector_macos +''' import fnmatch import os import time @@ -36,6 +74,8 @@ macos_log_message_timeout = 40 macos_monitoring_macos_log_timeout = 30 macos_monitoring_timout_after_logcollector_started = 3 + + # Fixtures @pytest.fixture(scope="module", params=configurations, ids=configuration_ids) def get_configuration(request): @@ -54,19 +94,69 @@ def get_connection_configuration(): """Get configurations from the module.""" return logcollector.DEFAULT_AUTHD_REMOTED_SIMULATOR_CONFIGURATIO -def test_macos_format_only_future_events(restart_logcollector_required_daemons_package, get_configuration, configure_environment, - configure_local_internal_options_module, - daemons_handler, file_monitoring): - """Check if logcollector use correctly only-future-events option using macos log format. - Raises: - TimeoutError: If the expected callback is not generated. - """ +def test_macos_format_only_future_events(restart_logcollector_required_daemons_package, get_configuration, + configure_environment, configure_local_internal_options_module, + daemons_handler, file_monitoring): + ''' + description: Check if the 'only-future-events' option is used properly by the 'wazuh-logcollector' when + using the macOS unified logging system (ULS) events. For this purpose, the test will configure + a 'localfile' section using the macOS settings. Once the logcollector is started, it will check + if the 'monitoring' event is triggered, indicating that the logcollector starts to monitor + the macOS logs, and then, the test will generate a ULS event by using a logger tool. After this, + it will check if the logcollector event with the testing log message is triggered. Then, the test + will stop the 'wazuh-logcollector' daemon, generate a ULS event, and start it again. The test + will check if that event has been detected (depending on the value of the 'only-future-events' tag). + Finally, it will verify that the logcollector continues detecting new ULS events. + + wazuh_min_version: 4.2.0 + + parameters: + - restart_logcollector_required_daemons_package: + type: fixture + brief: Restart the 'wazuh-agentd', 'wazuh-logcollector', and 'wazuh-modulesd' daemons. + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - configure_local_internal_options_module: + type: fixture + brief: Set internal configuration for testing. + - daemons_handler: + type: fixture + brief: Handler of Wazuh daemons. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + + assertions: + - Verify that the logcollector starts monitoring the macOS ULS log messages. + - Verify that the logcollector detects the logs messages generated while it stopped + when it is started, and the 'only-future-events' option is disabled. + - Verify that the logcollector ignores the logs messages generated while it stopped + when it is started, and the 'only-future-events' option is enabled. + - Verify that the log collector continues detecting new logs messages when it is started. + + input_description: A configuration template (test_macos_format_only_future_events) is contained in an external + YAML file (wazuh_macos_format_only_future_events.yaml). That template is combined with two + test cases defined in the module. Those include configuration settings + for the 'wazuh-logcollector' daemon. + + expected_output: + - r'Monitoring macOS logs with.*' + - r'Old logger message' + - r'New logger message' + + tags: + - logs + ''' log_monitor = FileMonitor(LOG_FILE_PATH) macos_logcollector_monitored = logcollector.callback_monitoring_macos_logs log_monitor.start(timeout=30, callback=macos_logcollector_monitored, - error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) + error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) time.sleep(macos_monitoring_timout_after_logcollector_started) @@ -78,11 +168,10 @@ def test_macos_format_only_future_events(restart_logcollector_required_daemons_p logcollector.generate_macos_logger_log(old_message) expected_old_macos_message = logcollector.format_macos_message_pattern('logger', old_message) + log_monitor.start(timeout=macos_log_message_timeout, + callback=logcollector.callback_macos_log(expected_old_macos_message)) - log_monitor.start(timeout=macos_log_message_timeout, - callback=logcollector.callback_macos_log(expected_old_macos_message)) - - ## Stop wazuh agent and ensure it gets old macos messages if only-future-events option is disabled + # Stop wazuh agent and ensure it gets old macos messages if only-future-events option is disabled control_service('stop') @@ -94,13 +183,16 @@ def test_macos_format_only_future_events(restart_logcollector_required_daemons_p if only_future_events == 'yes': with pytest.raises(TimeoutError): - log_monitor.start(timeout=macos_log_message_timeout, callback=logcollector.callback_macos_log(expected_old_macos_message)) + log_monitor.start(timeout=macos_log_message_timeout, + callback=logcollector.callback_macos_log(expected_old_macos_message)) else: - log_monitor.start(timeout=macos_log_message_timeout, callback=logcollector.callback_macos_log(expected_old_macos_message)) + log_monitor.start(timeout=macos_log_message_timeout, + callback=logcollector.callback_macos_log(expected_old_macos_message)) logcollector.generate_macos_logger_log(new_message) expected_new_macos_message = logcollector.format_macos_message_pattern('logger', new_message) - log_monitor.start(timeout=macos_log_message_timeout, callback=logcollector.callback_macos_log(expected_new_macos_message), - error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) + log_monitor.start(timeout=macos_log_message_timeout, + callback=logcollector.callback_macos_log(expected_new_macos_message), + error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) diff --git a/tests/integration/test_logcollector/test_macos/test_macos_format_query.py b/tests/integration/test_logcollector/test_macos/test_macos_format_query.py index d81bfb8980..7772cc5f52 100644 --- a/tests/integration/test_logcollector/test_macos/test_macos_format_query.py +++ b/tests/integration/test_logcollector/test_macos/test_macos_format_query.py @@ -1,6 +1,44 @@ -# Copyright (C) 2015-2021, Wazuh Inc. -# Created by Wazuh, Inc. . -# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. + Specifically, these tests will check if the 'query' option of the logcollector properly works + when using the macOS unified logging system (ULS). Log data collection is the real-time process + of making sense out of the records generated by servers or devices. This component can receive + logs through text files or Windows event logs. It can also directly receive logs via remote + syslog which is useful for firewalls and other such devices. + +tier: 1 + +modules: + - logcollector + +components: + - agent + +daemons: + - wazuh-logcollector + +os_platform: + - macos + +os_version: + - macOS Catalina + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html + - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#query + - https://developer.apple.com/documentation/os/logging + +tags: + - logcollector_macos +''' import os import pytest @@ -247,8 +285,8 @@ 'query_predicate': 'process == "logger" AND eventMessage CONTAINS[c] "Custom oslog event message"', 'level': 'default', 'type': ['log'], - 'lambda_function': lambda process, eventMessage: process == 'logger' - and "Custom oslog event message" in eventMessage, + 'lambda_function': lambda process, eventMessage: process == 'logger' and + "Custom oslog event message" in eventMessage, 'clause': ['program_name', 'message'] }, @@ -307,14 +345,57 @@ def get_connection_configuration(): return logcollector.DEFAULT_AUTHD_REMOTED_SIMULATOR_CONFIGURATION -def test_macos_format_query(restart_logcollector_required_daemons_package, get_configuration, configure_environment, get_connection_configuration, - init_authd_remote_simulator, restart_logcollector): - """Check if logcollector use correctly query option using macos log format. - - Raises: - TimeoutError: If the expected callback is not generated. - """ - +def test_macos_format_query(restart_logcollector_required_daemons_package, get_configuration, + configure_environment, get_connection_configuration, + init_authd_remote_simulator, restart_logcollector): + ''' + description: Check if the 'query' option together with its attributes ('type' and 'level') is properly used + by the 'wazuh-logcollector' when using the macOS unified logging system (ULS) events. For this + purpose, the test will configure a 'localfile' section using the macOS settings. Once the + logcollector is started, it will check if the 'monitoring' event is triggered, indicating + that the logcollector starts to monitor the macOS logs, and then, the test will generate + multiple ULS events by using a logger tool. Finally, it will verify that the log collector + events with the testing log messages are only triggered if they fulfill the query predicate. + + wazuh_min_version: 4.2.0 + + parameters: + - restart_logcollector_required_daemons_package: + type: fixture + brief: Restart the 'wazuh-agentd', 'wazuh-logcollector', and 'wazuh-modulesd' daemons. + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - get_connection_configuration: + type: fixture + brief: Get configurations from the module. + - init_authd_remote_simulator: + type: fixture + brief: Initialize the 'authd' and 'remoted' simulators. + - restart_logcollector: + type: fixture + brief: Reset the 'ossec.log' file and start a new monitor. + + assertions: + - Verify that the logcollector starts monitoring the macOS ULS log messages. + - Verify that the logcollector generates events for all ULS events that fulfill + the 'query' predicate and vice versa. + + input_description: Configuration templates (test_macos_format_query) are contained in external YAML files + (wazuh_macos_format_query*.yaml, ). Those templates are combined with different + test cases defined in the module. Those include configuration settings + for the 'wazuh-logcollector' daemon. + + expected_output: + - r'Monitoring macOS logs with.*' + - Multiple testing log messages from the ULS events. + + tags: + - logs + ''' sleep(10) cfg = get_configuration['metadata'] @@ -323,7 +404,7 @@ def test_macos_format_query(restart_logcollector_required_daemons_package, get_c wazuh_log_monitor.start(timeout=30, callback=macos_logcollector_monitored, error_message=logcollector.GENERIC_CALLBACK_ERROR_ANALYZING_MACOS) - ## Generate macOS log messages + # Generate macOS log messages for macos_log in macos_log_list: log_message_command = macos_log['program_name'] @@ -362,8 +443,8 @@ def test_macos_format_query(restart_logcollector_required_daemons_package, get_c if macos_log_type not in configuration_type: same_type = False - if logcollector.MAP_MACOS_LEVEL_VALUE[macos_log_level] < logcollector.MAP_MACOS_LEVEL_VALUE[ - configuration_level]: + if logcollector.MAP_MACOS_LEVEL_VALUE[macos_log_level] < \ + logcollector.MAP_MACOS_LEVEL_VALUE[configuration_level]: same_level = False for clause in cfg['clause']: diff --git a/tests/integration/test_logcollector/test_macos/test_macos_log_process.py b/tests/integration/test_logcollector/test_macos/test_macos_log_process.py index c402b2e705..9c65329040 100644 --- a/tests/integration/test_logcollector/test_macos/test_macos_log_process.py +++ b/tests/integration/test_logcollector/test_macos/test_macos_log_process.py @@ -1,7 +1,44 @@ -# Copyright (C) 2015-2021, Wazuh Inc. -# Created by Wazuh, Inc. . -# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. + Specifically, these tests will check if macOS 'log stream' processes are properly managed by + the logcollector. Log data collection is the real-time process of making sense out of the records + generated by servers or devices. This component can receive logs through text files or Windows + event logs. It can also directly receive logs via remote syslog which is useful + for firewalls and other such devices. + +tier: 0 + +modules: + - logcollector + +components: + - agent + +daemons: + - wazuh-logcollector + +os_platform: + - macos + +os_version: + - macOS Catalina + - macOS Sierra + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html + - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html + +tags: + - logcollector_macos +''' import os import pytest import platform @@ -70,18 +107,57 @@ def check_process_status(process_list, running=True, stage=''): assert len(log_processes) == expected_process, f'Process {process} {is_running_msg} {stage}.' -def test_independent_log_process(get_configuration, configure_environment, restart_required_logcollector_function, file_monitoring, up_wazuh_after_module): - """Check that independent execution of log processes (external to Wazuh) are not altered because of the Wazuh agent. - - Launches a log process and start Wazuh, check that the independent log process keep running along with the one - started by Wazuh. Stops Wazuh and check that the independent process is still running. - - Raises: - TimeoutError: If the expected callback is not generated. - """ +def test_independent_log_process(get_configuration, configure_environment, restart_required_logcollector_function, + file_monitoring, up_wazuh_after_module): + ''' + description: Check if the independent execution of log processes (external to Wazuh) is not altered when + the Wazuh agent is started or stopped. For this purpose, the test will configure a 'localfile' + section using the macOS settings. Once the logcollector is started, it will check if the + 'monitoring' event is triggered, indicating that the logcollector starts to monitor the macOS + logs. Then, the test will stop the Wazuh agent, launch a new log process and start it again. + After this, it will verify that the log process is active by checking its PID, stopping the agent, + and verifying that the log process remains active. Finally, the test will kill the log process + launched and start the agent again to restore the initial estate of the system. + + wazuh_min_version: 4.2.0 + + parameters: + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - restart_required_logcollector_function: + type: fixture + brief: Restart the Wazuh agent. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + - up_wazuh_after_module: + type: fixture + brief: Restart the Wazuh agent after the test execution. + + assertions: + - Verify that the logcollector starts monitoring the macOS ULS log messages. + - Verify that the Wazuh agent does not kill independent log processes when it is started. + - Verify that the Wazuh agent does not kill independent log processes when it is stopped. + + input_description: A configuration template (test_macos_log_process) is contained in an external YAML + file (wazuh_macos_format_basic.yaml). That template is combined with a test case + defined in the module. That include configuration settings + for the 'wazuh-logcollector' daemon. + + expected_output: + - r'Monitoring macOS logs with.*' + - PID of the log process launched. + + tags: + - logs + ''' macos_logcollector_monitored = logcollector.callback_monitoring_macos_logs log_monitor.start(timeout=30, callback=macos_logcollector_monitored, - error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) + error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) control_service('stop') check_process_status(['log'], running=False, stage='after stop agent') @@ -104,21 +180,61 @@ def test_independent_log_process(get_configuration, configure_environment, resta control_service('start') -def test_macos_log_process_stop(get_configuration, configure_environment, restart_required_logcollector_function, file_monitoring, up_wazuh_after_module): - """Check if logcollector stops the log and script process when Wazuh agent or logcollector stop. - - There are two process that would run on macOS system when logcollector is configured to get - macOS system logs. The log process and the script (only for Sierra) one. If logcollector process - finish or the agent is stopped, those process must stop. - Raises: - TimeoutError: If the expected callback is not generated. - """ +def test_macos_log_process_stop(get_configuration, configure_environment, restart_required_logcollector_function, + file_monitoring, up_wazuh_after_module): + ''' + description: Check if the 'wazuh-logcollector' daemon stops the 'log' and 'script' process when the Wazuh agent + or logcollector are stopped. Two processes would run on the macOS system when the logcollector is + configured to get macOS system logs. The log process and the script (only for Sierra) one. If the + logcollector process is finished or the Wazuh agent is stopped, those processes must stop. + For this purpose, the test will configure a 'localfile' section using the macOS settings. Once + the logcollector is started, it will check if the 'monitoring' event is triggered, indicating that + the logcollector starts to monitor the macOS logs. Then, the test will verify that the 'log' and + 'script' processes are running, stop the 'wazuh-logcollector' daemon, verify that the 'log' and + 'script' processes are stopped, and start it again. Finally, the test will repeat the previous + steps, but stopping and starting the Wazuh agent instead of the 'wazuh-logcollector' daemon. + + wazuh_min_version: 4.2.0 + + parameters: + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - restart_required_logcollector_function: + type: fixture + brief: Restart the Wazuh agent. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + - up_wazuh_after_module: + type: fixture + brief: Restart the Wazuh agent after the test execution. + + assertions: + - Verify that the logcollector starts monitoring the macOS ULS log messages. + - Verify that the 'log' and 'script' processes are finished when the 'wazuh-logcollector' daemon is stopped. + - Verify that the 'log' and 'script' processes are finished when the wazuh agent is stopped. + + input_description: A configuration template (test_macos_log_process) is contained in an external YAML + file (wazuh_macos_format_basic.yaml). That template is combined with a test case + defined in the module. That include configuration settings + for the 'wazuh-logcollector' daemon. + + expected_output: + - r'Monitoring macOS logs with.*' + + tags: + - logs + ''' process_to_stop = ['log', 'script'] if macos_sierra else ['log'] macos_logcollector_monitored = logcollector.callback_monitoring_macos_logs log_monitor.start(timeout=30, callback=macos_logcollector_monitored, - error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) + error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) check_process_status(process_to_stop, running=True, stage='at start') @@ -128,7 +244,7 @@ def test_macos_log_process_stop(get_configuration, configure_environment, restar macos_logcollector_monitored = logcollector.callback_monitoring_macos_logs log_monitor.start(timeout=30, callback=macos_logcollector_monitored, - error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) + error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) check_process_status(process_to_stop, running=True, stage='after start logcollector') @@ -138,18 +254,60 @@ def test_macos_log_process_stop(get_configuration, configure_environment, restar control_service('start') -def test_macos_log_process_stop_suddenly_warning(restart_logcollector_required_daemons_package, get_configuration, configure_environment,restart_required_logcollector_function,file_monitoring, up_wazuh_after_module): - """Check if logcollector alerts when `log stream` process has stopped. - - In Sierra this tests also checks that, if log process ends, then script process also ends and the other way around. - - Raises: - TimeoutError: If the expected callback is not generated. - """ - +def test_macos_log_process_stop_suddenly_warning(restart_logcollector_required_daemons_package, get_configuration, + configure_environment, restart_required_logcollector_function, + file_monitoring, up_wazuh_after_module): + ''' + description: Check if the 'wazuh-logcollector' daemon generates an error event when the 'log stream' process + is stopped. In macOS Sierra, this test also checks if when the log process ends, then the 'script' + process also ends. For this purpose, the test will configure a 'localfile' section using the macOS + settings. Once the logcollector is started, it will check if the 'monitoring' event is triggered, + indicating that the logcollector starts to monitor the macOS logs. Then, the test will verify that + the 'log' and 'script' processes are running. After this, it will send a signal to terminate that + processes and check if they are closed. Finally, the test will verify that a logcollector error + event is generated when the log or script process is not detected. + + wazuh_min_version: 4.2.0 + + parameters: + - restart_logcollector_required_daemons_package: + type: fixture + brief: Restart the 'wazuh-agentd', 'wazuh-logcollector', and 'wazuh-modulesd' daemons. + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - restart_required_logcollector_function: + type: fixture + brief: Restart the Wazuh agent. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + - up_wazuh_after_module: + type: fixture + brief: Restart the Wazuh agent after the test execution. + + assertions: + - Verify that the logcollector starts monitoring the macOS ULS log messages. + - Verify that the logcollector detects when the 'log' or 'script' process is closed. + + input_description: A configuration template (test_macos_log_process) is contained in an external YAML + file (wazuh_macos_format_basic.yaml). That template is combined with a test case + defined in the module. That include configuration settings + for the 'wazuh-logcollector' daemon. + + expected_output: + - r'Monitoring macOS logs with.*' + - r'macOS "log stream" process exited' + + tags: + - logs + ''' macos_logcollector_monitored = logcollector.callback_monitoring_macos_logs log_monitor.start(timeout=30, callback=macos_logcollector_monitored, - error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) + error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) process_to_kill = ['log', 'script'] if macos_sierra else ['log'] @@ -164,7 +322,7 @@ def test_macos_log_process_stop_suddenly_warning(restart_logcollector_required_d macos_logcollector_monitored = logcollector.callback_log_stream_exited_error() log_monitor.start(timeout=30, callback=macos_logcollector_monitored, - error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) + error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) control_service('restart', daemon='wazuh-logcollector') diff --git a/tests/integration/test_logcollector/test_macos/test_macos_multiline_values.py b/tests/integration/test_logcollector/test_macos/test_macos_multiline_values.py index c6e9ebed30..023382e1dc 100644 --- a/tests/integration/test_logcollector/test_macos/test_macos_multiline_values.py +++ b/tests/integration/test_logcollector/test_macos/test_macos_multiline_values.py @@ -1,7 +1,44 @@ -# Copyright (C) 2015-2021, Wazuh Inc. -# Created by Wazuh, Inc. . -# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 +''' +copyright: Copyright (C) 2015-2021, Wazuh Inc. + Created by Wazuh, Inc. . + + This program is free software; you can redistribute it and/or modify it under the terms of GPLv2 + +type: integration + +brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. + Specifically, these tests will check if the 'wazuh-logcollector' daemon properly gathers + macOS unified logging system (ULS) events when working with multi-line logs. Log data + collection is the real-time process of making sense out of the records generated by servers + or devices. This component can receive logs through text files or Windows event logs. It can + also directly receive logs via remote syslog which is useful for firewalls and other such devices. + +tier: 0 + +modules: + - logcollector + +components: + - agent + +daemons: + - wazuh-logcollector + +os_platform: + - macos + +os_version: + - macOS Catalina + +references: + - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html + - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html + - https://developer.apple.com/documentation/os/logging + +tags: + - logcollector_macos +''' import os import pytest import time @@ -31,6 +68,7 @@ macos_uls_time_to_wait_after_start = 3 macos_logcollector_start = 30 + # fixtures @pytest.fixture(scope="module", params=configurations) def get_configuration(request): @@ -47,18 +85,55 @@ def get_connection_configuration(): @pytest.mark.parametrize('macos_message', macos_log_messages) def test_macos_multiline_values(restart_logcollector_required_daemons_package, get_configuration, configure_environment, macos_message, daemons_handler, file_monitoring): - - """Check if logcollector correctly collects multiline events from the macOS unified logging system. - - This test uses logger tool and a custom log to generate ULS events. The agent is connected to a authd simulator - and sended events are gather using remoted simulator tool. - - Raises: - TimeoutError: If the expected callback is not generated. - """ + ''' + description: Check if the 'wazuh-logcollector' daemon collects multiline events from the macOS ULS + (unified logging system). For this purpose, the test will configure a 'localfile' section + using the macOS settings. Once the logcollector is started, it will check if the 'monitoring' + event is triggered, indicating that the logcollector starts to monitor the macOS logs. Then, + the test will generate a multiline ULS event by using a logger tool. Finally, the test + will verify that a logcollector event with the testing log message has been generated. + + wazuh_min_version: 4.2.0 + + parameters: + - restart_logcollector_required_daemons_package: + type: fixture + brief: Restart the 'wazuh-agentd', 'wazuh-logcollector', and 'wazuh-modulesd' daemons. + - get_configuration: + type: fixture + brief: Get configurations from the module. + - configure_environment: + type: fixture + brief: Configure a custom environment for testing. + - macos_message: + type: dict + brief: Dictionary with the testing macOS ULS event. + - daemons_handler: + type: fixture + brief: Handler of Wazuh daemons. + - file_monitoring: + type: fixture + brief: Handle the monitoring of a specified file. + + assertions: + - Verify that the logcollector starts monitoring the macOS ULS log messages. + - Verify that the logcollector correctly gather unified logging system (ULS) events with multiline format. + + input_description: A configuration template (test_macos_multiline_values) is contained in an external + YAML file (wazuh_macos_format_basic.yaml). That template is combined with a + test case defined in the module. That include configuration settings + for the 'wazuh-logcollector' daemon. + + expected_output: + - r'Monitoring macOS logs with.*' + - r'Here is a multiline log. Line 0 \nLine 1. \nLast line.' + + tags: + - logs + ''' macos_logcollector_monitored = logcollector.callback_monitoring_macos_logs log_monitor.start(timeout=macos_logcollector_start, callback=macos_logcollector_monitored, - error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) + error_message=logcollector.GENERIC_CALLBACK_ERROR_TARGET_SOCKET) time.sleep(macos_uls_time_to_wait_after_start) multiline_message = macos_message['message'].split('\n') From 46ab36406c5bf49faa611542ee6f0bb6522cf8df Mon Sep 17 00:00:00 2001 From: mdengra Date: Thu, 4 Nov 2021 17:55:46 +0100 Subject: [PATCH 2/3] doc: Fix expected_output field value in test_macos_multiline_values.py of test_logcollector documentation Related: #1813 --- .../test_logcollector/test_macos/test_macos_multiline_values.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/test_logcollector/test_macos/test_macos_multiline_values.py b/tests/integration/test_logcollector/test_macos/test_macos_multiline_values.py index 023382e1dc..242caf45ea 100644 --- a/tests/integration/test_logcollector/test_macos/test_macos_multiline_values.py +++ b/tests/integration/test_logcollector/test_macos/test_macos_multiline_values.py @@ -126,7 +126,7 @@ def test_macos_multiline_values(restart_logcollector_required_daemons_package, g expected_output: - r'Monitoring macOS logs with.*' - - r'Here is a multiline log. Line 0 \nLine 1. \nLast line.' + - r'Here is a multiline log.*' tags: - logs From fc75bc5d146c3f980d8ce6fe0d37b4804b6cfa82 Mon Sep 17 00:00:00 2001 From: Fernando Date: Tue, 11 Jan 2022 10:57:22 +0100 Subject: [PATCH 3/3] add: add new tags for qa-docs schema --- deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml b/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml index 1e862bad2d..e5e2c95a77 100644 --- a/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml +++ b/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml @@ -105,6 +105,7 @@ predefined_values: - Ubuntu Xenial - Ubuntu Focal - macOS Server + - macOS Sierra - macOS Catalina - Windows XP - Windows 7 @@ -254,6 +255,7 @@ predefined_values: - key_polling - limits - logcollector + - logcollector_macos - logging - logs - logs