-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Analysisd - IT for the pre-decoder stage #1498
Comments
@danisan90 It is necessary to test this against the logtest socket, you can see use examples within
You can check it manually as follows:
|
The working branch for this issue is 1498-predecoder-stage-test. |
Style guide
Resultstests/integration/test_analysisd/test_predecoder_stage/test_predecoder_stage.py:87:1: W293 blank line contains whitespace QA-docs executiontest_predecoder_stage
Results2022-01-17 16:38:59,066 - INFO - Looking for test_predecoder_stage.py Output File |
Style guide
|
Hi Team!.
To increase the integration test coverage, it is necessary to create tests for the pre-decoding stage of analysisd.
This stage currently supports the following syslog formats:
Syslog date format
Dec 29 10:00:01
2015 Dec 29 10:00:01
2007-06-14T15:48:55-04:00
for syslog-ng isodate2009-05-22T09:36:46.214994-07:00
for rsyslog2015-04-16 21:51:02,805
for proftpd 1.3.5Mon Apr 17 18:27:14 2006 1 64.160.42.130
for xferlog date format01/28-09:13:16.240702
for snort date format01/28/1979-09:13:16.240702
for suricata (new) date format[Fri Feb 11 18:06:35 2004] [warn]
for apache log format1140804070.368 11623 seconds from 00:00:00 1970-01-01 UTC
for squid date format2021-04-21 10:16:09.404756-0700
for macos ULS --syslog outputAlso check if month contains an umlaut. Umlauts are non-ASCII and use 2 slots in the char array
ex:
Regards,
Julian
The text was updated successfully, but these errors were encountered: