Migrate several test groups of test_logcollector documentation to qa-docs
#2180
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 task
…migrate-doc-logc-location-log-only-fut-rec-stats
added 2 commits
January 11, 2022 10:17
…migrate-doc-logc-location-log-only-fut-rec-stats
QA-docs execution
|
snaow
deleted the
1796-migrate-doc-logc-location-log-only-fut-rec-stats
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
As part of epic #1796, this PR adds the missing documentation and migrates the current documentation to the new format used by qa-docs.
The schema used is the one defined in issue #1694
New tags
The following tags are added to the wiki:
logcollector_location,logcollector_location_cust_sockets,logcollector_log_format,logcollector_only_future_events,logcollector_options,logcollector_reconnect_time, andlogcollector_statisticsGenerated documentation
test_locationtest_location_exclude.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the logcollector ignores the files set in the 'exclude' tag when monitoring a log folder. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.", "tier": 0, "modules": [ "logcollector" ], "components": [ "agent", "manager" ], "daemons": [ "wazuh-logcollector" ], "os_platform": [ "linux", "windows" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6", "Windows 10", "Windows 8", "Windows 7", "Windows Server 2019", "Windows Server 2016", "Windows Server 2012", "Windows Server 2003", "Windows XP" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html", "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#location", "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#exclude" ], "tags": [ "logcollector_location" ], "name": "test_location_exclude.py", "id": 2, "group_id": 0, "tests": [ { "description": "Check if the 'wazuh-logcollector' excludes the files specified in the 'exclude' tag. For this purpose, the test will create several testing log files and configure a 'localfile' section to monitor the folder where they are located, and set the 'exclude' tag with different values, including wildcards. Finally, the test will verify that only the matched files are excluded by checking the 'exclude' events generated.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_files_list": { "type": "fixture", "brief": "Get file list to create from the module." } }, { "create_file_structure_module": { "type": "fixture", "brief": "Create the specified file tree structure." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_logcollector": { "type": "fixture", "brief": "Clear the 'ossec.log' file and start a new monitor." } } ], "assertions": [ "Verify that the logcollector ignores only the log files that match the exclude tag." ], "input_description": "A configuration template (test_location) is contained in an external YAML file (wazuh_location.yaml). That template is combined with different test cases defined in the module. Those include configuration settings for the 'wazuh-logcollector' daemon.", "expected_output": [ "r'File excluded'" ], "tags": [ "logs" ], "name": "test_location_exclude", "inputs": [ "/tmp/wazuh-testing/test*_syslog0", "/tmp/wazuh-testing/*test.txt_syslog0", "/tmp/wazuh-testing/*test*_syslog0", "/tmp/wazuh-testing/test*_syslog1", "/tmp/wazuh-testing/*test.txt_syslog1", "/tmp/wazuh-testing/*test*_syslog1", "/tmp/wazuh-testing/test*_syslog2", "/tmp/wazuh-testing/*test.txt_syslog2", "/tmp/wazuh-testing/*test*_syslog2", "/tmp/wazuh-testing/*_syslog" ] } ] }test_location_exclude.yaml
test_location.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the logcollector monitors the files that match the path set in the 'location' tag. The paths used will check several special situations that can occur when monitoring log files. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.", "tier": 0, "modules": [ "logcollector" ], "components": [ "agent", "manager" ], "daemons": [ "wazuh-logcollector" ], "os_platform": [ "linux", "windows" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6", "Windows 10", "Windows 8", "Windows 7", "Windows Server 2019", "Windows Server 2016", "Windows Server 2012", "Windows Server 2003", "Windows XP" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html", "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#location" ], "tags": [ "logcollector_location" ], "name": "test_location.py", "id": 1, "group_id": 0, "tests": [ { "description": "Check if the 'wazuh-logcollector' monitors the log files specified in the 'location' tag. For this purpose, the test will create a testing log file, configure a 'localfile' section to monitor it, and set the 'location' tag with different values, including wildcards, inexistent or duplicated files (depending on the test case). The test also will check if the file limit is working by specifying a path that contains a log number that exceeds that limit. Finally, the test will verify that the expected events are generated for those special situations.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_files_list": { "type": "fixture", "brief": "Get file list to create from the module." } }, { "create_file_structure_module": { "type": "fixture", "brief": "Create the specified file tree structure." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_logcollector": { "type": "fixture", "brief": "Clear the 'ossec.log' file and start a new monitor." } } ], "assertions": [ "Verify that the logcollector monitors a single log file specified in the 'location' tag.", "Verify that the logcollector monitors a log file specified in the 'location' tag by a wildcard.", "Verify that the logcollector detects an inexistent log file specified in the 'location' tag.", "Verify that the logcollector detects a duplicated log file specified in the 'location' tag.", "Verify that the logcollector detects when the number of monitored log files exceeds the limit." ], "input_description": "A configuration template (test_location) is contained in an external YAML file (wazuh_location.yaml). That template is combined with different test cases defined in the module. Those include configuration settings for the 'wazuh-logcollector' daemon.", "expected_output": [ "r'Analyzing file.*'", "r'New file that matches the .* pattern.*'", "r'Could not open file .*'", "r'Log file .* is duplicated.'", "r'File limit has been reached'" ], "tags": [ "logs" ], "name": "test_location", "inputs": [ "/tmp/wazuh-testing/depth1/test.txt_syslog", "/tmp/wazuh-testing/depth1/ depth_test.txt_syslog", "/tmp/wazuh-testing/depth1/depth2/depth_test.txt_syslog", "/tmp/wazuh-testing/non-existent.txt_syslog", "/tmp/wazuh-testing/*_syslog", "/tmp/wazuh-testing/Testing white spaces_syslog", "/tmp/wazuh-testing/test.*_syslog", "/tmp/wazuh-testing/c*test.txt_syslog", "/tmp/wazuh-testing/duplicated/duplicated.txt_syslog", "/tmp/wazuh-testing/file.log-%Y-%m-%d_syslog", "/tmp/wazuh-testing/multiple-logs/*_syslog" ] } ] }test_location.yaml
test_location_custom_socketstest_location_custom_sockets.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the logcollector redirects the events from a monitored log file specified in the 'location' tag to a custom socket defined in the 'socket' section and specified in the 'target' tag. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.", "tier": 1, "modules": [ "logcollector" ], "components": [ "agent", "manager" ], "daemons": [ "wazuh-logcollector" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html", "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#location", "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#target" ], "tags": [ "logcollector_location_cust_sockets" ], "name": "test_location_custom_sockets.py", "id": 3, "group_id": 0, "tests": [ { "description": "Check if the 'wazuh-logcollector' use custom sockets when the 'location' option is used. For this purpose, the test will create a UNIX 'named socket' and add it to the configuration through the 'socket' section and the 'target' tag of the 'localfile' section. After this, the test will verify that logcollector is connected to that socket. Then, it will generate event batches of increasing size, and they will be added to the testing log file. Finally, the test will verify that events are not dropped by analyzing the 'wazuh-logcollector.state' file.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_local_internal_options": { "type": "fixture", "brief": "Get internal configuration." } }, { "configure_local_internal_options": { "type": "fixture", "brief": "Set internal configuration for testing." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "create_file_structure_module": { "type": "fixture", "brief": "Create the specified file tree structure." } }, { "batch": { "type": "fixture", "brief": "Event batches to be added to the testing log file." } }, { "create_socket": { "type": "fixture", "brief": "Create a UNIX named socket for testing." } }, { "restart_logcollector": { "type": "fixture", "brief": "Clear the 'ossec.log' file and start a new monitor." } } ], "assertions": [ "Verify that the logcollector monitors the log file specified in the 'location' tag.", "Verify that the logcollector connects to the custom socket specified in the 'target tag'.", "Verify that no events are dropped from the monitored log file when event batches are smaller than the value of 'logcollector.queue_size' and vice versa." ], "input_description": "A configuration template (test_location_custom_sockets) is contained in an external YAML file (wazuh_location_custom_sockets_conf.yaml). That template is combined with different test cases defined in the module. Those include configuration settings for the 'wazuh-logcollector' daemon.", "expected_output": [ "r'Analyzing file.*'", "r'Connected to socket .*'" ], "tags": [ "logs" ], "name": "test_location_custom_sockets", "inputs": [ "target_custom_socket_mode_tcp-batch_5", "target_custom_socket_mode_tcp-batch_10", "target_custom_socket_mode_tcp-batch_50", "target_custom_socket_mode_tcp-batch_100", "target_custom_socket_mode_tcp-batch_500", "target_custom_socket_mode_tcp-batch_1000", "target_custom_socket_mode_tcp-batch_5000", "target_custom_socket_mode_tcp-batch_10000", "target_custom_socket_mode_udp-batch_5", "target_custom_socket_mode_udp-batch_10", "target_custom_socket_mode_udp-batch_50", "target_custom_socket_mode_udp-batch_100", "target_custom_socket_mode_udp-batch_500", "target_custom_socket_mode_udp-batch_1000", "target_custom_socket_mode_udp-batch_5000", "target_custom_socket_mode_udp-batch_10000" ] }, { "description": "Check if the 'wazuh-logcollector' drops events when they are sent to a custom socket that is unavailable. For this purpose, the test will create a UNIX 'named socket' and add it to the configuration through the 'socket' section and the 'target' tag of the 'localfile' section. After this, the test will verify that logcollector is connected to that socket. Then, it will close the socket and generate event batches of increasing size that will be added to the testing log file. Finally, the test will verify that all events sent are dropped by analyzing the 'wazuh-logcollector.state' file.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_local_internal_options": { "type": "fixture", "brief": "Get internal configuration." } }, { "configure_local_internal_options": { "type": "fixture", "brief": "Set internal configuration for testing." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "create_file_structure_module": { "type": "fixture", "brief": "Create the specified file tree structure." } }, { "batch": { "type": "fixture", "brief": "Event batches to be added to the testing log file." } }, { "create_socket": { "type": "fixture", "brief": "Create a UNIX named socket for testing." } }, { "restart_logcollector": { "type": "fixture", "brief": "Clear the 'ossec.log' file and start a new monitor." } } ], "assertions": [ "Verify that the logcollector monitors the log file specified in the 'location' tag.", "Verify that the logcollector connects to the custom socket specified in the 'target tag'.", "Verify that the logcollector closes the custom socket specified in the 'target tag'.", "Verify that all events from the monitored log file are dropped because the custom socket is closed." ], "input_description": "A configuration template (test_location_custom_sockets) is contained in an external YAML file (wazuh_location_custom_sockets_conf.yaml). That template is combined with different test cases defined in the module. Those include configuration settings for the 'wazuh-logcollector' daemon.", "expected_output": [ "r'Analyzing file.*'", "r'Connected to socket .*'", "r'Unable to connect to socket .*'" ], "tags": [ "logs" ], "name": "test_location_custom_sockets_offline", "inputs": [ "target_custom_socket_mode_tcp-batch_5", "target_custom_socket_mode_tcp-batch_10", "target_custom_socket_mode_tcp-batch_50", "target_custom_socket_mode_tcp-batch_100", "target_custom_socket_mode_tcp-batch_500", "target_custom_socket_mode_tcp-batch_1000", "target_custom_socket_mode_tcp-batch_5000", "target_custom_socket_mode_tcp-batch_10000", "target_custom_socket_mode_udp-batch_5", "target_custom_socket_mode_udp-batch_10", "target_custom_socket_mode_udp-batch_50", "target_custom_socket_mode_udp-batch_100", "target_custom_socket_mode_udp-batch_500", "target_custom_socket_mode_udp-batch_1000", "target_custom_socket_mode_udp-batch_5000", "target_custom_socket_mode_udp-batch_10000" ] } ] }test_location_custom_sockets.yaml
test_log_formattest_log_format_values.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the logcollector accepts only allowed values for the 'log_format' tag, and the log file to monitor has compatible content with those values. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.", "tier": 0, "modules": [ "logcollector" ], "components": [ "agent", "manager" ], "daemons": [ "wazuh-logcollector" ], "os_platform": [ "linux", "windows" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6", "Windows 10", "Windows 8", "Windows 7", "Windows Server 2019", "Windows Server 2016", "Windows Server 2012", "Windows Server 2003", "Windows XP" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html", "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#log-format" ], "tags": [ "logcollector_log_format" ], "name": "test_log_format_values.py", "id": 4, "group_id": 0, "tests": [ { "description": "Check if the 'wazuh-logcollector' accepts only allowed values for the 'log_format' tag, and the content of the log file to monitor is compatible with those values. For this purpose, the test will create a testing log file, configure a 'localfile' section to monitor it, and set the 'log_format' tag with valid/invalid values. Then, it will check if an error event is triggered when the value used is invalid. Finally, the test will verify that an 'analyzing' event is generated if the content of the monitored log file is compatible with the log format, or an error event is generated if not.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "get_local_internal_options": { "type": "fixture", "brief": "Get internal configuration." } }, { "configure_local_internal_options": { "type": "fixture", "brief": "Set internal configuration for testing." } } ], "assertions": [ "Verify that the logcollector accepts only valid values for the 'log_format' tag.", "Verify that the logcollector generates error events when using valid values for the 'log_format' tag but the log file has invalid content.", "Verify that the logcollector monitors log files when using valid values for the 'log_format' tag and the log file has valid content." ], "input_description": "A configuration template (test_log_format_values) is contained in an external YAML file (wazuh_conf.yaml). That template is combined with different test cases defined in the module. Those include configuration settings for the 'wazuh-logcollector' daemon.", "expected_output": [ "r'Analyzing event log.*'", "r'Analyzing file.*'", "r'lines from .*'", "r'Reading json message.*'", "r'Reading syslog message.*'", "r'Reading message.*'", "r'Line .* read from .* is not a JSON object.'", "r'Discarding audit message because of invalid syntax.'", "r'Bad formated nmap grepable file.'", "r'Invalid DJB log.*'" ], "tags": [ "logs" ], "name": "test_log_format", "inputs": [ "('json', True)", "('json', False)", "('syslog', True)", "('snort-full', True)", "('squid', True)", "('audit', False)", "('audit', True)", "('mysql_log', True)", "('postgresql_log', True)", "('multi-line:3', True)", "('djb-multilog', True)", "('djb-multilog', False)", "('nmapg', False)", "('nmapg', True)" ] } ] }test_log_format_values.yaml
test_only_future_eventstest_only_future_events.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the 'only-future-events' option of the logcollector works properly. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.", "tier": 0, "modules": [ "logcollector" ], "components": [ "agent", "manager" ], "daemons": [ "wazuh-logcollector" ], "os_platform": [ "linux", "macos", "solaris" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6", "macOS Catalina", "Solaris 10", "Solaris 11" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html", "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#only-future-events" ], "tags": [ "logcollector_only_future_events" ], "name": "test_only_future_events.py", "id": 5, "group_id": 0, "tests": [ { "description": "Check if the 'only-future-events' option is used properly by the 'wazuh-logcollector' when monitoring a log file. This option allows reading new log content since the logcollector was stopped. For this purpose, the test will create a testing log file and configure a 'localfile' section to monitor it. Once the logcollector is started, it will verify that the log file is monitored, add data to it, and verify that the data addition is detected. Then, the test will stop the 'wazuh-logcollector' daemon, and while it is stopped, add more data to the log file. After this, it will check if the addition event has been detected or not (depending on the value of the 'only-future-events' tag). Finally, the test will perform one aditional verification by adding data one more time to the log file and verifying that event indicating the data addition is detected.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_local_internal_options": { "type": "fixture", "brief": "Get local internal options from the module." } }, { "configure_local_internal_options": { "type": "fixture", "brief": "Configure the Wazuh local internal options." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "get_files_list": { "type": "fixture", "brief": "Get file list to create from the module." } }, { "create_file_structure_module": { "type": "fixture", "brief": "Create the specified file tree structure." } }, { "restart_logcollector": { "type": "fixture", "brief": "Clear the 'ossec.log' file and start a new monitor." } } ], "assertions": [ "Verify that the logcollector starts monitoring the log file.", "Verify that the logcollector detects data addition on a monitored log file.", "Verify that the logcollector detects the logs messages generated while it stopped when it is started, and the 'only-future-events' option is disabled.", "Verify that the logcollector ignores the logs messages generated while it stopped when it is started, and the 'only-future-events' option is enabled.", "Verify that the log collector continues detecting new logs messages when it is started." ], "input_description": "A configuration template (test_only_future_events) is contained in an external YAML file (wazuh_only_future_events_conf.yaml). That template is combined with two test cases defined in the module. Those include configuration settings for the 'wazuh-logcollector' daemon.", "expected_output": [ "r'Analyzing file.*'", "r'Reading syslog message.*'" ], "tags": [ "logs" ], "name": "test_only_future_events", "inputs": [ "rotate_/tmp/wazuh-testing/test.log_in_syslog_format0", "rotate_/tmp/wazuh-testing/test.log_in_syslog_format1" ] } ] }test_only_future_events.yaml
test_optionstest_options_state_interval_no_file.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the logcollector updates the 'wazuh-logcollector.state' file when a monitored log file is removed. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.", "tier": 1, "modules": [ "logcollector" ], "components": [ "manager" ], "daemons": [ "wazuh-logcollector" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html", "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html", "https://documentation.wazuh.com/current/user-manual/reference/statistics-files/wazuh-logcollector-state.html", "https://documentation.wazuh.com/current/user-manual/reference/internal-options.html#logcollector" ], "tags": [ "logcollector_options" ], "name": "test_options_state_interval_no_file.py", "id": 7, "group_id": 0, "tests": [ { "description": "Check if the 'wazuh-logcollector' daemon updates the statistic file 'wazuh-logcollector.state' when a monitored log file is removed. It also check the related internal options 'logcollector.open_attempts' and 'logcollector.state_interval'. For this purpose, the test will create a testing log file and configure a 'localfile' section to monitor it. Once the logcollector is started, it will check if the 'monitoring' event is triggered, indicating that the logcollector starts to monitor the testing log file. Then, the test will verify that the 'wazuh-logcollector.state' file has been created and contains references to the monitored log file. After this, it will remove the log file and check if the event that indicates that action is generated. After removing the log file, the test will check if the number of attempts to read it is correct (logcollector.open_attempts) and verify that the event indicating that the log file is unavailable is generated. Finally, it will wait until the 'wazuh-logcollector.state' file is updated and verify that it does not contain references to the removed log file.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_local_internal_options_function": { "type": "fixture", "brief": "Get local internal options from the module." } }, { "get_files_list": { "type": "fixture", "brief": "Get file list to create from the module." } }, { "create_file_structure_function": { "type": "fixture", "brief": "Create the specified file tree structure." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } } ], "assertions": [ "Verify that the logcollector updates the 'wazuh-logcollector.state' file when a monitored log file is added or removed.", "Verify that the 'logcollector.open_attempts' internal option works correctly.", "Verify that the 'logcollector.state_interval' internal option works correctly." ], "input_description": "A configuration template (test_options) is contained in an external YAML file (wazuh_configuration.yaml). That template is combined with different test cases defined in the module. Those include configuration settings for the 'wazuh-logcollector' daemon.", "expected_output": [ "r'Analyzing file.*'", "r'File .* no longer exists.'", "r'Unable to open file .*. Remaining attempts.*'", "r'File not available, ignoring it.*'" ], "tags": [ "logs" ], "name": "test_options_state_interval_no_file", "inputs": [ "/tmp/wazuh-testing/test.txt_syslog-get_local_internal_options_function0", "/tmp/wazuh-testing/test.txt_syslog-get_local_internal_options_function1", "/tmp/wazuh-testing/test.txt_syslog-get_local_internal_options_function2" ] } ] }test_options_state_interval_no_file.yaml
test_options_state_interval.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the logcollector updates the 'wazuh-logcollector.state' file at the periods set in the 'logcollector.state_interval' internal option. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.", "tier": 1, "modules": [ "logcollector" ], "components": [ "agent", "manager" ], "daemons": [ "wazuh-logcollector" ], "os_platform": [ "linux", "windows" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6", "Windows 10", "Windows 8", "Windows 7", "Windows Server 2019", "Windows Server 2016", "Windows Server 2012", "Windows Server 2003", "Windows XP" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html", "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html", "https://documentation.wazuh.com/current/user-manual/reference/statistics-files/wazuh-logcollector-state.html", "https://documentation.wazuh.com/current/user-manual/reference/internal-options.html#logcollector" ], "tags": [ "logcollector_options" ], "name": "test_options_state_interval.py", "id": 6, "group_id": 0, "tests": [ { "description": "Check if the 'wazuh-logcollector' daemon updates the statistic file 'wazuh-logcollector.state' from the values set in the 'logcollector.state_interval' internal option. For this purpose, the test will check if the value stored in that internal option is an integer, and its value is beetwen the allowed limits, if not, it will verify that the Wazuh is stopped (on Windows systems) or an error event is generated (on Linux systems). Finally, if the interval value is valid, it will verify that the 'wazuh-logcollector.state' file is updated at the specified intervals by checking the properties of that file.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_local_internal_options": { "type": "fixture", "brief": "Get local internal options from the module." } } ], "assertions": [ "Verify that the logcollector updates the 'wazuh-logcollector.state' file at the periods set in the 'logcollector.state_interval' internal option.", "Verify that the logcollector detects the values that exceed the limits for the 'logcollector.state_interval' internal option.", "Verify that the logcollector detects invalid values for the 'logcollector.state_interval' internal option." ], "input_description": "Different test cases are defined in the module. Those include values for the 'logcollector.state_interval' internal option.", "expected_output": [ "r'Invalid definition for logcollector.state_interval.*'" ], "tags": [ "invalid_settings" ], "name": "test_options_state_interval", "inputs": [ "-2", "753951", "dummy", "5", "30", "10", "15" ] } ] }test_options_state_interval.yaml
test_reconnect_timetest_reconnect_time.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the logcollector uses the interval of reconnection attempts when the Windows Event Channel service is down, defined in the 'reconnect_time' tag. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.", "tier": 0, "modules": [ "logcollector" ], "components": [ "agent" ], "daemons": [ "wazuh-logcollector" ], "os_platform": [ "windows" ], "os_version": [ "Windows 10", "Windows 8", "Windows 7", "Windows Server 2019", "Windows Server 2016", "Windows Server 2012", "Windows Server 2003", "Windows XP" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html", "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#reconnect-time" ], "tags": [ "logcollector_reconnect_time" ], "name": "test_reconnect_time.py", "id": 8, "group_id": 0, "tests": [ { "description": "Check if the 'wazuh-logcollector' daemon uses the interval of reconnection attempts when the Windows Event Channel service is down. That interval is set in the 'reconnect_time' tag. For this purpose, the test will configure a 'localfile' section to monitor a windows 'event log', and once the logcollector is started, it will verify that the 'event log' is being monitored by detecting the event that indicates it. Then, the test will stop the event channel service and wait for the event that indicates that the 'event log' is unavailable. After this, it will verify that the 'trying to reconnect' event includes the time set in the 'reconnect_time' tag and start the event channel service again. Finally, the test will verify that the event indicating the successful reconnection to the 'event log' is generated in the time set by the 'reconnect_time' tag.", "wazuh_min_version": "4.2.0", "parameters": [ { "get_local_internal_options": { "type": "fixture", "brief": "Get local internal options from the module." } }, { "configure_local_internal_options": { "type": "fixture", "brief": "Configure the Wazuh local internal options." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_logcollector": { "type": "fixture", "brief": "Clear the 'ossec.log' file and start a new monitor." } } ], "assertions": [ "Verify that the logcollector starts monitoring an 'event log'.", "Verify that the logcollector detects when the 'event channel' service is down generating an event.", "Verify that the logcollector tries to reconnect to an unavailable 'even log' using the time specified in the 'reconnect_time' tag.", "Verify that the logcollector generates an event when successfully reconnects to an 'event log'." ], "input_description": "A configuration template (test_reconnect_time) is contained in an external YAML file (wazuh_reconnect_time.yaml). That template is combined with different test cases defined in the module. Those include configuration settings for the 'wazuh-logcollector' daemon.", "expected_output": [ "r'Analyzing event log.*'", "r'The eventlog service is down. Unable to collect logs from .* channel.'", "r'Trying to reconnect .* channel in .* seconds.'", "r'.* channel has been reconnected succesfully.'" ], "tags": [ "logs", "time_travel" ], "name": "test_reconnect_time", "inputs": [ "Application_eventchannel_5s", "Security_eventchannel_5s", "System_eventchannel_5s", "Application_eventchannel_40m", "Security_eventchannel_40m", "System_eventchannel_40m", "Application_eventchannel_20h", "Security_eventchannel_20h", "System_eventchannel_20h" ] } ] }test_reconnect_time.yaml
test_statisticstest_statistics_macos.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <[email protected]>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the logcollector updates the 'wazuh-logcollector.state' file when using the macOS unified logging system (ULS). Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.", "tier": 1, "modules": [ "logcollector" ], "components": [ "agent" ], "daemons": [ "wazuh-logcollector" ], "os_platform": [ "macos" ], "os_version": [ "macOS Catalina" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html", "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html", "https://documentation.wazuh.com/current/user-manual/reference/statistics-files/wazuh-logcollector-state.html", "https://documentation.wazuh.com/current/user-manual/reference/internal-options.html#logcollector" ], "tags": [ "logcollector_statistics" ], "name": "test_statistics_macos.py", "id": 9, "group_id": 0, "tests": [ { "description": "Check if the 'wazuh-logcollector' daemon updates the statistic file 'wazuh-logcollector.state' when using the macOS unified logging system (ULS). For this purpose, the test will configure a 'localfile' section using the macOS settings. Once the logcollector is started, it will check if the 'wazuh-logcollector.state' file has been created. Finally, the test will verify that the 'wazuh-logcollector.state' has the 'macos' value in its 'location' tag of the 'global' and 'interval' sections.", "wazuh_min_version": "4.2.0", "parameters": [ { "configure_local_internal_options_module": { "type": "fixture", "brief": "Set internal configuration for testing." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "daemons_handler": { "type": "fixture", "brief": "Handler of Wazuh daemons." } } ], "assertions": [ "Verify that the logcollector creates the 'wazuh-logcollector.state' file.", "Verify that the 'macos' value is in the 'location' tag in the 'global' and 'interval' sections of the 'wazuh-logcollector.state' file." ], "input_description": "A configuration template (test_statistics_macos) is contained in an external YAML file (wazuh_statistics_macos.yaml). That template is combined with a test case defined in the module. Those include configuration settings for the 'wazuh-logcollector' daemon.", "expected_output": [ "The content of the 'wazuh-logcollector.state' file." ], "tags": [ "stats_file" ], "name": "test_options_state_interval_no_file", "inputs": [ "/tmp/wazuh-testing/test.txt_syslog-get_local_internal_options_function0", "/tmp/wazuh-testing/test.txt_syslog-get_local_internal_options_function1", "/tmp/wazuh-testing/test.txt_syslog-get_local_internal_options_function2", "macos_macos" ] } ] }test_statistics_macos.yaml
Tests
pycodestyle --max-line-length=120 --show-source --show-pep8 file.py.python3 DocGenerator.py -s