added more parser test cases

also improved testing tools to support new testcase structure
author: Rainer Gerhards <rgerhards@adiscon.com> 2010-03-11 14:48:44 +0100
committer: Rainer Gerhards <rgerhards@adiscon.com> 2010-03-11 14:48:44 +0100
commit: 4f97db43dfbf78f08509a71a0924347d900707b8 (patch)
tree: 48c78c3f2a8fd6418c4a7062591b0d4131218dfe
parent: 83c15bb0a004ee348228217861c0eab7c5573952 (diff)
download: rsyslog-4f97db43dfbf78f08509a71a0924347d900707b8.tar.gz
rsyslog-4f97db43dfbf78f08509a71a0924347d900707b8.tar.xz
rsyslog-4f97db43dfbf78f08509a71a0924347d900707b8.zip
3 files changed, 147 insertions, 2 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 13443f63..392f0644 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -85,6 +85,7 @@ EXTRA_DIST= 1.rstest 2.rstest 3.rstest err1.rstest \
 	   testsuites/1.parse1 \
 	   testsuites/2.parse1 \
 	   testsuites/3.parse1 \
+	   testsuites/snare.parse1 \
 	   testsuites/oversizeTag-1.parse1 \
 	   testsuites/weird.parse1 \
 	   testsuites/date1.parse1 \
diff --git a/tests/nettester.c b/tests/nettester.c
index 209c2a6f..22b5f16f 100644
--- a/tests/nettester.c
+++ b/tests/nettester.c
@@ -47,6 +47,7 @@
 #include <signal.h>
 #include <netinet/in.h>
 #include <getopt.h>
+#include <ctype.h>
 
 #define EXIT_FAILURE 1
 #define INVALID_SOCKET -1
@@ -254,6 +255,62 @@ int openPipe(char *configFile, pid_t *pid, int *pfd)
 }
 
 
+/* This function unescapes a string of testdata. That it, escape sequences
+ * are converted into their one-character equivalent. While doing so, it applies
+ * C-like semantics. This was made necessary for easy integration of control
+ * characters inside test cases.  -- rgerhards, 2009-03-11
+ * Currently supported:
+ * \\	single backslash
+ * \n, \t, \r as in C
+ * \nnn where nnn is a 1 to 3 character octal sequence 
+ * Note that when a problem occurs, the end result is undefined. After all, this
+ * is for a testsuite generatort, it must not be 100% bullet proof (so do not
+ * copy this code into something that must be!). Also note that we do in-memory
+ * unescaping and assume that the string gets shorter but NEVER longer!
+ */
+void unescapeTestdata(char *testdata)
+{
+	char *pDst;
+	char *pSrc;
+	int i;
+	int c;
+
+	pDst = pSrc = testdata;
+	while(*pSrc) {
+		if(*pSrc == '\\') {
+			switch(*++pSrc) {
+			case '\\':	*pDst++ = *pSrc++;
+					break;
+			case 'n':	*pDst++ = '\n';
+					++pSrc;
+					break;
+			case 'r':	*pDst++ = '\r';
+					++pSrc;
+					break;
+			case 't':	*pDst++ = '\t';
+					++pSrc;
+					break;
+			case '0':
+			case '1':
+			case '2':
+			case '3':	c = *pSrc++ - '0';
+					i = 1; /* we already processed one digit! */
+					while(i < 3 && isdigit(*pSrc)) {
+						c = c * 8 + *pSrc++ - '0';
+						++i;
+					}
+					*pDst++ = c;
+					break;
+			default:	break;
+			}
+		} else {
+			*pDst++ = *pSrc++;
+		}
+	}
+	*pDst = '\0';
+}
+
+
 /* Process a specific test case. File name is provided.
  * Needs to return 0 if all is OK, something else otherwise.
  */
@@ -291,6 +348,7 @@ processTestFile(int fd, char *pszFileName)
 
 		testdata[strlen(testdata)-1] = '\0'; /* remove \n */
 		/* now we have the test data to send (we could use function pointers here...) */
+		unescapeTestdata(testdata);
 		if(inputMode == inputUDP) {
 			if(udpSend(testdata, strlen(testdata)) != 0)
 				return(2);
@@ -314,10 +372,13 @@ processTestFile(int fd, char *pszFileName)
 				expected, buf);
 				ret = 1;
 		}
-
+		/* we need to free buffers, as we have potentially modified them! */
+		free(testdata);
+		testdata = NULL;
+		free(expected);
+		expected = NULL;
 	}
 
-	free(testdata);
 	free(expected);
 	fclose(fp);
 	return(ret);
diff --git a/tests/testsuites/snare.parse1 b/tests/testsuites/snare.parse1
new file mode 100644
index 00000000..550b0703
--- /dev/null
+++ b/tests/testsuites/snare.parse1
@@ -0,0 +1,83 @@
+# some parse test build around data in snare-format
+<141>Mar 10 09:30:20 zuse.xysystems.local MSWinEventLog\0111\011Security\011563\011Wed Mar 10 09:30:15 2010\011538\011Security\011XYWS011$\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011User Logoff:     User Name: XYWS011$     Domain: XYZSYSTEMS     Logon ID: (0x0,0x5984789C)     Logon Type: 3    \011552
+141,local1,notice,Mar 10 09:30:20,zuse.xysystems.local,MSWinEventLog#0111#011Security#011563#011Wed,MSWinEventLog#0111#011Security#011563#011Wed, Mar 10 09:30:15 2010#011538#011Security#011XYWS011$#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011User Logoff:     User Name: XYWS011$     Domain: XYZSYSTEMS     Logon ID: (0x0,0x5984789C)     Logon Type: 3    #011552
+#
+# NEXT MESSAGE
+#
+Mar 10 09:30:20 zuse.xysystems.local MSWinEventLog\0111\011Security\011564\011Wed Mar 10 09:30:19 2010\011540\011Security\011BACKUP1$\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011Successful Network Logon:     User Name: BACKUP1$     Domain: XYZSYSTEMS     Logon ID: (0x0,0x59848DB4)     Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name:      Logon GUID: {f6f65903-1932-d229-4b75-64816121d569}     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.0.31     Source Port: 0    \011553
+13,user,notice,Mar 10 09:30:20,zuse.xysystems.local,MSWinEventLog#0111#011Security#011564#011Wed,MSWinEventLog#0111#011Security#011564#011Wed, Mar 10 09:30:19 2010#011540#011Security#011BACKUP1$#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011Successful Network Logon:     User Name: BACKUP1$     Domain: XYZSYSTEMS     Logon ID: (0x0,0x59848DB4)     Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name:      Logon GUID: {f6f65903-1932-d229-4b75-64816121d569}     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.0.31     Source Port: 0    #011553
+#
+# NEXT MESSAGE
+# 
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011566\011Wed Mar 10 09:30:21 2010\011540\011Security\011aadminps\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011Successful Network Logon:     User Name: aadminps     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984973C)     Logon Type: 3     Logon Process: Authz        Authentication Package: Kerberos     Workstation Name: ZUSE     Logon GUID: -     Caller User Name: ZUSE$     Caller Domain: XYSYSTEMS     Caller Logon ID: (0x0,0x3E7)     Caller Process ID: 1004     Transited Services: -     Source Network Address: -     Source Port: -    \011555
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011566#011Wed,MSWinEventLog#0111#011Security#011566#011Wed, Mar 10 09:30:21 2010#011540#011Security#011aadminps#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011Successful Network Logon:     User Name: aadminps     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984973C)     Logon Type: 3     Logon Process: Authz        Authentication Package: Kerberos     Workstation Name: ZUSE     Logon GUID: -     Caller User Name: ZUSE$     Caller Domain: XYSYSTEMS     Caller Logon ID: (0x0,0x3E7)     Caller Process ID: 1004     Transited Services: -     Source Network Address: -     Source Port: -    #011555
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011567\011Wed Mar 10 09:30:21 2010\011538\011Security\011aadminps\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011User Logoff:     User Name: aadminps     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984973C)     Logon Type: 3    \011556
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011567#011Wed,MSWinEventLog#0111#011Security#011567#011Wed, Mar 10 09:30:21 2010#011538#011Security#011aadminps#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011User Logoff:     User Name: aadminps     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984973C)     Logon Type: 3    #011556
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011568\011Wed Mar 10 09:30:25 2010\011540\011Security\011ANONYMOUS LOGON\011Well Known Group\011Success Audit\011ZUSE\011Logon/Logoff\011\011Successful Network Logon:     User Name:      Domain:      Logon ID: (0x0,0x5984AB6F)     Logon Type: 3     Logon Process: NtLmSsp      Authentication Package: NTLM     Workstation Name: XYWS083     Logon GUID: -     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.3.91     Source Port: 0    \011557
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011568#011Wed,MSWinEventLog#0111#011Security#011568#011Wed, Mar 10 09:30:25 2010#011540#011Security#011ANONYMOUS LOGON#011Well Known Group#011Success Audit#011ZUSE#011Logon/Logoff#011#011Successful Network Logon:     User Name:      Domain:      Logon ID: (0x0,0x5984AB6F)     Logon Type: 3     Logon Process: NtLmSsp      Authentication Package: NTLM     Workstation Name: XYWS083     Logon GUID: -     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.3.91     Source Port: 0    #011557
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011569\011Wed Mar 10 09:30:25 2010\011540\011Security\011SYSTEM\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011Successful Network Logon:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984ACA7)     Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name:      Logon GUID: {20014d9a-ce6c-6834-d1ed-607c08f0b6a7}     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.0.15     Source Port: 2318    \011558
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011569#011Wed,MSWinEventLog#0111#011Security#011569#011Wed, Mar 10 09:30:25 2010#011540#011Security#011SYSTEM#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011Successful Network Logon:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984ACA7)     Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name:      Logon GUID: {20014d9a-ce6c-6834-d1ed-607c08f0b6a7}     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.0.15     Source Port: 2318    #011558
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011570\011Wed Mar 10 09:30:25 2010\011538\011Security\011SYSTEM\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011User Logoff:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984ACA7)     Logon Type: 3    \011559
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011570#011Wed,MSWinEventLog#0111#011Security#011570#011Wed, Mar 10 09:30:25 2010#011538#011Security#011SYSTEM#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011User Logoff:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984ACA7)     Logon Type: 3    #011559
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011571\011Wed Mar 10 09:30:25 2010\011540\011Security\011SYSTEM\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011Successful Network Logon:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984AD7C)     Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name:      Logon GUID: {20014d9a-ce6c-6834-d1ed-607c08f0b6a7}     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.0.15     Source Port: 2319    \011560\
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011571#011Wed,MSWinEventLog#0111#011Security#011571#011Wed, Mar 10 09:30:25 2010#011540#011Security#011SYSTEM#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011Successful Network Logon:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984AD7C)     Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name:      Logon GUID: {20014d9a-ce6c-6834-d1ed-607c08f0b6a7}     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.0.15     Source Port: 2319    #011560
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011572\011Wed Mar 10 09:30:25 2010\011538\011Security\011SYSTEM\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011User Logoff:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984AD7C)     Logon Type: 3    \011561
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011572#011Wed,MSWinEventLog#0111#011Security#011572#011Wed, Mar 10 09:30:25 2010#011538#011Security#011SYSTEM#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011User Logoff:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984AD7C)     Logon Type: 3    #011561
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011573\011Wed Mar 10 09:30:25 2010\011680\011Security\011ettore.trezzani\011User\011Success Audit\011ZUSE\011Account Logon\011\011Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0    Logon account: ettore.trezzani    Source Workstation: XYWS083    Error Code: 0x0    \011562
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011573#011Wed,MSWinEventLog#0111#011Security#011573#011Wed, Mar 10 09:30:25 2010#011680#011Security#011ettore.trezzani#011User#011Success Audit#011ZUSE#011Account Logon#011#011Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0    Logon account: ettore.trezzani    Source Workstation: XYWS083    Error Code: 0x0    #011562
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011574\011Wed Mar 10 09:30:25 2010\011540\011Security\011ettore.trezzani\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011Successful Network Logon:     User Name: ettore.trezzani     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984ADD5)     Logon Type: 3     Logon Process: NtLmSsp      Authentication Package: NTLM     Workstation Name: XYWS083     Logon GUID: -     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.3.91     Source Port: 0    \011563
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011574#011Wed,MSWinEventLog#0111#011Security#011574#011Wed, Mar 10 09:30:25 2010#011540#011Security#011ettore.trezzani#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011Successful Network Logon:     User Name: ettore.trezzani     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984ADD5)     Logon Type: 3     Logon Process: NtLmSsp      Authentication Package: NTLM     Workstation Name: XYWS083     Logon GUID: -     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.3.91     Source Port: 0    #011563
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011575\011Wed Mar 10 09:30:25 2010\011540\011Security\011SYSTEM\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011Successful Network Logon:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984AE49)     Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name:      Logon GUID: {20014d9a-ce6c-6834-d1ed-607c08f0b6a7}     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.0.15     Source Port: 2320    \011564
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011575#011Wed,MSWinEventLog#0111#011Security#011575#011Wed, Mar 10 09:30:25 2010#011540#011Security#011SYSTEM#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011Successful Network Logon:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984AE49)     Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name:      Logon GUID: {20014d9a-ce6c-6834-d1ed-607c08f0b6a7}     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.0.15     Source Port: 2320    #011564
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011576\011Wed Mar 10 09:30:25 2010\011538\011Security\011SYSTEM\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011User Logoff:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984AE49)     Logon Type: 3    \011565
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011576#011Wed,MSWinEventLog#0111#011Security#011576#011Wed, Mar 10 09:30:25 2010#011538#011Security#011SYSTEM#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011User Logoff:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984AE49)     Logon Type: 3    #011565
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011577\011Wed Mar 10 09:30:25 2010\011540\011Security\011SYSTEM\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011Successful Network Logon:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984AF00)     Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name:      Logon GUID: {20014d9a-ce6c-6834-d1ed-607c08f0b6a7}     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.0.15     Source Port: 2321    \011566
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011577#011Wed,MSWinEventLog#0111#011Security#011577#011Wed, Mar 10 09:30:25 2010#011540#011Security#011SYSTEM#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011Successful Network Logon:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984AF00)     Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name:      Logon GUID: {20014d9a-ce6c-6834-d1ed-607c08f0b6a7}     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.0.15     Source Port: 2321    #011566
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011578\011Wed Mar 10 09:30:25 2010\011538\011Security\011SYSTEM\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011User Logoff:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984AF00)     Logon Type: 3    \011567
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011578#011Wed,MSWinEventLog#0111#011Security#011578#011Wed, Mar 10 09:30:25 2010#011538#011Security#011SYSTEM#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011User Logoff:     User Name: ZUSE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x5984AF00)     Logon Type: 3    #011567
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:25 zuse.xysystems.local MSWinEventLog\0111\011Security\011579\011Wed Mar 10 09:30:25 2010\011538\011Security\011ANONYMOUS LOGON\011Well Known Group\011Success Audit\011ZUSE\011Logon/Logoff\011\011User Logoff:     User Name: ANONYMOUS LOGON     Domain: NT AUTHORITY     Logon ID: (0x0,0x5984AB6F)     Logon Type: 3    \011568
+141,local1,notice,Mar 10 09:30:25,zuse.xysystems.local,MSWinEventLog#0111#011Security#011579#011Wed,MSWinEventLog#0111#011Security#011579#011Wed, Mar 10 09:30:25 2010#011538#011Security#011ANONYMOUS LOGON#011Well Known Group#011Success Audit#011ZUSE#011Logon/Logoff#011#011User Logoff:     User Name: ANONYMOUS LOGON     Domain: NT AUTHORITY     Logon ID: (0x0,0x5984AB6F)     Logon Type: 3    #011568
+#
+# NEXT MESSAGE
+#
+<141>Mar 10 09:30:30 zuse.xysystems.local MSWinEventLog\0111\011Security\011580\011Wed Mar 10 09:30:29 2010\011540\011Security\011XYWSBADGE$\011User\011Success Audit\011ZUSE\011Logon/Logoff\011\011Successful Network Logon:     User Name: XYWSBADGE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x59852D73)     Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name:      Logon GUID: {4bc3c075-5a77-4648-5822-bfdf88b4c211}     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.3.18     Source Port: 0    \011569
+141,local1,notice,Mar 10 09:30:30,zuse.xysystems.local,MSWinEventLog#0111#011Security#011580#011Wed,MSWinEventLog#0111#011Security#011580#011Wed, Mar 10 09:30:29 2010#011540#011Security#011XYWSBADGE$#011User#011Success Audit#011ZUSE#011Logon/Logoff#011#011Successful Network Logon:     User Name: XYWSBADGE$     Domain: XYSYSTEMS     Logon ID: (0x0,0x59852D73)     Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name:      Logon GUID: {4bc3c075-5a77-4648-5822-bfdf88b4c211}     Caller User Name: -     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -     Transited Services: -     Source Network Address: 172.16.3.18     Source Port: 0    #011569
author	Rainer Gerhards <rgerhards@adiscon.com>	2010-03-11 14:48:44 +0100
committer	Rainer Gerhards <rgerhards@adiscon.com>	2010-03-11 14:48:44 +0100
commit	4f97db43dfbf78f08509a71a0924347d900707b8 (patch)
tree	48c78c3f2a8fd6418c4a7062591b0d4131218dfe
parent	83c15bb0a004ee348228217861c0eab7c5573952 (diff)
download	rsyslog-4f97db43dfbf78f08509a71a0924347d900707b8.tar.gz rsyslog-4f97db43dfbf78f08509a71a0924347d900707b8.tar.xz rsyslog-4f97db43dfbf78f08509a71a0924347d900707b8.zip