From 5709b056c5be16df1f1a2369a737e40711f20979 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 4 Mar 2011 16:33:01 +0100 Subject: changed testbench parser patterns for more usual system config a problem in the current testbench is that it depends on the locally assigned system name. We have changed the default to the most common default value. However, in the long term we need to fix this (and will do so via a preloaded DNS cache, which we do not yet have!) --- tests/testsuites/samples.parse-nodate | 2 +- tests/testsuites/samples.snare_ccoff_udp | 2 +- tests/testsuites/samples.snare_ccoff_udp2 | 8 ++++---- tests/testsuites/weird.parse1 | 8 ++++---- 4 files changed, 10 insertions(+), 10 deletions(-) (limited to 'tests/testsuites') diff --git a/tests/testsuites/samples.parse-nodate b/tests/testsuites/samples.parse-nodate index 7f16181c..5432bcac 100644 --- a/tests/testsuites/samples.parse-nodate +++ b/tests/testsuites/samples.parse-nodate @@ -1,5 +1,5 @@ <27>xapi: [error|xen3|15|Guest liveness monitor D:bca30ab3f1c1|master_connection] Connection to master died. I will continue to retry indefinitely (supressing future logging of this message) -27,daemon,err,localhost,xapi,xapi:, [error|xen3|15|Guest liveness monitor D:bca30ab3f1c1|master_connection] Connection to master died. I will continue to retry indefinitely (supressing future logging of this message) +27,daemon,err,localhost.localdomain,xapi,xapi:, [error|xen3|15|Guest liveness monitor D:bca30ab3f1c1|master_connection] Connection to master died. I will continue to retry indefinitely (supressing future logging of this message) # a message with just text (as permitted by rfc 3164) # it is questionable if the current sample result is really correct as of 3164! This is a message! diff --git a/tests/testsuites/samples.snare_ccoff_udp b/tests/testsuites/samples.snare_ccoff_udp index 010e44d5..1ae7e8b4 100644 --- a/tests/testsuites/samples.snare_ccoff_udp +++ b/tests/testsuites/samples.snare_ccoff_udp @@ -3,7 +3,7 @@ # *real* cases (just mangled to anonymize them...) # Sample 1 - note the absence of PRI! windowsserver MSWinEventLog 1 Security 1167 Fri Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733\n -13,user,notice,localhost,windowsserver,windowsserver MSWinEventLog 1 Security 1167 Fri, Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733 +13,user,notice,localhost.localdomain,windowsserver,windowsserver MSWinEventLog 1 Security 1167 Fri, Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733 # Sample 2 # the samples below need to be disabled for the "workaround patch" for the message # parser to work. They need to be re-enabled once a final solution has been crafted diff --git a/tests/testsuites/samples.snare_ccoff_udp2 b/tests/testsuites/samples.snare_ccoff_udp2 index 337cd97c..da3a2b14 100644 --- a/tests/testsuites/samples.snare_ccoff_udp2 +++ b/tests/testsuites/samples.snare_ccoff_udp2 @@ -14,13 +14,13 @@ test insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('', 1, 'test',5, '20100321185328', '20100321185328', 1, '') # and yet another one we have seen in practice UX=Abcd-efg-hij-klmno; XXXXX=1111111111, Z123=192.12.231.245:11111, S1234=123456789, XXXXXX=111111111 -insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' XXXXX=1111111111, Z123=192.12.231.245:11111, S1234=123456789, XXXXXX=111111111', 1, 'localhost',5, '20100321185328', '20100321185328', 1, 'UX=Abcd-efg-hij-klmno;') +insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' XXXXX=1111111111, Z123=192.12.231.245:11111, S1234=123456789, XXXXXX=111111111', 1, 'localhost.localdomain',5, '20100321185328', '20100321185328', 1, 'UX=Abcd-efg-hij-klmno;') # Sample 1 - note the absence of PRI! windowsserver MSWinEventLog 1 Security 1167 Fri Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733\n -insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733', 1, 'localhost',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1167 Fri') +insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 540 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Successful Network Logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {79b6eb79-7bcc-8a2e-7dad-953c51dc00fd} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.11.11.3 Source Port: 3306 733', 1, 'localhost.localdomain',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1167 Fri') # Sample 2 windowsserver MSWinEventLog 1 Security 1166 Fri Mar 19 15:33:30 2010 576 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Special privileges assigned to new logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeEnableDelegationPrivilege 732\n -insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 576 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Special privileges assigned to new logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeEnableDelegationPrivilege 732', 1, 'localhost',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1166 Fri') +insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 576 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff Special privileges assigned to new logon: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF88396) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeEnableDelegationPrivilege 732', 1, 'localhost.localdomain',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1166 Fri') # Sample 3 windowsserver MSWinEventLog 1 Security 1165 Fri Mar 19 15:33:30 2010 538 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff User Logoff: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF8830B) Logon Type: 3 731\n -insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 538 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff User Logoff: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF8830B) Logon Type: 3 731', 1, 'localhost',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1165 Fri') +insert into windows (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (' Mar 19 15:33:30 2010 538 Security SYSTEM User Success Audit WINDOWSSERVER Logon/Logoff User Logoff: User Name: WINDOWSSERVER$ Domain: DOMX Logon ID: (0x0,0xF8830B) Logon Type: 3 731', 1, 'localhost.localdomain',5, '20100321185328', '20100321185328', 1, 'windowsserver MSWinEventLog 1 Security 1165 Fri') diff --git a/tests/testsuites/weird.parse1 b/tests/testsuites/weird.parse1 index e8b90c74..907198a1 100644 --- a/tests/testsuites/weird.parse1 +++ b/tests/testsuites/weird.parse1 @@ -11,10 +11,10 @@ 14,user,info,Aug 30 23:00:05,X4711,,, # there is a SP at the end of the line <14>Aug 30 23:00:05 -14,user,info,Aug 30 23:00:05,localhost,,, +14,user,info,Aug 30 23:00:05,localhost.localdomain,,, # and here is no SP at the end of the line <14>Aug 30 23:00:05 -14,user,info,Aug 30 23:00:05,localhost,,, +14,user,info,Aug 30 23:00:05,localhost.localdomain,,, # unfortunately, I can not test missing dates with this test suite, because # we would have the current date in the response, which we can not check against # @@ -31,7 +31,7 @@ 14,user,info,Aug 30 23:00:05,X4711,,, # there is a SP at the end of the line <14>2010-08-30T23:00:05Z -14,user,info,Aug 30 23:00:05,localhost,,, +14,user,info,Aug 30 23:00:05,localhost.localdomain,,, # and here is no SP at the end of the line <14>2010-08-30T23:00:05Z -14,user,info,Aug 30 23:00:05,localhost,,, +14,user,info,Aug 30 23:00:05,localhost.localdomain,,, -- cgit From 36899ac8c40e78767ba58e440167a76dd4a73db1 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Sun, 6 Mar 2011 16:09:17 +0100 Subject: added new test to check RepeatedMsgReduction (via TCP) This is kind of a backport of a similar UDP-based test from v6. However, we do not have everything required for UDP in the v5 test tool base, so we mimic the test with tcp -- which is not bad at all, because the code path for TCP is somewhat different (and thus once we merge this patch into v6, it is a useful addition). --- tests/testsuites/tcp-msgreduc-vg.conf | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 tests/testsuites/tcp-msgreduc-vg.conf (limited to 'tests/testsuites') diff --git a/tests/testsuites/tcp-msgreduc-vg.conf b/tests/testsuites/tcp-msgreduc-vg.conf new file mode 100644 index 00000000..72420f04 --- /dev/null +++ b/tests/testsuites/tcp-msgreduc-vg.conf @@ -0,0 +1,10 @@ +# Test for queue disk mode (see .sh file for details) +# rgerhards, 2009-05-22 +$IncludeConfig diag-common.conf + +$ModLoad ../plugins/imtcp/.libs/imtcp +$InputTCPServerRun 13514 +$RepeatedMsgReduction on + +$template outfmt,"%msg:F,58:2%\n" +*.* ./rsyslog.out.log;outfmt -- cgit From 5d3783b0c0449df1d4d1b0d38ce35dc2995ce22a Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 8 Mar 2011 18:18:14 +0100 Subject: added new test to testbench --- tests/testsuites/discard-rptdmsg.conf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 tests/testsuites/discard-rptdmsg.conf (limited to 'tests/testsuites') diff --git a/tests/testsuites/discard-rptdmsg.conf b/tests/testsuites/discard-rptdmsg.conf new file mode 100644 index 00000000..74060e31 --- /dev/null +++ b/tests/testsuites/discard-rptdmsg.conf @@ -0,0 +1,15 @@ +# Test for discard functionality +# rgerhards, 2009-07-30 +$IncludeConfig diag-common.conf + +$ModLoad ../plugins/imtcp/.libs/imtcp +$MainMsgQueueTimeoutShutdown 10000 +$InputTCPServerRun 13514 + +$RepeatedMsgReduction on + +:msg, contains, "00000001" ~ + +$template outfmt,"%msg:F,58:2%\n" +$template dynfile,"rsyslog.out.log" # trick to use relative path names! +:msg, contains, "msgnum:" ?dynfile;outfmt -- cgit From d1ae9e393885fb6d9fc69fc1bb08a098a8ac0328 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 9 Mar 2011 11:28:22 +0100 Subject: improved testbench --- tests/testsuites/discard-allmark.conf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 tests/testsuites/discard-allmark.conf (limited to 'tests/testsuites') diff --git a/tests/testsuites/discard-allmark.conf b/tests/testsuites/discard-allmark.conf new file mode 100644 index 00000000..8a4983c1 --- /dev/null +++ b/tests/testsuites/discard-allmark.conf @@ -0,0 +1,15 @@ +# Test for discard functionality +# rgerhards, 2009-07-30 +$IncludeConfig diag-common.conf + +$ModLoad ../plugins/imtcp/.libs/imtcp +$MainMsgQueueTimeoutShutdown 10000 +$InputTCPServerRun 13514 + +$ActionWriteAllMarkMessages on + +:msg, contains, "00000001" ~ + +$template outfmt,"%msg:F,58:2%\n" +$template dynfile,"rsyslog.out.log" # trick to use relative path names! +:msg, contains, "msgnum:" ?dynfile;outfmt -- cgit From 533a5351365cec93f233e0e99d98cedeadc5bd69 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 9 Mar 2011 12:40:58 +0100 Subject: added MySQL life tests for ommysql tests run against a life database instance which must be setup in a specific way. --- tests/testsuites/mysql-asyn.conf | 5 +++++ tests/testsuites/mysql-basic.conf | 4 ++++ tests/testsuites/mysql-select-msg.sql | 2 ++ tests/testsuites/mysql-truncate.sql | 2 ++ 4 files changed, 13 insertions(+) create mode 100644 tests/testsuites/mysql-asyn.conf create mode 100644 tests/testsuites/mysql-basic.conf create mode 100644 tests/testsuites/mysql-select-msg.sql create mode 100644 tests/testsuites/mysql-truncate.sql (limited to 'tests/testsuites') diff --git a/tests/testsuites/mysql-asyn.conf b/tests/testsuites/mysql-asyn.conf new file mode 100644 index 00000000..acdf9bbd --- /dev/null +++ b/tests/testsuites/mysql-asyn.conf @@ -0,0 +1,5 @@ +$IncludeConfig diag-common.conf + +$ModLoad ../plugins/ommysql/.libs/ommysql +$ActionQueueType LinkedList +:msg, contains, "msgnum:" :ommysql:127.0.0.1,Syslog,rsyslog,testbench; diff --git a/tests/testsuites/mysql-basic.conf b/tests/testsuites/mysql-basic.conf new file mode 100644 index 00000000..070094f5 --- /dev/null +++ b/tests/testsuites/mysql-basic.conf @@ -0,0 +1,4 @@ +$IncludeConfig diag-common.conf + +$ModLoad ../plugins/ommysql/.libs/ommysql +:msg, contains, "msgnum:" :ommysql:127.0.0.1,Syslog,rsyslog,testbench; diff --git a/tests/testsuites/mysql-select-msg.sql b/tests/testsuites/mysql-select-msg.sql new file mode 100644 index 00000000..2d27a331 --- /dev/null +++ b/tests/testsuites/mysql-select-msg.sql @@ -0,0 +1,2 @@ +use Syslog; +select substring(Message,9,8) from SystemEvents; diff --git a/tests/testsuites/mysql-truncate.sql b/tests/testsuites/mysql-truncate.sql new file mode 100644 index 00000000..ca852beb --- /dev/null +++ b/tests/testsuites/mysql-truncate.sql @@ -0,0 +1,2 @@ +use Syslog; +truncate table SystemEvents; -- cgit From 9cc963926bad3de9a78df51a19456f419c34492a Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 10 Mar 2011 14:46:47 +0100 Subject: bugfix: minor memory leak in omlibdbi (< 1k per instance and run) also testbench improvement (omlibdbi now also receives a couple of tests if we have a life MySQL server). --- tests/testsuites/libdbi-asyn.conf | 12 ++++++++++++ tests/testsuites/libdbi-basic.conf | 9 +++++++++ 2 files changed, 21 insertions(+) create mode 100644 tests/testsuites/libdbi-asyn.conf create mode 100644 tests/testsuites/libdbi-basic.conf (limited to 'tests/testsuites') diff --git a/tests/testsuites/libdbi-asyn.conf b/tests/testsuites/libdbi-asyn.conf new file mode 100644 index 00000000..39b01fbc --- /dev/null +++ b/tests/testsuites/libdbi-asyn.conf @@ -0,0 +1,12 @@ +$IncludeConfig diag-common.conf + +$ModLoad ../plugins/omlibdbi/.libs/omlibdbi + +$ActionQueueType LinkedList + +$ActionLibdbiDriver mysql +$ActionLibdbiHost 127.0.0.1 +$ActionLibdbiUserName root +$ActionLibdbiPassword pass +$ActionLibdbiDBName Syslog +:msg, contains, "msgnum:" :omlibdbi: diff --git a/tests/testsuites/libdbi-basic.conf b/tests/testsuites/libdbi-basic.conf new file mode 100644 index 00000000..212225cc --- /dev/null +++ b/tests/testsuites/libdbi-basic.conf @@ -0,0 +1,9 @@ +$IncludeConfig diag-common.conf + +$ModLoad ../plugins/omlibdbi/.libs/omlibdbi +$ActionLibdbiDriver mysql +$ActionLibdbiHost 127.0.0.1 +$ActionLibdbiUserName root +$ActionLibdbiPassword pass +$ActionLibdbiDBName Syslog +:msg, contains, "msgnum:" :omlibdbi: -- cgit