Skip to content

Commit

Permalink
Added tests for parser preferred time zone handling log2timeline#3287
Browse files Browse the repository at this point in the history
  • Loading branch information
@joachimmetz
joachimmetz committed Nov 16, 2020
1 parent 2eea7bd commit 0d57b98
Show file tree
Hide file tree
Showing 7 changed files with 123 additions and 0 deletions.
15 changes: 15 additions & 0 deletions tests/parsers/apt_history.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,21 @@ def testParseLog(self):
self._TestGetMessageStrings(
event_data, expected_message, expected_short_message)

def testParseLogWithTimeZone(self):
"""Tests the Parse function on apt_history.log with a time zone."""
parser = apt_history.APTHistoryLogParser()
storage_writer = self._ParseFile(
['apt_history.log'], parser, timezone='CET')

self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 10)

events = list(storage_writer.GetEvents())

event = events[0]

self.CheckTimestamp(event.timestamp, '2019-07-10 14:38:08.000000')

def testParseInvalidLog(self):
"""Tests the Parse function on a non APT History log."""
parser = apt_history.APTHistoryLogParser()
Expand Down
15 changes: 15 additions & 0 deletions tests/parsers/setupapi.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,21 @@ def testParseSetupLog(self):
self._TestGetMessageStrings(
event_data, expected_message, expected_short_message)

def testParseSetupLogWithTimeZone(self):
"""Tests the Parse function on setupapi.setup.log with a time zone."""
parser = setupapi.SetupapiLogParser()
storage_writer = self._ParseFile(
['setupapi.setup.log'], parser, timezone='CET')

self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 32)

events = list(storage_writer.GetEvents())

event = events[0]

self.CheckTimestamp(event.timestamp, '2015-11-22 16:53:16.599000')


if __name__ == '__main__':
unittest.main()
14 changes: 14 additions & 0 deletions tests/parsers/sophos_av.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,20 @@ def testParse(self):
self._TestGetMessageStrings(
event_data, expected_message, expected_short_message)

def testParseWithTimeZone(self):
"""Tests the Parse function with a time zone."""
parser = sophos_av.SophosAVLogParser()
storage_writer = self._ParseFile(['sav.txt'], parser, timezone='CET')

self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 9)

events = list(storage_writer.GetEvents())

event = events[0]

self.CheckTimestamp(event.timestamp, '2010-07-20 16:38:14.000000')


if __name__ == '__main__':
unittest.main()
35 changes: 35 additions & 0 deletions tests/parsers/syslog.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,18 @@ def testParseRsyslogTraditional(self):
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 8)

events = list(storage_writer.GetSortedEvents())

event = events[0]

self.CheckTimestamp(event.timestamp, '2016-01-22 07:54:32.000000')

event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.data_type, 'syslog:line')
self.assertEqual(event_data.hostname, 'myhostname.myhost.com')
self.assertEqual(event_data.reporter, 'Job')
self.assertIsNone(event_data.severity)

def testParseDarwin(self):
"""Tests the Parse function on an Darwin-style syslog file."""
parser = syslog.SyslogParser()
Expand Down Expand Up @@ -203,6 +215,29 @@ def testParse(self):
self.assertEqual(storage_writer.number_of_warnings, 2)
self.assertEqual(storage_writer.number_of_events, 15)

def testParseWithTimeZone(self):
"""Tests the Parse function with a time zone."""
parser = syslog.SyslogParser()
knowledge_base_values = {'year': 2016}
storage_writer = self._ParseFile(
['syslog_rsyslog_traditional'], parser,
knowledge_base_values=knowledge_base_values, timezone='CET')

self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 8)

events = list(storage_writer.GetSortedEvents())

event = events[0]

self.CheckTimestamp(event.timestamp, '2016-01-22 06:54:32.000000')

event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.data_type, 'syslog:line')
self.assertEqual(event_data.hostname, 'myhostname.myhost.com')
self.assertEqual(event_data.reporter, 'Job')
self.assertIsNone(event_data.severity)


if __name__ == '__main__':
unittest.main()
14 changes: 14 additions & 0 deletions tests/parsers/vsftpd.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,20 @@ def testParse(self):
self._TestGetMessageStrings(
event_data, expected_message, expected_short_message)

def testParseWithTimeZone(self):
"""Tests the Parse function with a time zone."""
parser = vsftpd.VsftpdLogParser()
storage_writer = self._ParseFile(['vsftpd.log'], parser, timezone='CET')

self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 25)

events = list(storage_writer.GetEvents())

event = events[12]

self.CheckTimestamp(event.timestamp, '2016-06-10 12:24:19.000000')


if __name__ == '__main__':
unittest.main()
14 changes: 14 additions & 0 deletions tests/parsers/winfirewall.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,20 @@ def testParse(self):
self.assertEqual(event_data.icmp_type, 8)
self.assertEqual(event_data.icmp_code, 0)

def testParseWithTimeZone(self):
"""Tests the Parse function with a time zone."""
parser = winfirewall.WinFirewallParser()
storage_writer = self._ParseFile(['firewall.log'], parser, timezone='CET')

self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 15)

events = list(storage_writer.GetSortedEvents())

event = events[4]

self.CheckTimestamp(event.timestamp, '2005-04-11 06:06:02.000000')


if __name__ == '__main__':
unittest.main()
16 changes: 16 additions & 0 deletions tests/parsers/xchatlog.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,22 @@ class XChatLogUnitTest(test_lib.ParserTestCase):
def testParse(self):
"""Tests the Parse function."""
parser = xchatlog.XChatLogParser()
storage_writer = self._ParseFile(['xchat.log'], parser)

self.assertEqual(storage_writer.number_of_warnings, 1)
self.assertEqual(storage_writer.number_of_events, 9)

events = list(storage_writer.GetEvents())

expected_event_values = {
'text': 'XChat start logging',
'timestamp': '2011-12-31 21:11:55.000000'}

self.CheckEventValues(storage_writer, events[0], expected_event_values)

def testParseWithTimeZone(self):
"""Tests the Parse function with a time zone."""
parser = xchatlog.XChatLogParser()
storage_writer = self._ParseFile(
['xchat.log'], parser, timezone='Europe/Rome')

Expand Down

0 comments on commit 0d57b98

Please sign in to comment.