Examples with Message org.graylog2.plugin.Message used on opensource projects

Example 11 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class SearchesTest method termsStatsRecordsMetrics.

@Test
@UsingDataSet(loadStrategy = LoadStrategyEnum.CLEAN_INSERT)
public void termsStatsRecordsMetrics() throws Exception {
    TermsStatsResult r = searches.termsStats("message", "n", Searches.TermsStatsOrder.COUNT, 25, "*", AbsoluteRange.create(new DateTime(2015, 1, 1, 0, 0, DateTimeZone.UTC), new DateTime(2015, 1, 2, 0, 0, DateTimeZone.UTC)));
    assertThat(metricRegistry.getTimers()).containsKey(REQUEST_TIMER_NAME);
    assertThat(metricRegistry.getHistograms()).containsKey(RANGES_HISTOGRAM_NAME);
    Timer timer = metricRegistry.timer(REQUEST_TIMER_NAME);
    assertThat(timer.getCount()).isEqualTo(1L);
    Histogram histogram = metricRegistry.histogram(RANGES_HISTOGRAM_NAME);
    assertThat(histogram.getCount()).isEqualTo(1L);
    assertThat(histogram.getSnapshot().getValues()).containsExactly(86400L);
}

Example 12 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class SyslogCodecTest method testDecodeStructuredIssue549.

@Test
public void testDecodeStructuredIssue549() throws Exception {
    final Message message = codec.decode(buildRawMessage(STRUCTURED_ISSUE_549));
    assertNotNull(message);
    assertEquals(message.getMessage(), "RT_FLOW_SESSION_DENY [junos@2636.1.1.1.2.39 source-address=\"1.2.3.4\" source-port=\"56639\" destination-address=\"5.6.7.8\" destination-port=\"2003\" service-name=\"None\" protocol-id=\"6\" icmp-type=\"0\" policy-name=\"log-all-else\" source-zone-name=\"campus\" destination-zone-name=\"mngmt\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth6.0\" encrypted=\"No\"]");
    assertEquals(((DateTime) message.getField("timestamp")).withZone(DateTimeZone.UTC), new DateTime("2014-05-01T08:26:51.179Z", DateTimeZone.UTC));
    assertEquals(message.getField("source-address"), "1.2.3.4");
    assertEquals(message.getField("source-port"), "56639");
    assertEquals(message.getField("destination-address"), "5.6.7.8");
    assertEquals(message.getField("destination-port"), "2003");
    assertEquals(message.getField("service-name"), "None");
    assertEquals(message.getField("protocol-id"), "6");
    assertEquals(message.getField("icmp-type"), "0");
    assertEquals(message.getField("policy-name"), "log-all-else");
    assertEquals(message.getField("source-zone-name"), "campus");
    assertEquals(message.getField("destination-zone-name"), "mngmt");
    assertEquals(message.getField("application"), "UNKNOWN");
    assertEquals(message.getField("nested-application"), "UNKNOWN");
    assertEquals(message.getField("username"), "N/A");
    assertEquals(message.getField("roles"), "N/A");
    assertEquals(message.getField("packet-incoming-interface"), "reth6.0");
    assertEquals(message.getField("encrypted"), "No");
}

Example 13 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class SyslogCodecTest method testDecodeUnstructured.

@Test
public void testDecodeUnstructured() throws Exception {
    final Message message = codec.decode(buildRawMessage(UNSTRUCTURED));
    assertNotNull(message);
    assertEquals(message.getMessage(), "c4dc57ba1ebb syslog-ng[7208]: syslog-ng starting up; version='3.5.3'");
    assertEquals(message.getField("timestamp"), new DateTime(YEAR + "-10-21T12:09:37"));
    assertEquals(message.getField("source"), "c4dc57ba1ebb");
    assertEquals(message.getField("level"), 5);
    assertEquals(message.getField("facility"), "syslogd");
    assertNull(message.getField("full_message"));
}

Example 14 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class SyslogCodecTest method rfc3164_section5_4_messages.

@Test
public void rfc3164_section5_4_messages() {
    // See https://tools.ietf.org/html/rfc3164#section-5.4
    final Map<String, Map<String, Object>> rfc3164messages = ImmutableMap.of("<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8", ImmutableMap.of("timestamp", new DateTime(YEAR + "-10-11T22:14:15"), "source", "mymachine", "level", 2, "facility", "security/authorization", "message", "mymachine su: 'su root' failed for lonvick on /dev/pts/8"), "<13>Feb  5 17:32:18 10.0.0.99 Use the BFG!", ImmutableMap.of("timestamp", new DateTime(YEAR + "-02-05T17:32:18"), "source", "10.0.0.99", "level", 5, "facility", "user-level", "message", "10.0.0.99 Use the BFG!"));
    for (Map.Entry<String, Map<String, Object>> entry : rfc3164messages.entrySet()) {
        final Message message = codec.decode(buildRawMessage(entry.getKey()));
        assertThat(message).isNotNull();
        assertThat(message.getFields()).containsAllEntriesOf(entry.getValue());
    }
}

Example 15 with Message

use of org.graylog2.plugin.Message in project graylog2-server by Graylog2.

the class GelfChunkAggregatorTest method tooManyChunks.

@Test
public void tooManyChunks() {
    final ChannelBuffer[] chunks = createChunkedMessage(129 * 1024, 1024);
    int i = 1;
    for (final ChannelBuffer chunk : chunks) {
        final CodecAggregator.Result result = aggregator.addChunk(chunk);
        if (i == 129) {
            assertFalse("Message invalidated (chunk #" + i + ")", result.isValid());
            assertNull("Message discarded (chunk #" + i + ")", result.getMessage());
        } else {
            assertTrue("Incomplete message valid (chunk #" + i + ")", result.isValid());
            assertNull("Message not complete (chunk #" + i + ")", result.getMessage());
        }
        i++;
    }
}