Examples with MessageParserResult org.apache.metron.parsers.interfaces.MessageParserResult used on opensource projects

Search in sources :

Example 6 with MessageParserResult

use of org.apache.metron.parsers.interfaces.MessageParserResult in project metron by apache.

the class GrokWebSphereParserTest method testParseMalformedOtherLine.

@Test
public void testParseMalformedOtherLine() {
    String testString = "<134>Apr 15 17:17:34 SAGPXMLQA333 [0x8240001c][audit][info] trans 191)  admindefaultsystem*): " + "ntp-service 'NTP Service' - Operational state down:";
    Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes(StandardCharsets.UTF_8));
    assertNotNull(resultOptional);
    assertTrue(resultOptional.isPresent());
    List<JSONObject> result = resultOptional.get().getMessages();
    JSONObject parsedJSON = result.get(0);
    long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 17, 17, 34, 0, UTC).toInstant().toEpochMilli();
    // Compare fields
    assertEquals(134, parsedJSON.get("priority"));
    assertEquals(expectedTimestamp, parsedJSON.get("timestamp"));
    assertEquals("SAGPXMLQA333", parsedJSON.get("hostname"));
    assertEquals("0x8240001c", parsedJSON.get("event_code"));
    assertEquals("audit", parsedJSON.get("event_type"));
    assertEquals("info", parsedJSON.get("severity"));
    assertEquals(null, parsedJSON.get("process"));
    assertEquals("trans 191)  admindefaultsystem*): ntp-service 'NTP Service' - Operational state down:", parsedJSON.get("message"));
}
Also used : MessageParserResult(org.apache.metron.parsers.interfaces.MessageParserResult) JSONObject(org.json.simple.JSONObject) Test(org.junit.jupiter.api.Test)

Example 7 with MessageParserResult

use of org.apache.metron.parsers.interfaces.MessageParserResult in project metron by apache.

the class GrokWebSphereParserTest method testParseLogoutLine.

@Test
public void testParseLogoutLine() {
    String testString = "<134>Apr 15 18:02:27 PHIXML3RWD [0x81000019][auth][info] [14.122.2.201]: " + "User 'hjpotter' logged out from 'default'.";
    Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes(StandardCharsets.UTF_8));
    assertNotNull(resultOptional);
    assertTrue(resultOptional.isPresent());
    List<JSONObject> result = resultOptional.get().getMessages();
    JSONObject parsedJSON = result.get(0);
    long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 18, 2, 27, 0, UTC).toInstant().toEpochMilli();
    // Compare fields
    assertEquals(134, parsedJSON.get("priority"));
    assertEquals(expectedTimestamp, parsedJSON.get("timestamp"));
    assertEquals("PHIXML3RWD", parsedJSON.get("hostname"));
    assertEquals("0x81000019", parsedJSON.get("event_code"));
    assertEquals("auth", parsedJSON.get("event_type"));
    assertEquals("info", parsedJSON.get("severity"));
    assertEquals("14.122.2.201", parsedJSON.get("ip_src_addr"));
    assertEquals("hjpotter", parsedJSON.get("username"));
    assertEquals("default", parsedJSON.get("security_domain"));
}
Also used : MessageParserResult(org.apache.metron.parsers.interfaces.MessageParserResult) JSONObject(org.json.simple.JSONObject) Test(org.junit.jupiter.api.Test)

Example 8 with MessageParserResult

use of org.apache.metron.parsers.interfaces.MessageParserResult in project metron by apache.

the class GrokWebSphereParserTest method testParseOtherLine.

@Test
public void testParseOtherLine() {
    String testString = "<134>Apr 15 17:17:34 SAGPXMLQA333 [0x8240001c][audit][info] trans(191): (admin:default:system:*): " + "ntp-service 'NTP Service' - Operational state down";
    Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes(StandardCharsets.UTF_8));
    assertNotNull(resultOptional);
    assertTrue(resultOptional.isPresent());
    List<JSONObject> result = resultOptional.get().getMessages();
    JSONObject parsedJSON = result.get(0);
    long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 17, 17, 34, 0, UTC).toInstant().toEpochMilli();
    // Compare fields
    assertEquals(134, parsedJSON.get("priority"));
    assertEquals(expectedTimestamp, parsedJSON.get("timestamp"));
    assertEquals("SAGPXMLQA333", parsedJSON.get("hostname"));
    assertEquals("0x8240001c", parsedJSON.get("event_code"));
    assertEquals("audit", parsedJSON.get("event_type"));
    assertEquals("info", parsedJSON.get("severity"));
    assertEquals("trans", parsedJSON.get("process"));
    assertEquals("(admin:default:system:*): ntp-service 'NTP Service' - Operational state down", parsedJSON.get("message"));
}
Also used : MessageParserResult(org.apache.metron.parsers.interfaces.MessageParserResult) JSONObject(org.json.simple.JSONObject) Test(org.junit.jupiter.api.Test)

Example 9 with MessageParserResult

use of org.apache.metron.parsers.interfaces.MessageParserResult in project metron by apache.

the class GrokWebSphereParserTest method testParseMalformedRBMLine.

@Test
public void testParseMalformedRBMLine() {
    String testString = "<131>Apr 15 17:36:35 ROBXML3QRS [0x80800018][auth][error] rbmRBM-Settings): " + "trans3502888135)[request] gtid3502888135) RBM: Resource access denied.";
    Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes(StandardCharsets.UTF_8));
    assertNotNull(resultOptional);
    assertTrue(resultOptional.isPresent());
    List<JSONObject> result = resultOptional.get().getMessages();
    JSONObject parsedJSON = result.get(0);
    long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 17, 36, 35, 0, UTC).toInstant().toEpochMilli();
    // Compare fields
    assertEquals(131, parsedJSON.get("priority"));
    assertEquals(expectedTimestamp, parsedJSON.get("timestamp"));
    assertEquals("ROBXML3QRS", parsedJSON.get("hostname"));
    assertEquals("0x80800018", parsedJSON.get("event_code"));
    assertEquals("auth", parsedJSON.get("event_type"));
    assertEquals("error", parsedJSON.get("severity"));
    assertEquals(null, parsedJSON.get("process"));
    assertEquals("rbmRBM-Settings): trans3502888135)[request] gtid3502888135) RBM: Resource access denied.", parsedJSON.get("message"));
}
Also used : MessageParserResult(org.apache.metron.parsers.interfaces.MessageParserResult) JSONObject(org.json.simple.JSONObject) Test(org.junit.jupiter.api.Test)

Example 10 with MessageParserResult

use of org.apache.metron.parsers.interfaces.MessageParserResult in project metron by apache.

the class GrokWebSphereParserTest method testParseMalformedLoginLine.

@Test
public void testParseMalformedLoginLine() {
    String testString = "<133>Apr 15 17:47:28 ABCXML1413 [rojOut][0x81000033][auth][notice] rick007): " + "[120.43.200. User logged into 'cohlOut'.";
    Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes(StandardCharsets.UTF_8));
    assertNotNull(resultOptional);
    assertTrue(resultOptional.isPresent());
    List<JSONObject> result = resultOptional.get().getMessages();
    JSONObject parsedJSON = result.get(0);
    long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 17, 47, 28, 0, UTC).toInstant().toEpochMilli();
    // Compare fields
    assertEquals(133, parsedJSON.get("priority"));
    assertEquals(expectedTimestamp, parsedJSON.get("timestamp"));
    assertEquals("ABCXML1413", parsedJSON.get("hostname"));
    assertEquals("rojOut", parsedJSON.get("security_domain"));
    assertEquals("0x81000033", parsedJSON.get("event_code"));
    assertEquals("auth", parsedJSON.get("event_type"));
    assertEquals("notice", parsedJSON.get("severity"));
    assertEquals("login", parsedJSON.get("event_subtype"));
    assertEquals(null, parsedJSON.get("username"));
    assertEquals(null, parsedJSON.get("ip_src_addr"));
}
Also used : MessageParserResult(org.apache.metron.parsers.interfaces.MessageParserResult) JSONObject(org.json.simple.JSONObject) Test(org.junit.jupiter.api.Test)

Aggregations

MessageParserResult (org.apache.metron.parsers.interfaces.MessageParserResult)15 JSONObject (org.json.simple.JSONObject)15 Test (org.junit.jupiter.api.Test)14 JSONParser (org.json.simple.parser.JSONParser)4 HashMap (java.util.HashMap)1 Map (java.util.Map)1 SensorParserConfig (org.apache.metron.common.configuration.SensorParserConfig)1 MetronError (org.apache.metron.common.error.MetronError)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial