Examples with MessageParserResult org.apache.metron.parsers.interfaces.MessageParserResult used on opensource projects

Search in sources :

Example 11 with MessageParserResult

use of org.apache.metron.parsers.interfaces.MessageParserResult in project metron by apache.

the class GrokWebSphereParserTest method testParseLoginLine.

@Test
public void testParseLoginLine() {
    String testString = "<133>Apr 15 17:47:28 ABCXML1413 [rojOut][0x81000033][auth][notice] user(rick007): " + "[120.43.200.6]: User logged into 'cohlOut'.";
    Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes(StandardCharsets.UTF_8));
    assertNotNull(resultOptional);
    assertTrue(resultOptional.isPresent());
    List<JSONObject> result = resultOptional.get().getMessages();
    JSONObject parsedJSON = result.get(0);
    long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 17, 47, 28, 0, UTC).toInstant().toEpochMilli();
    // Compare fields
    assertEquals(133, parsedJSON.get("priority"));
    assertEquals(expectedTimestamp, parsedJSON.get("timestamp"));
    assertEquals("ABCXML1413", parsedJSON.get("hostname"));
    assertEquals("rojOut", parsedJSON.get("security_domain"));
    assertEquals("0x81000033", parsedJSON.get("event_code"));
    assertEquals("auth", parsedJSON.get("event_type"));
    assertEquals("notice", parsedJSON.get("severity"));
    assertEquals("login", parsedJSON.get("event_subtype"));
    assertEquals("rick007", parsedJSON.get("username"));
    assertEquals("120.43.200.6", parsedJSON.get("ip_src_addr"));
}
Also used : MessageParserResult(org.apache.metron.parsers.interfaces.MessageParserResult) JSONObject(org.json.simple.JSONObject) Test(org.junit.jupiter.api.Test)

Example 12 with MessageParserResult

use of org.apache.metron.parsers.interfaces.MessageParserResult in project metron by apache.

the class GrokWebSphereParserTest method testParseRBMLine.

@Test
public void testParseRBMLine() {
    String testString = "<131>Apr 15 17:36:35 ROBXML3QRS [0x80800018][auth][error] rbm(RBM-Settings): " + "trans(3502888135)[request] gtid(3502888135): RBM: Resource access denied.";
    Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes(StandardCharsets.UTF_8));
    assertNotNull(resultOptional);
    assertTrue(resultOptional.isPresent());
    List<JSONObject> result = resultOptional.get().getMessages();
    JSONObject parsedJSON = result.get(0);
    long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 17, 36, 35, 0, UTC).toInstant().toEpochMilli();
    // Compare fields
    assertEquals(131, parsedJSON.get("priority"));
    assertEquals(expectedTimestamp, parsedJSON.get("timestamp"));
    assertEquals("ROBXML3QRS", parsedJSON.get("hostname"));
    assertEquals("0x80800018", parsedJSON.get("event_code"));
    assertEquals("auth", parsedJSON.get("event_type"));
    assertEquals("error", parsedJSON.get("severity"));
    assertEquals("rbm", parsedJSON.get("process"));
    assertEquals("trans(3502888135)[request] gtid(3502888135): RBM: Resource access denied.", parsedJSON.get("message"));
}
Also used : MessageParserResult(org.apache.metron.parsers.interfaces.MessageParserResult) JSONObject(org.json.simple.JSONObject) Test(org.junit.jupiter.api.Test)

Example 13 with MessageParserResult

use of org.apache.metron.parsers.interfaces.MessageParserResult in project metron by apache.

the class GrokWebSphereParserTest method testParseMalformedLogoutLine.

@Test
public void testParseMalformedLogoutLine() {
    String testString = "<134>Apr 15 18:02:27 PHIXML3RWD [0x81000019][auth][info] [14.122.2.201: " + "User 'hjpotter' logged out from 'default.";
    Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(testString.getBytes(StandardCharsets.UTF_8));
    assertNotNull(resultOptional);
    assertTrue(resultOptional.isPresent());
    List<JSONObject> result = resultOptional.get().getMessages();
    JSONObject parsedJSON = result.get(0);
    long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 4, 15, 18, 2, 27, 0, UTC).toInstant().toEpochMilli();
    // Compare fields
    assertEquals(134, parsedJSON.get("priority"));
    assertEquals(expectedTimestamp, parsedJSON.get("timestamp"));
    assertEquals("PHIXML3RWD", parsedJSON.get("hostname"));
    assertEquals("0x81000019", parsedJSON.get("event_code"));
    assertEquals("auth", parsedJSON.get("event_type"));
    assertEquals("info", parsedJSON.get("severity"));
    assertEquals(null, parsedJSON.get("ip_src_addr"));
    assertEquals(null, parsedJSON.get("username"));
    assertEquals(null, parsedJSON.get("security_domain"));
}
Also used : MessageParserResult(org.apache.metron.parsers.interfaces.MessageParserResult) JSONObject(org.json.simple.JSONObject) Test(org.junit.jupiter.api.Test)

Example 14 with MessageParserResult

use of org.apache.metron.parsers.interfaces.MessageParserResult in project metron by apache.

the class GrokParserTest method test.

@Test
public void test() throws ParseException {
    Map<String, Object> parserConfig = new HashMap<>();
    parserConfig.put("grokPath", getGrokPath());
    parserConfig.put("patternLabel", getGrokPatternLabel());
    parserConfig.put("timestampField", getTimestampField());
    parserConfig.put("dateFormat", getDateFormat());
    parserConfig.put("timeFields", getTimeFields());
    GrokParser grokParser = new GrokParser();
    grokParser.configure(parserConfig);
    grokParser.init();
    JSONParser jsonParser = new JSONParser();
    Map<String, String> testData = getTestData();
    for (Map.Entry<String, String> e : testData.entrySet()) {
        JSONObject expected = (JSONObject) jsonParser.parse(e.getValue());
        byte[] rawMessage = e.getKey().getBytes(StandardCharsets.UTF_8);
        Optional<MessageParserResult<JSONObject>> resultOptional = grokParser.parseOptionalResult(rawMessage);
        assertNotNull(resultOptional);
        assertTrue(resultOptional.isPresent());
        List<JSONObject> parsedList = resultOptional.get().getMessages();
        assertEquals(1, parsedList.size());
        compare(expected, parsedList.get(0));
    }
}
Also used : MessageParserResult(org.apache.metron.parsers.interfaces.MessageParserResult) HashMap(java.util.HashMap) JSONObject(org.json.simple.JSONObject) JSONObject(org.json.simple.JSONObject) JSONParser(org.json.simple.parser.JSONParser) HashMap(java.util.HashMap) Map(java.util.Map) Test(org.junit.jupiter.api.Test)

Example 15 with MessageParserResult

use of org.apache.metron.parsers.interfaces.MessageParserResult in project metron by apache.

the class MessageParserTest method testParseOptional.

@Test
public void testParseOptional() {
    JSONObject message = new JSONObject();
    MessageParser<JSONObject> parser = new TestMessageParser() {

        @Override
        public Optional<List<JSONObject>> parseOptional(byte[] rawMessage) {
            return Optional.of(Collections.singletonList(message));
        }
    };
    Optional<MessageParserResult<JSONObject>> ret = parser.parseOptionalResult("message".getBytes(StandardCharsets.UTF_8));
    assertTrue(ret.isPresent());
    assertEquals(1, ret.get().getMessages().size());
    assertEquals(message, ret.get().getMessages().get(0));
}
Also used : MessageParserResult(org.apache.metron.parsers.interfaces.MessageParserResult) JSONObject(org.json.simple.JSONObject) Test(org.junit.jupiter.api.Test)

Aggregations

MessageParserResult (org.apache.metron.parsers.interfaces.MessageParserResult)15 JSONObject (org.json.simple.JSONObject)15 Test (org.junit.jupiter.api.Test)14 JSONParser (org.json.simple.parser.JSONParser)4 HashMap (java.util.HashMap)1 Map (java.util.Map)1 SensorParserConfig (org.apache.metron.common.configuration.SensorParserConfig)1 MetronError (org.apache.metron.common.error.MetronError)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial