Search in sources :

Example 81 with Messages

use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.

the class PipelineInterpreterTest method testDroppedMessageWillHaltProcessingAfterCurrentStage.

@Test
public void testDroppedMessageWillHaltProcessingAfterCurrentStage() {
    final RuleService ruleService = mock(MongoDbRuleService.class);
    when(ruleService.loadAll()).thenReturn(ImmutableList.of(RULE_SET_FIELD.apply("1-a"), RULE_SET_FIELD.apply("1-b"), RULE_SET_FIELD.apply("2-a"), RULE_SET_FIELD.apply("2-b"), RULE_DROP_MESSAGE));
    final PipelineService pipelineService = mock(MongoDbPipelineService.class);
    when(pipelineService.loadAll()).thenReturn(ImmutableList.of(PipelineDao.create("p1", "title1", "description", "pipeline \"pipeline1\"\n" + "stage 0 match pass\n" + "    rule \"1-a\";\n" + "    rule \"drop_message\";\n" + "stage 1 match pass\n" + "    rule \"1-b\";\n" + "end\n", Tools.nowUTC(), null), PipelineDao.create("p2", "title2", "description", "pipeline \"pipeline2\"\n" + "stage 0 match pass\n" + "    rule \"2-a\";\n" + "stage 1 match pass\n" + "    rule \"2-b\";\n" + "end\n", Tools.nowUTC(), null)));
    final Map<String, Function<?>> functions = ImmutableMap.of(SetField.NAME, new SetField(), DropMessage.NAME, new DropMessage());
    final PipelineInterpreter interpreter = createPipelineInterpreter(ruleService, pipelineService, functions);
    final Messages processed = interpreter.process(messageInDefaultStream("message", "test"));
    assertThat(processed).isInstanceOf(MessageCollection.class);
    // Use MessageCollection#source here to get access to the unfiltered messages
    final List<Message> messages = ImmutableList.copyOf(((MessageCollection) processed).source());
    assertThat(messages).hasSize(1);
    final Message actualMessage = messages.get(0);
    assertThat(actualMessage.getFilterOut()).isTrue();
    // Even though "drop_message" has been called in one of the stages, all stages of the same number should
    // have been executed
    assertThat(actualMessage.getFieldAs(String.class, "1-a")).isEqualTo("value");
    assertThat(actualMessage.getFieldAs(String.class, "2-a")).isEqualTo("value");
    // The second stage in both pipelines should not have been executed due to the "drop_message" call
    assertThat(actualMessage.getField("1-b")).isNull();
    assertThat(actualMessage.getField("2-b")).isNull();
}
Also used : Function(org.graylog.plugins.pipelineprocessor.ast.functions.Function) Messages(org.graylog2.plugin.Messages) PipelineService(org.graylog.plugins.pipelineprocessor.db.PipelineService) MongoDbPipelineService(org.graylog.plugins.pipelineprocessor.db.mongodb.MongoDbPipelineService) InMemoryPipelineService(org.graylog.plugins.pipelineprocessor.db.memory.InMemoryPipelineService) CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage) DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage) Message(org.graylog2.plugin.Message) RuleService(org.graylog.plugins.pipelineprocessor.db.RuleService) MongoDbRuleService(org.graylog.plugins.pipelineprocessor.db.mongodb.MongoDbRuleService) InMemoryRuleService(org.graylog.plugins.pipelineprocessor.db.memory.InMemoryRuleService) SetField(org.graylog.plugins.pipelineprocessor.functions.messages.SetField) DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage) Test(org.junit.Test)

Example 82 with Messages

use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.

the class PipelineInterpreterTest method testMatchEitherStopsIfNoRuleMatched.

@Test
public void testMatchEitherStopsIfNoRuleMatched() {
    final RuleService ruleService = mock(MongoDbRuleService.class);
    when(ruleService.loadAll()).thenReturn(ImmutableList.of(RULE_TRUE, RULE_FALSE, RULE_ADD_FOOBAR));
    final PipelineService pipelineService = mock(MongoDbPipelineService.class);
    when(pipelineService.loadAll()).thenReturn(Collections.singleton(PipelineDao.create("p1", "title", "description", "pipeline \"pipeline\"\n" + "stage 0 match either\n" + "    rule \"false\";\n" + "stage 1 match either\n" + "    rule \"add_foobar\";\n" + "end\n", Tools.nowUTC(), null)));
    final Map<String, Function<?>> functions = ImmutableMap.of(SetField.NAME, new SetField());
    final PipelineInterpreter interpreter = createPipelineInterpreter(ruleService, pipelineService, functions);
    final Messages processed = interpreter.process(messageInDefaultStream("message", "test"));
    final List<Message> messages = ImmutableList.copyOf(processed);
    assertThat(messages).hasSize(1);
    final Message actualMessage = messages.get(0);
    assertThat(actualMessage.hasField("foobar")).isFalse();
}
Also used : Function(org.graylog.plugins.pipelineprocessor.ast.functions.Function) Messages(org.graylog2.plugin.Messages) PipelineService(org.graylog.plugins.pipelineprocessor.db.PipelineService) MongoDbPipelineService(org.graylog.plugins.pipelineprocessor.db.mongodb.MongoDbPipelineService) InMemoryPipelineService(org.graylog.plugins.pipelineprocessor.db.memory.InMemoryPipelineService) CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage) DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage) Message(org.graylog2.plugin.Message) RuleService(org.graylog.plugins.pipelineprocessor.db.RuleService) MongoDbRuleService(org.graylog.plugins.pipelineprocessor.db.mongodb.MongoDbRuleService) InMemoryRuleService(org.graylog.plugins.pipelineprocessor.db.memory.InMemoryRuleService) SetField(org.graylog.plugins.pipelineprocessor.functions.messages.SetField) Test(org.junit.Test)

Example 83 with Messages

use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.

the class PipelineInterpreterTest method testMatchPassContinuesIfOneRuleMatched.

@Test
public void testMatchPassContinuesIfOneRuleMatched() {
    final RuleService ruleService = mock(MongoDbRuleService.class);
    when(ruleService.loadAll()).thenReturn(ImmutableList.of(RULE_TRUE, RULE_FALSE, RULE_ADD_FOOBAR));
    final PipelineService pipelineService = mock(MongoDbPipelineService.class);
    when(pipelineService.loadAll()).thenReturn(Collections.singleton(PipelineDao.create("p1", "title", "description", "pipeline \"pipeline\"\n" + "stage 0 match pass\n" + "    rule \"true\";\n" + "    rule \"false\";\n" + "stage 1 match pass\n" + "    rule \"add_foobar\";\n" + "end\n", Tools.nowUTC(), null)));
    final Map<String, Function<?>> functions = ImmutableMap.of(SetField.NAME, new SetField());
    final PipelineInterpreter interpreter = createPipelineInterpreter(ruleService, pipelineService, functions);
    final Messages processed = interpreter.process(messageInDefaultStream("message", "test"));
    final List<Message> messages = ImmutableList.copyOf(processed);
    assertThat(messages).hasSize(1);
    final Message actualMessage = messages.get(0);
    assertThat(actualMessage.getFieldAs(String.class, "foobar")).isEqualTo("covfefe");
}
Also used : Function(org.graylog.plugins.pipelineprocessor.ast.functions.Function) Messages(org.graylog2.plugin.Messages) PipelineService(org.graylog.plugins.pipelineprocessor.db.PipelineService) MongoDbPipelineService(org.graylog.plugins.pipelineprocessor.db.mongodb.MongoDbPipelineService) InMemoryPipelineService(org.graylog.plugins.pipelineprocessor.db.memory.InMemoryPipelineService) CreateMessage(org.graylog.plugins.pipelineprocessor.functions.messages.CreateMessage) DropMessage(org.graylog.plugins.pipelineprocessor.functions.messages.DropMessage) Message(org.graylog2.plugin.Message) RuleService(org.graylog.plugins.pipelineprocessor.db.RuleService) MongoDbRuleService(org.graylog.plugins.pipelineprocessor.db.mongodb.MongoDbRuleService) InMemoryRuleService(org.graylog.plugins.pipelineprocessor.db.memory.InMemoryRuleService) SetField(org.graylog.plugins.pipelineprocessor.functions.messages.SetField) Test(org.junit.Test)

Example 84 with Messages

use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.

the class NetFlowCodecTest method decodeMessagesReturnsNullIfMessageWasInvalid.

@Test
public void decodeMessagesReturnsNullIfMessageWasInvalid() throws Exception {
    final byte[] b = "Foobar".getBytes(StandardCharsets.UTF_8);
    final InetSocketAddress source = new InetSocketAddress(InetAddress.getLocalHost(), 12345);
    final RawMessage rawMessage = new RawMessage(b, source);
    final Collection<Message> messages = codec.decodeMessages(rawMessage);
    assertThat(messages).isNull();
}
Also used : RawMessage(org.graylog2.plugin.journal.RawMessage) Message(org.graylog2.plugin.Message) InetSocketAddress(java.net.InetSocketAddress) RawMessage(org.graylog2.plugin.journal.RawMessage) Test(org.junit.Test)

Example 85 with Messages

use of org.graylog2.indexer.messages.Messages in project graylog2-server by Graylog2.

the class NetFlowCodecTest method decodeMessagesReturnsNullIfNetFlowParserThrowsFlowException.

@Test
public void decodeMessagesReturnsNullIfNetFlowParserThrowsFlowException() throws Exception {
    final byte[] b = "Foobar".getBytes(StandardCharsets.UTF_8);
    final InetSocketAddress source = new InetSocketAddress(InetAddress.getLocalHost(), 12345);
    final RawMessage rawMessage = new RawMessage(b, source) {

        private boolean triggered = false;

        @Override
        public byte[] getPayload() {
            if (triggered) {
                return new byte[] {};
            }
            triggered = true;
            throw new FlowException("Boom!");
        }
    };
    final Collection<Message> messages = codec.decodeMessages(rawMessage);
    assertThat(messages).isNull();
}
Also used : RawMessage(org.graylog2.plugin.journal.RawMessage) Message(org.graylog2.plugin.Message) FlowException(org.graylog.plugins.netflow.flows.FlowException) InetSocketAddress(java.net.InetSocketAddress) RawMessage(org.graylog2.plugin.journal.RawMessage) Test(org.junit.Test)

Aggregations

Message (org.graylog2.plugin.Message)41 Test (org.junit.Test)31 DateTime (org.joda.time.DateTime)17 Map (java.util.Map)15 ApiOperation (io.swagger.annotations.ApiOperation)14 Produces (javax.ws.rs.Produces)14 Timed (com.codahale.metrics.annotation.Timed)13 ApiResponses (io.swagger.annotations.ApiResponses)12 Messages (org.graylog2.plugin.Messages)12 List (java.util.List)11 GET (javax.ws.rs.GET)11 AbsoluteRange (org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)11 ResultMessage (org.graylog2.indexer.results.ResultMessage)10 TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)10 ArrayList (java.util.ArrayList)9 Collectors (java.util.stream.Collectors)9 ResultMessageSummary (org.graylog2.rest.models.messages.responses.ResultMessageSummary)9 ImmutableMap (com.google.common.collect.ImmutableMap)8 IOException (java.io.IOException)8 Inject (javax.inject.Inject)8