use of org.graylog2.plugin.inputs.annotations.Codec in project graylog-plugin-integrations by Graylog2.
the class AWSTestingUtils method buildTestCodecs.
public static Map<String, Codec.Factory<? extends Codec>> buildTestCodecs() {
// Prepare test codecs. These have to be manually instantiated for the test context.
Map<String, Codec.Factory<? extends Codec>> availableCodecs = new HashMap<>();
ObjectMapper objectMapper = new ObjectMapperProvider().get();
availableCodecs.put(KinesisRawLogCodec.NAME, new KinesisRawLogCodec.Factory() {
@Override
public KinesisRawLogCodec create(Configuration configuration) {
return new KinesisRawLogCodec(configuration, objectMapper);
}
@Override
public KinesisRawLogCodec.Config getConfig() {
return null;
}
@Override
public Codec.Descriptor getDescriptor() {
return null;
}
});
availableCodecs.put(KinesisCloudWatchFlowLogCodec.NAME, new KinesisCloudWatchFlowLogCodec.Factory() {
@Override
public KinesisCloudWatchFlowLogCodec create(Configuration configuration) {
return new KinesisCloudWatchFlowLogCodec(configuration, objectMapper);
}
@Override
public KinesisCloudWatchFlowLogCodec.Config getConfig() {
return null;
}
@Override
public Codec.Descriptor getDescriptor() {
return null;
}
});
return availableCodecs;
}
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog-plugin-integrations by Graylog2.
the class PaloAltoCodecTest method testAllSyslogFormats.
@Test
public void testAllSyslogFormats() {
PaloAltoCodec codec = new PaloAltoCodec(Configuration.EMPTY_CONFIGURATION);
Message message = codec.decode(new RawMessage(SYSLOG_THREAT_MESSAGE.getBytes()));
assertEquals("THREAT", message.getField("type"));
message = codec.decode(new RawMessage(SYSLOG_THREAT_MESSAGE_DOUBLE_SPACE_DATE.getBytes()));
assertEquals("THREAT", message.getField("type"));
message = codec.decode(new RawMessage(SYSLOG_THREAT_MESSAGE_NO_HOST.getBytes()));
assertEquals("THREAT", message.getField("type"));
message = codec.decode(new RawMessage(SYSLOG_THREAT_MESSAGE_NO_HOST_DOUBLE_SPACE_DATE.getBytes()));
assertEquals("THREAT", message.getField("type"));
}
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog-plugin-integrations by Graylog2.
the class PaloAltoCodecTest method testMessageWithLineBreak.
@Test
public void testMessageWithLineBreak() {
// Verify that a messages with a line break at the end does not break parsing.
PaloAltoCodec codec = new PaloAltoCodec(Configuration.EMPTY_CONFIGURATION);
Message message = codec.decode(new RawMessage(PANORAMA_WITH_LINE_BREAK.getBytes()));
assertEquals("SYSTEM", message.getField("type"));
codec = new PaloAltoCodec(Configuration.EMPTY_CONFIGURATION);
message = codec.decode(new RawMessage(SYSLOG_WITH_LINE_BREAK.getBytes()));
assertEquals("THREAT", message.getField("type"));
}
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.
the class GelfCodecTest method decodeLargeCompressedMessageFails.
@Test
public void decodeLargeCompressedMessageFails() throws Exception {
expectedException.expect(IllegalStateException.class);
expectedException.expectMessage("JSON is null/could not be parsed (invalid JSON)");
expectedException.expectCause(isA(JsonParseException.class));
final Configuration configuration = new Configuration(Collections.singletonMap("decompress_size_limit", 100));
final GelfCodec codec = new GelfCodec(configuration, aggregator);
final String json = "{" + "\"version\": \"1.1\"," + "\"host\": \"example.org\"," + "\"short_message\": \"A short message that helps you identify what is going on\"," + "\"full_message\": \"Backtrace here\\n\\nMore stuff\"," + "\"timestamp\": 1385053862.3072," + "\"level\": 1," + "\"_some_bytes1\": \"Lorem ipsum dolor sit amet, consetetur sadipscing elitr, \"," + "\"_some_bytes2\": \"sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, \"," + "\"_some_bytes2\": \"sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum.\"" + "}";
final byte[] payload = TestHelper.zlibCompress(json);
assumeTrue(payload.length > 100);
final RawMessage rawMessage = new RawMessage(payload);
codec.decode(rawMessage);
}
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.
the class SyslogCodecTest method testDecodeStructuredIssue845WithExpandStructuredData.
@Test
public void testDecodeStructuredIssue845WithExpandStructuredData() throws Exception {
when(configuration.getBoolean(SyslogCodec.CK_EXPAND_STRUCTURED_DATA)).thenReturn(true);
final SyslogCodec codec = new SyslogCodec(configuration, metricRegistry);
final Message message = codec.decode(buildRawMessage(STRUCTURED_ISSUE_845));
assertNotNull(message);
assertEquals("User page 13 requested", message.getMessage());
assertEquals(new DateTime("2015-01-06T20:56:33.287Z", DateTimeZone.UTC), ((DateTime) message.getField("timestamp")).withZone(DateTimeZone.UTC));
assertEquals("app-1", message.getField("source"));
assertEquals(6, message.getField("level"));
assertEquals("local7", message.getField("facility"));
assertEquals("::ffff:132.123.15.30", message.getField("mdc@18060_ip"));
assertEquals("{c.corp.Handler}", message.getField("mdc@18060_logger"));
assertEquals("4ot7", message.getField("mdc@18060_session"));
assertEquals("user@example.com", message.getField("mdc@18060_user"));
assertEquals("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/7.1.2 Safari/537.85.11", message.getField("mdc@18060_user-agent"));
assertEquals("app", message.getField("application_name"));
assertEquals(23, message.getField("facility_num"));
}
Aggregations