Example 21 with Codec
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.
the class NetFlowUdpTransportTest method getChildChannelHandlersContainsCustomCodecAggregator.
@Test
public void getChildChannelHandlersContainsCustomCodecAggregator() throws Exception {
final LinkedHashMap<String, Callable<? extends ChannelHandler>> handlers = transport.getChannelHandlers(mock(MessageInput.class));
assertThat(handlers).containsKey("codec-aggregator").doesNotContainKey("udp-datagram");
final ChannelHandler channelHandler = handlers.get("codec-aggregator").call();
assertThat(channelHandler).isInstanceOf(NetflowMessageAggregationHandler.class);
}
Also used :
MessageInput(org.graylog2.plugin.inputs.MessageInput)
ChannelHandler(io.netty.channel.ChannelHandler)
Callable(java.util.concurrent.Callable)
Test(org.junit.Test)
Example 22 with Codec
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog2-server by Graylog2.
the class CEFCodecFixturesTest method setUp.
@Before
public void setUp() {
final CEFCodec codec = new CEFCodec(new Configuration(fixture.codecConfiguration));
message = codec.decode(rawMessage);
assertThat(message).isNotNull();
}
Also used :
Configuration(org.graylog2.plugin.configuration.Configuration)
Before(org.junit.Before)
Example 23 with Codec
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog-plugin-integrations by Graylog2.
the class PaloAltoCodecTest method valuesTest.
@Test
public void valuesTest() {
// Test System message results
PaloAltoCodec codec = new PaloAltoCodec(Configuration.EMPTY_CONFIGURATION);
Message message = codec.decode(new RawMessage(PANORAMA_SYSTEM_MESSAGE.getBytes()));
assertEquals("SYSTEM", message.getField("type"));
assertEquals(message.getField("module"), "general");
// Test quoted value with embedded commas.
assertEquals(message.getField("description"), "Deviating device: Prod--2, Serial: 453524335, Object: N/A, Metric: mp-cpu, Value: 34");
assertEquals(message.getField("serial_number"), "000710000506");
assertEquals(message.getField("source"), "Panorama-1");
assertEquals(message.getField("message"), "1,2018/09/19 11:50:35,000710000506,SYSTEM,general,0,2018/09/19 11:50:35,,general,,0,0,general,informational,\"Deviating device: Prod--2, Serial: 453524335, Object: N/A, Metric: mp-cpu, Value: 34\",1163103,0x0,0,0,0,0,,Panorama-1");
assertEquals(message.getField("severity"), "informational");
assertEquals(message.getField("generated_time"), "2018/09/19 11:50:35");
assertEquals(message.getField("event_id"), "general");
assertEquals(message.getField("device_name"), "Panorama-1");
assertEquals(message.getField("content_threat_type"), "general");
assertEquals(message.getField("virtual_system_name"), null);
assertEquals(0, ((DateTime) message.getField("timestamp")).compareTo(new DateTime("2018-09-19T11:50:35.000-05:00")));
// Test Traffic message results
message = codec.decode(new RawMessage(PANORAMA_TRAFFIC_MESSAGE.getBytes()));
assertEquals(message.getField("bytes_received"), 140L);
assertEquals(message.getField("source"), "Panorama--2");
assertEquals(message.getField("repeat_count"), 1L);
assertEquals(message.getField("receive_time"), "2018/09/19 11:50:32");
assertEquals(message.getField("outbound_interface"), "ethernet1/1");
assertEquals(message.getField("packets"), 6L);
assertEquals(message.getField("dest_location"), "10.20.30.40-10.20.30.40");
assertEquals(message.getField("src_addr"), "10.20.30.40");
assertEquals(message.getField("generated_time"), "2018/09/19 11:50:32");
assertEquals(message.getField("protocol"), "tcp");
assertEquals(message.getField("threat_content_type"), "end");
assertEquals(message.getField("packets_sent"), 4L);
assertEquals(message.getField("packets_received"), 2L);
assertEquals(message.getField("action"), "allow");
assertEquals(message.getField("virtual_system"), "vsys1");
assertEquals(message.getField("dest_port"), 443L);
assertEquals(((DateTime) message.getField("timestamp")).compareTo(new DateTime("2018-09-19T11:50:32.000-05:00")), 0);
assertEquals(message.getField("rule_name"), "HTTPS-strict");
assertEquals(message.getField("nat_src_addr"), "10.20.30.40");
assertEquals(message.getField("session_id"), 205742L);
assertEquals(message.getField("serial_number"), "453524335");
assertEquals(message.getField("message"), "1,2018/09/19 11:50:32,453524335,TRAFFIC,end,2049,2018/09/19 11:50:32,10.20.30.40,10.20.30.40,10.20.30.40,10.20.30.40,HTTPS-strict,,,incomplete,vsys1,Public,Public,ethernet1/1,ethernet1/1,ALK Logging,2018/09/19 11:50:32,205742,1,64575,443,41304,443,0x400070,tcp,allow,412,272,140,6,2018/09/19 11:50:15,0,any,0,54196730,0x8000000000000000,10.20.30.40-10.20.30.40,10.20.30.40-10.20.30.40,0,4,2,tcp-fin,13,16,0,0,,Prod--2,from-policy,,,0,,0,,N/A,0,0,0,0");
assertEquals(message.getField("bytes_sent"), 272L);
assertEquals(message.getField("dest_zone"), "Public");
assertEquals(message.getField("nat_src_port"), 41304L);
assertEquals(message.getField("src_port"), 64575L);
assertEquals(message.getField("src_location"), "10.20.30.40-10.20.30.40");
assertEquals(message.getField("log_action"), "ALK Logging");
assertEquals(message.getField("inbound_interface"), "ethernet1/1");
assertEquals(message.getField("application"), "incomplete");
assertEquals(message.getField("src_zone"), "Public");
assertEquals(message.getField("bytes"), 412L);
assertEquals(message.getField("dest_addr"), "10.20.30.40");
assertEquals(message.getField("type"), "TRAFFIC");
assertEquals(message.getField("nat_dest_addr"), "10.20.30.40");
assertEquals(message.getField("category"), "any");
assertEquals(message.getField("nat_dest_port"), 443L);
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
RawMessage(org.graylog2.plugin.journal.RawMessage)
DateTime(org.joda.time.DateTime)
Test(org.junit.Test)
Example 24 with Codec
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog-plugin-integrations by Graylog2.
the class PaloAltoCodecTest method syslogValuesTest.
@Test
public void syslogValuesTest() {
// Test System message results
PaloAltoCodec codec = new PaloAltoCodec(Configuration.EMPTY_CONFIGURATION);
Message message = codec.decode(new RawMessage(SYSLOG_THREAT_MESSAGE_NO_HOST_DOUBLE_SPACE_DATE.getBytes()));
assertEquals("THREAT", message.getField("type"));
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
RawMessage(org.graylog2.plugin.journal.RawMessage)
Test(org.junit.Test)
Example 25 with Codec
use of org.graylog2.plugin.inputs.annotations.Codec in project graylog-plugin-integrations by Graylog2.
the class PaloAltoCodecTest method testMoreSyslogFormats.
@Test
public void testMoreSyslogFormats() {
// Test an extra list of messages.
for (String threatString : MORE_SYSLOG_THREAT_MESSAGES) {
PaloAltoCodec codec = new PaloAltoCodec(Configuration.EMPTY_CONFIGURATION);
Message message = codec.decode(new RawMessage(threatString.getBytes()));
assertEquals("THREAT", message.getField("type"));
}
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
RawMessage(org.graylog2.plugin.journal.RawMessage)
Test(org.junit.Test)
Aggregations
RawMessage (org.graylog2.plugin.journal.RawMessage)21
Message (org.graylog2.plugin.Message)20
Test (org.junit.Test)16
Configuration (org.graylog2.plugin.configuration.Configuration)11
Codec (org.graylog2.plugin.inputs.codecs.Codec)6
DateTime (org.joda.time.DateTime)6
KinesisLogEntry (org.graylog.integrations.aws.cloudwatch.KinesisLogEntry)4
CodecAggregator (org.graylog2.plugin.inputs.codecs.CodecAggregator)4
ChannelHandler (io.netty.channel.ChannelHandler)3
IOException (java.io.IOException)3
InetSocketAddress (java.net.InetSocketAddress)3
HashMap (java.util.HashMap)3
Callable (java.util.concurrent.Callable)3
ResolvableInetSocketAddress (org.graylog2.plugin.ResolvableInetSocketAddress)3
ByteBuf (io.netty.buffer.ByteBuf)2
Pcap (io.pkts.Pcap)2
UDPPacket (io.pkts.packet.UDPPacket)2
InputStream (java.io.InputStream)2
LinkedHashMap (java.util.LinkedHashMap)2
List (java.util.List)2
