Example 61 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class NetFlowCodecTest method decodeMessagesReturnsNullIfMessageWasInvalid.
@Test
public void decodeMessagesReturnsNullIfMessageWasInvalid() throws Exception {
final byte[] b = "Foobar".getBytes(StandardCharsets.UTF_8);
final InetSocketAddress source = new InetSocketAddress(InetAddress.getLocalHost(), 12345);
final RawMessage rawMessage = new RawMessage(b, source);
final Collection<Message> messages = codec.decodeMessages(rawMessage);
assertThat(messages).isNull();
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
InetSocketAddress(java.net.InetSocketAddress)
RawMessage(org.graylog2.plugin.journal.RawMessage)
Test(org.junit.Test)
Example 62 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class NetFlowCodecTest method decodeMessagesReturnsNullIfNetFlowParserThrowsFlowException.
@Test
public void decodeMessagesReturnsNullIfNetFlowParserThrowsFlowException() throws Exception {
final byte[] b = "Foobar".getBytes(StandardCharsets.UTF_8);
final InetSocketAddress source = new InetSocketAddress(InetAddress.getLocalHost(), 12345);
final RawMessage rawMessage = new RawMessage(b, source) {
private boolean triggered = false;
@Override
public byte[] getPayload() {
if (triggered) {
return new byte[] {};
}
triggered = true;
throw new FlowException("Boom!");
}
};
final Collection<Message> messages = codec.decodeMessages(rawMessage);
assertThat(messages).isNull();
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
FlowException(org.graylog.plugins.netflow.flows.FlowException)
InetSocketAddress(java.net.InetSocketAddress)
RawMessage(org.graylog2.plugin.journal.RawMessage)
Test(org.junit.Test)
Example 63 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class CEFCodecFixturesTest method setUp.
@Before
public void setUp() {
final CEFCodec codec = new CEFCodec(new Configuration(fixture.codecConfiguration));
message = codec.decode(rawMessage);
assertThat(message).isNotNull();
}
Also used :
Configuration(org.graylog2.plugin.configuration.Configuration)
Before(org.junit.Before)
Example 64 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class CEFCodec method decideSource.
protected String decideSource(MappedMessage cef, RawMessage raw) {
// Try getting the host name from the CEF extension "deviceAddress"/"dvc"
final Map<String, Object> fields = cef.mappedExtensions();
if (fields != null && !fields.isEmpty()) {
final String deviceAddress = (String) fields.getOrDefault(CEFMapping.dvc.getFullName(), fields.get(CEFMapping.dvc.getKeyName()));
if (!isNullOrEmpty(deviceAddress)) {
return deviceAddress;
}
}
// Try getting the hostname from the CEF message metadata (e. g. syslog)
if (!isNullOrEmpty(cef.host())) {
return cef.host();
}
// Use raw message source information if we were not able to parse a source from the CEF extensions.
final ResolvableInetSocketAddress address = raw.getRemoteAddress();
final InetSocketAddress remoteAddress;
if (address == null) {
remoteAddress = null;
} else {
remoteAddress = address.getInetSocketAddress();
}
return remoteAddress == null ? "unknown" : remoteAddress.getAddress().toString();
}
Also used :
ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress)
ResolvableInetSocketAddress(org.graylog2.plugin.ResolvableInetSocketAddress)
InetSocketAddress(java.net.InetSocketAddress)
Example 65 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class CEFCodec method decode.
@Nullable
@Override
public Message decode(@Nonnull RawMessage rawMessage) {
final String s = new String(rawMessage.getPayload(), StandardCharsets.UTF_8);
final Matcher matcher = SYSLOG_PREFIX.matcher(s);
if (matcher.find()) {
final String priString = matcher.group("pri");
final Integer pri = Ints.tryParse(priString);
final Map<String, Object> syslogFields = new HashMap<>();
if (pri != null) {
final int facility = SyslogUtils.facilityFromPriority(pri);
syslogFields.put("level", SyslogUtils.levelFromPriority(pri));
syslogFields.put("facility", SyslogUtils.facilityToString(facility));
}
final String msg = matcher.group("msg");
final Message message = decodeCEF(rawMessage, msg);
message.addFields(syslogFields);
return message;
} else {
return decodeCEF(rawMessage, s);
}
}
Also used :
MappedMessage(org.graylog.plugins.cef.parser.MappedMessage)
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
Matcher(java.util.regex.Matcher)
HashMap(java.util.HashMap)
Nullable(javax.annotation.Nullable)
Aggregations
RawMessage (org.graylog2.plugin.journal.RawMessage)59
Test (org.junit.Test)35
Message (org.graylog2.plugin.Message)23
InetSocketAddress (java.net.InetSocketAddress)13
IOException (java.io.IOException)7
Nullable (javax.annotation.Nullable)7
MappedMessage (org.graylog.plugins.cef.parser.MappedMessage)6
ResolvableInetSocketAddress (org.graylog2.plugin.ResolvableInetSocketAddress)6
DateTime (org.joda.time.DateTime)5
Configuration (org.graylog2.plugin.configuration.Configuration)4
ByteBuf (io.netty.buffer.ByteBuf)3
URL (java.net.URL)3
ZonedDateTime (java.time.ZonedDateTime)3
Timer (com.codahale.metrics.Timer)2
List (java.util.List)2
Map (java.util.Map)2
Properties (java.util.Properties)2
CountDownLatch (java.util.concurrent.CountDownLatch)2
NotFoundException (javax.ws.rs.NotFoundException)2
DocumentNotFoundException (org.graylog2.indexer.messages.DocumentNotFoundException)2
