Example 31 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class SyslogCodecTest method testFortiGateFirewall.
@Test
public void testFortiGateFirewall() {
final RawMessage rawMessage = buildRawMessage("<45>date=2017-03-06 time=12:53:10 devname=DEVICENAME devid=DEVICEID logid=0000000013 type=traffic subtype=forward level=notice vd=ALIAS srcip=IP srcport=45748 srcintf=\"IF\" dstip=IP dstport=443 dstintf=\"IF\" sessionid=1122686199 status=close policyid=77 dstcountry=\"COUNTRY\" srccountry=\"COUNTRY\" trandisp=dnat tranip=IP tranport=443 service=HTTPS proto=6 appid=41540 app=\"SSL_TLSv1.2\" appcat=\"Network.Service\" applist=\"ACLNAME\" appact=detected duration=1 sentbyte=2313 rcvdbyte=14883 sentpkt=19 rcvdpkt=19 utmaction=passthrough utmevent=app-ctrl attack=\"SSL\" hostname=\"HOSTNAME\"");
final Message message = codec.decode(rawMessage);
assertThat(message).isNotNull();
assertThat(message.getMessage()).isEqualTo("date=2017-03-06 time=12:53:10 devname=DEVICENAME devid=DEVICEID logid=0000000013 type=traffic subtype=forward level=notice vd=ALIAS srcip=IP srcport=45748 srcintf=\"IF\" dstip=IP dstport=443 dstintf=\"IF\" sessionid=1122686199 status=close policyid=77 dstcountry=\"COUNTRY\" srccountry=\"COUNTRY\" trandisp=dnat tranip=IP tranport=443 service=HTTPS proto=6 appid=41540 app=\"SSL_TLSv1.2\" appcat=\"Network.Service\" applist=\"ACLNAME\" appact=detected duration=1 sentbyte=2313 rcvdbyte=14883 sentpkt=19 rcvdpkt=19 utmaction=passthrough utmevent=app-ctrl attack=\"SSL\" hostname=\"HOSTNAME\"");
assertThat(message.getTimestamp()).isEqualTo(new DateTime(2017, 3, 6, 12, 53, 10, DateTimeZone.UTC));
assertThat(message.getField("source")).isEqualTo("DEVICENAME");
assertThat(message.getField("level")).isEqualTo(5);
assertThat(message.getField("facility")).isEqualTo("syslogd");
assertThat(message.getField("logid")).isEqualTo("0000000013");
assertThat(message.getField("app")).isEqualTo("SSL_TLSv1.2");
assertThat(message.getField("facility_num")).isEqualTo(5);
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
RawMessage(org.graylog2.plugin.journal.RawMessage)
ZonedDateTime(java.time.ZonedDateTime)
DateTime(org.joda.time.DateTime)
Test(org.junit.Test)
Example 32 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class GelfCodecTest method decodeFailsWithEmptyMessage.
@Test
public void decodeFailsWithEmptyMessage() throws Exception {
final String json = "{" + "\"version\": \"1.1\"," + "\"host\": \"example.org\"," + "\"message\": \"\"" + "}";
final RawMessage rawMessage = new RawMessage(json.getBytes(StandardCharsets.UTF_8));
assertThatIllegalArgumentException().isThrownBy(() -> codec.decode(rawMessage)).withNoCause().withMessageMatching("GELF message <[0-9a-f-]+> has empty mandatory \"message\" field.");
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Test(org.junit.Test)
Example 33 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class GelfCodecTest method decodeSucceedsWithTrailingComma.
@Test
public void decodeSucceedsWithTrailingComma() throws Exception {
assertThat(codec.decode(new RawMessage("{\"short_message\":\"0\",}".getBytes(StandardCharsets.UTF_8)))).isNotNull();
assertThat(codec.decode(new RawMessage("{\"message\":\"0\",}".getBytes(StandardCharsets.UTF_8)))).isNotNull();
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Test(org.junit.Test)
Example 34 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class GelfCodecTest method decodeFailsWithWrongTypeForMessage.
@Test
public void decodeFailsWithWrongTypeForMessage() throws Exception {
final String json = "{" + "\"version\": \"1.1\"," + "\"host\": \"example.org\"," + "\"message\": 42" + "}";
final RawMessage rawMessage = new RawMessage(json.getBytes(StandardCharsets.UTF_8));
assertThatIllegalArgumentException().isThrownBy(() -> codec.decode(rawMessage)).withNoCause().withMessageMatching("GELF message <[0-9a-f-]+> has invalid \"message\": 42");
}
Also used :
RawMessage(org.graylog2.plugin.journal.RawMessage)
Test(org.junit.Test)
Example 35 with RawMessage
use of org.graylog2.plugin.journal.RawMessage in project graylog2-server by Graylog2.
the class RawMessageTest method minimalEncodeDecode.
@Test
public void minimalEncodeDecode() throws IOException {
final RawMessage rawMessage = new RawMessage("testmessage".getBytes(StandardCharsets.UTF_8));
final File tempFile = File.createTempFile("node", "test");
rawMessage.addSourceNode("inputid", new NodeId(tempFile.getAbsolutePath()));
rawMessage.setCodecName("raw");
rawMessage.setCodecConfig(Configuration.EMPTY_CONFIGURATION);
final byte[] encoded = rawMessage.encode();
final RawMessage decodedMsg = RawMessage.decode(encoded, 1);
assertNotNull(decodedMsg);
assertArrayEquals("testmessage".getBytes(StandardCharsets.UTF_8), decodedMsg.getPayload());
assertEquals("raw", decodedMsg.getCodecName());
}Aggregations
RawMessage (org.graylog2.plugin.journal.RawMessage)59
Test (org.junit.Test)35
Message (org.graylog2.plugin.Message)23
InetSocketAddress (java.net.InetSocketAddress)13
IOException (java.io.IOException)7
Nullable (javax.annotation.Nullable)7
MappedMessage (org.graylog.plugins.cef.parser.MappedMessage)6
ResolvableInetSocketAddress (org.graylog2.plugin.ResolvableInetSocketAddress)6
DateTime (org.joda.time.DateTime)5
Configuration (org.graylog2.plugin.configuration.Configuration)4
ByteBuf (io.netty.buffer.ByteBuf)3
URL (java.net.URL)3
ZonedDateTime (java.time.ZonedDateTime)3
Timer (com.codahale.metrics.Timer)2
List (java.util.List)2
Map (java.util.Map)2
Properties (java.util.Properties)2
CountDownLatch (java.util.concurrent.CountDownLatch)2
NotFoundException (javax.ws.rs.NotFoundException)2
DocumentNotFoundException (org.graylog2.indexer.messages.DocumentNotFoundException)2
