telegraf/plugins/inputs/suricata/suricata_test.go

291 lines
6.0 KiB
Go

package suricata
import (
"fmt"
"io/ioutil"
"log"
"math/rand"
"net"
"os"
"path/filepath"
"strings"
"testing"
"time"
"github.com/influxdata/telegraf"
"github.com/influxdata/telegraf/testutil"
"github.com/stretchr/testify/require"
)
var ex2 = `{"timestamp":"2017-03-06T07:43:39.000397+0000","event_type":"stats","stats":{"capture":{"kernel_packets":905344474,"kernel_drops":78355440,"kernel_packets_delta":2376742,"kernel_drops_delta":82049}}}`
var ex3 = `{"timestamp":"2017-03-06T07:43:39.000397+0000","event_type":"stats","stats":{"threads": { "W#05-wlp4s0": { "capture":{"kernel_packets":905344474,"kernel_drops":78355440}}}}}`
func TestSuricataLarge(t *testing.T) {
dir, err := ioutil.TempDir("", "test")
require.NoError(t, err)
defer os.RemoveAll(dir)
tmpfn := filepath.Join(dir, fmt.Sprintf("t%d", rand.Int63()))
s := Suricata{
Source: tmpfn,
Delimiter: ".",
Log: testutil.Logger{
Name: "inputs.suricata",
},
}
acc := testutil.Accumulator{}
require.NoError(t, s.Start(&acc))
defer s.Stop()
data, err := ioutil.ReadFile("testdata/test1.json")
require.NoError(t, err)
c, err := net.Dial("unix", tmpfn)
require.NoError(t, err)
c.Write([]byte(data))
c.Write([]byte("\n"))
c.Close()
acc.Wait(1)
}
func TestSuricata(t *testing.T) {
dir, err := ioutil.TempDir("", "test")
require.NoError(t, err)
defer os.RemoveAll(dir)
tmpfn := filepath.Join(dir, fmt.Sprintf("t%d", rand.Int63()))
s := Suricata{
Source: tmpfn,
Delimiter: ".",
Log: testutil.Logger{
Name: "inputs.suricata",
},
}
acc := testutil.Accumulator{}
require.NoError(t, s.Start(&acc))
defer s.Stop()
c, err := net.Dial("unix", tmpfn)
require.NoError(t, err)
c.Write([]byte(ex2))
c.Write([]byte("\n"))
c.Close()
acc.Wait(1)
s = Suricata{
Source: tmpfn,
Delimiter: ".",
Log: testutil.Logger{
Name: "inputs.suricata",
},
}
expected := []telegraf.Metric{
testutil.MustMetric(
"suricata",
map[string]string{
"thread": "total",
},
map[string]interface{}{
"capture.kernel_packets": float64(905344474),
"capture.kernel_drops": float64(78355440),
"capture.kernel_packets_delta": float64(2376742),
"capture.kernel_drops_delta": float64(82049),
},
time.Unix(0, 0),
),
}
testutil.RequireMetricsEqual(t, expected, acc.GetTelegrafMetrics(), testutil.IgnoreTime())
}
func TestThreadStats(t *testing.T) {
dir, err := ioutil.TempDir("", "test")
require.NoError(t, err)
defer os.RemoveAll(dir)
tmpfn := filepath.Join(dir, fmt.Sprintf("t%d", rand.Int63()))
s := Suricata{
Source: tmpfn,
Delimiter: ".",
Log: testutil.Logger{
Name: "inputs.suricata",
},
}
acc := testutil.Accumulator{}
require.NoError(t, s.Start(&acc))
defer s.Stop()
c, err := net.Dial("unix", tmpfn)
require.NoError(t, err)
c.Write([]byte(""))
c.Write([]byte("\n"))
c.Write([]byte("foobard}\n"))
c.Write([]byte(ex3))
c.Write([]byte("\n"))
c.Close()
acc.Wait(1)
expected := []telegraf.Metric{
testutil.MustMetric(
"suricata",
map[string]string{
"thread": "W#05-wlp4s0",
},
map[string]interface{}{
"capture.kernel_packets": float64(905344474),
"capture.kernel_drops": float64(78355440),
},
time.Unix(0, 0),
),
}
testutil.RequireMetricsEqual(t, expected, acc.GetTelegrafMetrics(), testutil.IgnoreTime())
}
func TestSuricataInvalid(t *testing.T) {
dir, err := ioutil.TempDir("", "test")
require.NoError(t, err)
defer os.RemoveAll(dir)
tmpfn := filepath.Join(dir, fmt.Sprintf("t%d", rand.Int63()))
s := Suricata{
Source: tmpfn,
Log: testutil.Logger{
Name: "inputs.suricata",
},
}
acc := testutil.Accumulator{}
acc.SetDebug(true)
require.NoError(t, s.Start(&acc))
defer s.Stop()
c, err := net.Dial("unix", tmpfn)
require.NoError(t, err)
c.Write([]byte("sfjiowef"))
c.Write([]byte("\n"))
c.Close()
acc.WaitError(1)
}
func TestSuricataInvalidPath(t *testing.T) {
tmpfn := fmt.Sprintf("/t%d/X", rand.Int63())
s := Suricata{
Source: tmpfn,
Log: testutil.Logger{
Name: "inputs.suricata",
},
}
acc := testutil.Accumulator{}
require.Error(t, s.Start(&acc))
}
func TestSuricataTooLongLine(t *testing.T) {
dir, err := ioutil.TempDir("", "test")
require.NoError(t, err)
defer os.RemoveAll(dir)
tmpfn := filepath.Join(dir, fmt.Sprintf("t%d", rand.Int63()))
s := Suricata{
Source: tmpfn,
Log: testutil.Logger{
Name: "inputs.suricata",
},
}
acc := testutil.Accumulator{}
require.NoError(t, s.Start(&acc))
defer s.Stop()
c, err := net.Dial("unix", tmpfn)
require.NoError(t, err)
c.Write([]byte(strings.Repeat("X", 20000000)))
c.Write([]byte("\n"))
c.Close()
acc.WaitError(1)
}
func TestSuricataEmptyJSON(t *testing.T) {
dir, err := ioutil.TempDir("", "test")
require.NoError(t, err)
defer os.RemoveAll(dir)
tmpfn := filepath.Join(dir, fmt.Sprintf("t%d", rand.Int63()))
s := Suricata{
Source: tmpfn,
Log: testutil.Logger{
Name: "inputs.suricata",
},
}
acc := testutil.Accumulator{}
require.NoError(t, s.Start(&acc))
defer s.Stop()
c, err := net.Dial("unix", tmpfn)
if err != nil {
log.Println(err)
}
c.Write([]byte("\n"))
c.Close()
acc.WaitError(1)
}
func TestSuricataDisconnectSocket(t *testing.T) {
dir, err := ioutil.TempDir("", "test")
require.NoError(t, err)
defer os.RemoveAll(dir)
tmpfn := filepath.Join(dir, fmt.Sprintf("t%d", rand.Int63()))
s := Suricata{
Source: tmpfn,
Log: testutil.Logger{
Name: "inputs.suricata",
},
}
acc := testutil.Accumulator{}
require.NoError(t, s.Start(&acc))
defer s.Stop()
c, err := net.Dial("unix", tmpfn)
require.NoError(t, err)
c.Write([]byte(ex2))
c.Write([]byte("\n"))
c.Close()
c, err = net.Dial("unix", tmpfn)
require.NoError(t, err)
c.Write([]byte(ex3))
c.Write([]byte("\n"))
c.Close()
acc.Wait(2)
}
func TestSuricataStartStop(t *testing.T) {
dir, err := ioutil.TempDir("", "test")
require.NoError(t, err)
defer os.RemoveAll(dir)
tmpfn := filepath.Join(dir, fmt.Sprintf("t%d", rand.Int63()))
s := Suricata{
Source: tmpfn,
Log: testutil.Logger{
Name: "inputs.suricata",
},
}
acc := testutil.Accumulator{}
require.NoError(t, s.Start(&acc))
s.Stop()
}