1 | <?php |
||
2 | /** |
||
3 | * SyslogTest.php |
||
4 | * |
||
5 | * Tests various syslog input for proper parsing |
||
6 | * |
||
7 | * This program is free software: you can redistribute it and/or modify |
||
8 | * it under the terms of the GNU General Public License as published by |
||
9 | * the Free Software Foundation, either version 3 of the License, or |
||
10 | * (at your option) any later version. |
||
11 | * |
||
12 | * This program is distributed in the hope that it will be useful, |
||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the |
||
15 | * GNU General Public License for more details. |
||
16 | * |
||
17 | * You should have received a copy of the GNU General Public License |
||
18 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
19 | * |
||
20 | * @package LibreNMS |
||
21 | * @link http://librenms.org |
||
22 | * @copyright 2016 Tony Murray |
||
23 | * @author Tony Murray <[email protected]> |
||
24 | */ |
||
25 | |||
26 | namespace LibreNMS\Tests; |
||
27 | |||
28 | class SyslogTest extends TestCase |
||
29 | { |
||
30 | |||
31 | // The format is: |
||
32 | // $SOURCEIP||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM |
||
33 | // There add an IP for each OS you want to test and use that in the input file |
||
34 | |||
35 | private function fillLine($line) |
||
36 | { |
||
37 | $entry = array(); |
||
38 | list($entry['host'],$entry['facility'],$entry['priority'], $entry['level'], $entry['tag'], $entry['timestamp'], $entry['msg'], $entry['program']) = explode("||", trim($line)); |
||
39 | return $entry; |
||
40 | } |
||
41 | |||
42 | private function createData($line, $resultDelta) |
||
43 | { |
||
44 | $entry = $this->fillLine($line); |
||
45 | $data = array(); |
||
46 | $data['input'] = $entry; |
||
47 | unset($entry['msg']); // empty msg |
||
48 | $data['result'] = array_merge($entry, $resultDelta); |
||
49 | return $data; |
||
50 | } |
||
51 | |||
52 | |||
53 | /** |
||
54 | * Test an input line with the modified fields |
||
55 | * |
||
56 | * @param string $inputline The line from the syslog daemon including the ||'s |
||
57 | * @param array $modified of the modified fields, most likely containging the keys program and msg |
||
58 | */ |
||
59 | private function checkSyslog($inputline, $modified) |
||
60 | { |
||
61 | $data = $this->createData($inputline, $modified); |
||
62 | $res = process_syslog($data['input'], 0); |
||
63 | $this->assertEquals($data['result'], $res); |
||
64 | } |
||
65 | |||
66 | public function testCiscoSyslog() |
||
67 | { |
||
68 | // populate fake $dev_cache and $config |
||
69 | global $config, $dev_cache; |
||
70 | $dev_cache['1.1.1.1'] = array('device_id' => 1, 'os' => 'ios', 'version' => 1, 'hostname' => 'cisco-switch1'); |
||
71 | $config = array(); |
||
72 | $config['syslog_filter'] = array(); |
||
73 | |||
74 | // ---- IOS ---- |
||
75 | $this->checkSyslog( |
||
76 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||%CARD-SEVERITY-MSG:SLOT %FACILITY-SEVERITY-MNEMONIC: Message-text||", |
||
77 | array('device_id'=>1, 'program'=>'%CARD-SEVERITY-MSG:SLOT %FACILITY-SEVERITY-MNEMONIC', 'msg'=>'Message-text') |
||
78 | ); |
||
79 | $this->checkSyslog( |
||
80 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||%FACILITY-SUBFACILITY-SEVERITY-MNEMONIC: Message-text||", |
||
81 | array('device_id'=>1, 'program'=>'%FACILITY-SUBFACILITY-SEVERITY-MNEMONIC', 'msg'=>'Message-text') |
||
82 | ); |
||
83 | $this->checkSyslog( |
||
84 | "1.1.1.1||local7||info||info||be||2016-03-09 03:58:25||Mar 9 11:58:24.145 UTC: %SEC-6-IPACCESSLOGS: list MNGMNT denied 120.62.186.12 1 packet ||]", |
||
85 | array('device_id'=>1, 'program'=>'%SEC-6-IPACCESSLOGS', 'msg'=>'list MNGMNT denied 120.62.186.12 1 packet') |
||
86 | ); |
||
87 | $this->checkSyslog( |
||
88 | "1.1.1.1||local7||info||info||be||2016-04-27 021:12:28||Apr 27 21:12:28: %SYS-5-CONFIG_I: Configured from console by vty0||", |
||
89 | array('device_id'=>1, 'program'=>'%SYS-5-CONFIG_I', 'msg'=>'Configured from console by vty0') |
||
90 | ); |
||
91 | $this->checkSyslog( |
||
92 | "1.1.1.1||local7||info||info||be||2016-04-27 021:12:28||Mar 8 20:14:08.762: %FACILITY-SUBFACILITY-SEVERITY-MNEMONIC: Message-text||000956", |
||
93 | array('device_id'=>1, 'program'=>'%FACILITY-SUBFACILITY-SEVERITY-MNEMONIC', 'msg'=>'Message-text') |
||
94 | ); |
||
95 | |||
96 | |||
97 | // ---- CatOS ---- |
||
98 | $this->checkSyslog( |
||
99 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||%IP-3-UDP_SOCKOVFL:UDP socket overflow||", |
||
100 | array('device_id'=>1, 'program'=>'%IP-3-UDP_SOCKOVFL', 'msg'=>'UDP socket overflow') |
||
101 | ); |
||
102 | $this->checkSyslog( |
||
103 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||DTP-1-ILGLCFG: Illegal config (on, isl--on,dot1q) on Port [mod/port]||", |
||
104 | array('device_id'=>1, 'program'=>'DTP-1-ILGLCFG', 'msg'=>'Illegal config (on, isl--on,dot1q) on Port [mod/port]') |
||
105 | ); |
||
106 | $this->checkSyslog( |
||
107 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||Cannot enable text mode config if ACL config is cleared from nvram||", |
||
108 | array('device_id'=>1, 'program'=>'', 'msg'=>'Cannot enable text mode config if ACL config is cleared from nvram') |
||
109 | ); |
||
110 | $this->checkSyslog( |
||
111 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||%PAGP-5-PORTFROMSTP / %PAGP-5-PORTTOSTP||", |
||
112 | array('device_id'=>1, 'program'=>'%PAGP-5-PORTFROMSTP / %PAGP-5-PORTTOSTP') |
||
113 | ); |
||
114 | $this->checkSyslog( |
||
115 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||%SYS-3-EOBC_CHANNELREINIT||", |
||
116 | array('device_id'=>1, 'program'=>'%SYS-3-EOBC_CHANNELREINIT') |
||
117 | ); |
||
118 | $this->checkSyslog( |
||
119 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||%SYS-4-MODHPRESET:||", |
||
120 | array('device_id'=>1, 'program'=>'%SYS-4-MODHPRESET', 'msg'=>'') |
||
121 | ); |
||
122 | $this->checkSyslog( |
||
123 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||InbandPingProcessFailure:Module x not responding over inband||", |
||
124 | array('device_id'=>1, 'program'=>'INBANDPINGPROCESSFAILURE', 'msg'=>'Module x not responding over inband') |
||
125 | ); |
||
126 | $this->checkSyslog( |
||
127 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||RxSBIF_SEQ_NUM_ERROR:slot=x||", |
||
128 | array('device_id'=>1, 'program'=>'RXSBIF_SEQ_NUM_ERROR', 'msg'=>'slot=x') |
||
129 | ); |
||
130 | |||
131 | // With program from syslog |
||
132 | $this->checkSyslog( |
||
133 | "1.1.1.1||local7||notice||notice||bd||2016-04-04 15:18:43||Apr 4 13:18:42.670: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/32, changed state to up||345735", |
||
134 | array('device_id'=>1, 'program'=>'%LINEPROTO-5-UPDOWN', 'msg'=>'Line protocol on Interface GigabitEthernet0/32, changed state to up') |
||
135 | ); |
||
136 | |||
137 | // Incorrect time |
||
138 | $this->checkSyslog( |
||
139 | "1.1.1.1||user||info||info||0e||2016-04-06 15:20:35||*Apr 4 21:26:41.778 UTC: %LWAPP-3-REPLAY_ERR: 1 wcm: Received replay error on slot 1, WLAN ID 1, count 1 from AP xxxx.xxxx.xxxx||", |
||
140 | array('device_id'=>1, 'program'=>'%LWAPP-3-REPLAY_ERR', 'msg'=>'1 wcm: Received replay error on slot 1, WLAN ID 1, count 1 from AP xxxx.xxxx.xxxx') |
||
141 | ); |
||
142 | |||
143 | $this->checkSyslog( |
||
144 | "1.1.1.1||user||info||info||0e||2016-04-06 15:20:35||.Apr 4 21:26:41.778 UTC: %LWAPP-3-REPLAY_ERR: 1 wcm: Received replay error on slot 1, WLAN ID 1, count 1 from AP xxxx.xxxx.xxxx||", |
||
145 | array('device_id'=>1, 'program'=>'%LWAPP-3-REPLAY_ERR', 'msg'=>'1 wcm: Received replay error on slot 1, WLAN ID 1, count 1 from AP xxxx.xxxx.xxxx') |
||
146 | ); |
||
147 | } |
||
148 | public function testLinuxSyslog() |
||
149 | { |
||
150 | // populate fake $dev_cache and $config |
||
151 | global $config, $dev_cache; |
||
152 | $dev_cache['1.1.1.1'] = array('device_id' => 1, 'os' => 'linux', 'version' => 1, 'hostname' => 'linux-server1'); |
||
153 | $config = array(); |
||
154 | $config['syslog_filter'] = array(); |
||
155 | |||
156 | // ---- PAM ---- |
||
157 | $this->checkSyslog( |
||
158 | "1.1.1.1||authpriv||info||info||56||2016-02-28 00:23:34||pam_unix(cron:session): session opened for user librenms by (uid=0)||CRON", |
||
159 | array('device_id'=>1, 'program'=>'CRON', 'msg'=>'pam_unix(cron:session): session opened for user librenms by (uid=0)') |
||
160 | ); |
||
161 | $this->checkSyslog( |
||
162 | "1.1.1.1||authpriv||info||info||55||2016-02-28 00:23:34||pam_unix(sudo:session): session opened for user librenms by root (uid=0)||sudo", |
||
163 | array('device_id'=>1, 'program'=>'SUDO', 'msg'=>'pam_unix(sudo:session): session opened for user librenms by root (uid=0)') |
||
164 | ); |
||
165 | $this->checkSyslog( |
||
166 | "1.1.1.1||auth||info||info||0e||2016-02-28 00:23:34||pam_krb5(sshd:auth): authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231||sshd", |
||
167 | array('device_id'=>1, 'program'=>'SSHD', 'msg'=>'pam_krb5(sshd:auth): authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231') |
||
168 | ); |
||
169 | $this->checkSyslog( |
||
170 | "1.1.1.1||auth||info||info||0e||2016-02-28 00:23:34||pam_krb5[sshd:auth]: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231||sshd", |
||
171 | array('device_id'=>1, 'program'=>'SSHD', 'msg'=>'pam_krb5[sshd:auth]: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231') |
||
172 | ); |
||
173 | |||
174 | // ---- Postfix ---- |
||
175 | $this->checkSyslog( |
||
176 | "1.1.1.1||mail||info||info||16||2016-02-28 00:23:34||5C62E329EF: to=<[email protected]>, relay=mail.example.com[127.0.0.1]:25, delay=0.11, delays=0.04/0.01/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5362E6A670E)||postfix/smtp", |
||
177 | array('device_id'=>1, 'program'=>'POSTFIX/SMTP', 'msg'=>'5C62E329EF: to=<[email protected]>, relay=mail.example.com[127.0.0.1]:25, delay=0.11, delays=0.04/0.01/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5362E6A670E)') |
||
178 | ); |
||
179 | $this->checkSyslog( |
||
180 | "1.1.1.1||mail||info||info||16||2016-02-28 00:23:34||D7256400EF: from=<[email protected]>, size=882, nrcpt=1 (queue active)||postfix/qmgr", |
||
181 | array('device_id'=>1, 'program'=>'POSTFIX/QMGR', 'msg'=>'D7256400EF: from=<[email protected]>, size=882, nrcpt=1 (queue active)') |
||
182 | ); |
||
183 | |||
184 | // ---- No program ---- |
||
185 | $this->checkSyslog( |
||
186 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||some random message||", |
||
187 | array('device_id'=>1, 'program'=>'USER', 'msg'=>'some random message') |
||
188 | ); |
||
189 | |||
190 | // ---- Other ---- |
||
191 | $this->checkSyslog( |
||
192 | "1.1.1.1||cron||info||info||4e||2016-02-28 00:23:34||(librenms) CMD ( /opt/librenms/alerts.php >> /var/log/librenms_alert.log 2>&1)||CRON", |
||
193 | array('device_id'=>1, 'program'=>'CRON', 'msg'=>'(librenms) CMD ( /opt/librenms/alerts.php >> /var/log/librenms_alert.log 2>&1)') |
||
194 | ); |
||
195 | $this->checkSyslog( |
||
196 | "1.1.1.1||authpriv||notice||notice||55||2016-02-28 00:23:34|| root : TTY=pts/1 ; PWD=/opt/librenms ; USER=librenms ; COMMAND=/usr/bin/git status||sudo", |
||
197 | array('device_id'=>1, 'program'=>'SUDO', 'msg'=>'root : TTY=pts/1 ; PWD=/opt/librenms ; USER=librenms ; COMMAND=/usr/bin/git status') |
||
198 | ); |
||
199 | } |
||
200 | |||
201 | public function testProcurveSyslog() |
||
202 | { |
||
203 | // populate fake $dev_cache and $config |
||
204 | global $config, $dev_cache; |
||
205 | $dev_cache['1.1.1.1'] = array('device_id' => 1, 'os' => 'procurve', 'version' => 1, 'hostname' => 'procurve-switch1'); |
||
206 | $config = array(); |
||
207 | $config['syslog_filter'] = array(); |
||
208 | |||
209 | // ---- 2900/2910/3800/5400 ---- |
||
210 | $this->checkSyslog( |
||
211 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||chassis: Slot A Ready||00422", |
||
212 | array('device_id'=>1, 'program'=>'CHASSIS', 'msg'=>'Slot A Ready [00422]') |
||
213 | ); |
||
214 | $this->checkSyslog( |
||
215 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||ports: port 21 is now on-line||00076", |
||
216 | array('device_id'=>1, 'program'=>'PORTS', 'msg'=>'port 21 is now on-line [00076]') |
||
217 | ); |
||
218 | $this->checkSyslog( |
||
219 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||ports: port 21 is now off-line||00077", |
||
220 | array('device_id'=>1, 'program'=>'PORTS', 'msg'=>'port 21 is now off-line [00077]') |
||
221 | ); |
||
222 | $this->checkSyslog( |
||
223 | "1.1.1.1||user||warning||warning||0c||2016-02-28 00:23:34||FFI: port 21-High collision or drop rate. See help.||00331", |
||
224 | array('device_id'=>1, 'program'=>'FFI', 'msg'=>'port 21-High collision or drop rate. See help. [00331]') |
||
225 | ); |
||
226 | |||
227 | // ---- 2610 ---- |
||
228 | $this->checkSyslog( |
||
229 | "1.1.1.1||user||warning||warning||0c||2016-02-28 00:23:34||port 21-Excessive undersized/giant packets. See help.||FFI", |
||
230 | array('device_id'=>1, 'program'=>'FFI', 'msg'=>'port 21-Excessive undersized/giant packets. See help.') |
||
231 | ); |
||
232 | $this->checkSyslog( |
||
233 | "1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||updated time by -4 seconds||SNTP", |
||
234 | array('device_id'=>1, 'program'=>'SNTP', 'msg'=>'updated time by -4 seconds') |
||
235 | ); |
||
236 | } |
||
237 | public function testZywallSyslog() |
||
238 | { |
||
239 | // populate fake $dev_cache and $config |
||
240 | global $config, $dev_cache; |
||
0 ignored issues
–
show
|
|||
241 | $dev_cache['1.1.1.1'] = array('device_id' => 1, 'os' => 'zywall', 'version' => 1, 'hostname' => 'zywall'); |
||
242 | $config = array(); |
||
243 | $config['syslog_filter'] = array(); |
||
244 | |||
245 | // ---- USG60W ---- |
||
246 | $this->checkSyslog( |
||
247 | "1.1.1.1||local1||info||info||8e||2017-06-14 17:51:25||0\" dst=\"0.0.0.0:0\" msg=\"DHCP server assigned 195.159.132.109 to Chromecast(6C:AD:F8:B1:10:1D)\" note=\"DHCP ACK\" user=\"unknown\" devID=\"a0e4cb7d7f52\" cat=\"DHCP\"||src=\"0.0.0.0", |
||
248 | array('device_id'=>1, 'program'=>'DHCP', 'msg'=>'src="0.0.0.0:0" dst="0.0.0.0:0" msg="DHCP server assigned 195.159.132.109 to Chromecast(6C:AD:F8:B1:10:1D)" note="DHCP ACK" user="unknown" devID="a0e4cb7d7f52" cat="DHCP"') |
||
249 | ); |
||
250 | } |
||
251 | } |
||
252 |
Instead of relying on
global
state, we recommend one of these alternatives:1. Pass all data via parameters
2. Create a class that maintains your state