Skip to content

Commit

Permalink
- fix syslog example spec
Browse files Browse the repository at this point in the history
  • Loading branch information
jordansissel committed Jun 19, 2013
1 parent e48f05e commit 6dc538e
Showing 1 changed file with 7 additions and 9 deletions.
16 changes: 7 additions & 9 deletions spec/examples/syslog.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
singles => true
pattern => [ "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{PROG:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" ]
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{@source_host}" ]
add_field => [ "received_from", "%{source_host}" ]
}
syslog_pri {
type => "syslog"
Expand All @@ -22,8 +22,8 @@
mutate {
type => "syslog"
exclude_tags => "_grokparsefailure"
replace => [ "@source_host", "%{syslog_hostname}" ]
replace => [ "@message", "%{syslog_message}" ]
replace => [ "source_host", "%{syslog_hostname}" ]
replace => [ "message", "%{syslog_message}" ]
}
mutate {
type => "syslog"
Expand All @@ -32,18 +32,16 @@
}
CONFIG

sample("@message" => "<164>Oct 26 15:19:25 1.2.3.4 %ASA-4-106023: Deny udp src DRAC:10.1.2.3/43434 dst outside:192.168.0.1/53 by access-group \"acl_drac\" [0x0, 0x0]", "@type" => "syslog") do
sample("message" => "<164>Oct 26 15:19:25 1.2.3.4 %ASA-4-106023: Deny udp src DRAC:10.1.2.3/43434 dst outside:192.168.0.1/53 by access-group \"acl_drac\" [0x0, 0x0]", "type" => "syslog") do
insist { subject.type } == "syslog"
reject { subject.tags }.include?("_grokparsefailure")
insist { subject.tags }.nil?
insist { subject["syslog_pri"] } == "164"
#insist { subject.timestamp } == "2012-10-26T15:19:25.000Z"
puts subject.to_hash
end

# Single digit day
sample("@message" => "<164>Oct 6 15:19:25 1.2.3.4 %ASA-4-106023: Deny udp src DRAC:10.1.2.3/43434 dst outside:192.168.0.1/53 by access-group \"acl_drac\" [0x0, 0x0]", "@type" => "syslog") do
sample("message" => "<164>Oct 6 15:19:25 1.2.3.4 %ASA-4-106023: Deny udp src DRAC:10.1.2.3/43434 dst outside:192.168.0.1/53 by access-group \"acl_drac\" [0x0, 0x0]", "type" => "syslog") do
insist { subject.type } == "syslog"
reject { subject.tags }.include?("_grokparsefailure")
insist { subject.tags }.nil?
insist { subject["syslog_pri"] } == "164"
#insist { subject.timestamp } == "2012-10-26T15:19:25.000Z"
puts subject.to_hash
Expand Down

0 comments on commit 6dc538e

Please sign in to comment.