|
Packit |
1422b7 |
# added 2015-08-26 by Rainer Gerhards
|
|
Packit |
1422b7 |
# This file is part of the liblognorm project, released under ASL 2.0
|
|
Packit |
1422b7 |
# This is based on a practical support case, see
|
|
Packit |
1422b7 |
# https://github.com/rsyslog/liblognorm/issues/130
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
. $srcdir/exec.sh
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
test_def $0 "repeat with mismatch in parser part"
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
reset_rules
|
|
Packit |
1422b7 |
add_rule 'version=2'
|
|
Packit |
1422b7 |
add_rule 'prefix=%timestamp:date-rfc3164% %hostname:word%'
|
|
Packit |
1422b7 |
add_rule 'rule=cisco,fwblock: \x25ASA-6-106015\x3a Deny %proto:word% (no connection) from %source:cisco-interface-spec% to %dest:cisco-interface-spec% flags %flags:repeat{ "parser": {"type":"word", "name":"."}, "while":{"type":"literal", "text":" "} }% on interface %srciface:word%'
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
echo step 1
|
|
Packit |
1422b7 |
execute 'Aug 18 13:18:45 192.168.99.2 %ASA-6-106015: Deny TCP (no connection) from 173.252.88.66/443 to 76.79.249.222/52746 flags RST on interface outside'
|
|
Packit |
1422b7 |
assert_output_json_eq '{ "originalmsg": "Aug 18 13:18:45 192.168.99.2 %ASA-6-106015: Deny TCP (no connection) from 173.252.88.66\/443 to 76.79.249.222\/52746 flags RST on interface outside", "unparsed-data": "RST on interface outside" }'
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
# now check case where we permit a mismatch inside the parser part and still
|
|
Packit |
1422b7 |
# accept this as valid. This is needed for some use cases. See github
|
|
Packit |
1422b7 |
# issue mentioned above for more details.
|
|
Packit |
1422b7 |
# Note: there is something odd with the testbench driver: I cannot use two
|
|
Packit |
1422b7 |
# consequtiuve spaces
|
|
Packit |
1422b7 |
reset_rules
|
|
Packit |
1422b7 |
add_rule 'version=2'
|
|
Packit |
1422b7 |
add_rule 'prefix=%timestamp:date-rfc3164% %hostname:word%'
|
|
Packit |
1422b7 |
add_rule 'rule=cisco,fwblock: \x25ASA-6-106015\x3a Deny %proto:word% (no connection) from %source:cisco-interface-spec% to %dest:cisco-interface-spec% flags %flags:repeat{ "option.permitMismatchInParser":true, "parser": {"type":"word", "name":"."}, "while":{"type":"literal", "text":" "} }%\x20 on interface %srciface:word%'
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
echo step 2
|
|
Packit |
1422b7 |
execute 'Aug 18 13:18:45 192.168.99.2 %ASA-6-106015: Deny TCP (no connection) from 173.252.88.66/443 to 76.79.249.222/52746 flags RST on interface outside'
|
|
Packit |
1422b7 |
assert_output_json_eq '{ "srciface": "outside", "flags": [ "RST" ], "dest": { "ip": "76.79.249.222", "port": "52746" }, "source": { "ip": "173.252.88.66", "port": "443" }, "proto": "TCP", "hostname": "192.168.99.2", "timestamp": "Aug 18 13:18:45" }'
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
echo step 3
|
|
Packit |
1422b7 |
execute 'Aug 18 13:18:45 192.168.99.2 %ASA-6-106015: Deny TCP (no connection) from 173.252.88.66/443 to 76.79.249.222/52746 flags RST XST on interface outside'
|
|
Packit |
1422b7 |
assert_output_json_eq '{ "srciface": "outside", "flags": [ "RST", "XST" ], "dest": { "ip": "76.79.249.222", "port": "52746" }, "source": { "ip": "173.252.88.66", "port": "443" }, "proto": "TCP", "hostname": "192.168.99.2", "timestamp": "Aug 18 13:18:45" }'
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
|
|
Packit |
1422b7 |
cleanup_tmp_files
|