[syslog-ng] patterndb: collect login/logout samples

ILLES, Marton illes.marton at balabit.hu
Fri Jul 16 21:12:23 CEST 2010


Hi,

As this python xml is a real problem, i re-implemented the script in
pdbtool, so no extra script or library is required.

You can grab it from my git tree:
http://git.balabit.hu/?p=marci/syslog-ng-3.2.git;a=commit;h=fc01838593d182255a1a25b9613275c37b4159e8

Bazsi please grab it.

Now you can simply use "pdbtool test" to test your favourite
patterndb! :)

An example output:

$ pdbtool  test -p sshd.pdb -v ; echo $?
Testing message program='sshd' message='Failed password for bazsi from 127.0.1.1 port 44637 ssh2'
 Match name='.classifier.rule_id', value='aecda233-3d80-48cd-a72b-4896f58069c8', expected='aecda233-3d80-48cd-a72b-4896f58069c8'
 Match name='usracct.username', value='bazsi', expected='bazsi'
 Match name='usracct.authmethod', value='password', expected='password'
 Match name='usracct.device', value='127.0.1.1', expected='127.0.1.1'
 Match name='usracct.service', value='ssh2', expected='ssh2'
Testing message program='sshd' message='Accepted password for bazsi from 127.0.0.1 port 48650 ssh2'
 Match name='.classifier.rule_id', value='4dd5a329-da83-4876-a431-ddcb59c2858c', expected='4dd5a329-da83-4876-a431-ddcb59c2858c'
 Match name='usracct.username', value='bazsi', expected='bazsi'
 Match name='usracct.authmethod', value='password', expected='password'
 Match name='usracct.device', value='127.0.0.1', expected='127.0.0.1'
 Match name='usracct.service', value='ssh2', expected='ssh2'
0

Hope it helps.

M

On Thu, 2010-07-15 at 22:06 +0200, Balazs Scheidler wrote:
> It worked for me as well, once I installed python-lxml (on Ubuntu
> lucid).
> 
> Anyone wishing to test for the embedded examples, just use:
> 
> bin/test-patterns.py <pathtopdb> <pathtopdbtool>
> 
> I've used the pdbtool in 3.2, but it should work with the one in 3.1 as
> well.
> 
> Applied both. Thanks Bálint.
> 
> On Thu, 2010-07-15 at 15:51 +0200, Balint Kovacs wrote:
> > On 07/15/2010 03:01 PM, Balazs Scheidler wrote:
> > > On Thu, 2010-07-15 at 14:46 +0200, Balazs Scheidler wrote:
> > >    
> > >> On Thu, 2010-07-15 at 14:16 +0200, ILLES, Marton wrote:
> > >>      
> > >>> Hi,
> > >>>
> > >>> I took the liberty and created my own patterndb git tree, so i can track
> > >>> my patches there and Bazsi can easily pull from there. You can check it
> > >>> at git.balabit.hu:
> > >>> http://git.balabit.hu/?p=marci/syslog-ng-patterndb.git;a=summary
> > >>>
> > >>> I have added a small python script test-patterns.py which can be used to
> > >>> automatically check the example messages against the patterns, while it
> > >>> also verifies the parsed name/value pairs. It is kind of a handy tool
> > >>> when you poke with the patterns and want to run automatic tests. It
> > >>> requires pdbtool and python xml package.
> > >>>
> > >>>        
> > > Could you be more specific which XML package is needed? I've tried
> > > everything, but none of them worked with the script.
> > >
> > >    
> > The old python-xml package from jaunty would be needed but is not 
> > available for recent distros. I refactored it to use python-lxml, please 
> > find the patch attached. I also ran into some UTF-8 related output 
> > trouble that the other patch fixes. Both tested on Ubuntu Lucid and 
> > strictly WORKSFORME.
> 
> 
-- 
Key fingerprint = F78C 25CA 5F88 6FAF EA21 779D 3279 9F9E 1155 670D




More information about the syslog-ng mailing list