github.com/crowdsecurity/crowdsec@v1.6.1/docker/test/tests/test_cold_logs.py (about) 1 #!/usr/bin/env python 2 3 import datetime 4 5 from pytest_cs import Status 6 7 import pytest 8 9 pytestmark = pytest.mark.docker 10 11 12 def test_cold_logs(crowdsec, tmp_path_factory, flavor): 13 env = { 14 'DSN': 'file:///var/log/toto.log', 15 } 16 17 logs = tmp_path_factory.mktemp("logs") 18 19 now = datetime.datetime.now() - datetime.timedelta(minutes=1) 20 with open(logs / "toto.log", "w") as f: 21 # like date '+%b %d %H:%M:%S' but in python 22 for i in range(10): 23 ts = (now + datetime.timedelta(seconds=i)).strftime('%b %d %H:%M:%S') 24 f.write(ts + ' sd-126005 sshd[12422]: Invalid user netflix from 1.1.1.172 port 35424\n') 25 26 volumes = { 27 logs / "toto.log": {'bind': '/var/log/toto.log', 'mode': 'ro'}, 28 } 29 30 # missing type 31 32 with crowdsec(flavor=flavor, environment=env, volumes=volumes, wait_status=Status.EXITED) as cs: 33 cs.wait_for_log("*-dsn requires a -type argument*") 34 35 env['TYPE'] = 'syslog' 36 37 with crowdsec(flavor=flavor, environment=env, volumes=volumes) as cs: 38 cs.wait_for_log([ 39 "*Adding file /var/log/toto.log to filelist*", 40 "*reading /var/log/toto.log at once*", 41 "*Ip 1.1.1.172 performed 'crowdsecurity/ssh-bf' (6 events over 5s)*", 42 "*crowdsec shutdown*" 43 ]) 44 45 46 def test_cold_logs_missing_dsn(crowdsec, flavor): 47 env = { 48 'TYPE': 'syslog', 49 } 50 51 with crowdsec(flavor=flavor, environment=env, wait_status=Status.EXITED) as cs: 52 cs.wait_for_log("*-type requires a -dsn argument*")