github.com/yankunsam/loki/v2@v2.6.3-0.20220817130409-389df5235c27/clients/pkg/promtail/targets/windows/target_test.go (about) 1 //go:build windows 2 // +build windows 3 4 package windows 5 6 import ( 7 "testing" 8 "time" 9 10 jsoniter "github.com/json-iterator/go" 11 "github.com/prometheus/common/model" 12 "github.com/spf13/afero" 13 "github.com/stretchr/testify/require" 14 "github.com/weaveworks/common/server" 15 "golang.org/x/sys/windows/svc/eventlog" 16 17 "github.com/grafana/loki/clients/pkg/promtail/api" 18 "github.com/grafana/loki/clients/pkg/promtail/client/fake" 19 "github.com/grafana/loki/clients/pkg/promtail/scrapeconfig" 20 "github.com/grafana/loki/clients/pkg/promtail/targets/windows/win_eventlog" 21 22 "github.com/grafana/loki/pkg/logproto" 23 util_log "github.com/grafana/loki/pkg/util/log" 24 ) 25 26 func init() { 27 fs = afero.NewMemMapFs() 28 // Enable debug logging 29 cfg := &server.Config{} 30 _ = cfg.LogLevel.Set("debug") 31 util_log.InitLogger(cfg, nil) 32 } 33 34 // Test that you can use to generate event logs locally. 35 func Test_WriteLog(t *testing.T) { 36 l, err := eventlog.Open("myapp") 37 if err != nil { 38 t.Fatalf("Open failed: %s", err) 39 } 40 l.Error(500, "hello 5 world") 41 } 42 43 func Test_GetCreateBookrmark(t *testing.T) { 44 const name = "mylog" 45 const supports = eventlog.Error | eventlog.Warning | eventlog.Info 46 err := eventlog.InstallAsEventCreate(name, supports) 47 if err != nil { 48 t.Logf("Install failed: %s", err) 49 } 50 defer func() { 51 err = eventlog.Remove(name) 52 if err != nil { 53 t.Fatalf("Remove failed: %s", err) 54 } 55 }() 56 l, err := eventlog.Open(name) 57 if err != nil { 58 t.Fatalf("Open failed: %s", err) 59 } 60 client := fake.New(func() {}) 61 defer client.Stop() 62 ta, err := New(util_log.Logger, client, nil, &scrapeconfig.WindowsEventsTargetConfig{ 63 BookmarkPath: "c:foo.xml", 64 PollInterval: time.Microsecond, 65 Query: `<QueryList> 66 <Query Id="0" Path="Application"> 67 <Select Path="Application">*[System[Provider[@Name='mylog']]]</Select> 68 </Query> 69 </QueryList>`, 70 Labels: model.LabelSet{"job": "windows-events"}, 71 }) 72 require.NoError(t, err) 73 74 now := time.Now().String() 75 l.Error(1, now) 76 77 require.Eventually(t, func() bool { 78 if len(client.Received()) > 0 { 79 entry := client.Received()[0] 80 var e Event 81 if err := jsoniter.Unmarshal([]byte(entry.Line), &e); err != nil { 82 t.Log(err) 83 return false 84 } 85 return entry.Labels["job"] == "windows-events" && e.Message == now 86 } 87 return false 88 }, 5*time.Second, 500*time.Millisecond) 89 require.NoError(t, ta.Stop()) 90 91 now = time.Now().String() 92 l.Error(1, now) 93 94 client = fake.New(func() {}) 95 defer client.Stop() 96 ta, err = New(util_log.Logger, client, nil, &scrapeconfig.WindowsEventsTargetConfig{ 97 BookmarkPath: "c:foo.xml", 98 PollInterval: time.Microsecond, 99 Query: `<QueryList> 100 <Query Id="0" Path="Application"> 101 <Select Path="Application">*[System[Provider[@Name='mylog']]]</Select> 102 </Query> 103 </QueryList>`, 104 Labels: model.LabelSet{"job": "windows-events"}, 105 }) 106 require.NoError(t, err) 107 require.Eventually(t, func() bool { 108 if len(client.Received()) > 0 { 109 entry := client.Received()[0] 110 var e Event 111 if err := jsoniter.Unmarshal([]byte(entry.Line), &e); err != nil { 112 t.Log(err) 113 return false 114 } 115 return entry.Labels["job"] == "windows-events" && e.Message == now 116 } 117 return false 118 }, 5*time.Second, 500*time.Millisecond) 119 require.NoError(t, ta.Stop()) 120 } 121 122 func Test_renderEntries(t *testing.T) { 123 client := fake.New(func() {}) 124 defer client.Stop() 125 ta, err := New(util_log.Logger, client, nil, &scrapeconfig.WindowsEventsTargetConfig{ 126 Labels: model.LabelSet{"job": "windows-events"}, 127 EventlogName: "Application", 128 Query: "*", 129 UseIncomingTimestamp: true, 130 }) 131 require.NoError(t, err) 132 defer ta.Stop() 133 entries := ta.renderEntries([]win_eventlog.Event{ 134 { 135 Source: win_eventlog.Provider{Name: "Application"}, 136 EventID: 10, 137 Version: 10, 138 Level: 10, 139 Task: 10, 140 Opcode: 10, 141 Keywords: "keywords", 142 TimeCreated: win_eventlog.TimeCreated{SystemTime: time.Unix(0, 1).UTC().Format(time.RFC3339Nano)}, 143 EventRecordID: 11, 144 Correlation: win_eventlog.Correlation{ActivityID: "some activity", RelatedActivityID: "some related activity"}, 145 Execution: win_eventlog.Execution{ThreadID: 5, ProcessID: 1}, 146 Channel: "channel", 147 Computer: "local", 148 Security: win_eventlog.Security{UserID: "1"}, 149 UserData: win_eventlog.UserData{InnerXML: []byte(`userdata`)}, 150 EventData: win_eventlog.EventData{InnerXML: []byte(`eventdata`)}, 151 Message: "message", 152 }, 153 }) 154 require.Equal(t, []api.Entry{ 155 { 156 Labels: model.LabelSet{"channel": "channel", "computer": "local", "job": "windows-events"}, 157 Entry: logproto.Entry{ 158 Timestamp: time.Unix(0, 1).UTC(), 159 Line: `{"source":"Application","channel":"channel","computer":"local","event_id":10,"version":10,"level":10,"task":10,"opCode":10,"keywords":"keywords","timeCreated":"1970-01-01T00:00:00.000000001Z","eventRecordID":11,"correlation":{"activityID":"some activity","relatedActivityID":"some related activity"},"execution":{"processId":1,"threadId":5},"security":{"userId":"1"},"user_data":"eventdata","event_data":"eventdata","message":"message"}`, 160 }, 161 }, 162 }, entries) 163 }