Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate test_age, test_command_monitoring, and test_keep_running of test_logcollector documentation to qa-docs #2162

Merged
merged 5 commits into from
Jan 27, 2022
Merged

Migrate test_age, test_command_monitoring, and test_keep_running of test_logcollector documentation to qa-docs #2162

merged 5 commits into from
Jan 27, 2022

Conversation

mdengra
Copy link
Contributor

@mdengra mdengra commented Nov 3, 2021

Related issue
#1813

Description

As part of epic #1796, this PR adds the missing documentation and migrates the current documentation to the new format used by qa-docs.
The schema used is the one defined in issue #1694

New tags

The following tags are added to the wiki: logcollector_age, logcollector_cmd_exec, and logcollector_keep_running

Generated documentation

test_age

test_age_basic.json 

{
    "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <info@wazuh.com>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2",
    "type": "integration",
    "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the 'age' option work as expected, ignoring files that have not been modified for a time greater than the 'age' value using the current date. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.",
    "tier": 0,
    "modules": [
        "logcollector"
    ],
    "components": [
        "agent",
        "manager"
    ],
    "daemons": [
        "wazuh-logcollector"
    ],
    "os_platform": [
        "linux",
        "windows"
    ],
    "os_version": [
        "Arch Linux",
        "Amazon Linux 2",
        "Amazon Linux 1",
        "CentOS 8",
        "CentOS 7",
        "CentOS 6",
        "Ubuntu Focal",
        "Ubuntu Bionic",
        "Ubuntu Xenial",
        "Ubuntu Trusty",
        "Debian Buster",
        "Debian Stretch",
        "Debian Jessie",
        "Debian Wheezy",
        "Red Hat 8",
        "Red Hat 7",
        "Red Hat 6",
        "Windows 10",
        "Windows 8",
        "Windows 7",
        "Windows Server 2019",
        "Windows Server 2016",
        "Windows Server 2012",
        "Windows Server 2003",
        "Windows XP"
    ],
    "references": [
        "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#age"
    ],
    "tags": [
        "logcollector_age"
    ],
    "name": "test_age_basic.py",
    "id": 1,
    "group_id": 0,
    "tests": [
        {
            "description": "Check if the 'wazuh-logcollector' daemon ignores the monitored files that have not been modified for a time greater than the value set in the 'age' tag. For this purpose, the test will create a folder with a testing log file to be monitored and configure different values for the 'age' option. Once the logcollector has started, it will wait for the event that indicates that the log file is being monitored, and depending on the 'age' value, check if the 'ignore' event is triggered or not. Finally, the test will modify the logs and verify that 'read' events are generated from ignored and not ignored files.",
            "wazuh_min_version": "4.2.0",
            "parameters": [
                {
                    "get_local_internal_options": {
                        "type": "fixture",
                        "brief": "Get local internal options from the module."
                    }
                },
                {
                    "configure_local_internal_options": {
                        "type": "fixture",
                        "brief": "Configure the Wazuh local internal options."
                    }
                },
                {
                    "get_files_list": {
                        "type": "fixture",
                        "brief": "Get file list to create from the module."
                    }
                },
                {
                    "create_file_structure_function": {
                        "type": "fixture",
                        "brief": "Create the specified file tree structure."
                    }
                },
                {
                    "get_configuration": {
                        "type": "fixture",
                        "brief": "Get configurations from the module."
                    }
                },
                {
                    "configure_environment": {
                        "type": "fixture",
                        "brief": "Configure a custom environment for testing."
                    }
                },
                {
                    "restart_logcollector": {
                        "type": "fixture",
                        "brief": "Clear the 'ossec.log' file and start a new monitor."
                    }
                }
            ],
            "assertions": [
                "Verify that the logcollector detects the testing log file to monitor.",
                "Verify that the logcollector ignores the monitored files that have not been modified for a time greater than the 'age' value.",
                "Verify that the logcollector does not ignore the monitored files that have been modified for a time greater than the 'age' value."
            ],
            "input_description": "A configuration template (test_age) is contained in an external YAML file (wazuh_age.yaml), which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined with the test cases (settings and files to monitor) defined in the module.",
            "expected_output": [
                "r'New file that matches the .* pattern.*'",
                {
                    "r'DEBUG": "Ignoring file .* due to modification time'"
                },
                {
                    "r'DEBUG": "Reading syslog message.*'"
                },
                {
                    "r'DEBUG": "Read .* lines from.*'"
                }
            ],
            "tags": [
                "logs"
            ],
            "name": "test_configuration_age_basic",
            "inputs": [
                "/tmp/wazuh_testing_age/*_syslog0",
                "/tmp/wazuh_testing_age/*_syslog1",
                "/tmp/wazuh_testing_age/*_syslog2",
                "/tmp/wazuh_testing_age/*_syslog3",
                "/tmp/wazuh_testing_age/*_syslog4"
            ]
        }
    ]
}

test_age_basic.yaml 

brief: The 'wazuh-logcollector' daemon monitors configured files and commands for
  new log messages. Specifically, these tests will check if the 'age' option work
  as expected, ignoring files that have not been modified for a time greater than
  the 'age' value using the current date. Log data collection is the real-time process
  of making sense out of the records generated by servers or devices. This component
  can receive logs through text files or Windows event logs. It can also directly
  receive logs via remote syslog which is useful for firewalls and other such devices.
components:
- agent
- manager
copyright: 'Copyright (C) 2015-2021, Wazuh Inc.

  Created by Wazuh, Inc. <info@wazuh.com>.

  This program is free software; you can redistribute it and/or modify it under the
  terms of GPLv2'
daemons:
- wazuh-logcollector
group_id: 0
id: 1
modules:
- logcollector
name: test_age_basic.py
os_platform:
- linux
- windows
os_version:
- Arch Linux
- Amazon Linux 2
- Amazon Linux 1
- CentOS 8
- CentOS 7
- CentOS 6
- Ubuntu Focal
- Ubuntu Bionic
- Ubuntu Xenial
- Ubuntu Trusty
- Debian Buster
- Debian Stretch
- Debian Jessie
- Debian Wheezy
- Red Hat 8
- Red Hat 7
- Red Hat 6
- Windows 10
- Windows 8
- Windows 7
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012
- Windows Server 2003
- Windows XP
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#age
tags:
- logcollector_age
tests:
- assertions:
  - Verify that the logcollector detects the testing log file to monitor.
  - Verify that the logcollector ignores the monitored files that have not been modified
    for a time greater than the 'age' value.
  - Verify that the logcollector does not ignore the monitored files that have been
    modified for a time greater than the 'age' value.
  description: Check if the 'wazuh-logcollector' daemon ignores the monitored files
    that have not been modified for a time greater than the value set in the 'age'
    tag. For this purpose, the test will create a folder with a testing log file to
    be monitored and configure different values for the 'age' option. Once the logcollector
    has started, it will wait for the event that indicates that the log file is being
    monitored, and depending on the 'age' value, check if the 'ignore' event is triggered
    or not. Finally, the test will modify the logs and verify that 'read' events are
    generated from ignored and not ignored files.
  expected_output:
  - r'New file that matches the .* pattern.*'
  - r'DEBUG: Ignoring file .* due to modification time'
  - r'DEBUG: Reading syslog message.*'
  - r'DEBUG: Read .* lines from.*'
  input_description: A configuration template (test_age) is contained in an external
    YAML file (wazuh_age.yaml), which includes configuration settings for the 'wazuh-logcollector'
    daemon and, it is combined with the test cases (settings and files to monitor)
    defined in the module.
  inputs:
  - /tmp/wazuh_testing_age/*_syslog0
  - /tmp/wazuh_testing_age/*_syslog1
  - /tmp/wazuh_testing_age/*_syslog2
  - /tmp/wazuh_testing_age/*_syslog3
  - /tmp/wazuh_testing_age/*_syslog4
  name: test_configuration_age_basic
  parameters:
  - get_local_internal_options:
      brief: Get local internal options from the module.
      type: fixture
  - configure_local_internal_options:
      brief: Configure the Wazuh local internal options.
      type: fixture
  - get_files_list:
      brief: Get file list to create from the module.
      type: fixture
  - create_file_structure_function:
      brief: Create the specified file tree structure.
      type: fixture
  - get_configuration:
      brief: Get configurations from the module.
      type: fixture
  - configure_environment:
      brief: Configure a custom environment for testing.
      type: fixture
  - restart_logcollector:
      brief: Clear the 'ossec.log' file and start a new monitor.
      type: fixture
  tags:
  - logs
  wazuh_min_version: 4.2.0
tier: 0
type: integration

 

test_age_datetime_changed.json 

{
    "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <info@wazuh.com>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2",
    "type": "integration",
    "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the 'age' option work as expected, ignoring files that have not been modified for a time greater than the 'age' value when the system datetime is changed while the logcollector process is running. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.",
    "tier": 0,
    "modules": [
        "logcollector"
    ],
    "components": [
        "agent",
        "manager"
    ],
    "daemons": [
        "wazuh-logcollector"
    ],
    "os_platform": [
        "linux",
        "windows"
    ],
    "os_version": [
        "Arch Linux",
        "Amazon Linux 2",
        "Amazon Linux 1",
        "CentOS 8",
        "CentOS 7",
        "CentOS 6",
        "Ubuntu Focal",
        "Ubuntu Bionic",
        "Ubuntu Xenial",
        "Ubuntu Trusty",
        "Debian Buster",
        "Debian Stretch",
        "Debian Jessie",
        "Debian Wheezy",
        "Red Hat 8",
        "Red Hat 7",
        "Red Hat 6",
        "Windows 10",
        "Windows 8",
        "Windows 7",
        "Windows Server 2019",
        "Windows Server 2016",
        "Windows Server 2012",
        "Windows Server 2003",
        "Windows XP"
    ],
    "references": [
        "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#age"
    ],
    "tags": [
        "logcollector_age"
    ],
    "name": "test_age_datetime_changed.py",
    "id": 2,
    "group_id": 0,
    "tests": [
        {
            "description": "Check if the 'wazuh-logcollector' daemon ignores the monitored files that have not been modified for a time greater than the value set in the 'age' tag, and the system datetime is changed. For this purpose, the test will create a folder with a testing log file to be monitored and configure different values for the 'age' option. Once the logcollector has started, it will change the system datetime and wait for the event that indicates that the log file is being monitored. Finally, depending on the 'age' value, the test will verify that the 'ignore' event is triggered or not and restore the system datetime to its initial value.",
            "wazuh_min_version": "4.2.0",
            "parameters": [
                {
                    "get_local_internal_options": {
                        "type": "fixture",
                        "brief": "Get local internal options from the module."
                    }
                },
                {
                    "configure_local_internal_options": {
                        "type": "fixture",
                        "brief": "Configure the Wazuh local internal options."
                    }
                },
                {
                    "new_datetime": {
                        "type": "str",
                        "brief": "Time to forward/backward the current datetime."
                    }
                },
                {
                    "get_files_list": {
                        "type": "fixture",
                        "brief": "Get file list to create from the module."
                    }
                },
                {
                    "get_configuration": {
                        "type": "fixture",
                        "brief": "Get configurations from the module."
                    }
                },
                {
                    "create_file_structure_function": {
                        "type": "fixture",
                        "brief": "Create the specified file tree structure."
                    }
                },
                {
                    "configure_environment": {
                        "type": "fixture",
                        "brief": "Configure a custom environment for testing."
                    }
                }
            ],
            "assertions": [
                "Verify that the logcollector detects the testing log file to monitor.",
                "Verify that the logcollector ignores the monitored files that have not been modified for a time greater than the 'age' value.",
                "Verify that the logcollector does not ignore the monitored files that have been modified for a time greater than the 'age' value."
            ],
            "input_description": "A configuration template (test_age) is contained in an external YAML file (wazuh_age.yaml), which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined with the test cases (settings, time offset, and files to monitor) defined in the module.",
            "expected_output": [
                "r'New file that matches the .* pattern.*'",
                {
                    "r'DEBUG": "Ignoring file .* due to modification time''"
                }
            ],
            "tags": [
                "logs",
                "time_travel"
            ],
            "name": "test_configuration_age_datetime",
            "inputs": [
                "/tmp/wazuh_testing_age/*_syslog_4000s-60s",
                "/tmp/wazuh_testing_age/*_syslog_4000s--60s",
                "/tmp/wazuh_testing_age/*_syslog_4000s-30m",
                "/tmp/wazuh_testing_age/*_syslog_4000s--30m",
                "/tmp/wazuh_testing_age/*_syslog_4000s-2h",
                "/tmp/wazuh_testing_age/*_syslog_4000s--2h",
                "/tmp/wazuh_testing_age/*_syslog_4000s-43d",
                "/tmp/wazuh_testing_age/*_syslog_4000s--43d",
                "/tmp/wazuh_testing_age/*_syslog_5m-60s",
                "/tmp/wazuh_testing_age/*_syslog_5m--60s",
                "/tmp/wazuh_testing_age/*_syslog_5m-30m",
                "/tmp/wazuh_testing_age/*_syslog_5m--30m",
                "/tmp/wazuh_testing_age/*_syslog_5m-2h",
                "/tmp/wazuh_testing_age/*_syslog_5m--2h",
                "/tmp/wazuh_testing_age/*_syslog_5m-43d",
                "/tmp/wazuh_testing_age/*_syslog_5m--43d",
                "/tmp/wazuh_testing_age/*_syslog_500m-60s",
                "/tmp/wazuh_testing_age/*_syslog_500m--60s",
                "/tmp/wazuh_testing_age/*_syslog_500m-30m",
                "/tmp/wazuh_testing_age/*_syslog_500m--30m",
                "/tmp/wazuh_testing_age/*_syslog_500m-2h",
                "/tmp/wazuh_testing_age/*_syslog_500m--2h",
                "/tmp/wazuh_testing_age/*_syslog_500m-43d",
                "/tmp/wazuh_testing_age/*_syslog_500m--43d",
                "/tmp/wazuh_testing_age/*_syslog_9h-60s",
                "/tmp/wazuh_testing_age/*_syslog_9h--60s",
                "/tmp/wazuh_testing_age/*_syslog_9h-30m",
                "/tmp/wazuh_testing_age/*_syslog_9h--30m",
                "/tmp/wazuh_testing_age/*_syslog_9h-2h",
                "/tmp/wazuh_testing_age/*_syslog_9h--2h",
                "/tmp/wazuh_testing_age/*_syslog_9h-43d",
                "/tmp/wazuh_testing_age/*_syslog_9h--43d",
                "/tmp/wazuh_testing_age/*_syslog_200d-60s",
                "/tmp/wazuh_testing_age/*_syslog_200d--60s",
                "/tmp/wazuh_testing_age/*_syslog_200d-30m",
                "/tmp/wazuh_testing_age/*_syslog_200d--30m",
                "/tmp/wazuh_testing_age/*_syslog_200d-2h",
                "/tmp/wazuh_testing_age/*_syslog_200d--2h",
                "/tmp/wazuh_testing_age/*_syslog_200d-43d",
                "/tmp/wazuh_testing_age/*_syslog_200d--43d"
            ]
        }
    ]
}

test_age_datetime_changed.yaml 

brief: The 'wazuh-logcollector' daemon monitors configured files and commands for
  new log messages. Specifically, these tests will check if the 'age' option work
  as expected, ignoring files that have not been modified for a time greater than
  the 'age' value when the system datetime is changed while the logcollector process
  is running. Log data collection is the real-time process of making sense out of
  the records generated by servers or devices. This component can receive logs through
  text files or Windows event logs. It can also directly receive logs via remote syslog
  which is useful for firewalls and other such devices.
components:
- agent
- manager
copyright: 'Copyright (C) 2015-2021, Wazuh Inc.

  Created by Wazuh, Inc. <info@wazuh.com>.

  This program is free software; you can redistribute it and/or modify it under the
  terms of GPLv2'
daemons:
- wazuh-logcollector
group_id: 0
id: 2
modules:
- logcollector
name: test_age_datetime_changed.py
os_platform:
- linux
- windows
os_version:
- Arch Linux
- Amazon Linux 2
- Amazon Linux 1
- CentOS 8
- CentOS 7
- CentOS 6
- Ubuntu Focal
- Ubuntu Bionic
- Ubuntu Xenial
- Ubuntu Trusty
- Debian Buster
- Debian Stretch
- Debian Jessie
- Debian Wheezy
- Red Hat 8
- Red Hat 7
- Red Hat 6
- Windows 10
- Windows 8
- Windows 7
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012
- Windows Server 2003
- Windows XP
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#age
tags:
- logcollector_age
tests:
- assertions:
  - Verify that the logcollector detects the testing log file to monitor.
  - Verify that the logcollector ignores the monitored files that have not been modified
    for a time greater than the 'age' value.
  - Verify that the logcollector does not ignore the monitored files that have been
    modified for a time greater than the 'age' value.
  description: Check if the 'wazuh-logcollector' daemon ignores the monitored files
    that have not been modified for a time greater than the value set in the 'age'
    tag, and the system datetime is changed. For this purpose, the test will create
    a folder with a testing log file to be monitored and configure different values
    for the 'age' option. Once the logcollector has started, it will change the system
    datetime and wait for the event that indicates that the log file is being monitored.
    Finally, depending on the 'age' value, the test will verify that the 'ignore'
    event is triggered or not and restore the system datetime to its initial value.
  expected_output:
  - r'New file that matches the .* pattern.*'
  - r'DEBUG: Ignoring file .* due to modification time''
  input_description: A configuration template (test_age) is contained in an external
    YAML file (wazuh_age.yaml), which includes configuration settings for the 'wazuh-logcollector'
    daemon and, it is combined with the test cases (settings, time offset, and files
    to monitor) defined in the module.
  inputs:
  - /tmp/wazuh_testing_age/*_syslog_4000s-60s
  - /tmp/wazuh_testing_age/*_syslog_4000s--60s
  - /tmp/wazuh_testing_age/*_syslog_4000s-30m
  - /tmp/wazuh_testing_age/*_syslog_4000s--30m
  - /tmp/wazuh_testing_age/*_syslog_4000s-2h
  - /tmp/wazuh_testing_age/*_syslog_4000s--2h
  - /tmp/wazuh_testing_age/*_syslog_4000s-43d
  - /tmp/wazuh_testing_age/*_syslog_4000s--43d
  - /tmp/wazuh_testing_age/*_syslog_5m-60s
  - /tmp/wazuh_testing_age/*_syslog_5m--60s
  - /tmp/wazuh_testing_age/*_syslog_5m-30m
  - /tmp/wazuh_testing_age/*_syslog_5m--30m
  - /tmp/wazuh_testing_age/*_syslog_5m-2h
  - /tmp/wazuh_testing_age/*_syslog_5m--2h
  - /tmp/wazuh_testing_age/*_syslog_5m-43d
  - /tmp/wazuh_testing_age/*_syslog_5m--43d
  - /tmp/wazuh_testing_age/*_syslog_500m-60s
  - /tmp/wazuh_testing_age/*_syslog_500m--60s
  - /tmp/wazuh_testing_age/*_syslog_500m-30m
  - /tmp/wazuh_testing_age/*_syslog_500m--30m
  - /tmp/wazuh_testing_age/*_syslog_500m-2h
  - /tmp/wazuh_testing_age/*_syslog_500m--2h
  - /tmp/wazuh_testing_age/*_syslog_500m-43d
  - /tmp/wazuh_testing_age/*_syslog_500m--43d
  - /tmp/wazuh_testing_age/*_syslog_9h-60s
  - /tmp/wazuh_testing_age/*_syslog_9h--60s
  - /tmp/wazuh_testing_age/*_syslog_9h-30m
  - /tmp/wazuh_testing_age/*_syslog_9h--30m
  - /tmp/wazuh_testing_age/*_syslog_9h-2h
  - /tmp/wazuh_testing_age/*_syslog_9h--2h
  - /tmp/wazuh_testing_age/*_syslog_9h-43d
  - /tmp/wazuh_testing_age/*_syslog_9h--43d
  - /tmp/wazuh_testing_age/*_syslog_200d-60s
  - /tmp/wazuh_testing_age/*_syslog_200d--60s
  - /tmp/wazuh_testing_age/*_syslog_200d-30m
  - /tmp/wazuh_testing_age/*_syslog_200d--30m
  - /tmp/wazuh_testing_age/*_syslog_200d-2h
  - /tmp/wazuh_testing_age/*_syslog_200d--2h
  - /tmp/wazuh_testing_age/*_syslog_200d-43d
  - /tmp/wazuh_testing_age/*_syslog_200d--43d
  name: test_configuration_age_datetime
  parameters:
  - get_local_internal_options:
      brief: Get local internal options from the module.
      type: fixture
  - configure_local_internal_options:
      brief: Configure the Wazuh local internal options.
      type: fixture
  - new_datetime:
      brief: Time to forward/backward the current datetime.
      type: str
  - get_files_list:
      brief: Get file list to create from the module.
      type: fixture
  - get_configuration:
      brief: Get configurations from the module.
      type: fixture
  - create_file_structure_function:
      brief: Create the specified file tree structure.
      type: fixture
  - configure_environment:
      brief: Configure a custom environment for testing.
      type: fixture
  tags:
  - logs
  - time_travel
  wazuh_min_version: 4.2.0
tier: 0
type: integration

test_command_monitoring

test_command_execution_freq.json 

{
    "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <info@wazuh.com>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2",
    "type": "integration",
    "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if commands are executed at specific intervals set in the 'frequency' tag using the log formats 'command' and 'full_commnad'. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.",
    "tier": 0,
    "modules": [
        "logcollector"
    ],
    "components": [
        "agent",
        "manager"
    ],
    "daemons": [
        "wazuh-logcollector"
    ],
    "os_platform": [
        "linux",
        "macos",
        "solaris"
    ],
    "os_version": [
        "Arch Linux",
        "Amazon Linux 2",
        "Amazon Linux 1",
        "CentOS 8",
        "CentOS 7",
        "CentOS 6",
        "Ubuntu Focal",
        "Ubuntu Bionic",
        "Ubuntu Xenial",
        "Ubuntu Trusty",
        "Debian Buster",
        "Debian Stretch",
        "Debian Jessie",
        "Debian Wheezy",
        "Red Hat 8",
        "Red Hat 7",
        "Red Hat 6",
        "macOS Catalina",
        "Solaris 10",
        "Solaris 11"
    ],
    "references": [
        "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#command",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#frequency"
    ],
    "tags": [
        "logcollector_cmd_exec"
    ],
    "name": "test_command_execution_freq.py",
    "id": 4,
    "group_id": 0,
    "tests": [
        {
            "description": "Check if the 'wazuh-logcollector' daemon runs commands at the specified interval, set in the 'frequency' tag. For this purpose, the test will configure the logcollector to run a command at specific intervals. Then it will travel in time up to the middle of the interval set in the 'frequency' tag, and verify that the 'running' event is not been generated. That confirms that the command is not executed. Finally, the test will travel in time again up to the next interval and verify that the command is executed by detecting the 'running' event.",
            "wazuh_min_version": "4.2.0",
            "parameters": [
                {
                    "get_local_internal_options": {
                        "type": "fixture",
                        "brief": "Get local internal options from the module."
                    }
                },
                {
                    "configure_local_internal_options": {
                        "type": "fixture",
                        "brief": "Configure the Wazuh local internal options."
                    }
                },
                {
                    "get_configuration": {
                        "type": "fixture",
                        "brief": "Get configurations from the module."
                    }
                },
                {
                    "configure_environment": {
                        "type": "fixture",
                        "brief": "Configure a custom environment for testing."
                    }
                },
                {
                    "restart_logcollector": {
                        "type": "fixture",
                        "brief": "Clear the 'ossec.log' file and start a new monitor."
                    }
                }
            ],
            "assertions": [
                "Verify that the logcollector runs commands at the interval set in the 'frequency' tag.",
                "Verify that the logcollector does not run commands before the interval set in the 'frequency' tag expires."
            ],
            "input_description": "A configuration template (test_command_execution_freq) is contained in an external YAML file (wazuh_command_conf.yaml), which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined with the test cases (log formats, frequencies, and commands to run) defined in the module.",
            "expected_output": [
                {
                    "r'DEBUG": "Running .*'"
                }
            ],
            "tags": [
                "logs",
                "time_travel"
            ],
            "name": "test_command_execution_freq",
            "inputs": [
                "command_5_minutes",
                "command_30_minutes",
                "command_1_hour",
                "command_24_hours",
                "full_command_5_minutes",
                "full_command_30_minutes",
                "full_command_1_hour",
                "full_command_24_hours"
            ]
        }
    ]
}

test_command_execution_freq.yaml 

brief: The 'wazuh-logcollector' daemon monitors configured files and commands for
  new log messages. Specifically, these tests will check if commands are executed
  at specific intervals set in the 'frequency' tag using the log formats 'command'
  and 'full_commnad'. Log data collection is the real-time process of making sense
  out of the records generated by servers or devices. This component can receive logs
  through text files or Windows event logs. It can also directly receive logs via
  remote syslog which is useful for firewalls and other such devices.
components:
- agent
- manager
copyright: 'Copyright (C) 2015-2021, Wazuh Inc.

  Created by Wazuh, Inc. <info@wazuh.com>.

  This program is free software; you can redistribute it and/or modify it under the
  terms of GPLv2'
daemons:
- wazuh-logcollector
group_id: 0
id: 4
modules:
- logcollector
name: test_command_execution_freq.py
os_platform:
- linux
- macos
- solaris
os_version:
- Arch Linux
- Amazon Linux 2
- Amazon Linux 1
- CentOS 8
- CentOS 7
- CentOS 6
- Ubuntu Focal
- Ubuntu Bionic
- Ubuntu Xenial
- Ubuntu Trusty
- Debian Buster
- Debian Stretch
- Debian Jessie
- Debian Wheezy
- Red Hat 8
- Red Hat 7
- Red Hat 6
- macOS Catalina
- Solaris 10
- Solaris 11
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#command
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#frequency
tags:
- logcollector_cmd_exec
tests:
- assertions:
  - Verify that the logcollector runs commands at the interval set in the 'frequency'
    tag.
  - Verify that the logcollector does not run commands before the interval set in
    the 'frequency' tag expires.
  description: Check if the 'wazuh-logcollector' daemon runs commands at the specified
    interval, set in the 'frequency' tag. For this purpose, the test will configure
    the logcollector to run a command at specific intervals. Then it will travel in
    time up to the middle of the interval set in the 'frequency' tag, and verify that
    the 'running' event is not been generated. That confirms that the command is not
    executed. Finally, the test will travel in time again up to the next interval
    and verify that the command is executed by detecting the 'running' event.
  expected_output:
  - r'DEBUG: Running .*'
  input_description: A configuration template (test_command_execution_freq) is contained
    in an external YAML file (wazuh_command_conf.yaml), which includes configuration
    settings for the 'wazuh-logcollector' daemon and, it is combined with the test
    cases (log formats, frequencies, and commands to run) defined in the module.
  inputs:
  - command_5_minutes
  - command_30_minutes
  - command_1_hour
  - command_24_hours
  - full_command_5_minutes
  - full_command_30_minutes
  - full_command_1_hour
  - full_command_24_hours
  name: test_command_execution_freq
  parameters:
  - get_local_internal_options:
      brief: Get local internal options from the module.
      type: fixture
  - configure_local_internal_options:
      brief: Configure the Wazuh local internal options.
      type: fixture
  - get_configuration:
      brief: Get configurations from the module.
      type: fixture
  - configure_environment:
      brief: Configure a custom environment for testing.
      type: fixture
  - restart_logcollector:
      brief: Clear the 'ossec.log' file and start a new monitor.
      type: fixture
  tags:
  - logs
  - time_travel
  wazuh_min_version: 4.2.0
tier: 0
type: integration

 

test_command_execution.json 

{
    "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <info@wazuh.com>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2",
    "type": "integration",
    "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if commands with different characteristics are executed correctly by the logcollector. They will also check if the 'info' and 'debug' lines are written in the logs when running these commands. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.",
    "tier": 0,
    "modules": [
        "logcollector"
    ],
    "components": [
        "agent",
        "manager"
    ],
    "daemons": [
        "wazuh-logcollector"
    ],
    "os_platform": [
        "linux",
        "macos",
        "solaris"
    ],
    "os_version": [
        "Arch Linux",
        "Amazon Linux 2",
        "Amazon Linux 1",
        "CentOS 8",
        "CentOS 7",
        "CentOS 6",
        "Ubuntu Focal",
        "Ubuntu Bionic",
        "Ubuntu Xenial",
        "Ubuntu Trusty",
        "Debian Buster",
        "Debian Stretch",
        "Debian Jessie",
        "Debian Wheezy",
        "Red Hat 8",
        "Red Hat 7",
        "Red Hat 6",
        "macOS Catalina",
        "Solaris 10",
        "Solaris 11"
    ],
    "references": [
        "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#command",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#alias",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#log-format"
    ],
    "tags": [
        "logcollector_cmd_exec"
    ],
    "name": "test_command_execution.py",
    "id": 3,
    "group_id": 0,
    "tests": [
        {
            "description": "Check if the 'wazuh-logcollector' daemon runs commands with special characteristics. For this purpose, the test will configure the logcollector to run a command, setting it in the 'command' tag and using the 'command' and 'full_command' log formats. The properties of that command can be, for example, a non-existent command or one that includes special characters. Finally, the test will verify that the event, indicating that the command is executed, has been generated.",
            "wazuh_min_version": "4.2.0",
            "parameters": [
                {
                    "get_local_internal_options": {
                        "type": "fixture",
                        "brief": "Get local internal options from the module."
                    }
                },
                {
                    "configure_local_internal_options": {
                        "type": "fixture",
                        "brief": "Configure the Wazuh local internal options."
                    }
                },
                {
                    "get_configuration": {
                        "type": "fixture",
                        "brief": "Get configurations from the module."
                    }
                },
                {
                    "configure_environment": {
                        "type": "fixture",
                        "brief": "Configure a custom environment for testing."
                    }
                },
                {
                    "restart_logcollector": {
                        "type": "fixture",
                        "brief": "Clear the 'ossec.log' file and start a new monitor."
                    }
                }
            ],
            "assertions": [
                "Verify that the logcollector runs the command specified in the 'command' tag."
            ],
            "input_description": "A configuration template (test_command_execution) is contained in an external YAML file (wazuh_command_conf.yaml), which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined with the test cases (log formats and commands to run) defined in the module.",
            "expected_output": [
                "r'.*wazuh-logcollector.*' (this log must indicate the command executed)"
            ],
            "tags": [
                "logs"
            ],
            "name": "test_command_execution",
            "inputs": [
                "command_empty_output",
                "command_check_output_and_alias",
                "command_not_found",
                "command_does not end",
                "command_long_output",
                "command_that_fails",
                "command_special_chars_filename",
                "command_special_chars_command",
                "command_special_chars_echo",
                "full_command_empty_output",
                "full_command_check_output_and_alias",
                "full_command_not_found",
                "full_command_does not end",
                "full_command_long_output",
                "full_command_that_fails",
                "full_command_special_chars_filename",
                "full_command_special_chars_command",
                "full_command_special_chars_echo",
                "command_killed_by_test",
                "full_command_killed_by_test",
                "command_many_arguments",
                "full_command_many_arguments"
            ]
        },
        {
            "description": "Check if the 'wazuh-logcollector' daemon generates debug logs when running commands with special characteristics. For this purpose, the test will configure the logcollector to run a command, setting it in the 'command' tag and using the 'command' and 'full_command' log formats. The properties of that command can be, for example, a non-existent command or one that includes special characters. Once the logcollector has started, it will wait for the 'running' event that indicates that the command has been executed. Finally, the test will verify that the debug 'read N lines' event is generated, this event indicates the number of lines read from the command run. Depending on test case, the test also will verify that the debug event 'reading command' is generated, this event includes the output of the command run, and its alias if it is set in the 'alias' tag.",
            "wazuh_min_version": "4.2.0",
            "parameters": [
                {
                    "get_local_internal_options": {
                        "type": "fixture",
                        "brief": "Get local internal options from the module."
                    }
                },
                {
                    "configure_local_internal_options": {
                        "type": "fixture",
                        "brief": "Configure the Wazuh local internal options."
                    }
                },
                {
                    "get_configuration": {
                        "type": "fixture",
                        "brief": "Get configurations from the module."
                    }
                },
                {
                    "configure_environment": {
                        "type": "fixture",
                        "brief": "Configure a custom environment for testing."
                    }
                },
                {
                    "restart_logcollector": {
                        "type": "fixture",
                        "brief": "Clear the 'ossec.log' file and start a new monitor."
                    }
                }
            ],
            "assertions": [
                "Verify that the debug 'running' event is generated when running the command set in the 'command' tag.",
                "Verify that the debug 'reading command' event is generated when running the related command.",
                "Verify that the debug 'lines' event is generated when running the related command."
            ],
            "input_description": "A configuration template (test_command_execution) is contained in an external YAML file (wazuh_command_conf.yaml), which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined with the test cases (log formats and commands to run) defined in the module.",
            "expected_output": [
                {
                    "r'DEBUG": "Running .*'"
                },
                {
                    "r'DEBUG": "Reading command message.*'"
                },
                "r'lines from command .*'"
            ],
            "tags": [
                "logs"
            ],
            "name": "test_command_execution_dbg",
            "inputs": [
                "command_empty_output",
                "command_check_output_and_alias",
                "command_not_found",
                "command_does not end",
                "command_long_output",
                "command_that_fails",
                "command_special_chars_filename",
                "command_special_chars_command",
                "command_special_chars_echo",
                "full_command_empty_output",
                "full_command_check_output_and_alias",
                "full_command_not_found",
                "full_command_does not end",
                "full_command_long_output",
                "full_command_that_fails",
                "full_command_special_chars_filename",
                "full_command_special_chars_command",
                "full_command_special_chars_echo",
                "command_killed_by_test",
                "full_command_killed_by_test",
                "command_many_arguments",
                "full_command_many_arguments"
            ]
        }
    ]
}

test_command_execution.yaml 

brief: The 'wazuh-logcollector' daemon monitors configured files and commands for
  new log messages. Specifically, these tests will check if commands with different
  characteristics are executed correctly by the logcollector. They will also check
  if the 'info' and 'debug' lines are written in the logs when running these commands.
  Log data collection is the real-time process of making sense out of the records
  generated by servers or devices. This component can receive logs through text files
  or Windows event logs. It can also directly receive logs via remote syslog which
  is useful for firewalls and other such devices.
components:
- agent
- manager
copyright: 'Copyright (C) 2015-2021, Wazuh Inc.

  Created by Wazuh, Inc. <info@wazuh.com>.

  This program is free software; you can redistribute it and/or modify it under the
  terms of GPLv2'
daemons:
- wazuh-logcollector
group_id: 0
id: 3
modules:
- logcollector
name: test_command_execution.py
os_platform:
- linux
- macos
- solaris
os_version:
- Arch Linux
- Amazon Linux 2
- Amazon Linux 1
- CentOS 8
- CentOS 7
- CentOS 6
- Ubuntu Focal
- Ubuntu Bionic
- Ubuntu Xenial
- Ubuntu Trusty
- Debian Buster
- Debian Stretch
- Debian Jessie
- Debian Wheezy
- Red Hat 8
- Red Hat 7
- Red Hat 6
- macOS Catalina
- Solaris 10
- Solaris 11
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#command
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#alias
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#log-format
tags:
- logcollector_cmd_exec
tests:
- assertions:
  - Verify that the logcollector runs the command specified in the 'command' tag.
  description: Check if the 'wazuh-logcollector' daemon runs commands with special
    characteristics. For this purpose, the test will configure the logcollector to
    run a command, setting it in the 'command' tag and using the 'command' and 'full_command'
    log formats. The properties of that command can be, for example, a non-existent
    command or one that includes special characters. Finally, the test will verify
    that the event, indicating that the command is executed, has been generated.
  expected_output:
  - r'.*wazuh-logcollector.*' (this log must indicate the command executed)
  input_description: A configuration template (test_command_execution) is contained
    in an external YAML file (wazuh_command_conf.yaml), which includes configuration
    settings for the 'wazuh-logcollector' daemon and, it is combined with the test
    cases (log formats and commands to run) defined in the module.
  inputs:
  - command_empty_output
  - command_check_output_and_alias
  - command_not_found
  - command_does not end
  - command_long_output
  - command_that_fails
  - command_special_chars_filename
  - command_special_chars_command
  - command_special_chars_echo
  - full_command_empty_output
  - full_command_check_output_and_alias
  - full_command_not_found
  - full_command_does not end
  - full_command_long_output
  - full_command_that_fails
  - full_command_special_chars_filename
  - full_command_special_chars_command
  - full_command_special_chars_echo
  - command_killed_by_test
  - full_command_killed_by_test
  - command_many_arguments
  - full_command_many_arguments
  name: test_command_execution
  parameters:
  - get_local_internal_options:
      brief: Get local internal options from the module.
      type: fixture
  - configure_local_internal_options:
      brief: Configure the Wazuh local internal options.
      type: fixture
  - get_configuration:
      brief: Get configurations from the module.
      type: fixture
  - configure_environment:
      brief: Configure a custom environment for testing.
      type: fixture
  - restart_logcollector:
      brief: Clear the 'ossec.log' file and start a new monitor.
      type: fixture
  tags:
  - logs
  wazuh_min_version: 4.2.0
- assertions:
  - Verify that the debug 'running' event is generated when running the command set
    in the 'command' tag.
  - Verify that the debug 'reading command' event is generated when running the related
    command.
  - Verify that the debug 'lines' event is generated when running the related command.
  description: Check if the 'wazuh-logcollector' daemon generates debug logs when
    running commands with special characteristics. For this purpose, the test will
    configure the logcollector to run a command, setting it in the 'command' tag and
    using the 'command' and 'full_command' log formats. The properties of that command
    can be, for example, a non-existent command or one that includes special characters.
    Once the logcollector has started, it will wait for the 'running' event that indicates
    that the command has been executed. Finally, the test will verify that the debug
    'read N lines' event is generated, this event indicates the number of lines read
    from the command run. Depending on test case, the test also will verify that the
    debug event 'reading command' is generated, this event includes the output of
    the command run, and its alias if it is set in the 'alias' tag.
  expected_output:
  - r'DEBUG: Running .*'
  - r'DEBUG: Reading command message.*'
  - r'lines from command .*'
  input_description: A configuration template (test_command_execution) is contained
    in an external YAML file (wazuh_command_conf.yaml), which includes configuration
    settings for the 'wazuh-logcollector' daemon and, it is combined with the test
    cases (log formats and commands to run) defined in the module.
  inputs:
  - command_empty_output
  - command_check_output_and_alias
  - command_not_found
  - command_does not end
  - command_long_output
  - command_that_fails
  - command_special_chars_filename
  - command_special_chars_command
  - command_special_chars_echo
  - full_command_empty_output
  - full_command_check_output_and_alias
  - full_command_not_found
  - full_command_does not end
  - full_command_long_output
  - full_command_that_fails
  - full_command_special_chars_filename
  - full_command_special_chars_command
  - full_command_special_chars_echo
  - command_killed_by_test
  - full_command_killed_by_test
  - command_many_arguments
  - full_command_many_arguments
  name: test_command_execution_dbg
  parameters:
  - get_local_internal_options:
      brief: Get local internal options from the module.
      type: fixture
  - configure_local_internal_options:
      brief: Configure the Wazuh local internal options.
      type: fixture
  - get_configuration:
      brief: Get configurations from the module.
      type: fixture
  - configure_environment:
      brief: Configure a custom environment for testing.
      type: fixture
  - restart_logcollector:
      brief: Clear the 'ossec.log' file and start a new monitor.
      type: fixture
  tags:
  - logs
  wazuh_min_version: 4.2.0
tier: 0
type: integration

test_keep_running

test_keep_running.json 

{
    "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <info@wazuh.com>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2",
    "type": "integration",
    "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the logcollector keeps running once a monitored log is rotated or truncated. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.",
    "tier": 0,
    "modules": [
        "logcollector"
    ],
    "components": [
        "agent",
        "manager"
    ],
    "daemons": [
        "wazuh-logcollector"
    ],
    "os_platform": [
        "linux",
        "macos",
        "solaris"
    ],
    "os_version": [
        "Arch Linux",
        "Amazon Linux 2",
        "Amazon Linux 1",
        "CentOS 8",
        "CentOS 7",
        "CentOS 6",
        "Ubuntu Focal",
        "Ubuntu Bionic",
        "Ubuntu Xenial",
        "Ubuntu Trusty",
        "Debian Buster",
        "Debian Stretch",
        "Debian Jessie",
        "Debian Wheezy",
        "Red Hat 8",
        "Red Hat 7",
        "Red Hat 6",
        "macOS Catalina",
        "Solaris 10",
        "Solaris 11"
    ],
    "references": [
        "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html"
    ],
    "tags": [
        "logcollector_keep_running"
    ],
    "name": "test_keep_running.py",
    "id": 5,
    "group_id": 0,
    "tests": [
        {
            "description": "Check if the 'wazuh-logcollector' daemon keeps running once a log is rotated or truncated. For this purpose, the test will create a testing log file and configure a 'localfile' section to monitor it. Then, it will verify that the log is monitored, add data to it, and verify that the data addition is detected. After this, the test will rotate or truncate (depending on the test case) the log file, and check if an event indicating that the inode of the monitored log is changed has been generated (rotate), or an event indicating that the size of that log is reduced (truncate). Finally, the test will add more data to the rotated/truncated log and verify that event indicating the data addition is detected.",
            "wazuh_min_version": "4.2.0",
            "parameters": [
                {
                    "get_local_internal_options": {
                        "type": "fixture",
                        "brief": "Get local internal options from the module."
                    }
                },
                {
                    "configure_local_internal_options": {
                        "type": "fixture",
                        "brief": "Configure the Wazuh local internal options."
                    }
                },
                {
                    "get_configuration": {
                        "type": "fixture",
                        "brief": "Get configurations from the module."
                    }
                },
                {
                    "configure_environment": {
                        "type": "fixture",
                        "brief": "Configure a custom environment for testing."
                    }
                },
                {
                    "create_file_structure_module": {
                        "type": "fixture",
                        "brief": "Create the specified file tree structure."
                    }
                },
                {
                    "restart_logcollector": {
                        "type": "fixture",
                        "brief": "Clear the 'ossec.log' file and start a new monitor."
                    }
                }
            ],
            "assertions": [
                "Verify that the logcollector detects data addition on a monitored log file after and before of the log rotation/truncation..",
                "Verify that the logcollector detects the log rotation by detecting changes on its inode.",
                "Verify that the logcollector detects the log truncation by detecting changes in its size."
            ],
            "input_description": "A configuration template (test_keep_running) is contained in an external YAML file (wazuh_keep_running_conf.yaml). That template is combined with two test cases defined in the module. Those include configuration settings for the 'wazuh-logcollector' daemon.",
            "expected_output": [
                "r'Analyzing file.*'",
                "r'Reading syslog message'",
                "r'File inode changed.' (when the monitored log file is rotated)",
                "r'File size reduced.' (when the monitored log file is truncated)"
            ],
            "tags": [
                "logs"
            ],
            "name": "test_keep_running",
            "inputs": [
                "rotate_/tmp/wazuh-testing/test_log.log_in_syslog_format",
                "truncate_/tmp/wazuh-testing/test_log.log_in_syslog_format"
            ]
        }
    ]
}

test_keep_running.yaml 

brief: The 'wazuh-logcollector' daemon monitors configured files and commands for
  new log messages. Specifically, these tests will check if the logcollector keeps
  running once a monitored log is rotated or truncated. Log data collection is the
  real-time process of making sense out of the records generated by servers or devices.
  This component can receive logs through text files or Windows event logs. It can
  also directly receive logs via remote syslog which is useful for firewalls and other
  such devices.
components:
- agent
- manager
copyright: 'Copyright (C) 2015-2021, Wazuh Inc.

  Created by Wazuh, Inc. <info@wazuh.com>.

  This program is free software; you can redistribute it and/or modify it under the
  terms of GPLv2'
daemons:
- wazuh-logcollector
group_id: 0
id: 5
modules:
- logcollector
name: test_keep_running.py
os_platform:
- linux
- macos
- solaris
os_version:
- Arch Linux
- Amazon Linux 2
- Amazon Linux 1
- CentOS 8
- CentOS 7
- CentOS 6
- Ubuntu Focal
- Ubuntu Bionic
- Ubuntu Xenial
- Ubuntu Trusty
- Debian Buster
- Debian Stretch
- Debian Jessie
- Debian Wheezy
- Red Hat 8
- Red Hat 7
- Red Hat 6
- macOS Catalina
- Solaris 10
- Solaris 11
references:
- https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html
tags:
- logcollector_keep_running
tests:
- assertions:
  - Verify that the logcollector detects data addition on a monitored log file after
    and before of the log rotation/truncation..
  - Verify that the logcollector detects the log rotation by detecting changes on
    its inode.
  - Verify that the logcollector detects the log truncation by detecting changes in
    its size.
  description: Check if the 'wazuh-logcollector' daemon keeps running once a log is
    rotated or truncated. For this purpose, the test will create a testing log file
    and configure a 'localfile' section to monitor it. Then, it will verify that the
    log is monitored, add data to it, and verify that the data addition is detected.
    After this, the test will rotate or truncate (depending on the test case) the
    log file, and check if an event indicating that the inode of the monitored log
    is changed has been generated (rotate), or an event indicating that the size of
    that log is reduced (truncate). Finally, the test will add more data to the rotated/truncated
    log and verify that event indicating the data addition is detected.
  expected_output:
  - r'Analyzing file.*'
  - r'Reading syslog message'
  - r'File inode changed.' (when the monitored log file is rotated)
  - r'File size reduced.' (when the monitored log file is truncated)
  input_description: A configuration template (test_keep_running) is contained in
    an external YAML file (wazuh_keep_running_conf.yaml). That template is combined
    with two test cases defined in the module. Those include configuration settings
    for the 'wazuh-logcollector' daemon.
  inputs:
  - rotate_/tmp/wazuh-testing/test_log.log_in_syslog_format
  - truncate_/tmp/wazuh-testing/test_log.log_in_syslog_format
  name: test_keep_running
  parameters:
  - get_local_internal_options:
      brief: Get local internal options from the module.
      type: fixture
  - configure_local_internal_options:
      brief: Configure the Wazuh local internal options.
      type: fixture
  - get_configuration:
      brief: Get configurations from the module.
      type: fixture
  - configure_environment:
      brief: Configure a custom environment for testing.
      type: fixture
  - create_file_structure_module:
      brief: Create the specified file tree structure.
      type: fixture
  - restart_logcollector:
      brief: Clear the 'ossec.log' file and start a new monitor.
      type: fixture
  tags:
  - logs
  wazuh_min_version: 4.2.0
tier: 0
type: integration

Tests

  • Python codebase satisfies PEP-8 style style guide. pycodestyle --max-line-length=120 --show-source --show-pep8 file.py.
  • The DocGenerator sanity check test does not return errors. python3 DocGenerator.py -s

@mdengra
doc: Add test_age, test_command_monitoring, and test_keep_running of …
d6fcccd 
…test_logcollector documentation in QA Docs style

The current scheme of the issue #1694 has been used.
PEP-8 fixes.

Related: #1796
@mdengra mdengra self-assigned this Nov 3, 2021
@mdengra mdengra linked an issue Nov 3, 2021 that may be closed by this pull request
qa-docs: Migrate test_logcollector documentation to schema 2.0 #1813
Closed
50 tasks
roronoasins
roronoasins previously approved these changes Nov 3, 2021
View reviewed changes
Copy link
Contributor

@roronoasins roronoasins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@mdengra mdengra mentioned this pull request Nov 3, 2021
Closed
1 task
@fernandolojano
Copy link
Contributor

QA-docs execution

test_age_basic

Results

(testing-wazuh) reko@R98:~/repos/testing-wazuh/qa-docs/wazuh-qa/deps/wazuh_testing$ qa-docs --tests-path  /home/reko/repos/testing-wazuh/PR2162/wazuh-qa/tests/integration/test_logcollector/ -t  test_age_basic
2022-01-07 11:03:42,684 - INFO - Looking for test_age_basic.py
2022-01-07 11:03:42,684 - INFO - Parsing the following test(s) ['test_age_basic']
2022-01-07 11:03:42,698 - INFO - Running QADOCS
2022-01-07 11:03:42,698 - INFO - Looking for test_age_basic.py
2022-01-07 11:03:42,869 - INFO - Run completed, documentation location: /tmp/qa_docs/output

Generated documentation

test_age_basic.json 

{
    "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <info@wazuh.com>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2",
    "type": "integration",
    "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the 'age' option work as expected, ignoring files that have not been modified for a time greater than the 'age' value using the current date. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.",
    "tier": 0,
    "modules": [
        "logcollector"
    ],
    "components": [
        "agent",
        "manager"
    ],
    "daemons": [
        "wazuh-logcollector"
    ],
    "os_platform": [
        "linux",
        "windows"
    ],
    "os_version": [
        "Arch Linux",
        "Amazon Linux 2",
        "Amazon Linux 1",
        "CentOS 8",
        "CentOS 7",
        "CentOS 6",
        "Ubuntu Focal",
        "Ubuntu Bionic",
        "Ubuntu Xenial",
        "Ubuntu Trusty",
        "Debian Buster",
        "Debian Stretch",
        "Debian Jessie",
        "Debian Wheezy",
        "Red Hat 8",
        "Red Hat 7",
        "Red Hat 6",
        "Windows 10",
        "Windows 8",
        "Windows 7",
        "Windows Server 2019",
        "Windows Server 2016",
        "Windows Server 2012",
        "Windows Server 2003",
        "Windows XP"
    ],
    "references": [
        "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#age"
    ],
    "tags": [
        "logcollector_age"
    ],
    "name": "test_age_basic.py",
    "id": 1,
    "group_id": 0,
    "path": "tests/integration/test_logcollector/test_age/test_age_basic.py",
    "tests": [
        {
            "description": "Check if the 'wazuh-logcollector' daemon ignores the monitored files that have not been modified for a time greater than the value set in the 'age' tag. For this purpose, the test will create a folder with a testing log file to be monitored and configure different values for the 'age' option. Once the logcollector has started, it will wait for the event that indicates that the log file is being monitored, and depending on the 'age' value, check if the 'ignore' event is triggered or not. Finally, the test will modify the logs and verify that 'read' events are generated from ignored and not ignored files.",
            "wazuh_min_version": "4.2.0",
            "parameters": [
                {
                    "configure_local_internal_options_module": {
                        "type": "fixture",
                        "brief": "Configure the Wazuh local internal options file."
                    }
                },
                {
                    "get_files_list": {
                        "type": "fixture",
                        "brief": "Get file list to create from the module."
                    }
                },
                {
                    "create_file_structure_function": {
                        "type": "fixture",
                        "brief": "Create the specified file tree structure."
                    }
                },
                {
                    "get_configuration": {
                        "type": "fixture",
                        "brief": "Get configurations from the module."
                    }
                },
                {
                    "configure_environment": {
                        "type": "fixture",
                        "brief": "Configure a custom environment for testing."
                    }
                },
                {
                    "file_monitoring": {
                        "type": "fixture",
                        "brief": "Handle the monitoring of a specified file."
                    }
                },
                {
                    "restart_logcollector": {
                        "type": "fixture",
                        "brief": "Clear the 'ossec.log' file and start a new monitor."
                    }
                }
            ],
            "assertions": [
                "Verify that the logcollector detects the testing log file to monitor.",
                "Verify that the logcollector ignores the monitored files that have not been modified for a time greater than the 'age' value.",
                "Verify that the logcollector does not ignore the monitored files that have been modified for a time greater than the 'age' value."
            ],
            "input_description": "A configuration template (test_age) is contained in an external YAML file (wazuh_age.yaml), which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined with the test cases (settings and files to monitor) defined in the module.",
            "expected_output": [
                "r'New file that matches the .* pattern.*'",
                "r'DEBUG: Ignoring file .* due to modification time'",
                "r'DEBUG: Reading syslog message.*'",
                "r'DEBUG: Read .* lines from.*'"
            ],
            "tags": [
                "logs"
            ],
            "name": "test_configuration_age_basic"
        }
    ]
}

test_age_datetime_changed

Results

(testing-wazuh) reko@R98:~/repos/testing-wazuh/qa-docs/wazuh-qa/deps/wazuh_testing$ qa-docs --tests-path  /home/reko/repos/testing-wazuh/PR2162/wazuh-qa/tests/integration/test_logcollector/ -t  test_age_datetime_changed
2022-01-07 11:16:01,996 - INFO - Looking for test_age_datetime_changed.py
2022-01-07 11:16:01,996 - INFO - Parsing the following test(s) ['test_age_datetime_changed']
2022-01-07 11:16:02,009 - INFO - Running QADOCS
2022-01-07 11:16:02,009 - INFO - Looking for test_age_datetime_changed.py
2022-01-07 11:16:02,181 - INFO - Run completed, documentation location: /tmp/qa_docs/output

Generated documentation

test_age_datetime_changed.json 

{
    "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <info@wazuh.com>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2",
    "type": "integration",
    "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if the 'age' option work as expected, ignoring files that have not been modified for a time greater than the 'age' value when the system datetime is changed while the logcollector process is running. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.",
    "tier": 0,
    "modules": [
        "logcollector"
    ],
    "components": [
        "agent",
        "manager"
    ],
    "daemons": [
        "wazuh-logcollector"
    ],
    "os_platform": [
        "linux",
        "windows"
    ],
    "os_version": [
        "Arch Linux",
        "Amazon Linux 2",
        "Amazon Linux 1",
        "CentOS 8",
        "CentOS 7",
        "CentOS 6",
        "Ubuntu Focal",
        "Ubuntu Bionic",
        "Ubuntu Xenial",
        "Ubuntu Trusty",
        "Debian Buster",
        "Debian Stretch",
        "Debian Jessie",
        "Debian Wheezy",
        "Red Hat 8",
        "Red Hat 7",
        "Red Hat 6",
        "Windows 10",
        "Windows 8",
        "Windows 7",
        "Windows Server 2019",
        "Windows Server 2016",
        "Windows Server 2012",
        "Windows Server 2003",
        "Windows XP"
    ],
    "references": [
        "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#age"
    ],
    "tags": [
        "logcollector_age"
    ],
    "name": "test_age_datetime_changed.py",
    "id": 1,
    "group_id": 0,
    "path": "tests/integration/test_logcollector/test_age/test_age_datetime_changed.py",
    "tests": [
        {
            "description": "Check if the 'wazuh-logcollector' daemon ignores the monitored files that have not been modified for a time greater than the value set in the 'age' tag, and the system datetime is changed. For this purpose, the test will create a folder with a testing log file to be monitored and configure different values for the 'age' option. Once the logcollector has started, it will change the system datetime and wait for the event that indicates that the log file is being monitored. Finally, depending on the 'age' value, the test will verify that the 'ignore' event is triggered or not and restore the system datetime to its initial value.",
            "wazuh_min_version": "4.2.0",
            "parameters": [
                {
                    "get_configuration": {
                        "type": "fixture",
                        "brief": "Get configurations from the module."
                    }
                },
                {
                    "configure_environment": {
                        "type": "fixture",
                        "brief": "Configure a custom environment for testing."
                    }
                },
                {
                    "configure_local_internal_options_module": {
                        "type": "fixture",
                        "brief": "Configure the Wazuh local internal options."
                    }
                },
                {
                    "restart_monitord": {
                        "type": "fixture",
                        "brief": "Reset the log file and start a new monitor."
                    }
                },
                {
                    "restart_logcollector_function": {
                        "type": "fixture",
                        "brief": "Clear the 'ossec.log' file and start a new monitor"
                    }
                },
                {
                    "file_monitoring": {
                        "type": "fixture",
                        "brief": "Handle the monitoring of a specified file."
                    }
                },
                {
                    "new_datetime": {
                        "type": "str",
                        "brief": "Time to forward/backward the current datetime."
                    }
                },
                {
                    "get_files_list": {
                        "type": "fixture",
                        "brief": "Get file list to create from the module."
                    }
                },
                {
                    "create_file_structure_function": {
                        "type": "fixture",
                        "brief": "Create the specified file tree structure."
                    }
                }
            ],
            "assertions": [
                "Verify that the logcollector detects the testing log file to monitor.",
                "Verify that the logcollector ignores the monitored files that have not been modified for a time greater than the 'age' value.",
                "Verify that the logcollector does not ignore the monitored files that have been modified for a time greater than the 'age' value."
            ],
            "input_description": "A configuration template (test_age) is contained in an external YAML file (wazuh_age.yaml), which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined with the test cases (settings, time offset, and files to monitor) defined in the module.",
            "expected_output": [
                "r'New file that matches the .* pattern.*'",
                "r'DEBUG: Ignoring file .* due to modification time''"
            ],
            "tags": [
                "logs",
                "time_travel"
            ],
            "name": "test_configuration_age_datetime"
        }
    ]
}

test_command_execution

Results

(testing-wazuh) reko@R98:~/repos/testing-wazuh/qa-docs/wazuh-qa/deps/wazuh_testing$ qa-docs --tests-path  /home/reko/repos/testing-wazuh/PR2162/wazuh-qa/tests/integration/test_logcollector/ -t  test_command_execution
2022-01-07 11:01:18,952 - INFO - Looking for test_command_execution.py
2022-01-07 11:01:18,952 - INFO - Parsing the following test(s) ['test_command_execution']
2022-01-07 11:01:18,966 - INFO - Running QADOCS
2022-01-07 11:01:18,966 - INFO - Looking for test_command_execution.py
2022-01-07 11:01:19,136 - INFO - Run completed, documentation location: /tmp/qa_docs/output

Generated documentation

test_command_execution.json 

{
    "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <info@wazuh.com>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2",
    "type": "integration",
    "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if commands with different characteristics are executed correctly by the logcollector. They will also check if the 'info' and 'debug' lines are written in the logs when running these commands. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.",
    "tier": 0,
    "modules": [
        "logcollector"
    ],
    "components": [
        "agent",
        "manager"
    ],
    "daemons": [
        "wazuh-logcollector"
    ],
    "os_platform": [
        "linux",
        "macos",
        "solaris"
    ],
    "os_version": [
        "Arch Linux",
        "Amazon Linux 2",
        "Amazon Linux 1",
        "CentOS 8",
        "CentOS 7",
        "CentOS 6",
        "Ubuntu Focal",
        "Ubuntu Bionic",
        "Ubuntu Xenial",
        "Ubuntu Trusty",
        "Debian Buster",
        "Debian Stretch",
        "Debian Jessie",
        "Debian Wheezy",
        "Red Hat 8",
        "Red Hat 7",
        "Red Hat 6",
        "macOS Catalina",
        "Solaris 10",
        "Solaris 11"
    ],
    "references": [
        "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#command",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#alias",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#log-format"
    ],
    "tags": [
        "logcollector_cmd_exec"
    ],
    "name": "test_command_execution.py",
    "id": 1,
    "group_id": 0,
    "path": "tests/integration/test_logcollector/test_command_monitoring/test_command_execution.py",
    "tests": [
        {
            "description": "Check if the 'wazuh-logcollector' daemon runs commands with special characteristics. For this purpose, the test will configure the logcollector to run a command, setting it in the 'command' tag and using the 'command' and 'full_command' log formats. The properties of that command can be, for example, a non-existent command or one that includes special characters. Finally, the test will verify that the event, indicating that the command is executed, has been generated.",
            "wazuh_min_version": "4.2.0",
            "parameters": [
                {
                    "configure_local_internal_options_module": {
                        "type": "fixture",
                        "brief": "Configure the Wazuh local internal options."
                    }
                },
                {
                    "get_configuration": {
                        "type": "fixture",
                        "brief": "Get configurations from the module."
                    }
                },
                {
                    "configure_environment": {
                        "type": "fixture",
                        "brief": "Configure a custom environment for testing."
                    }
                },
                {
                    "file_monitoring": {
                        "type": "fixture",
                        "brief": "Handle the monitoring of a specified file."
                    }
                },
                {
                    "restart_logcollector": {
                        "type": "fixture",
                        "brief": "Clear the 'ossec.log' file and start a new monitor."
                    }
                }
            ],
            "assertions": [
                "Verify that the logcollector runs the command specified in the 'command' tag."
            ],
            "input_description": "A configuration template (test_command_execution) is contained in an external YAML file (wazuh_command_conf.yaml), which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined with the test cases (log formats and commands to run) defined in the module.",
            "expected_output": [
                "r'.*wazuh-logcollector.*' (this log must indicate the command executed)"
            ],
            "tags": [
                "logs"
            ],
            "name": "test_command_execution"
        }
    ]
}

test_command_execution_freq

Results

(testing-wazuh) reko@R98:~/repos/testing-wazuh/qa-docs/wazuh-qa/deps/wazuh_testing$ qa-docs --tests-path  /home/reko/repos/testing-wazuh/PR2162/wazuh-qa/tests/integration/test_logcollector/ -t  test_command_execution_freq
2022-01-07 11:13:31,971 - INFO - Looking for test_command_execution_freq.py
2022-01-07 11:13:31,971 - INFO - Parsing the following test(s) ['test_command_execution_freq']
2022-01-07 11:13:31,984 - INFO - Running QADOCS
2022-01-07 11:13:31,984 - INFO - Looking for test_command_execution_freq.py
2022-01-07 11:13:32,153 - INFO - Run completed, documentation location: /tmp/qa_docs/output

Generated documentation

test_command_execution_freq.json 

{
    "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <info@wazuh.com>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2",
    "type": "integration",
    "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if commands are executed at specific intervals set in the 'frequency' tag using the log formats 'command' and 'full_commnad'. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.",
    "tier": 0,
    "modules": [
        "logcollector"
    ],
    "components": [
        "agent",
        "manager"
    ],
    "daemons": [
        "wazuh-logcollector"
    ],
    "os_platform": [
        "linux",
        "macos",
        "solaris"
    ],
    "os_version": [
        "Arch Linux",
        "Amazon Linux 2",
        "Amazon Linux 1",
        "CentOS 8",
        "CentOS 7",
        "CentOS 6",
        "Ubuntu Focal",
        "Ubuntu Bionic",
        "Ubuntu Xenial",
        "Ubuntu Trusty",
        "Debian Buster",
        "Debian Stretch",
        "Debian Jessie",
        "Debian Wheezy",
        "Red Hat 8",
        "Red Hat 7",
        "Red Hat 6",
        "macOS Catalina",
        "Solaris 10",
        "Solaris 11"
    ],
    "references": [
        "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#command",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#frequency"
    ],
    "tags": [
        "logcollector_cmd_exec"
    ],
    "name": "test_command_execution_freq.py",
    "id": 1,
    "group_id": 0,
    "path": "tests/integration/test_logcollector/test_command_monitoring/test_command_execution_freq.py",
    "tests": [
        {
            "description": "Check if the 'wazuh-logcollector' daemon runs commands at the specified interval, set in the 'frequency' tag. For this purpose, the test will configure the logcollector to run a command at specific intervals. Then it will travel in time up to the middle of the interval set in the 'frequency' tag, and verify that the 'running' event is not been generated. That confirms that the command is not executed. Finally, the test will travel in time again up to the next interval and verify that the command is executed by detecting the 'running' event.",
            "wazuh_min_version": "4.2.0",
            "parameters": [
                {
                    "configure_local_internal_options_module": {
                        "type": "fixture",
                        "brief": "Configure the Wazuh local internal options file."
                    }
                },
                {
                    "get_configuration": {
                        "type": "fixture",
                        "brief": "Get configurations from the module."
                    }
                },
                {
                    "file_monitoring": {
                        "type": "fixture",
                        "brief": "Handle the monitoring of a specified file."
                    }
                },
                {
                    "configure_environment": {
                        "type": "fixture",
                        "brief": "Configure a custom environment for testing."
                    }
                },
                {
                    "restart_monitord": {
                        "type": "fixture",
                        "brief": "Reset the log file and start a new monitor."
                    }
                },
                {
                    "restart_logcollector": {
                        "type": "fixture",
                        "brief": "Clear the 'ossec.log' file and start a new monitor."
                    }
                }
            ],
            "assertions": [
                "Verify that the logcollector runs commands at the interval set in the 'frequency' tag.",
                "Verify that the logcollector does not run commands before the interval set in the 'frequency' tag expires."
            ],
            "input_description": "A configuration template (test_command_execution_freq) is contained in an external YAML file (wazuh_command_conf.yaml), which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined with the test cases (log formats, frequencies, and commands to run) defined in the module.",
            "expected_output": [
                "r'DEBUG: Running .*'"
            ],
            "tags": [
                "logs",
                "time_travel"
            ],
            "name": "test_command_execution_freq"
        }
    ]
}

test_command_execution_dbg

Results

(testing-wazuh) reko@R98:~/repos/testing-wazuh/qa-docs/wazuh-qa/deps/wazuh_testing$ qa-docs --tests-path  /home/reko/repos/testing-wazuh/PR2162/wazuh-qa/tests/integration/test_logcollector/ -t  test_command_execution_dbg
2022-01-07 11:10:32,066 - INFO - Looking for test_command_execution_dbg.py
2022-01-07 11:10:32,066 - INFO - Parsing the following test(s) ['test_command_execution_dbg']
2022-01-07 11:10:32,079 - INFO - Running QADOCS
2022-01-07 11:10:32,079 - INFO - Looking for test_command_execution_dbg.py
2022-01-07 11:10:32,251 - INFO - Run completed, documentation location: /tmp/qa_docs/output

Generated documentation

test_command_execution_dbg.json 

{
    "copyright": "Copyright (C) 2015-2021, Wazuh Inc. Created by Wazuh, Inc. <info@wazuh.com>. This program is free software; you can redistribute it and/or modify it under the terms of GPLv2",
    "type": "integration",
    "brief": "The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages. Specifically, these tests will check if commands with different characteristics are executed correctly by the logcollector. They will also check if the 'info' and 'debug' lines are written in the logs when running these commands. Log data collection is the real-time process of making sense out of the records generated by servers or devices. This component can receive logs through text files or Windows event logs. It can also directly receive logs via remote syslog which is useful for firewalls and other such devices.",
    "tier": 0,
    "modules": [
        "logcollector"
    ],
    "components": [
        "agent",
        "manager"
    ],
    "daemons": [
        "wazuh-logcollector"
    ],
    "os_platform": [
        "linux",
        "macos",
        "solaris"
    ],
    "os_version": [
        "Arch Linux",
        "Amazon Linux 2",
        "Amazon Linux 1",
        "CentOS 8",
        "CentOS 7",
        "CentOS 6",
        "Ubuntu Focal",
        "Ubuntu Bionic",
        "Ubuntu Xenial",
        "Ubuntu Trusty",
        "Debian Buster",
        "Debian Stretch",
        "Debian Jessie",
        "Debian Wheezy",
        "Red Hat 8",
        "Red Hat 7",
        "Red Hat 6",
        "macOS Catalina",
        "Solaris 10",
        "Solaris 11"
    ],
    "references": [
        "https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#command",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#alias",
        "https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#log-format"
    ],
    "tags": [
        "logcollector_cmd_exec"
    ],
    "name": "test_command_execution_dbg.py",
    "id": 1,
    "group_id": 0,
    "path": "tests/integration/test_logcollector/test_command_monitoring/test_command_execution_dbg.py",
    "tests": [
        {
            "description": "Check if the 'wazuh-logcollector' daemon generates debug logs when running commands with special characteristics. For this purpose, the test will configure the logcollector to run a command, setting it in the 'command' tag and using the 'command' and 'full_command' log formats. The properties of that command can be, for example, a non-existent command or one that includes special characters. Once the logcollector has started, it will wait for the 'running' event that indicates that the command has been executed. Finally, the test will verify that the debug 'read N lines' event is generated, this event indicates the number of lines read from the command run. Depending on test case, the test also will verify that the debug event 'reading command' is generated, this event includes the output of the command run, and its alias if it is set in the 'alias' tag.",
            "wazuh_min_version": "4.2.0",
            "parameters": [
                {
                    "configure_local_internal_options_module": {
                        "type": "fixture",
                        "brief": "Configure the Wazuh local internal options."
                    }
                },
                {
                    "configure_local_internal_options": {
                        "type": "fixture",
                        "brief": "Configure the Wazuh local internal options."
                    }
                },
                {
                    "get_configuration": {
                        "type": "fixture",
                        "brief": "Get configurations from the module."
                    }
                },
                {
                    "file_monitoring": {
                        "type": "fixture",
                        "brief": "Handle the monitoring of a specified file."
                    }
                },
                {
                    "configure_environment": {
                        "type": "fixture",
                        "brief": "Configure a custom environment for testing."
                    }
                },
                {
                    "restart_logcollector": {
                        "type": "fixture",
                        "brief": "Clear the 'ossec.log' file and start a new monitor."
                    }
                }
            ],
            "assertions": [
                "Verify that the debug 'running' event is generated when running the command set in the 'command' tag.",
                "Verify that the debug 'reading command' event is generated when running the related command.",
                "Verify that the debug 'lines' event is generated when running the related command."
            ],
            "input_description": "A configuration template (test_command_execution) is contained in an external YAML file (wazuh_command_conf.yaml), which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined with the test cases (log formats and commands to run) defined in the module.",
            "expected_output": [
                "r'DEBUG: Running .*'",
                "r'DEBUG: Reading command message.*'",
                "r'lines from command .*'"
            ],
            "tags": [
                "logs"
            ],
            "name": "test_command_execution_dbg"
        }
    ]
}

test_keep_running

Results


(testing-wazuh) reko@R98:~/repos/testing-wazuh/qa-docs/wazuh-qa/deps/wazuh_testing$ qa-docs --tests-path  /home/reko/repos/testing-wazuh/PR2162/wazuh-qa/tests/integration/test_logcollector/ -t  test_keep_running
2022-01-07 11:24:24,975 - INFO - Looking for test_keep_running.py
2022-01-07 11:24:24,975 - INFO - Parsing the following test(s) ['test_keep_running']
2022-01-07 11:24:24,989 - INFO - Running QADOCS
2022-01-07 11:24:24,989 - INFO - Looking for test_keep_running.py
2022-01-07 11:24:25,159 - INFO - Run completed, documentation location: /tmp/qa_docs/output

Generated documentation

test_keep_running.json 






      		
    

  





          

        


            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
          

  

    
  

  



        @snaow
  snaow



        merged commit 5d200df
      into

      
  
    master
  


    Jan 27, 2022

  







  

  
  

  
      @snaow
  snaow


    
    deleted the
    
      
        1796-migrate-doc-logc-age-commnad-keep
    
    branch

    
      January 27, 2022 18:03
    
    













  
  

    

      

  




    


    

      

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



      

    

  




  
          




      

  

    

    
  

    Reviewers
  


    


        

          

  
    @roronoasins
  
    roronoasins



          
            
              
            
          
          roronoasins left review comments

        

      

          

  
    @snaow
  
    snaow


                Awaiting requested review from snaow

      


      






    

  


      
  

    Assignees
  



        

      

        

  
    @mdengra
  
    mdengra
    

      








      


  


  

    Labels
  



    

    None yet







      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  



          


Successfully merging this pull request may close these issues.


  
    
            
        qa-docs: Migrate test_logcollector documentation to schema 2.0


  


    
  




        
      

    

  
      

  

    

      5 participants
    

    

        
          @mdengra 
        
          @fernandolojano 
        
          @roronoasins 
        
          @snaow 
        
          @mauromalara