diff --git a/.github/workflows/ci-lite.yaml b/.github/workflows/ci-lite.yaml index 78847d6a06..01603ee344 100644 --- a/.github/workflows/ci-lite.yaml +++ b/.github/workflows/ci-lite.yaml @@ -136,7 +136,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push action id: docker_action_build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . provenance: false diff --git a/.github/workflows/ci-main.yaml b/.github/workflows/ci-main.yaml index 0fd3c8c661..1dc5fdd898 100644 --- a/.github/workflows/ci-main.yaml +++ b/.github/workflows/ci-main.yaml @@ -136,7 +136,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push action id: docker_action_build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . provenance: false diff --git a/ansible/resources/docker_sc4s.service b/ansible/resources/docker_sc4s.service index 3e960be40f..6b18a46cfd 100644 --- a/ansible/resources/docker_sc4s.service +++ b/ansible/resources/docker_sc4s.service @@ -30,6 +30,8 @@ ExecStartPre=/usr/bin/docker pull $SC4S_IMAGE # when startup fails on running bash check if the path is correct ExecStartPre=/usr/bin/bash -c "/usr/bin/systemctl set-environment SC4SHOST=$(hostname -s)" +# Note: Prevent the error 'The container name "/SC4S" is already in use by container . You have to remove (or rename) that container to be able to reuse that name.' +ExecStartPre=/usr/bin/bash -c "/usr/bin/docker rm SC4S > /dev/null 2>&1 || true" ExecStart=/usr/bin/docker run \ -e "SC4S_CONTAINER_HOST=${SC4SHOST}" \ -v "$SC4S_PERSIST_MOUNT" \ @@ -41,4 +43,4 @@ ExecStart=/usr/bin/docker run \ --name SC4S \ --rm $SC4S_IMAGE -Restart=on-abnormal \ No newline at end of file +Restart=on-failure \ No newline at end of file diff --git a/ansible/resources/podman_sc4s.service b/ansible/resources/podman_sc4s.service index ce5979c31d..989909eaac 100644 --- a/ansible/resources/podman_sc4s.service +++ b/ansible/resources/podman_sc4s.service @@ -29,6 +29,8 @@ ExecStartPre=/usr/bin/podman pull $SC4S_IMAGE # when startup fails on running bash check if the path is correct ExecStartPre=/usr/bin/bash -c "/usr/bin/systemctl set-environment SC4SHOST=$(hostname -s)" +# Note: Prevent the error 'The container name "/SC4S" is already in use by container . You have to remove (or rename) that container to be able to reuse that name.' +ExecStartPre=/usr/bin/bash -c "/usr/bin/podman rm SC4S > /dev/null 2>&1 || true" ExecStart=/usr/bin/podman run \ -e "SC4S_CONTAINER_HOST=${SC4SHOST}" \ -v "$SC4S_PERSIST_MOUNT" \ @@ -42,4 +44,4 @@ ExecStart=/usr/bin/podman run \ --name SC4S \ --rm $SC4S_IMAGE -Restart=on-abnormal +Restart=on-failure diff --git a/charts/splunk-connect-for-syslog/Chart.yaml b/charts/splunk-connect-for-syslog/Chart.yaml index 6f0098f870..9e4d71cfd6 100644 --- a/charts/splunk-connect-for-syslog/Chart.yaml +++ b/charts/splunk-connect-for-syslog/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: splunk-connect-for-syslog description: Deploy Splunk Connect for Syslog type: application -version: 3.29.0 -appVersion: "3.29.0" +version: 3.30.1 +appVersion: "3.30.1" diff --git a/docs/destinations.md b/docs/destinations.md index 015a6a5132..14463060e9 100644 --- a/docs/destinations.md +++ b/docs/destinations.md @@ -7,6 +7,8 @@ You can configure Splunk Connect for Syslog to use any destination available in * RFC5424 Syslog, * and Legacy BSD Syslog. +**Note:** Some external SIEM systems do not correctly parse host information. Instead of extracting the host from the message, they immediately rely on the header. SC4S, as a relay, places its own IP address in the UDP or TCP header, which is the correct behavior. In this situation, the SIEM may display the SC4S IP as the source IP, but this is not a fault of SC4S. + # HEC destination ## Configuration options @@ -34,8 +36,6 @@ Compression affects the content but does not affect the HTTP headers. Enable bat The use of "syslog" as a network protocol has been defined in Internet Engineering Task Force standards RFC5424, RFC5425, and RFC6587. -**Note**: SC4S sending messages to a syslog destination behaves like a relay. This means overwriting some original information, for example the original source IP. - ## Configuration options | Variable | Values | Description | diff --git a/docs/gettingstarted/podman-systemd-general.md b/docs/gettingstarted/podman-systemd-general.md index 821f934ba3..52c41c31c9 100644 --- a/docs/gettingstarted/podman-systemd-general.md +++ b/docs/gettingstarted/podman-systemd-general.md @@ -168,6 +168,9 @@ ExecStartPre=/usr/bin/podman pull $SC4S_IMAGE # Note: The path /usr/bin/bash may vary based on your operating system. # when startup fails on running bash check if the path is correct ExecStartPre=/usr/bin/bash -c "/usr/bin/systemctl --user set-environment SC4SHOST=$(hostname -s)" + +# Note: Prevent the error 'The container name "/SC4S" is already in use by container . You have to remove (or rename) that container to be able to reuse that name.' +ExecStartPre=/usr/bin/bash -c "/usr/bin/podman rm SC4S > /dev/null 2>&1 || true" ExecStart=/usr/bin/podman run -p 2514:514 -p 2514:514/udp -p 6514:6514 \ -e "SC4S_CONTAINER_HOST=${SC4SHOST}" \ -v "$SC4S_PERSIST_MOUNT" \ @@ -180,7 +183,7 @@ ExecStart=/usr/bin/podman run -p 2514:514 -p 2514:514/udp -p 6514:6514 \ --network host \ --name SC4S \ --rm $SC4S_IMAGE -Restart=on-abnormal +Restart=on-failure ``` 5. Create your `env_file` file at ```/home/sc4s/env_file``` diff --git a/docs/resources/docker/sc4s.service b/docs/resources/docker/sc4s.service index 3e960be40f..6b18a46cfd 100644 --- a/docs/resources/docker/sc4s.service +++ b/docs/resources/docker/sc4s.service @@ -30,6 +30,8 @@ ExecStartPre=/usr/bin/docker pull $SC4S_IMAGE # when startup fails on running bash check if the path is correct ExecStartPre=/usr/bin/bash -c "/usr/bin/systemctl set-environment SC4SHOST=$(hostname -s)" +# Note: Prevent the error 'The container name "/SC4S" is already in use by container . You have to remove (or rename) that container to be able to reuse that name.' +ExecStartPre=/usr/bin/bash -c "/usr/bin/docker rm SC4S > /dev/null 2>&1 || true" ExecStart=/usr/bin/docker run \ -e "SC4S_CONTAINER_HOST=${SC4SHOST}" \ -v "$SC4S_PERSIST_MOUNT" \ @@ -41,4 +43,4 @@ ExecStart=/usr/bin/docker run \ --name SC4S \ --rm $SC4S_IMAGE -Restart=on-abnormal \ No newline at end of file +Restart=on-failure \ No newline at end of file diff --git a/docs/resources/podman/sc4s.service b/docs/resources/podman/sc4s.service index a1f3dd9f43..989909eaac 100644 --- a/docs/resources/podman/sc4s.service +++ b/docs/resources/podman/sc4s.service @@ -29,6 +29,8 @@ ExecStartPre=/usr/bin/podman pull $SC4S_IMAGE # when startup fails on running bash check if the path is correct ExecStartPre=/usr/bin/bash -c "/usr/bin/systemctl set-environment SC4SHOST=$(hostname -s)" +# Note: Prevent the error 'The container name "/SC4S" is already in use by container . You have to remove (or rename) that container to be able to reuse that name.' +ExecStartPre=/usr/bin/bash -c "/usr/bin/podman rm SC4S > /dev/null 2>&1 || true" ExecStart=/usr/bin/podman run \ -e "SC4S_CONTAINER_HOST=${SC4SHOST}" \ -v "$SC4S_PERSIST_MOUNT" \ @@ -42,4 +44,4 @@ ExecStart=/usr/bin/podman run \ --name SC4S \ --rm $SC4S_IMAGE -Restart=on-abnormal \ No newline at end of file +Restart=on-failure diff --git a/docs/sources/vendor/Aruba/silverpeak.md b/docs/sources/vendor/Aruba/silverpeak.md new file mode 100644 index 0000000000..77373d8605 --- /dev/null +++ b/docs/sources/vendor/Aruba/silverpeak.md @@ -0,0 +1,44 @@ +# Silverpeak + +## Key facts + +* Requires vendor product by source configuration +* Legacy BSD Format default port 514 + +## Links + +| Ref | Link | +|----------------|---------------------------------------------------------------------------------------------------------| + +## Sourcetypes + +| sourcetype | notes | +|------------------|-------| +| aruba:silverpeak | | + + +### Index Configuration + +| key | index | notes | +|------------------------------------------|--------|----------------| +| aruba_silverpeak | netops | none | + + +## Parser Configuration + +```c +#/opt/sc4s/local/config/app-parsers/app-vps-aruba_silverpeak.conf +#File name provided is a suggestion it must be globally unique + +application app-vps-test-aruba_silverpeak[sc4s-vps] { + filter { + host("silverpeak-" type(string) flags(prefix)) + }; + parser { + p_set_netsource_fields( + vendor('aruba') + product('silverpeak') + ); + }; +}; +``` diff --git a/package/Dockerfile b/package/Dockerfile index fa3acfb8b6..eeaa2c70b8 100644 --- a/package/Dockerfile +++ b/package/Dockerfile @@ -16,7 +16,7 @@ #work. If not, see . -ARG SYSLOGNG_VERSION=4.8.0 +ARG SYSLOGNG_VERSION=4.8.1 FROM ghcr.io/axoflow/axosyslog:${SYSLOGNG_VERSION} diff --git a/package/Dockerfile.lite b/package/Dockerfile.lite index 49efdfd8df..f7d7e611e8 100644 --- a/package/Dockerfile.lite +++ b/package/Dockerfile.lite @@ -16,7 +16,7 @@ #work. If not, see . -ARG SYSLOGNG_VERSION=4.8.0 +ARG SYSLOGNG_VERSION=4.8.1 FROM ghcr.io/axoflow/axosyslog:${SYSLOGNG_VERSION} diff --git a/package/etc/VERSION b/package/etc/VERSION index c7c9773262..72bde0ab2a 100644 --- a/package/etc/VERSION +++ b/package/etc/VERSION @@ -1 +1 @@ -3.29.0 +3.30.1 diff --git a/package/etc/conf.d/conflib/netsource/app-netsource-aruba_silverpeak.conf b/package/etc/conf.d/conflib/netsource/app-netsource-aruba_silverpeak.conf new file mode 100644 index 0000000000..1a54d11b77 --- /dev/null +++ b/package/etc/conf.d/conflib/netsource/app-netsource-aruba_silverpeak.conf @@ -0,0 +1,32 @@ +block parser app-netsource-aruba_silverpeak() { + channel { + rewrite { + r_set_splunk_dest_default( + index('netops') + sourcetype('aruba:silverpeak') + vendor('aruba') + product('silverpeak') + ); + }; + }; +}; + + +application app-netsource-aruba_silverpeak[sc4s-network-source] { + filter { + not filter(f_is_source_identified) + and ( + ( + match("aruba", value('.netsource.sc4s_vendor'), type(string)) + and match("silverpeak", value('.netsource.sc4s_product'), type(string)) + ) + and (tags("ns_vendor:aruba") and tags("ns_product:silverpeak")) + or tags(".source.s_ARUBA_SILVERPEAK") + or "${.netsource.sc4s_vendor_product}" eq "aruba_silverpeak" + ) + ; + }; + parser { app-netsource-aruba_silverpeak(); }; +}; + + diff --git a/package/etc/test_parsers/app-vps-test-aruba_silverpeak.conf b/package/etc/test_parsers/app-vps-test-aruba_silverpeak.conf new file mode 100644 index 0000000000..d2357f09b7 --- /dev/null +++ b/package/etc/test_parsers/app-vps-test-aruba_silverpeak.conf @@ -0,0 +1,11 @@ +application app-vps-aruba_silverpeak[sc4s-vps] { + filter { + host("silverpeak-" type(string) flags(prefix)) + }; + parser { + p_set_netsource_fields( + vendor('aruba') + product('silverpeak') + ); + }; +}; \ No newline at end of file diff --git a/package/lite/etc/addons/aruba/app-netsource-aruba_silverpeak.conf b/package/lite/etc/addons/aruba/app-netsource-aruba_silverpeak.conf new file mode 100644 index 0000000000..31e825f6c8 --- /dev/null +++ b/package/lite/etc/addons/aruba/app-netsource-aruba_silverpeak.conf @@ -0,0 +1,30 @@ +block parser app-netsource-aruba_silverpeak() { + channel { + rewrite { + r_set_splunk_dest_default( + index('netops') + sourcetype('aruba:silverpeak') + vendor('aruba') + product('silverpeak') + ); + }; + }; +}; + + +application app-netsource-aruba_silverpeak[sc4s-network-source] { + filter { + not filter(f_is_source_identified) + and ( + ( + match("aruba", value('.netsource.sc4s_vendor'), type(string)) + and match("silverpeak", value('.netsource.sc4s_product'), type(string)) + ) + and (tags("ns_vendor:aruba") and tags("ns_product:silverpeak")) + or tags(".source.s_ARUBA_SILVERPEAK") + or "${.netsource.sc4s_vendor_product}" eq "aruba_silverpeak" + ) + ; + }; + parser { app-netsource-aruba_silverpeak(); }; +}; \ No newline at end of file diff --git a/poetry.lock b/poetry.lock index 3e4cbacaa1..09545a0723 100644 --- a/poetry.lock +++ b/poetry.lock @@ -296,18 +296,18 @@ typing = ["typing-extensions (>=4.8)"] [[package]] name = "flake8" -version = "7.0.0" +version = "7.1.0" description = "the modular source code checker: pep8 pyflakes and co" optional = false python-versions = ">=3.8.1" files = [ - {file = "flake8-7.0.0-py2.py3-none-any.whl", hash = "sha256:a6dfbb75e03252917f2473ea9653f7cd799c3064e54d4c8140044c5c065f53c3"}, - {file = "flake8-7.0.0.tar.gz", hash = "sha256:33f96621059e65eec474169085dc92bf26e7b2d47366b70be2f67ab80dc25132"}, + {file = "flake8-7.1.0-py2.py3-none-any.whl", hash = "sha256:2e416edcc62471a64cea09353f4e7bdba32aeb079b6e360554c659a122b1bc6a"}, + {file = "flake8-7.1.0.tar.gz", hash = "sha256:48a07b626b55236e0fb4784ee69a465fbf59d79eec1f5b4785c3d3bc57d17aa5"}, ] [package.dependencies] mccabe = ">=0.7.0,<0.8.0" -pycodestyle = ">=2.11.0,<2.12.0" +pycodestyle = ">=2.12.0,<2.13.0" pyflakes = ">=3.2.0,<3.3.0" [[package]] @@ -659,13 +659,13 @@ mkdocs = ">=1.0.4" [[package]] name = "mkdocs-material" -version = "9.5.2" +version = "9.5.27" description = "Documentation that simply works" optional = false python-versions = ">=3.8" files = [ - {file = "mkdocs_material-9.5.2-py3-none-any.whl", hash = "sha256:6ed0fbf4682491766f0ec1acc955db6901c2fd424c7ab343964ef51b819741f5"}, - {file = "mkdocs_material-9.5.2.tar.gz", hash = "sha256:ca8b9cd2b3be53e858e5a1a45ac9668bd78d95d77a30288bb5ebc1a31db6184c"}, + {file = "mkdocs_material-9.5.27-py3-none-any.whl", hash = "sha256:af8cc263fafa98bb79e9e15a8c966204abf15164987569bd1175fd66a7705182"}, + {file = "mkdocs_material-9.5.27.tar.gz", hash = "sha256:a7d4a35f6d4a62b0c43a0cfe7e987da0980c13587b5bc3c26e690ad494427ec0"}, ] [package.dependencies] @@ -673,7 +673,7 @@ babel = ">=2.10,<3.0" colorama = ">=0.4,<1.0" jinja2 = ">=3.0,<4.0" markdown = ">=3.2,<4.0" -mkdocs = ">=1.5.3,<2.0" +mkdocs = ">=1.6,<2.0" mkdocs-material-extensions = ">=1.3,<2.0" paginate = ">=0.5,<1.0" pygments = ">=2.16,<3.0" @@ -682,8 +682,8 @@ regex = ">=2022.4" requests = ">=2.26,<3.0" [package.extras] -git = ["mkdocs-git-committers-plugin-2 (>=1.1,<2.0)", "mkdocs-git-revision-date-localized-plugin (>=1.2,<2.0)"] -imaging = ["cairosvg (>=2.6,<3.0)", "pillow (>=9.4,<10.0)"] +git = ["mkdocs-git-committers-plugin-2 (>=1.1,<2.0)", "mkdocs-git-revision-date-localized-plugin (>=1.2.4,<2.0)"] +imaging = ["cairosvg (>=2.6,<3.0)", "pillow (>=10.2,<11.0)"] recommended = ["mkdocs-minify-plugin (>=0.7,<1.0)", "mkdocs-redirects (>=1.2,<2.0)", "mkdocs-rss-plugin (>=1.6,<2.0)"] [[package]] @@ -800,13 +800,13 @@ testing = ["pytest", "pytest-benchmark"] [[package]] name = "pre-commit" -version = "3.7.0" +version = "3.8.0" description = "A framework for managing and maintaining multi-language pre-commit hooks." optional = false python-versions = ">=3.9" files = [ - {file = "pre_commit-3.7.0-py2.py3-none-any.whl", hash = "sha256:5eae9e10c2b5ac51577c3452ec0a490455c45a0533f7960f993a0d01e59decab"}, - {file = "pre_commit-3.7.0.tar.gz", hash = "sha256:e209d61b8acdcf742404408531f0c37d49d2c734fd7cff2d6076083d191cb060"}, + {file = "pre_commit-3.8.0-py2.py3-none-any.whl", hash = "sha256:9a90a53bf82fdd8778d58085faf8d83df56e40dfe18f45b19446e26bf1b3a63f"}, + {file = "pre_commit-3.8.0.tar.gz", hash = "sha256:8bb6494d4a20423842e198980c9ecf9f96607a07ea29549e180eef9ae80fe7af"}, ] [package.dependencies] @@ -818,13 +818,13 @@ virtualenv = ">=20.10.0" [[package]] name = "pycodestyle" -version = "2.11.1" +version = "2.12.0" description = "Python style guide checker" optional = false python-versions = ">=3.8" files = [ - {file = "pycodestyle-2.11.1-py2.py3-none-any.whl", hash = "sha256:44fe31000b2d866f2e41841b18528a505fbd7fef9017b04eff4e2648a0fadc67"}, - {file = "pycodestyle-2.11.1.tar.gz", hash = "sha256:41ba0e7afc9752dfb53ced5489e89f8186be00e599e712660695b7a75ff2663f"}, + {file = "pycodestyle-2.12.0-py2.py3-none-any.whl", hash = "sha256:949a39f6b86c3e1515ba1787c2022131d165a8ad271b11370a8819aa070269e4"}, + {file = "pycodestyle-2.12.0.tar.gz", hash = "sha256:442f950141b4f43df752dd303511ffded3a04c2b6fb7f65980574f0c31e6e79c"}, ] [[package]] @@ -887,13 +887,13 @@ diagrams = ["jinja2", "railroad-diagrams"] [[package]] name = "pytest" -version = "8.2.0" +version = "8.3.2" description = "pytest: simple powerful testing with Python" optional = false python-versions = ">=3.8" files = [ - {file = "pytest-8.2.0-py3-none-any.whl", hash = "sha256:1733f0620f6cda4095bbf0d9ff8022486e91892245bb9e7d5542c018f612f233"}, - {file = "pytest-8.2.0.tar.gz", hash = "sha256:d507d4482197eac0ba2bae2e9babf0672eb333017bcedaa5fb1a3d42c1174b3f"}, + {file = "pytest-8.3.2-py3-none-any.whl", hash = "sha256:4ba08f9ae7dcf84ded419494d229b48d0903ea6407b030eaec46df5e6a73bba5"}, + {file = "pytest-8.3.2.tar.gz", hash = "sha256:c132345d12ce551242c87269de812483f5bcc87cdbb4722e48487ba194f9fdce"}, ] [package.dependencies] @@ -901,7 +901,7 @@ colorama = {version = "*", markers = "sys_platform == \"win32\""} exceptiongroup = {version = ">=1.0.0rc8", markers = "python_version < \"3.11\""} iniconfig = "*" packaging = "*" -pluggy = ">=1.5,<2.0" +pluggy = ">=1.5,<2" tomli = {version = ">=1", markers = "python_version < \"3.11\""} [package.extras] @@ -1129,13 +1129,13 @@ files = [ [[package]] name = "requests" -version = "2.32.2" +version = "2.32.3" description = "Python HTTP for Humans." optional = false python-versions = ">=3.8" files = [ - {file = "requests-2.32.2-py3-none-any.whl", hash = "sha256:fc06670dd0ed212426dfeb94fc1b983d917c4f9847c863f313c9dfaaffb7c23c"}, - {file = "requests-2.32.2.tar.gz", hash = "sha256:dd951ff5ecf3e3b3aa26b40703ba77495dab41da839ae72ef3c8e5d8e2433289"}, + {file = "requests-2.32.3-py3-none-any.whl", hash = "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"}, + {file = "requests-2.32.3.tar.gz", hash = "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760"}, ] [package.dependencies] @@ -1232,13 +1232,13 @@ files = [ [[package]] name = "typing-extensions" -version = "4.11.0" +version = "4.12.2" description = "Backported and Experimental Type Hints for Python 3.8+" optional = false python-versions = ">=3.8" files = [ - {file = "typing_extensions-4.11.0-py3-none-any.whl", hash = "sha256:c1f94d72897edaf4ce775bb7558d5b79d8126906a14ea5ed1635921406c0387a"}, - {file = "typing_extensions-4.11.0.tar.gz", hash = "sha256:83f085bd5ca59c80295fc2a82ab5dac679cbe02b9f33f7d83af68e241bea51b0"}, + {file = "typing_extensions-4.12.2-py3-none-any.whl", hash = "sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"}, + {file = "typing_extensions-4.12.2.tar.gz", hash = "sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8"}, ] [[package]] diff --git a/pyproject.toml b/pyproject.toml index 95469a5d96..80349edac8 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "splunk-connect-for-syslog" -version = "3.29.0" +version = "3.30.1" description = "" authors = ["rjha-splunk "] license = "Apache-2.0" diff --git a/tests/Dockerfile.nc b/tests/Dockerfile.nc index 919096ef84..02320c5733 100644 --- a/tests/Dockerfile.nc +++ b/tests/Dockerfile.nc @@ -1,4 +1,4 @@ -ARG SYSLOGNG_VERSION=4.8.0 +ARG SYSLOGNG_VERSION=4.8.1 FROM ghcr.io/axoflow/axosyslog:${SYSLOGNG_VERSION} -RUN apk add -U netcat-openbsd \ No newline at end of file +RUN apk add -U netcat-openbsd diff --git a/tests/test_aruba_silverpeak.py b/tests/test_aruba_silverpeak.py new file mode 100644 index 0000000000..a98af4bf1d --- /dev/null +++ b/tests/test_aruba_silverpeak.py @@ -0,0 +1,57 @@ +# Copyright 2019 Splunk, Inc. +# +# Use of this source code is governed by a BSD-2-clause-style +# license that can be found in the LICENSE-BSD2 file or at +# https://opensource.org/licenses/BSD-2-Clause + +from jinja2 import Environment, select_autoescape + +from .sendmessage import sendsingle +from .splunkutils import splunk_single +from .timeutils import time_operations +import datetime + +import pytest + +env = Environment(autoescape=select_autoescape(default_for_string=False)) + +testdata = [ + "{{ aruba_time }} {{ host }} tunneld[1234]: CPU 0 TID 0000000000000000: [tunneld.NOTICE]: [cfmst_add_tun] tid 000 type WAN_UDP src 1.2.3.4 dst 4.3.2.1 sport 10 dport 20 proto 0 fmstid 0000000", + "{{ aruba_time }} {{ host }} tunneld[2222]: CPU 0 TID 0000000000000000: [tunneld.NOTICE]: New license token system max bandwidth 1000000, current=1000000000", + "{{ aruba_time }} {{ host }} neighd[1111]: CPU 0 TID 0000000000000000: [neighd.NOTICE]: cn_neigh_store_add: 0.0.0.0 aa:aa:25:e0:aa:42 2 : ADDED", + "{{ aruba_time }} {{ host }} mgmtd[3333]: TID 0000000000000000: [mgmtd.ALERT]: ALARM RAISE: MAJ,EQU,3, equipment_gateway_connect,Next-hop unreachable,gw:0.0.0.0,2022/06/14 23:40:25,1,no,yes,no,yes. Next-Hop Reachability Test Failed", + "{{ aruba_time }} {{ host }} pm[4444]: TID 0000000000000000: [pm.ALERT]: : Software process ntpd has been restarted" +] + + +@pytest.mark.addons("aruba") +@pytest.mark.parametrize("event", testdata) +def test_aruba_silverpeak( + record_property, get_host_key, setup_splunk, setup_sc4s, event +): + host = "silverpeak-" + get_host_key + + dt = datetime.datetime.now() + _, _, _, _, _, _, epoch = time_operations(dt) + aruba_time = dt.strftime("%b %d %H:%M:%S %Y") + + # Tune time functions + epoch = epoch[:-7] + + mt = env.from_string(event + "\n") + message = mt.render(host=host, aruba_time=aruba_time) + + sendsingle(message, setup_sc4s[0], setup_sc4s[1][514]) + + st = env.from_string( + 'search _time={{ epoch }} index=netops host="{{ host }}" sourcetype="aruba:silverpeak"' + ) + search = st.render(epoch=epoch, host=host) + + result_count, _ = splunk_single(setup_splunk, search) + + record_property("host", host) + record_property("resultCount", result_count) + record_property("message", message) + + assert result_count == 1