commit b7ff748b078f0eb5273337601120f1d43b360c01
Author: Yannik Schmidt <sheppy@atlantishq.de>
Date:   Sat Apr 13 17:54:56 2024 +0200

    feat: basic test in container

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..3cbffc2
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,23 @@
+FROM debian:latest
+
+# install base tools #
+RUN apt-get clean
+RUN apt-get update -y
+RUN apt-get install wget gpg -y
+
+# install logstash #
+RUN wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elastic-keyring.gpg
+RUN apt-get install apt-transport-https -y
+RUN echo "deb [signed-by=/usr/share/keyrings/elastic-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-8.x.list
+RUN apt-get update && apt-get install logstash -y
+
+# get logstash verifier #
+RUN mkdir /app/
+WORKDIR /app/
+RUN wget https://github.com/magnusbaeck/logstash-filter-verifier/releases/download/1.6.3/logstash-filter-verifier_1.6.3_linux_amd64.tar.gz
+RUN tar -xf logstash-filter-verifier_1.6.3_linux_amd64.tar.gz
+RUN mkdir testcases pipe
+COPY ./testcases/* /app/testcases/
+COPY ./pipe/* /app/pipe/
+CMD ["./logstash-filter-verifier", "testcases/", "pipe/base.yml"]
+#CMD ["ls", "-la", "."]
diff --git a/pipe/base.yml b/pipe/base.yml
new file mode 100644
index 0000000..19301c3
--- /dev/null
+++ b/pipe/base.yml
@@ -0,0 +1,16 @@
+filter {
+    if [type] == "syslog" {
+        grok {
+            match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
+            remove_field => ["message"]
+        }
+        date {
+            match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
+            target => "@timestamp"
+            remove_field => ["syslog_timestamp"]
+        }
+        mutate {
+            remove_field => ["host"]
+        }
+    }
+}
diff --git a/testcases/base.yml b/testcases/base.yml
new file mode 100644
index 0000000..2aa99b9
--- /dev/null
+++ b/testcases/base.yml
@@ -0,0 +1,24 @@
+fields:
+  type: "syslog"
+testcases:
+  - input:
+      - "Oct  6 20:55:29 myhost myprogram[31993]: This is a test message"
+    expected:
+      - "@timestamp": "2024-10-06T20:55:29.000Z"
+        syslog_hostname: "myhost"
+        syslog_message: "This is a test message"
+        syslog_pid: "31993"
+        syslog_program: "myprogram"
+        type: "syslog"
+        event:
+          original: "Oct  6 20:55:29 myhost myprogram[31993]: This is a test message"
+  - input:
+      - "Oct  6 20:55:29 myhost myprogram: This is a test message"
+    expected:
+      - "@timestamp": "2024-10-06T20:55:29.000Z"
+        syslog_hostname: "myhost"
+        syslog_message: "This is a test message"
+        syslog_program: "myprogram"
+        type: "syslog"
+        event:
+          original: "Oct  6 20:55:29 myhost myprogram: This is a test message"