sheppy/logstash-verify
1
0
Fork 0
mirror of https://github.com/FAUSheppy/logstash-verify synced 2025-12-06 07:31:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: basic test in container

Browse Source
This commit is contained in:
Johnathen Sheppard
2024-04-13 17:54:56 +02:00
commit b7ff748b07
3 changed files with 63 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
Dockerfile Normal file
View File

@@ -0,0 +1,23 @@
FROM debian:latest
# install base tools #
RUN apt-get clean
RUN apt-get update -y
RUN apt-get install wget gpg -y
# install logstash #
RUN wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elastic-keyring.gpg
RUN apt-get install apt-transport-https -y
RUN echo "deb [signed-by=/usr/share/keyrings/elastic-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-8.x.list
RUN apt-get update && apt-get install logstash -y
# get logstash verifier #
RUN mkdir /app/
WORKDIR /app/
RUN wget https://github.com/magnusbaeck/logstash-filter-verifier/releases/download/1.6.3/logstash-filter-verifier_1.6.3_linux_amd64.tar.gz
RUN tar -xf logstash-filter-verifier_1.6.3_linux_amd64.tar.gz
RUN mkdir testcases pipe
COPY ./testcases/* /app/testcases/
COPY ./pipe/* /app/pipe/
CMD ["./logstash-filter-verifier", "testcases/", "pipe/base.yml"]
#CMD ["ls", "-la", "."]

16
pipe/base.yml Normal file
View File

@@ -0,0 +1,16 @@
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
remove_field => ["message"]
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
target => "@timestamp"
remove_field => ["syslog_timestamp"]
}
mutate {
remove_field => ["host"]
}
}
}

24
testcases/base.yml Normal file
View File

@@ -0,0 +1,24 @@
fields:
type: "syslog"
testcases:
- input:
- "Oct 6 20:55:29 myhost myprogram[31993]: This is a test message"
expected:
- "@timestamp": "2024-10-06T20:55:29.000Z"
syslog_hostname: "myhost"
syslog_message: "This is a test message"
syslog_pid: "31993"
syslog_program: "myprogram"
type: "syslog"
event:
original: "Oct 6 20:55:29 myhost myprogram[31993]: This is a test message"
- input:
- "Oct 6 20:55:29 myhost myprogram: This is a test message"
expected:
- "@timestamp": "2024-10-06T20:55:29.000Z"
syslog_hostname: "myhost"
syslog_message: "This is a test message"
syslog_program: "myprogram"
type: "syslog"
event:
original: "Oct 6 20:55:29 myhost myprogram: This is a test message"