xml/filterx-parse-windows-eventlog-xml: add E2E test

Signed-off-by: Attila Szakacs <[email protected]>
axoflow · Sep 16, 2024 · ac65625 · ac65625
1 parent 62785df
commit ac65625
Showing 1 changed file with 84 additions and 0 deletions.
diff --git a/tests/light/functional_tests/filterx/test_filterx.py b/tests/light/functional_tests/filterx/test_filterx.py
@@ -2117,3 +2117,87 @@ def test_parse_xml(config, syslog_ng):
     assert file_true.get_stats()["processed"] == 1
     assert "processed" not in file_false.get_stats()
     assert file_true.read_log() == "{\"a\":{\"b\":[{\"@attr\":\"attr_val\",\"#text\":\"c\"},\"e\"]}}\n"
+
+
+def test_parse_windows_eventlog_xml(config, syslog_ng):
+    (file_true, file_false) = create_config(
+        config, r"""
+    xml = "
+        <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
+            <System>
+                <Provider Name='EventCreate'/>
+                <EventID Qualifiers='0'>999</EventID>
+                <Version>0</Version>
+                <Level>2</Level>
+                <Task>0</Task>
+                <Opcode>0</Opcode>
+                <Keywords>0x80000000000000</Keywords>
+                <TimeCreated SystemTime='2024-01-12T09:30:12.1566754Z'/>
+                <EventRecordID>934</EventRecordID>
+                <Correlation/>
+                <Execution ProcessID='0' ThreadID='0'/>
+                <Channel>Application</Channel>
+                <Computer>DESKTOP-2MBFIV7</Computer>
+                <Security UserID='S-1-5-21-3714454296-2738353472-899133108-1001'/>
+            </System>
+            <RenderingInfo Culture='en-US'>
+                <Message>foobar</Message>
+                <Level>Error</Level>
+                <Task></Task>
+                <Opcode>Info</Opcode>
+                <Channel></Channel>
+                <Provider></Provider>
+                <Keywords>
+                    <Keyword>Classic</Keyword>
+                </Keywords>
+            </RenderingInfo>
+            <EventData>
+                <Data Name='param1'>foo</Data>
+                <Data Name='param2'>bar</Data>
+            </EventData>
+        </Event>
+    ";
+    $MSG = json(parse_windows_eventlog_xml(xml));
+    """,
+    )
+    syslog_ng.start(config)
+
+    assert file_true.get_stats()["processed"] == 1
+    assert "processed" not in file_false.get_stats()
+    assert json.loads(file_true.read_log()) == {
+        "Event": {
+            "@xmlns": "http://schemas.microsoft.com/win/2004/08/events/event",
+            "System": {
+                "Provider": {"@Name": "EventCreate"},
+                "EventID": {"@Qualifiers": "0", "#text": "999"},
+                "Version": "0",
+                "Level": "2",
+                "Task": "0",
+                "Opcode": "0",
+                "Keywords": "0x80000000000000",
+                "TimeCreated": {"@SystemTime": "2024-01-12T09:30:12.1566754Z"},
+                "EventRecordID": "934",
+                "Correlation": "",
+                "Execution": {"@ProcessID": "0", "@ThreadID": "0"},
+                "Channel": "Application",
+                "Computer": "DESKTOP-2MBFIV7",
+                "Security": {"@UserID": "S-1-5-21-3714454296-2738353472-899133108-1001"},
+            },
+            "RenderingInfo": {
+                "@Culture": "en-US",
+                "Message": "foobar",
+                "Level": "Error",
+                "Task": "",
+                "Opcode": "Info",
+                "Channel": "",
+                "Provider": "",
+                "Keywords": {"Keyword": "Classic"},
+            },
+            "EventData": {
+                "Data": {
+                    "param1": "foo",
+                    "param2": "bar",
+                },
+            },
+        },
+    }