@Test
public void evaluate_returns_result_for_valid_CEF_string() throws Exception {
final Map<String, Expression> arguments = ImmutableMap.of(
CEFParserFunction.VALUE, new StringExpression(new CommonToken(0), "CEF:0|vendor|product|1.0|id|name|low|dvc=example.com msg=Foobar"),
CEFParserFunction.USE_FULL_NAMES, new BooleanExpression(new CommonToken(0), false)
);
final FunctionArgs functionArgs = new FunctionArgs(function, arguments);
final Message message = new Message("__dummy", "__dummy", DateTime.parse("2010-07-30T16:03:25Z"));
final EvaluationContext evaluationContext = new EvaluationContext(message);
final CEFParserResult result = function.evaluate(functionArgs, evaluationContext);
assertNotNull(result);
assertEquals(0, result.get("cef_version"));
assertEquals("vendor", result.get("device_vendor"));
assertEquals("product", result.get("device_product"));
assertEquals("1.0", result.get("device_version"));
assertEquals("id", result.get("device_event_class_id"));
assertEquals("low", result.get("severity"));
assertEquals("example.com", result.get("dvc"));
assertEquals("Foobar", result.get("msg"));
}
CEFParserFunctionTest.java 文件源码
java
阅读 18
收藏 0
点赞 0
评论 0
项目:graylog-plugin-cef
作者:
评论列表
文章目录
