Documentation
¶
Index ¶
- func CheckLogParser(t *testing.T, p parsers.Interface, input string, expect ...string)
- func CheckPantherMultiline(t *testing.T, logs string, parser parsers.LogParser, ...)
- func CheckPantherParser(t *testing.T, log string, parser parsers.LogParser, expect *parsers.PantherLog, ...)
- func CheckParserResults(t *testing.T, want string, actual *pantherlog.Result, ...)
- func CheckParserSamplesJSONL(t *testing.T, filename string, parser parsers.LogParser)
- func CheckRegisteredParser(t *testing.T, logType, input string, expect ...string)
- func EqualPantherLog(t *testing.T, expectedEvent *parsers.PantherLog, events []*parsers.PantherLog, ...)
- func EqualTimestamp(t *testing.T, expect, actual time.Time, msgAndArgs ...interface{})
- func MustReadFileJSONLines(filename string) (lines []string)
- func MustReadFileString(filename string) string
- func NewRawMessage(jsonString string) *jsoniter.RawMessage
- func UnmarshalResultJSON(data []byte, r *pantherlog.Result, indicators pantherlog.FieldSet) error
- type MockParser
- type ParserConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckLogParser ¶ added in v1.7.0
CheckLogParser checks a log type parser
func CheckPantherMultiline ¶ added in v1.5.0
func CheckPantherParser ¶ added in v1.1.0
func CheckPantherParser(t *testing.T, log string, parser parsers.LogParser, expect *parsers.PantherLog, expectMore ...*parsers.PantherLog)
func CheckParserResults ¶ added in v1.7.0
func CheckParserResults(t *testing.T, want string, actual *pantherlog.Result, indicators ...pantherlog.FieldID)
Checks that `actual` is a parser result matching `expect` If expect.RowID is empty it checks if actual has non-empty RowID If expect.EventTime is zero it checks if actual.EventTime equals actual.ParseTime If expect.ParseTime is zero it checks if actual.ParseTime is non-zero Otherwise equality is checked strictly
func CheckParserSamplesJSONL ¶ added in v1.7.0
func CheckRegisteredParser ¶ added in v1.7.0
CheckRegisteredParser checks a registered log type parser
func EqualPantherLog ¶
func EqualPantherLog(t *testing.T, expectedEvent *parsers.PantherLog, events []*parsers.PantherLog, parseErr error)
For new parser tests use `CheckPantherParser` instead Used by log parsers to validate records
func EqualTimestamp ¶ added in v1.7.0
func MustReadFileJSONLines ¶ added in v1.2.1
func MustReadFileString ¶ added in v1.2.1
func NewRawMessage ¶ added in v1.6.0
func NewRawMessage(jsonString string) *jsoniter.RawMessage
func UnmarshalResultJSON ¶ added in v1.7.0
func UnmarshalResultJSON(data []byte, r *pantherlog.Result, indicators pantherlog.FieldSet) error
UnmarshalResultJSON unmarshals a result from JSON The parsing is inefficient. It's purpose is to be used in tests to verify output results.
Types ¶
type MockParser ¶ added in v1.5.1
func AlwaysFailParser ¶ added in v1.5.1
func AlwaysFailParser(err error) *MockParser
func (*MockParser) ParseLog ¶ added in v1.5.1
func (p *MockParser) ParseLog(log string) ([]*parsers.Result, error)
func (*MockParser) RequireLessOrEqualNumberOfCalls ¶ added in v1.5.1
func (p *MockParser) RequireLessOrEqualNumberOfCalls(t *testing.T, method string, number int)
type ParserConfig ¶ added in v1.5.1
type ParserConfig map[string]interface{}
func (ParserConfig) Parser ¶ added in v1.5.1
func (args ParserConfig) Parser() *MockParser
Source Files
Click to show internal directories.
Click to hide internal directories.