blob: 916e516a564e9b6842666e6535905298073e8aed (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
#!/bin/sh
# PCP QA Test No. 378
#
# pmie with multiple -a arguments
# - problem reported by Jason Rappleye @ NASA
#
# Copyright (c) 2010 Ken McDonell. All Rights Reserved.
#
seq=`basename $0`
echo "QA output created by $seq"
# get standard environment, filters and checks
. ./common.product
. ./common.filter
. ./common.check
_filter()
{
sed -e '/ Info: evaluator exiting/d'
}
status=0 # success is the default!
$sudo rm -rf $tmp.* $seq.full
trap "rm -f $tmp.*; exit \$status" 0 1 2 3 15
echo "just one archive (kenj-pc-1) ..."
cat <<End-of-File \
| pmie -z -A 1min -t 60 -a src/kenj-pc-1 2>&1 \
| _filter
kernel.all.load #'1 minute' > 1.5 -> print "%h: %v";
End-of-File
echo
echo "expect error as same host ..."
cat <<End-of-File \
| pmie -z -A 1min -t 60 -a src/kenj-pc-1 -a src/kenj-pc-2 2>&1 \
| _filter
kernel.all.load #'1 minute' > 1.5 -> print "%h: %v";
End-of-File
echo
echo "other archive (naslog) ..."
cat <<End-of-File \
| pmie -z -A 1min -t 60 -a src/naslog 2>&1 \
| _filter
kernel.all.load #'1 minute' > 1.5 -> print "%h: %v";
End-of-File
echo
echo "and now together kenj-pc-1 first ..."
cat <<End-of-File \
| pmie -z -A 1min -t 60 -a src/kenj-pc-1 -a src/naslog 2>&1 \
| _filter
kernel.all.load #'1 minute' > 1.5 -> print "%h: %v";
End-of-File
echo
echo "and now together naslog first ..."
cat <<End-of-File \
| pmie -z -A 1min -t 60 -a src/naslog -a src/kenj-pc-1 2>&1 \
| _filter
kernel.all.load #'1 minute' > 1.5 -> print "%h: %v";
End-of-File
echo
echo "two rules, host-specific (naslog first) ..."
cat <<End-of-File \
| pmie -z -A 1min -t 60 -a src/naslog -a src/kenj-pc-1 2>&1 \
| _filter
kernel.all.load :'kenj-pc' #'1 minute' > 1.5 -> print "%h: %v";
kernel.all.load :snort #'1 minute' > 1.5 -> print "%h: %v";
End-of-File
echo
echo "and now with some_host ... only one value ever available, so >"
echo "condition is always false and some_host never gets a chance"
echo "... expect no output"
cat <<End-of-File \
| pmie -z -A 1min -t 60 -a src/naslog -a src/kenj-pc-1 2>&1 \
| _filter
some_host ( kernel.all.load :'kenj-pc' :snort #'1 minute' ) > 1.5 -> print "%h: %v";
End-of-File
echo
echo "... and it does not matter which order the archives are given"
cat <<End-of-File \
| pmie -z -A 1min -t 60 -a src/kenj-pc-1 -a src/naslog 2>&1 \
| _filter
some_host ( kernel.all.load :'kenj-pc' :snort #'1 minute' ) > 1.5 -> print "%h: %v";
End-of-File
# success, all done
exit
|