Fix #93, add test that checks for matched values

chernjie · jsvd · commit 6116ef4cbbb9 · 2016-09-23T04:05:07.000-04:00
Fixes #102
diff --git a/spec/patterns/httpd_spec.rb b/spec/patterns/httpd_spec.rb
@@ -2,19 +2,28 @@
 require "spec_helper"
 require "logstash/patterns/core"
 
-describe "HTTPD_COMMONLOG" do
+describe "HTTPD_COMBINEDLOG" do
 
-  context "COMMONAPACHELOG", "Typical test case" do
+  context "HTTPD_COMBINEDLOG", "Typical test case" do
 
-    let(:value) { '83.149.9.216 - - [24/Feb/2015:23:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36'}
+    let(:value) { '83.149.9.216 - - [24/Feb/2015:23:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"'}
 
     it "generates the clientip field" do
-      expect(grok_match(subject, value)).to include("clientip" => "83.149.9.216")
+      expect(grok_match(subject, value)).to include(
+        'clientip' => '83.149.9.216',
+        'verb' => 'GET',
+        'request' => '/presentations/logstash-monitorama-2013/images/kibana-search.png',
+        'httpversion' => '1.1',
+        'response' => '200',
+        'bytes' => '203023',
+        'referrer' => '"http://semicomplete.com/presentations/logstash-monitorama-2013/"',
+        'agent' => '"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"'
+      )
     end
 
   end
 
-  context "COMMONAPACHELOG", "Email address in auth field" do
+  context "HTTPD_COMBINEDLOG", "Email address in auth field" do
 
     let(:value) { '10.0.0.1 - username@example.com [07/Apr/2016:18:42:24 +0000] "GET /bar/foo/users/1/username%40example.com/authenticate?token=blargh&client_id=15 HTTP/1.1" 400 75 "" "Mozilla/5.0 (iPad; CPU OS 9_3_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13E238 Safari/601.1"'}
 
@@ -28,21 +37,91 @@
 
 describe "HTTPD_ERRORLOG" do
 
-  it "matches a full httpd 2.4 message" do
-    expect(subject).to match("[Mon Aug 31 09:30:48.958285 2015] [proxy_fcgi:error] [pid 28787:tid 140169587934976] (70008)Partial results are valid but processing is incomplete: [client 58.13.45.166:59307] AH01075: Error dispatching request to : (reading input brigade), referer: http://example.com/index.php?id_product=11&controller=product")
+  context "HTTPD_ERRORLOG", "matches a full httpd 2.4 message" do
+    let(:value) {
+      "[Mon Aug 31 09:30:48.958285 2015] [proxy_fcgi:error] [pid 28787:tid 140169587934976] (70008)Partial results are valid but processing is incomplete: [client 58.13.45.166:59307] AH01075: Error dispatching request to : (reading input brigade), referer: http://example.com/index.php?id_product=11&controller=product"
+    }
+    it "generates the fields" do
+
+      expect(grok_match(subject, value)).to include(
+        'timestamp' => 'Mon Aug 31 09:30:48.958285 2015',
+        'module' => 'proxy_fcgi',
+        'loglevel' => 'error',
+        'pid' => '28787',
+        'tid' => '140169587934976',
+        'proxy_errorcode' => '70008',
+        'proxy_message' => 'Partial results are valid but processing is incomplete',
+        'clientip' => '58.13.45.166',
+        'clientport' => '59307',
+        'errorcode' => 'AH01075',
+        'message' => [ value, 'Error dispatching request to : (reading input brigade), referer: http://example.com/index.php?id_product=11&controller=product' ],
+      )
+    end
   end
 
-  it "matches a httpd 2.2 log message" do
-    expect(subject).to match("[Mon Aug 31 16:27:04 2015] [error] [client 10.17.42.3] Premature end of script headers: example.com")
+  context "HTTPD_ERRORLOG", "matches a httpd 2.2 log message" do
+    let(:value) {
+      "[Mon Aug 31 16:27:04 2015] [error] [client 10.17.42.3] Premature end of script headers: example.com"
+    }
+    it "generates the fields" do
+      expect(grok_match(subject, value)).to include(
+        'timestamp' => 'Mon Aug 31 16:27:04 2015',
+        'loglevel' => 'error',
+        'clientip' => '10.17.42.3',
+        'message' => [ value, 'Premature end of script headers: example.com' ]
+      )
+    end
   end
 
-  it "matches a short httpd 2.4 message" do
-    expect(subject).to match("[Mon Aug 31 07:15:38.664897 2015] [proxy_fcgi:error] [pid 28786:tid 140169629898496] [client 81.139.1.34:52042] AH01071: Got error 'Primary script unknown\n'")
+  context "HTTPD_ERRORLOG", "matches a short httpd 2.4 message" do
+    let(:value) {
+      "[Mon Aug 31 07:15:38.664897 2015] [proxy_fcgi:error] [pid 28786:tid 140169629898496] [client 81.139.1.34:52042] AH01071: Got error 'Primary script unknown\n'"
+    }
+    it "generates the fields" do
+      expect(grok_match(subject, value)).to include(
+        'timestamp' => 'Mon Aug 31 07:15:38.664897 2015',
+        'module' => 'proxy_fcgi',
+        'loglevel' => 'error',
+        'pid' => '28786',
+        'tid' => '140169629898496',
+        'clientip' => '81.139.1.34',
+        'clientport' => '52042',
+        'errorcode' => 'AH01071',
+        'message' => [ value, "Got error 'Primary script unknown\n'" ]
+      )
+    end
   end
 
-  it "matches an httpd 2.4 restart" do
-    expect(subject).to match("[Mon Aug 31 06:29:47.406518 2015] [mpm_event:notice] [pid 24968:tid 140169861986176] AH00489: Apache/2.4.16 (Ubuntu) configured -- resuming normal operations")
-    expect(subject).to match("[Mon Aug 31 06:29:47.406530 2015] [core:notice] [pid 24968:tid 140169861986176] AH00094: Command line: '/usr/sbin/apache2'")
+  context "HTTPD_ERRORLOG", "matches an httpd 2.4 restart" do
+    let(:value1) {
+      "[Mon Aug 31 06:29:47.406518 2015] [mpm_event:notice] [pid 24968:tid 140169861986176] AH00489: Apache/2.4.16 (Ubuntu) configured -- resuming normal operations"
+    }
+    it "generates the fields" do
+      expect(grok_match(subject, value1)).to include(
+        'timestamp' => 'Mon Aug 31 06:29:47.406518 2015',
+        'module' => 'mpm_event',
+        'loglevel' => 'notice',
+        'pid' => '24968',
+        'tid' => '140169861986176',
+        'errorcode' => 'AH00489',
+        'message' => [ value1, 'Apache/2.4.16 (Ubuntu) configured -- resuming normal operations' ]
+      )
+    end
+
+    let(:value2) {
+      "[Mon Aug 31 06:29:47.406530 2015] [core:notice] [pid 24968:tid 140169861986176] AH00094: Command line: '/usr/sbin/apache2'"
+    }
+    it "generates the fields" do
+      expect(grok_match(subject, value2)).to include(
+        'timestamp' => 'Mon Aug 31 06:29:47.406530 2015',
+        'module' => 'core',
+        'loglevel' => 'notice',
+        'pid' => '24968',
+        'tid' => '140169861986176',
+        'errorcode' => 'AH00094',
+        'message' => [ value2, 'Command line: \'/usr/sbin/apache2\'' ]
+      )
+    end
   end
 
 end
