Skip to content

Commit

Permalink
adds win_event_viewer
Browse files Browse the repository at this point in the history
  • Loading branch information
cmcmarrow committed Jul 3, 2019
1 parent 3445485 commit 36ef5bf
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 40 deletions.
28 changes: 17 additions & 11 deletions salt/modules/win_event_viewer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@
gives access to Windows event log
'''


# Import Python libs
import logging

# Import Salt Libs
import salt.utils.platform

Expand Down Expand Up @@ -41,6 +45,8 @@
"minute": 4,
"second": 5}


log = logging.getLogger(__name__)
__virtualname__ = 'win_event_viewer'


Expand Down Expand Up @@ -69,7 +75,7 @@ def _change_str_to_bytes(data, encoding='utf-8', encode_keys=False):
new_dict = {}
# recursively check every item in dict
for key in data:
item = _change_str_to_bytes(data.get(key), encoding)
item = _change_str_to_bytes(data[key], encoding)
if encode_keys:
# keys that are strings most be made into bytes
key = _change_str_to_bytes(key, encoding)
Expand Down Expand Up @@ -117,11 +123,11 @@ def make_event_dict(event):
event_dict[event_part] = getattr(event, event_part[0].upper() + event_part[1:], None)

# format items
event_dict['eventID'] = winerror.HRESULT_CODE(event_dict.get('eventID'))
if event_dict.get('sid') is not None:
event_dict['sid'] = event_dict.get('sid').GetSidIdentifierAuthority()
event_dict['timeGenerated'] = _get_raw_time(event_dict.get('timeGenerated'))
event_dict['timeWritten'] = _get_raw_time(event_dict.get('timeWritten'))
event_dict['eventID'] = winerror.HRESULT_CODE(event_dict['eventID'])
if event_dict['sid'] is not None:
event_dict['sid'] = event_dict['sid'].GetSidIdentifierAuthority()
event_dict['timeGenerated'] = _get_raw_time(event_dict['timeGenerated'])
event_dict['timeWritten'] = _get_raw_time(event_dict['timeWritten'])

return _change_str_to_bytes(event_dict)

Expand Down Expand Up @@ -207,10 +213,10 @@ def get_event_sorted_by_info_generator(log_name, target_computer=None):
for event in get_event_generator(log_name, target_computer):
event_info = {}
for part in event:
event_info[part] = event.get(part)
event_info[part] = event[part]

for key in TIME_PARTS:
event_info[key] = event.get('timeGenerated')[TIME_PARTS.get(key)]
event_info[key] = event['timeGenerated'][TIME_PARTS[key]]

yield event, event_info

Expand All @@ -226,7 +232,7 @@ def get_events_sorted_by_info(log_name, target_computer=None):
event_info = {event_part: {} for event_part in EVENT_PARTS + tuple(TIME_PARTS.keys())}
for event, info in get_event_sorted_by_info_generator(log_name, target_computer):
for part in info:
event_info.get(part).setdefault(info.get(part), []).append(event)
event_info[part].setdefault(info[part], []).append(event)

return event_info

Expand All @@ -245,13 +251,13 @@ def get_event_filter_generator(log_name, target_computer=None, all_requirements=
if all_requirements:
# all keys need to match each other
for key in kwargs:
if kwargs.get(key) != info.get(key):
if kwargs[key] != info[key]:
break
else:
yield event
else:
# just a single key par needs to match
if any([kwargs.get(key) == info.get(key) for key in kwargs]):
if any([kwargs[key] == info[key] for key in kwargs]):
yield event


Expand Down
58 changes: 29 additions & 29 deletions tests/unit/modules/test_win_event_viewer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,8 +149,8 @@ def test__str_to_bytes(self):

self.assertTrue('key1' in new_data)

self.assertEqual(new_data.get('key1'), 'item1'.encode('utf-8'))
self.assertEqual(new_data.get('key2')[2], 'item2'.encode('utf-8'))
self.assertEqual(new_data['key1'], 'item1'.encode('utf-8'))
self.assertEqual(new_data['key2'][2], 'item2'.encode('utf-8'))

def test_2__str_to_bytes(self):
data = {'key1': 'item1',
Expand All @@ -164,8 +164,8 @@ def test_2__str_to_bytes(self):
self.assertTrue('key2'.encode('CP1252') in new_data)
self.assertTrue('key3'.encode('CP1252') in new_data)

self.assertEqual(new_data.get('key1'.encode('CP1252')), 'item1'.encode('CP1252'))
self.assertEqual(new_data.get('key2'.encode('CP1252'))[2], 'item2'.encode('CP1252'))
self.assertEqual(new_data['key1'.encode('CP1252')], 'item1'.encode('CP1252'))
self.assertEqual(new_data['key2'.encode('CP1252')][2], 'item2'.encode('CP1252'))

def test__get_raw_time(self):
mock_time = MockTime(2019, 7, 2, 10, 8, 19)
Expand Down Expand Up @@ -301,11 +301,11 @@ def test_get_event_sorted_by_info_generator(self):
self.assertEqual(ReadEventLog.call_count, len(handler))
self.assertEqual(GetNumberOfEventLogRecords.call_count, len(handler) + 1)

self.assertEqual(ret[1][1].get('eventCategory'), 404)
self.assertEqual(ret[2][1].get('stringInserts'), (b'fail...', b'error...'))
self.assertEqual(ret[4][1].get('eventID'), 5)
self.assertEqual(ret[5][1].get('computerName'), b'sky')
self.assertEqual(ret[5][1].get('timeGenerated'), (1997, 8, 29, 2, 14, 0))
self.assertEqual(ret[1][1]['eventCategory'], 404)
self.assertEqual(ret[2][1]['stringInserts'], (b'fail...', b'error...'))
self.assertEqual(ret[4][1]['eventID'], 5),
self.assertEqual(ret[5][1]['computerName'], b'sky')
self.assertEqual(ret[5][1]['timeGenerated'], (1997, 8, 29, 2, 14, 0))

def test_get_events_sorted_by_info(self):
handler = MockHandler(EVENTS)
Expand All @@ -326,22 +326,22 @@ def test_get_events_sorted_by_info(self):
self.assertEqual(ReadEventLog.call_count, len(handler))
self.assertEqual(GetNumberOfEventLogRecords.call_count, len(handler) + 1)

self.assertEqual(ret.get('eventID').get(5), [{'closingRecordNumber': 0,
'computerName': b'PC',
'data': b'',
'eventCategory': 300,
'eventID': 5,
'eventType': 4,
'recordNumber': 0,
'reserved': 4,
'reservedFlags': 0,
'sid': None,
'sourceName': 0,
'stringInserts': (b'cat', b'm'),
'timeGenerated': (2000, 1, 1, 1, 1, 1),
'timeWritten': (2000, 1, 1, 1, 1, 1)}])

self.assertEqual(ret.get('computerName').get(b'sky'),
self.assertEqual(ret['eventID'][5], [{'closingRecordNumber': 0,
'computerName': b'PC',
'data': b'',
'eventCategory': 300,
'eventID': 5,
'eventType': 4,
'recordNumber': 0,
'reserved': 4,
'reservedFlags': 0,
'sid': None,
'sourceName': 0,
'stringInserts': (b'cat', b'm'),
'timeGenerated': (2000, 1, 1, 1, 1, 1),
'timeWritten': (2000, 1, 1, 1, 1, 1)}])

self.assertEqual(ret['computerName'][b'sky'],
[{'closingRecordNumber': 0,
'computerName': b'sky',
'data': b'',
Expand Down Expand Up @@ -534,7 +534,7 @@ def test_get_event_sorted_by_info_generator(self):
target_computer=None)):
event, event_info = ret[0], ret[1]
for event_part in win_event_viewer.EVENT_PARTS:
self.assertEqual(event.get(event_part), event_info.get(event_part))
self.assertEqual(event[event_part], event_info[event_part])

for event_part in win_event_viewer.TIME_PARTS:
self.assertTrue(event_part in event_info)
Expand All @@ -549,8 +549,8 @@ def test_get_event_filter_generator(self):
hour=3,
eventID=37)):

self.assertEqual(event.get('timeGenerated')[3], 3)
self.assertEqual(event.get('eventID'), 37)
self.assertEqual(event['timeGenerated'][3], 3)
self.assertEqual(event['eventID'], 37)

if number == MAX_EVENT_LOOK_UP:
break
Expand All @@ -562,7 +562,7 @@ def test_all_get_event_filter_generator(self):
hour=3,
eventID=37)):

self.assertTrue(event.get('timeGenerated')[3] == 3 or event.get('eventID') == 37)
self.assertTrue(event['timeGenerated'][3] == 3 or event['eventID'] == 37)

if number == MAX_EVENT_LOOK_UP:
break
Expand Down

0 comments on commit 36ef5bf

Please sign in to comment.