search

logstash-plugins / logstash-input-syslog

Apache License 2.0
37 stars 38 forks source link

[Test Failure] Syslog priority tests are failing on Logstash 8.x #70

Closed robbavey closed 1 year ago

robbavey commented 2 years ago

Tests are currently failing on Logstash 8.x

logstash_1_628dc1d277cc | Failures:
logstash_1_628dc1d277cc | 
logstash_1_628dc1d277cc |   1) LogStash::Inputs::Syslog should properly handle a custom grok_pattern
logstash_1_628dc1d277cc |      Failure/Error: expect( event.get("priority") ).to eql 164
logstash_1_628dc1d277cc |      
logstash_1_628dc1d277cc |        expected: 164
logstash_1_628dc1d277cc |             got: "164"
logstash_1_628dc1d277cc |      
logstash_1_628dc1d277cc |        (compared using eql?)
logstash_1_628dc1d277cc |      # ./spec/inputs/syslog_spec.rb:341:in `block in <main>'
logstash_1_628dc1d277cc |      # ./spec/inputs/syslog_spec.rb:340:in `block in <main>'
logstash_1_628dc1d277cc | 
logstash_1_628dc1d277cc |   2) LogStash::Inputs::Syslog should properly PROXY protocol v1
logstash_1_628dc1d277cc |      Failure/Error: expect( event.get("priority") ).to eql 164
logstash_1_628dc1d277cc |      
logstash_1_628dc1d277cc |        expected: 164
logstash_1_628dc1d277cc |             got: nil
logstash_1_628dc1d277cc |      
logstash_1_628dc1d277cc |        (compared using eql?)
logstash_1_628dc1d277cc |      # ./spec/inputs/syslog_spec.rb:95:in `block in <main>'
logstash_1_628dc1d277cc |      # ./spec/inputs/syslog_spec.rb:94:in `block in <main>'
logstash_1_628dc1d277cc | 
logstash_1_628dc1d277cc |   3) LogStash::Inputs::Syslog should add unique tag when grok parsing fails
logstash_1_628dc1d277cc |      Failure/Error: expect( syslog_event.get("priority") ).to eql 164
logstash_1_628dc1d277cc |      
logstash_1_628dc1d277cc |        expected: 164
logstash_1_628dc1d277cc |             got: nil
logstash_1_628dc1d277cc |      
logstash_1_628dc1d277cc |        (compared using eql?)
logstash_1_628dc1d277cc |      # ./spec/inputs/syslog_spec.rb:300:in `block in <main>'
logstash_1_628dc1d277cc | 
logstash_1_628dc1d277cc |   4) LogStash::Inputs::Syslog should properly handle the cef codec with a custom grok_pattern
logstash_1_628dc1d277cc |      Failure/Error: expect( event.get("priority") ).to eql 134
logstash_1_628dc1d277cc |      
logstash_1_628dc1d277cc |        expected: 134
logstash_1_628dc1d277cc |             got: nil
logstash_1_628dc1d277cc |      
logstash_1_628dc1d277cc |        (compared using eql?)
logstash_1_628dc1d277cc |      # ./spec/inputs/syslog_spec.rb:380:in `block in <main>'
logstash_1_628dc1d277cc |      # ./spec/inputs/syslog_spec.rb:379:in `block in <main>'
logstash_1_628dc1d277cc | 
logstash_1_628dc1d277cc |   5) LogStash::Inputs::Syslog should properly handle priority, severity and facilities
logstash_1_628dc1d277cc |      Failure/Error: expect( event.get("priority") ).to eql 164
logstash_1_628dc1d277cc |      
logstash_1_628dc1d277cc |        expected: 164
logstash_1_628dc1d277cc |             got: nil
logstash_1_628dc1d277cc |      
logstash_1_628dc1d277cc |        (compared using eql?)
logstash_1_628dc1d277cc |      # ./spec/inputs/syslog_spec.rb:61:in `block in <main>'
logstash_1_628dc1d277cc |      # ./spec/inputs/syslog_spec.rb:60:in `block in <main>'
logstash_1_628dc1d277cc | 
logstash_1_628dc1d277cc | Finished in 31.48 seconds (files took 9.19 seconds to load)
logstash_1_628dc1d277cc | 21 examples, 5 failures
logstash_1_628dc1d277cc | 
logstash_1_628dc1d277cc | Failed examples:
logstash_1_628dc1d277cc | 
logstash_1_628dc1d277cc | rspec ./spec/inputs/syslog_spec.rb:311 # LogStash::Inputs::Syslog should properly handle a custom grok_pattern
logstash_1_628dc1d277cc | rspec ./spec/inputs/syslog_spec.rb:67 # LogStash::Inputs::Syslog should properly PROXY protocol v1
logstash_1_628dc1d277cc | rspec ./spec/inputs/syslog_spec.rb:289 # LogStash::Inputs::Syslog should add unique tag when grok parsing fails
logstash_1_628dc1d277cc | rspec ./spec/inputs/syslog_spec.rb:349 # LogStash::Inputs::Syslog should properly handle the cef codec with a custom grok_pattern
logstash_1_628dc1d277cc | rspec ./spec/inputs/syslog_spec.rb:36 # LogStash::Inputs::Syslog should properly handle priority, severity and facilities
logstash_1_628dc1d277cc | 
logstash_1_628dc1d277cc | Randomized with seed 34258
logstash_1_628dc1d277cc |

This appears to be a failure to account for ECS by default in Logstash 8.x

andsel commented 1 year ago

Verified in test PR #73, mainly due to the fact that on LS 8.x ECS is enabled while the test is not ECS-aware and retrieve the priority field instead of the ECS name [log][syslog][priority].

https://app.travis-ci.com/github/logstash-plugins/logstash-input-syslog/jobs/603718890#L569