Add generic module to manage the monitoring of files

[jmv74211]

It is requested to create a module that allows us to monitor files for analysis.

[jmv74211]

Update 2023-02-23

• Designed and implemented FileRegexMonitor
• Designed tests structure and documentation
• Added new only_new_events tests
• Added new accumulation tests
• Make some improvements for thread tests

[jmv74211]

Design

The FileRegexMonitor tool is designed to monitor files to see if new lines are added to trigger a specific callback. This is useful to see if expected logs are generated on specific files.

This tool will consist of the following parameters:

• only_new_events: It will allow defining whether the monitoring is performed from the last line of the file or from the beginning.
• callback: It will be a function that will be activated when the event matches the desired pattern.
• accumulations: It will define how many occurrences of the expected pattern it will be necessary to find.
• timeout: It will allow defining the maximum search time. In case of exceeding it, an exception will be generated.

The operation will be straightforward since we will only have to create the object of the class to start the monitoring directly. For example:

FileRegexMonitor(monitored_file, callback, timeout ...)

From here the monitoring will start. If the callback is not triggered with the expected result, an exception will be generated:

wazuh_qa_framework.generic_modules.exceptions.exceptions.TimeoutError: Events from file.log did not match with the callback

[Rebits]

Software Requirements Specification

After a meeting with @jmv74211, it has been proposed to determine the list of requirements to accept the development. It is suggested the following SRS

1. Introduction

The FileRegexMonitor is designed to monitor the content of a file and provide functionalities to identify specific patterns and sequences of messages within the file. The library should be able to indicate if a specific line matches a given regular expression (regex).

2. Functional Requirements

2.1. File Monitoring: The class should be able to monitor the content of a specified file.

2.2. Regex Matching The class should be able to identify if a line that hes a given regex pattern os generated in the file in the specified time.

2.3. Sequence Detection The class should be able to check if a list of events was produced in a specified order.

2.4 Only new events monitoring: The class should be able to enable only new events mode, to avoid monitoring previous lines in the file

2.5. Group Extraction The class should be able to extract the groups that match the regex pattern within the file. The class should return a list of groups that match the regex pattern.

3. Non-Functional Requirements

3.1 Performance The library should be designed to handle large files and provide quick and efficient processing of regex pattern matching and sequence detection.

3.2 Reliability The library should be reliable and provide accurate results for regex pattern matching, sequence detection, and group extraction. Also, it should be error resistant, handling the case of unexpected inputs on the file.

3.3 Usability The library should be easy to use and provide clear and concise error messages to the user in case of any errors or exceptions.

3.4 Refactor-friendly: The class should respect as much as possible the current test schema to facilitate the refactor of the wazuh-qa repository.

[jmv74211]

Update 2023-03-06

• Researched how to implement new requested changes
• Added new class FileRegexChecker
• Added unit FileRegexChecker tests