import re
# Validate logs from admd. Have "from" and have comma. It mean both "client IP" and "denied reason" is given by appliance.
def validate_re1():
print 'The following test case should succeed: '
regex = 'user\s+\[(\S+)\]\s+from\s+(\d+\.\d+\.\d+\.\d+)\s+(\S.*),\s+(\S.*)'
re_match = re.search(regex, 'ADM auth Firewall user [[email protected]] from 10.0.1.2 Error, Reason - Ldap binding not successful')
print re_match.group(1) + "| |" + re_match.group(2) + "| |" + re_match.group(4).replace('Reason - ', '')
re_match = re.search(regex, 'ADM auth Firewall user [jason@RADIUS] from 10.139.44.131 Error, Reason - Recv timeout')
print re_match.group(1) + "| |" + re_match.group(2) + "| |" + re_match.group(4).replace('Reason - ', '')
re_match = re.search(regex, 'ADM auth Firewall user [tiger@Firebox-DB] from 10.139.44.131 Rejected, Password Incorrect')
print re_match.group(1) + "| |" + re_match.group(2) + "| |" + re_match.group(4)
re_match = re.search(regex, 'ADM auth Firewall user [123_123@Firebox-DB] from 10.139.44.131 Rejected, User Not Found')
print re_match.group(1) + "| |" + re_match.group(2) + "| |" + re_match.group(4)
re_match = re.search(regex, 'ADM auth Firewall user [[email protected]] from 10.0.1.2 Error, Reason - Ldap binding not successful')
print re_match.group(1) + "| |" + re_match.group(2) + "| |" + re_match.group(4)
re_match = re.search(regex, 'ADM auth Firewall user [[email protected]] from 10.0.1.2 Rejected, Exceeded login limit')
print re_match.group(1) + "| |" + re_match.group(2) + "| |" + re_match.group(4)
print '--------------------------------------'
# Validate logs from admd. Have "from" but do not have comma
def validate_re2():
print 'The following test case should succeed: '
regex = 'user\s+\[(\S+)\]\s+from\s+(\d+\.\d+\.\d+\.\d+)\s+(\S.*)'
re_match = re.search(regex, 'ADM auth Firewall user [yyyyyyyyyyyyy@RADIUS] from 10.0.1.2 Rejected')
print re_match.group(1) + "| |" + re_match.group(2) + "| |" + "N/A"
re_match = re.search(regex, 'ADM auth Firewall user [[email protected]] from 10.0.1.2 Rejected')
print re_match.group(1) + "| |" + re_match.group(2) + "| |" + "N/A"
print '--------------------------------------'
# Validate logs from admd. Have no "from" but have comma
def validate_re3():
print 'The following test case should succeed: '
regex = 'user\s+\[(\S+)\]+(\s*\S*),\s+(\S.*)'
re_match = re.search(regex, 'ADM auth Firewall user [yyyyyyyyyyyyy@RADIUS] Error, radius auth method ytyty not supported')
print re_match.group(1) + "| |" + "N/A" + "| |" + re_match.group(3)
re_match = re.search(regex, 'ADM auth user [jason@RADIUS], both primary and secondary servers are down')
print re_match.group(1) + "| |" + "N/A" + "| |" + re_match.group(3)
print '--------------------------------------'
# Validate logs from sessiond.
def validate_re4():
print 'The following test case should succeed: '
# regex = 'user\s+(\S+)\s+from\s+(\d+\.\d+\.\d+\.\d+)\s+(\S.*)'
# re_match = re.search(regex, 'Firewall user frank@RADIUS from 10.139.44.131 rejected 111aaa')
log1 = 'Management user admin from 172.26.0.107 rejected - admin have login.'
log2 = 'Firewall user jerry@Firebox-DB from 10.139.36.83 rejected - Exceeded authenticated users limit'
log3 = "Firewall user andy@Firebox-DB from 10.0.1.2 rejected - Unspecified"
regex = 'user\s+(\S+)\s+from\s+(\d+\.\d+\.\d+\.\d+)\s+(\S.*)\s-\s+(\S.*)'
if log1.find('rejected')!= -1 and (log1.find('Management') != -1 or log1.find('Exceeded authenticated users limit')!= -1):
re_match = re.search(regex, log1)
print "log1--->"+re_match.group(1) + "| |" + re_match.group(2) + "| |" + re_match.group(4)
if log2.find('rejected')!= -1 and (log2.find('Management') != -1 or log2.find('Exceeded authenticated users limit')!= -1):
re_match = re.search(regex, log2)
print "log2--->"+re_match.group(1) + "| |" + re_match.group(2) + "| |" + re_match.group(4)
print 'The following test case should fail: '
if log3.find('rejected')!= -1 and (log3.find('Management') != -1 or log3.find('Exceeded authenticated users limit')!= -1):
re_match = re.search(regex, log3)
print "log3--->"+ re_match.group(1) + "| |" + re_match.group(2) + "| |" + re_match.group(4)
if __name__ == "__main__":
#Should match
validate_re1()
validate_re2()
validate_re3()
validate_re4()
print '----------------------'