Some refinement
This commit is contained in:
Orien Vandenbergh
@ -11,15 +11,19 @@ def build_json(field,path):
|
||||
def build_raw(path):
|
||||
return f"{datetime.now().strftime('%Y-%m-%dT%H:%M:%S.%fZ')} nowhere This is a sample raw event sent to {path} hecTest=yes"
|
||||
|
||||
def test_hec(baseurl,path,data):
|
||||
def test_hec(dtype,verbose,baseurl,path,data):
|
||||
url = baseurl+path
|
||||
cmd = ['curl','-k',url,'-H',f"Authorization: {args.token}",'-d',data]
|
||||
|
||||
print(f"Running command:")
|
||||
print(f">\t{cmd[0]} {cmd[1]} {cmd[2]} \\")
|
||||
print(f"\t{cmd[3]} {cmd[4]} \\")
|
||||
print(f"\t{cmd[5]} '{cmd[6]}'")
|
||||
print()
|
||||
if verbose:
|
||||
print(f"Running command:")
|
||||
print(f">\t{cmd[0]} {cmd[1]} {cmd[2]} \\")
|
||||
print(f"\t{cmd[3]} {cmd[4]} \\")
|
||||
print(f"\t{cmd[5]} '{cmd[6]}'")
|
||||
print()
|
||||
else:
|
||||
print(f"Testing '{dtype}': '{path}'")
|
||||
|
||||
result = subprocess.run(cmd,capture_output=True,text=True)
|
||||
#print("stderr")
|
||||
#print(result.stderr)
|
||||
@ -28,21 +32,26 @@ def test_hec(baseurl,path,data):
|
||||
|
||||
parser = argparse.ArgumentParser(
|
||||
prog='hectest',
|
||||
description='Send a test HEC message to a receiver')
|
||||
description='Send a set of test HEC message to a receiver, using a variety of endpoints')
|
||||
|
||||
parser.add_argument('-t', '--token', required=True, help='token to use')
|
||||
parser.add_argument('url', help="base url to send to, example: https://host.com:10080/services/collector/event")
|
||||
parser.add_argument('-t', '--token', required=True,
|
||||
help='token to use (required)')
|
||||
parser.add_argument('-v', '--verbose', action='store_true',
|
||||
help='print the curl commands for further debugging')
|
||||
parser.add_argument('url',
|
||||
help="base url to send to, example: 'https://host.com:10080'")
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
# Run an array of hec tests
|
||||
test_hec(args.url, '/cribl/_bulk', build_json( '_raw', '/cribl/_bulk'))
|
||||
test_hec(args.url, '/services/collector', build_json('event', '/services/collector'))
|
||||
test_hec(args.url, '/services/collector/raw', build_json('event', '/services/collector/raw'))
|
||||
test_hec(args.url,'/services/collector/event', build_json('event','/services/collector/event'))
|
||||
test_hec('json', args.verbose, args.url, '/cribl/_bulk', build_json( '_raw', '/cribl/_bulk'))
|
||||
test_hec('json', args.verbose, args.url, '/services/collector', build_json('event', '/services/collector'))
|
||||
test_hec('json', args.verbose, args.url, '/services/collector/raw', build_json('event', '/services/collector/raw'))
|
||||
test_hec('json', args.verbose, args.url,'/services/collector/event', build_json('event','/services/collector/event'))
|
||||
|
||||
# Run an array of raw tests
|
||||
test_hec(args.url, '/services/collector/raw', build_raw( '/services/collector/raw'))
|
||||
test_hec( 'raw', args.verbose, args.url, '/cribl/_bulk', build_raw( '/cribl/_bulk'))
|
||||
test_hec( 'raw', args.verbose, args.url, '/services/collector/raw', build_raw( '/services/collector/raw'))
|
||||
|
||||
# Can't send raw to /services/collector
|
||||
# test_hec(args.url, '/services/collector', build_raw( '/services/collector'))
|
||||
|
||||
Reference in New Issue
Block a user