diff --git a/.github/workflows/run_centos_7.yml b/.github/workflows/run_centos_7.yml new file mode 100644 index 00000000..3000a377 --- /dev/null +++ b/.github/workflows/run_centos_7.yml @@ -0,0 +1,59 @@ +# Copyright 2020 Rainer Gerhards and Others +# +# https://github.com/rsyslog/rsyslog-pkg-ubuntu +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# References: +# +# https://help.github.com/en/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#github-actions-notification-options +# https://github.com/settings/notifications +# https://software.opensuse.org//download.html?project=home%3Argerhards&package=rsyslog + + +--- +name: check centos 7 + +on: + pull_request: + +jobs: + CI: + runs-on: ubuntu-18.04 + timeout-minutes: 10 + + steps: + - name: git checkout project + uses: actions/checkout@v1 + + - name: run container CI pipeline + run: | + chmod -R go+rw . + export RSYSLOG_CONTAINER_UID="" # use default + export RSYSLOG_STATSURL='http://build.rsyslog.com/testbench-failedtest.php' + export CFLAGS='-g' + export CC='gcc' + export USE_AUTO_DEBUG='off' + export CI_MAKE_OPT='-j20' + export CI_MAKE_CHECK_OPT='-j1' + export CI_CHECK_CMD='check' + export RSYSLOG_DEV_CONTAINER='rsyslog/rsyslog_dev_base_centos:7' + # we need to override rsyslog configure options to avoid side-effects! + export RSYSLOG_CONFIGURE_OPTIONS_OVERRIDE='' + devtools/devcontainer.sh --rm devtools/run-ci.sh + + - name: show error logs (if we errored) + if: ${{ failure() || cancelled() }} + run: | + devtools/gather-check-logs.sh + cat failed-tests.log diff --git a/.github/workflows/run_centos_8.yml b/.github/workflows/run_centos_8.yml new file mode 100644 index 00000000..6493289b --- /dev/null +++ b/.github/workflows/run_centos_8.yml @@ -0,0 +1,59 @@ +# Copyright 2020 Rainer Gerhards and Others +# +# https://github.com/rsyslog/rsyslog-pkg-ubuntu +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# References: +# +# https://help.github.com/en/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#github-actions-notification-options +# https://github.com/settings/notifications +# https://software.opensuse.org//download.html?project=home%3Argerhards&package=rsyslog + + +--- +name: check centos 8 + +on: + pull_request: + +jobs: + CI: + runs-on: ubuntu-18.04 + timeout-minutes: 10 + + steps: + - name: git checkout project + uses: actions/checkout@v1 + + - name: run container CI pipeline + run: | + chmod -R go+rw . + export RSYSLOG_CONTAINER_UID="" # use default + export RSYSLOG_STATSURL='http://build.rsyslog.com/testbench-failedtest.php' + export CFLAGS='-g' + export CC='gcc' + export USE_AUTO_DEBUG='off' + export CI_MAKE_OPT='-j20' + export CI_MAKE_CHECK_OPT='-j1' + export CI_CHECK_CMD='check' + export RSYSLOG_DEV_CONTAINER='rsyslog/rsyslog_dev_base_centos:8' + # we need to override rsyslog configure options to avoid side-effects! + export RSYSLOG_CONFIGURE_OPTIONS_OVERRIDE='' + devtools/devcontainer.sh --rm devtools/run-ci.sh + + - name: show error logs (if we errored) + if: ${{ failure() || cancelled() }} + run: | + devtools/gather-check-logs.sh + cat failed-tests.log diff --git a/README b/README index c4342a7e..0b5a5fdb 100644 --- a/README +++ b/README @@ -3,7 +3,7 @@ Liblognorm is a fast-samples based normalization library. More information on liblognorm can be found at http://www.liblognorm.com -Liblognorm evolves since several years and was intially meant to be used primarily with +Liblognorm evolves since several years and was initially meant to be used primarily with the Mitre CEE effort. Consequently, the initial version of liblognorm (0.x) uses the libee CEE support library in its API. @@ -27,7 +27,7 @@ https://www.researchgate.net/publication/310545144_Efficient_Normalization_of_IT The current library is the result of that effort. Application developers are encouraged to switch to this version, as it provides the benefit of -a simpler API. This version is now being tracked by the git master branch. +a simpler API. This version is now being tracked by the git default branch. However, if you need to stick to the old API, there is a git branch liblognorm0, which contains the previous version of the library. This diff --git a/devtools/default_dev_container b/devtools/default_dev_container new file mode 100644 index 00000000..77fe3745 --- /dev/null +++ b/devtools/default_dev_container @@ -0,0 +1 @@ +rsyslog/rsyslog_dev_base_ubuntu:20.04 diff --git a/devtools/devcontainer.sh b/devtools/devcontainer.sh new file mode 100755 index 00000000..69352e37 --- /dev/null +++ b/devtools/devcontainer.sh @@ -0,0 +1,73 @@ +#!/bin/bash +# This scripts uses an rsyslog development container to execute given +# command inside it. +# Note: command line parameters are passed as parameters to the container, +# with the notable exception that -ti, if given as first parameter, is +# passed to "docker run" itself but NOT the container. +# +# use env var DOCKER_RUN_EXTRA_OPTS to provide extra options to docker run +# command. +# +# +# TO MODIFIY BEHAVIOUR, use +# LIBLOGNORM_CONTAINER_UID, format uid:gid, +# to change the users container is run under +# set to "" to use the container default settings +# (no local mapping) +set -e +if [ "$1" == "--rm" ]; then + optrm="--rm" + shift 1 +fi +if [ "$1" == "-ti" ]; then + ti="-ti" + shift 1 +fi +# check in case -ti was in front... +if [ "$1" == "--rm" ]; then + optrm="--rm" + shift 1 +fi + +if [ "$LIBLOGNORM_HOME" == "" ]; then + export LIBLOGNORM_HOME=$(pwd) + echo info: LIBLOGNORM_HOME not set, using $LIBLOGNORM_HOME +fi + +if [ -z "$LIBLOGNORM_DEV_CONTAINER" ]; then + LIBLOGNORM_DEV_CONTAINER=$(cat $LIBLOGNORM_HOME/devtools/default_dev_container) +fi + +printf '/rsyslog is mapped to %s \n' "$LIBLOGNORM_HOME" +printf 'using container %s\n' "$LIBLOGNORM_DEV_CONTAINER" +printf 'pulling container...\n' +printf 'user ids: %s:%s\n' $(id -u) $(id -g) +printf 'container_uid: %s\n' ${LIBLOGNORM_CONTAINER_UID--u $(id -u):$(id -g)} +printf 'container cmd: %s\n' $* +printf '\nNote: we use the RSYSLOG CONTAINERS, as such project home is /rsyslog!\n\n' +docker pull $LIBLOGNORM_DEV_CONTAINER +docker run $ti $optrm $DOCKER_RUN_EXTRA_OPTS \ + -e LIBLOGNORM_CONFIGURE_OPTIONS_EXTRA \ + -e LIBLOGNORM_CONFIGURE_OPTIONS_OVERRIDE \ + -e CC \ + -e CFLAGS \ + -e LDFLAGS \ + -e LSAN_OPTIONS \ + -e TSAN_OPTIONS \ + -e UBSAN_OPTIONS \ + -e CI_MAKE_OPT \ + -e CI_MAKE_CHECK_OPT \ + -e CI_CHECK_CMD \ + -e CI_BUILD_URL \ + -e CI_CODECOV_TOKEN \ + -e CI_VALGRIND_SUPPRESSIONS \ + -e CI_SANITIZE_BLACKLIST \ + -e ABORT_ALL_ON_TEST_FAIL \ + -e USE_AUTO_DEBUG \ + -e LIBLOGNORM_STATSURL \ + -e VCS_SLUG \ + --cap-add SYS_ADMIN \ + --cap-add SYS_PTRACE \ + ${LIBLOGNORM_CONTAINER_UID--u $(id -u):$(id -g)} \ + $DOCKER_RUN_EXTRA_FLAGS \ + -v "$LIBLOGNORM_HOME":/rsyslog $LIBLOGNORM_DEV_CONTAINER $* diff --git a/devtools/gather-check-logs.sh b/devtools/gather-check-logs.sh new file mode 100755 index 00000000..2645991c --- /dev/null +++ b/devtools/gather-check-logs.sh @@ -0,0 +1,66 @@ +#!/bin/bash +# gather logs generated by "make [dist]check" +# this also limits log size so that buildbot does not abort +# Copyright (C) 2020 by Rainer Gerhards, released under ASL 2.0 + +show_log() { + if grep -q ":test-result: FAIL" "$1"; then + printf "\nFAIL: ${1%%.trs} \ + ########################################################\ + ################################\n\n" + logfile="${1%%trs}log" + if [ -f "$logfile" ]; then + lines="$(wc -l < $logfile)" + if (( lines > 4000 )); then + ls -l $logfile + printf 'file is very large (%d lines), showing parts\n' $lines + head -n 2000 < "$logfile" + printf '\n\n... snip ...\n\n' + tail -n 2000 < "$logfile" + else + cat "$logfile" + fi + else + printf 'log FILE MISSING!\n' + fi + fi +} + +append_summary() { + echo file: $1 # emit file name just in case we have multiple! + head -n12 "$1" +} + +# find logs from tests which are potentially aborted. The main indication is +# that no matching .trs file exists +check_incomplete_logs() { + if grep -q "\.dep_wrk\|rstb_\|config.log" <<<"$1"; then + return + fi + # we emit info only for test log files - this means there must + # be a matching .sh file by our conventions + if [ -f "${1%%log}sh" ]; then + trsfile="${1%%log}trs" + if [ ! -f "$trsfile" ]; then + printf '\n\nNo matching .trs file for %s\n' "$1" + ls -l ${1%%.log}* + cat "$1" + fi + fi +} +export -f show_log +export -f append_summary +export -f check_incomplete_logs + +############################## MAIN ENTRY POINT ############################## +printf 'find failing tests\n' +rm -f failed-tests.log + +find . -name "*.trs" -exec bash -c 'show_log "$1" >> failed-tests.log' _ {} \; + +find . -name "*.log" -exec bash -c 'check_incomplete_logs "$1" >> failed-tests.log' _ {} \; + +if [ -f failed-tests.log ]; then + # show summary stats so that we know how many failed + find . -name test-suite.log -exec bash -c 'append_summary "$1" >>failed-tests.log' _ {} \; +fi diff --git a/devtools/run-ci.sh b/devtools/run-ci.sh new file mode 100755 index 00000000..f49111d0 --- /dev/null +++ b/devtools/run-ci.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# script for generic CI runs via container +printf 'running CI with\n' +printf 'container: %s\n' $RSYSLOG_DEV_CONTAINER +printf 'CC:\t%s\n' "$CC" +printf 'CFLAGS:\t%s:\n' "$CFLAGS" +printf 'RSYSLOG_CONFIGURE_OPTIONS:\t%s\n' "$RSYSLOG_CONFIGURE_OPTIONS" +printf 'working directory: %s\n' "$(pwd)" +printf 'user ids: %s:%s\n' $(id -u) $(id -g) +if [ "$SUDO" != "" ]; then + printf 'check sudo' + $SUDO echo sudo works! +fi +if [ "$CI_VALGRIND_SUPPRESSIONS" != "" ]; then + export RS_TESTBENCH_VALGRIND_EXTRA_OPTS="--suppressions=$(pwd)/tests/CI/$CI_VALGRIND_SUPPRESSIONS" +fi +if [ "$CI_SANITIZE_BLACKLIST" != "" ]; then + export CFLAGS="$CFLAGS -fsanitize-blacklist=$(pwd)/$CI_SANITIZE_BLACKLIST" + printf 'CFLAGS changed to: %s\n', "$CFLAGS" +fi +set -e + +printf 'STEP: autoreconf / configure ===============================================\n' +autoreconf -fvi +./configure + +if [ "$CI_CHECK_CMD" != "distcheck" ]; then + printf 'STEP: make =================================================================\n' + make $CI_MAKE_OPT +fi + +printf 'STEP: make %s ==============================================================\n', \ + "$CI_CHECK_CMD" +set +e +echo CI_CHECK_CMD: $CI_CHECK_CMD +make $CI_MAKE_CHECK_OPT ${CI_CHECK_CMD:-check} +rc=$? + +printf 'STEP: find failing tests ====================================================\n' +echo calling gather-check-logs +devtools/gather-check-logs.sh + +printf 'STEP: Codecov upload =======================================================\n' +if [ "$CI_CODECOV_TOKEN" != "" ]; then + curl -s https://codecov.io/bash >codecov.sh + chmod +x codecov.sh + ./codecov.sh -t "$CI_CODECOV_TOKEN" -n 'rsyslog buildbot PR' &> codecov_log + rm codecov.sh + lines="$(wc -l < codecov_log)" + if (( lines > 3000 )); then + printf 'codecov log file is very large (%d lines), showing parts\n' $lines + head -n 1500 < codecov_log + printf '\n\n... snip ...\n\n' + tail -n 1500 < codecov_log + else + cat codecov_log + fi + rm codecov_log +fi + +exit $rc diff --git a/doc/conf.py b/doc/conf.py index d72fa0e0..1458bb61 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -37,9 +37,6 @@ # The encoding of source files. #source_encoding = 'utf-8-sig' -# The master toctree document. -master_doc = 'index' - # General information about the project. project = u'Liblognorm' # pylint: disable=W0141 diff --git a/doc/configuration.rst b/doc/configuration.rst index a8ad5ad2..79adda41 100644 --- a/doc/configuration.rst +++ b/doc/configuration.rst @@ -32,11 +32,11 @@ Rulebase Versions This documentation is for liblognorm version 2 and above. Version 2 is a complete rewrite of liblognorm which offers many enhanced features but is incompatible to some pre-v2 rulebase commands. For details, see -compatiblity document. +compatibility document. Note that liblognorm v2 contains a full copy of the v1 engine. As such it is fully compatible to old rulebases. In order to use the new v2 -engine, you need to explicitely opt in. To do so, you need to add +engine, you need to explicitly opt in. To do so, you need to add the line:: version=2 @@ -46,7 +46,7 @@ to the top of your rulebase file. Currently, it is very important that * the line is given exactly as above * no whitespace within the sequence is permitted (e.g. "version = 2" is invalid) - * no whitepace or comment after the "2" is permitted + * no whitespace or comment after the "2" is permitted (e.g. "version=2 # comment") is invalid * this line **must** be the **very** first line of the file; this also means there **must** not be any comment or empty lines in @@ -247,7 +247,7 @@ Some special field names exist: it does so by creating a json subtree. If the field is named ".", then no subtree is created but instead the subfields are moved into the main hierarchy. -* **two dots** (".."): similiar to ".", but can be used at the lower level to denote +* **two dots** (".."): similar to ".", but can be used at the lower level to denote that a field is to be included with the name given by the upper-level object. Note that ".." is only acted on if a subelement contains a single field. The reason is that if there were more, we could not assign all of @@ -275,7 +275,7 @@ stems back to the legacy v1 system):: %tag:char-to{"extradata":":"}% Whitespace, including LF, is permitted inside a field definition after -the opening precent sign and before the closing one. This can be used to +the opening percent sign and before the closing one. This can be used to make complex rules more readable. So the example rule from the overview section above could be rewritten as:: @@ -335,7 +335,7 @@ A couple of things to note: * we express everything in this example in a *single* parser definition * this is done by using a **JSON array**; whenever an array is used, - multiple parsers can be specified. They are exectued one after the + multiple parsers can be specified. They are executed one after the other in given order. * literal text is matched here via explicit parser call; as specified below, this is recommended only for specific use cases with the @@ -344,7 +344,7 @@ A couple of things to note: on the main JSON level * the literal text shall not be stored inside an output variable; for this reason no name attribute is given (we could also have used - ``"name":"-"`` which achives the same effect but is more verbose). + ``"name":"-"`` which achieves the same effect but is more verbose). With the literal parser calls replaced by actual literals, the sample looks like this:: @@ -373,7 +373,7 @@ Some guidelines: * if a field needs to be matched but the result of that match is not needed, omit the "name" attribute; specifically avoid using the more verbose ``"name":"-"``. - * it is a good idea to start each defintion with ``"type":"..."`` + * it is a good idea to start each definition with ``"type":"..."`` as this provides a good quick overview over what is being defined. Mandatory Parameters @@ -404,7 +404,7 @@ and always matches the rest of the message). Note that liblognorm internally has a parser-specific priority, which is selected by the program developer based -on the specificallity of a type. If the user assigns equal priorities, parsers are +on the specificality of a type. If the user assigns equal priorities, parsers are executed based on the parser-specific priority. The default priority value is 30,000. @@ -420,11 +420,11 @@ generic parsers, which are then tailored via parameters. There is nothing bad about using legacy parsers and there is no plan to outphase them at any time in the future. We just wanted to let you know, especially if you wonder about some "wereid" parsers. -In v1, parsers could have only a single paramter, which was called +In v1, parsers could have only a single parameter, which was called "extradata" at that time. This is why some of the legacy parsers require or support a parameter named "extradata" and do not use a better name for it (internally, the legacy format creates a -v2 parser defintion with "extradata" being populated from the +v2 parser definition with "extradata" being populated from the legacy "extradata" part of the configuration). number @@ -522,11 +522,11 @@ function to check for space, horizontal tab, newline, vertical tab, feed and carriage return characters. This parser is primarily a tool to skip to the next "word" if -the exact number of whitspace characters (and type of whitespace) -is not known. The current parsing position MUST be on a whitspace, +the exact number of whitespace characters (and type of whitespace) +is not known. The current parsing position MUST be on a whitespace, else the parser does not match. -Remeber that to just parse but not preserve the field contents, the +Remember that to just parse but not preserve the field contents, the dash ("-") is used as field name in compact format or the "name" parameter is simply omitted in JSON format. This is almost always expected with the *whitespace* type. @@ -698,7 +698,7 @@ One or more characters, up to the next string given in alpha ##### -One or more alphabetic characters, up to the next whitspace, punctuation, +One or more alphabetic characters, up to the next whitespace, punctuation, decimal digit or control character. char-to @@ -734,14 +734,14 @@ which terminates the match. rest #### -Zero or more characters untill end of line. Must always be at end of the +Zero or more characters until end of line. Must always be at end of the rule, even though this condition is currently **not** checked. In any case, any definitions after *rest* are ignored. Note that the *rest* syntax should be avoided because it generates a very broad match. If it needs to be used, the user shall assign it the lowest priority among his parser definitions. Note that the -parser-sepcific priority is also lowest, so by default it will only +parser-specific priority is also lowest, so by default it will only match if nothing else matches. quoted-string @@ -804,7 +804,7 @@ Specifies the format of the json object. Possible values are - **timestamp-unix-ms** - a kind of unix-timestamp, but with millisecond resolution. This format is understood for example by ElasticSearch. Note that RFC3164 does **not** contain subsecond resolution, so this option makes no sense for RFC3164-data only. - It is usefull, howerver, if processing mixed sources, some of which contain higher + It is useful, however, if processing mixed sources, some of which contain higher precision. @@ -973,7 +973,7 @@ Samples for such a spec are: * inside:192.168.1.25/53 (192.168.1.25/53) (some.user) * 192.168.1.15/0(LOCAL\RG-867G8-DEL88D879BBFFC8) -Note that the current verision of liblognorm does not permit sole +Note that the current version of liblognorm does not permit sole IP addresses to be detected as a Cisco interface spec. However, we are reviewing more Cisco message and need to decide if this is to be supported. The problem here is that this would create a much @@ -983,7 +983,7 @@ broader parser which would potentially match many things that are As this object extracts multiple subelements, it create a JSON structure. -Let's for example look at this definiton (compact format):: +Let's for example look at this definition (compact format):: %ifaddr:cisco-interface-spec% @@ -1077,7 +1077,7 @@ This rule matches messages like these:: Note that the "parser" parameter here needs to be provided with an array of *alternatives*. In this case, the JSON array is **not** interpreted as -a sequence. Note, though that you can nest defintions by using custom types. +a sequence. Note, though that you can nest definitions by using custom types. repeat ###### @@ -1141,7 +1141,7 @@ the "parser" parameter **must** match at least once, otherwise "repeat" fails. In the above sample, "while" mismatches after "4", because no ", " follows. -Then, the parser termiantes, and according to definition the literal " b" +Then, the parser terminates, and according to definition the literal " b" is matched, which will result in a successful rule match (note: the "a ", " b" literals are just here for explanatory purposes and could be any other rule element). @@ -1169,7 +1169,7 @@ Note the missing space after "4,". To handle such cases, we can nest the } }% b -This definition handles numbers being delemited by either ", " or ",". +This definition handles numbers being delimited by either ", " or ",". For people with programming skills, the "repeat" parser is described by this pseudocode:: diff --git a/doc/index.rst b/doc/index.rst index 38d9cd00..ffd99602 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -1,4 +1,4 @@ -.. Liblognorm documentation master file, created by +.. Liblognorm documentation main file, created by sphinx-quickstart on Mon Dec 16 13:12:44 2013. You can adapt this file completely to your liking, but it should at least contain the root `toctree` directive. diff --git a/doc/lognormalizer.rst b/doc/lognormalizer.rst index c592a2c5..962c3398 100644 --- a/doc/lognormalizer.rst +++ b/doc/lognormalizer.rst @@ -121,7 +121,7 @@ Special options. The following ones can be set: * **addRule** Add a mockup of the rule that was processed. Note that it is *not* an exact copy of the rule, but a rule that correctly describes the parsed message. Most importantly, prefixes are - appended and custom data types are expanded (and no longer visiable + appended and custom data types are expanded (and no longer visible as such). This option is primarily meant for postprocessing, e.g. as input to an anonymizer. @@ -233,7 +233,7 @@ systems it is yum command:: $ sudo yum install graphviz The next step would be creating the control file for graphviz. Therefore we -use the normalizer command with the options -d "prefered filename for the +use the normalizer command with the options -d "preferred filename for the control file" and -r "rulebase":: $ lognormalize -d control.dot -r messages.rb diff --git a/rulebases/syntax.txt b/rulebases/syntax.txt index d24637cf..5627dcf4 100644 --- a/rulebases/syntax.txt +++ b/rulebases/syntax.txt @@ -25,7 +25,7 @@ should match exactly. Field selector has this format: Percent sign is used to enclose field selector. If you need to match literal '%', it can be written as '%%' or '\x25'. -Behaviour of field selector depends on its type, which is decribed below. +Behaviour of field selector depends on its type, which is described below. If field name is set to '-', this field is matched but not saved. diff --git a/src/annot.h b/src/annot.h index 95fb1b67..f9ec54b0 100644 --- a/src/annot.h +++ b/src/annot.h @@ -155,7 +155,7 @@ void ln_deleteAnnot(ln_annot *annot); * must NOT be re-used by caller * @returns 0 on success, something else otherwise */ -int ln_addAnnotOp(ln_annot *anot, ln_annot_opcode opc, es_str_t *name, es_str_t *value); +int ln_addAnnotOp(ln_annot *annot, ln_annot_opcode opc, es_str_t *name, es_str_t *value); /** @@ -164,7 +164,7 @@ int ln_addAnnotOp(ln_annot *anot, ln_annot_opcode opc, es_str_t *name, es_str_t * @memberof ln_annot * * @param[in] ctx current context - * @param[in] event event to annotate (updated with anotations on exit) + * @param[in] event event to annotate (updated with annotations on exit) * @returns 0 on success, something else otherwise */ int ln_annotate(ln_ctx ctx, struct json_object *json, struct json_object *tags); diff --git a/src/liblognorm.h b/src/liblognorm.h index 50724f03..7fd2ca04 100644 --- a/src/liblognorm.h +++ b/src/liblognorm.h @@ -108,7 +108,7 @@ int ln_hasAdvancedStats(void); * To prevent memory leaks, ln_exitCtx() must be called on a library * context that is no longer needed. * - * @return new library context or NULL if an error occured + * @return new library context or NULL if an error occurred */ ln_ctx ln_initCtx(void); @@ -116,19 +116,19 @@ ln_ctx ln_initCtx(void); * Inherit control attributes from a library context. * * This does not copy the parse-tree, but does copy - * behaviour-controling attributes such as enableRegex. + * behaviour-controlling attributes such as enableRegex. * * Just as with ln_initCtx, ln_exitCtx() must be called on a library * context that is no longer needed. * - * @return new library context or NULL if an error occured + * @return new library context or NULL if an error occurred */ ln_ctx ln_inherittedCtx(ln_ctx parent); /** * Discard a library context. * - * Free's the ressources associated with the given library context. It + * Free's the resources associated with the given library context. It * MUST NOT be accessed after calling this function. * * @param ctx The context to be discarded. @@ -162,7 +162,7 @@ ln_setCtxOpts(ln_ctx ctx, unsigned opts); * - it's internal processing * - the way a log message is being normalized * - * It does so by emiting "interesting" information about its processing + * It does so by emitting "interesting" information about its processing * at various stages. A caller can obtain this information by registering * an entry point. When done so, liblognorm will call the entry point * whenever it has something to emit. Note that debugging can be rather @@ -183,7 +183,7 @@ ln_setCtxOpts(ln_ctx ctx, unsigned opts); * @param[in] cookie Opaque cookie to be passed down to debug handler. Can be * used for some state tracking by the caller. This is defined as * void* to support pointers. To play it safe, a pointer should be - * passed (but advantorous folks may also use an unsigned). + * passed (but adventurous folks may also use an unsigned). * * @return Returns zero on success, something else otherwise. */ @@ -257,7 +257,7 @@ int ln_loadSamplesFromString(ln_ctx ctx, const char *string); * @param[in] ctx The library context to use. * @param[in] str The message string (see note above). * @param[in] strLen The length of the message in bytes. - * @param[out] json_p A new event record or NULL if an error occured. Must be + * @param[out] json_p A new event record or NULL if an error occurred. Must be * destructed if no longer needed. * * @return Returns zero on success, something else otherwise. diff --git a/src/lognorm.c b/src/lognorm.c index d9c83925..2ace774c 100644 --- a/src/lognorm.c +++ b/src/lognorm.c @@ -67,7 +67,7 @@ ln_dbgprintf(ln_ctx ctx, const char *fmt, ...) lenBuf = vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); if(lenBuf >= sizeof(buf)) { - /* prevent buffer overruns and garbagge display */ + /* prevent buffer overruns and garbage display */ buf[sizeof(buf) - 5] = '.'; buf[sizeof(buf) - 4] = '.'; buf[sizeof(buf) - 3] = '.'; @@ -105,7 +105,7 @@ ln_errprintf(const ln_ctx ctx, const int eno, const char *fmt, ...) lenBuf = vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); if(lenBuf >= sizeof(buf)) { - /* prevent buffer overrruns and garbagge display */ + /* prevent buffer overruns and garbage display */ buf[sizeof(buf) - 5] = '.'; buf[sizeof(buf) - 4] = '.'; buf[sizeof(buf) - 3] = '.'; diff --git a/src/lognormalizer.c b/src/lognormalizer.c index f7322329..ae60ece2 100644 --- a/src/lognormalizer.c +++ b/src/lognormalizer.c @@ -325,8 +325,8 @@ fprintf(stderr, " -oaddRuleLocation Add location of matching rule to metadata\n" " -oaddExecPath Add exec_path attribute to output\n" " -oaddOriginalMsg Always add original message to output, not just in error case\n" - " -p Print back only if the message has been parsed succesfully\n" - " -P Print back only if the message has NOT been parsed succesfully\n" + " -p Print back only if the message has been parsed successfully\n" + " -P Print back only if the message has NOT been parsed successfully\n" " -L Add source file line number information to unparsed line output\n" " -t Print back only messages matching the tag\n" " -v Print debug. When used 3 times, prints parse DAG\n" diff --git a/src/parser.c b/src/parser.c index 04b16149..eb12e2e5 100644 --- a/src/parser.c +++ b/src/parser.c @@ -1024,7 +1024,7 @@ struct data_HexNumber { /** * Parse a hex Number. * A hex number begins with 0x and contains only hex digits until the terminating - * whitespace. Note that if a non-hex character is deteced inside the number string, + * whitespace. Note that if a non-hex character is detected inside the number string, * this is NOT considered to be a number. */ PARSER_Parse(HexNumber) @@ -1184,8 +1184,8 @@ PARSER_Parse(KernelTimestamp) * Parse whitespace. * This parses all whitespace until the first non-whitespace character * is found. This is primarily a tool to skip to the next "word" if - * the exact number of whitspace characters (and type of whitespace) - * is not known. The current parsing position MUST be on a whitspace, + * the exact number of whitespace characters (and type of whitespace) + * is not known. The current parsing position MUST be on a whitespace, * else the parser does not match. * This parser is also a forward-compatibility tool for the upcoming * slsa (simple log structure analyser) tool. @@ -2943,7 +2943,7 @@ cefParseExtensionValue(npb_t *const npb, * of end of name. * Note: ArcSight violates the CEF spec ifself: they generate * leading underscores in their extension names, which are - * definetly not alphanumeric. We still accept them... + * definitely not alphanumeric. We still accept them... * They also seem to use dots. */ static int @@ -3112,7 +3112,7 @@ PARSER_Parse(CEF) char *name = NULL; char *severity = NULL; - /* minumum header: "CEF:0|x|x|x|x|x|x|" --> 17 chars */ + /* minimum header: "CEF:0|x|x|x|x|x|x|" --> 17 chars */ if(npb->strLen < i + 17 || npb->str[i] != 'C' || npb->str[i+1] != 'E' || @@ -3136,7 +3136,7 @@ PARSER_Parse(CEF) * This time, we do NOT pre-process the extension, but rather * persist them directly to JSON. This is contrary to other * parsers, but as the CEF header is pretty unique, this time - * it is exteremely unlike we will get a no-match during + * it is extremely unlikely we will get a no-match during * extension processing. Even if so, nothing bad happens, as * the extracted data is discarded. But the regular case saves * us processing time and complexity. The only time when we diff --git a/src/pdag.c b/src/pdag.c index 6471114c..23480520 100644 --- a/src/pdag.c +++ b/src/pdag.c @@ -48,7 +48,7 @@ int advstats_lit_parser_calls[ADVSTATS_MAX_ENTITIES]; * VERY IMPORTANT: the initialization must be done EXACTLY in the * order of parser IDs (also see comment in pdag.h). * - * Rough guideline for assigning priorites: + * Rough guideline for assigning priorities: * 0 is highest, 255 lowest. 255 should be reserved for things that * *really* should only be run as last resort --> rest. Also keep in * mind that the user-assigned priority is put in the upper 24 bits, so @@ -192,7 +192,7 @@ ln_pdagClearVisited(ln_ctx ctx) } /** - * Process a parser defintion. Note that a single defintion can potentially + * Process a parser definition. Note that a single definition can potentially * contain many parser instances. * @return parser node ptr or NULL (on error) */ @@ -338,7 +338,7 @@ done: return; /** * pdag optimizer step: literal path compaction * - * We compress as much as possible and evalute the path down to + * We compress as much as possible and evaluate the path down to * the first non-compressable element. Note that we must NOT * compact those literals that are either terminal nodes OR * contain names so that the literal is to be parsed out. @@ -432,12 +432,12 @@ deleteComponentID(struct ln_pdag *const __restrict__ dag) * This is required if the ALTERNATIVE parser type is used, * which will create component IDs for each of it's invocations. * As such, we do not only fix the string, but know that all - * children also need fixning. We do this be simply deleting + * children also need fixing. We do this be simply deleting * all of their rb_ids, as we know they will be visited again. * Note: if we introduce the same situation by new functionality, * we may need to review this code here as well. Also note * that the component ID will not be 100% correct after our fix, - * because that ID could acutally be created by two sets of rules. + * because that ID could actually be created by two sets of rules. * But this is the best we can do. */ static void @@ -461,7 +461,7 @@ done: return; } /** * Assign human-readable identifiers (names) to each node. These are - * later used in stats, debug output and whereever else this may make + * later used in stats, debug output and wherever else this may make * sense. */ static void @@ -736,7 +736,7 @@ ln_fullPdagStats(ln_ctx ctx, FILE *const fp, const int extendedStats) "parser call statistic is the number of parsers called along\n" "the path. That number is higher, as multiple parsers may be\n" "called at each node. The number of literal parser calls is\n" - "given explicitely, as they use almost no time to process.\n" + "given explicitly, as they use almost no time to process.\n" "\n" ); total_len = 0; @@ -1087,7 +1087,7 @@ static inline void dotAddPtr(es_str_t **str, void *p) i = snprintf(buf, sizeof(buf), "l%p", p); es_addBuf(str, buf, i); } -struct data_Literal { const char *lit; }; // TODO remove when this hack is no longe needed +struct data_Literal { const char *lit; }; // TODO remove when this hack is no longer needed /** * recursive handler for DOT graph generator. */ @@ -1355,7 +1355,7 @@ fixJSON(struct ln_pdag *dag, int isDotDot = 0; struct json_object *valDotDot = NULL; if(json_object_get_type(*value) == json_type_object) { - /* TODO: this needs to be speeded up by just checking the first + /* TODO: this needs to be sped up by just checking the first * member and ensuring there is only one member. This requires * extensions to libfastjson. */ @@ -1524,7 +1524,7 @@ add_rule_to_mockup(npb_t *const __restrict__ npb, * @param[in] string string to be matched against (the to-be-normalized data) * @param[in] strLen length of the to-be-matched string * @param[in] offs start position in input data - * @param[out] pPrasedTo ptr to position up to which the the parsing succed in max + * @param[out] pPrasedTo ptr to position up to which the parsing succeed in max * @param[in/out] json ... that is being created during normalization * @param[out] endNode if a match was found, this is the matching node (undefined otherwise) * diff --git a/src/pdag.h b/src/pdag.h index 8178e7ab..ba7ece35 100644 --- a/src/pdag.h +++ b/src/pdag.h @@ -32,7 +32,7 @@ struct ln_type_pdag; * parser IDs. * * These identfy a parser. VERY IMPORTANT: they must start at zero - * and continously increment. They must exactly match the index + * and continuously increment. They must exactly match the index * of the respective parser inside the parser lookup table. */ #define PRS_LITERAL 0 @@ -108,7 +108,7 @@ struct ln_parser_info { struct ln_pdag { ln_ctx ctx; /**< our context */ // TODO: why do we need it? ln_parser_t *parsers; /* array of parsers to try */ - prsid_t nparsers; /**< current table size (prsid_t slighly abused) */ + prsid_t nparsers; /**< current table size (prsid_t slightly abused) */ struct { unsigned isTerminal:1; /**< designates this node a terminal sequence */ unsigned visited:1; /**< work var for recursive procedures */ @@ -143,7 +143,7 @@ extern int advstats_max_backtracked; extern int advstats_backtracks[ADVSTATS_MAX_ENTITIES]; #endif -/** the "normalization paramater block" (npb) +/** the "normalization parameter block" (npb) * This structure is passed to all normalization routines including * parsers. It contains data that commonly needs to be passed, * like the to be parsed string and its length, as well as read/write @@ -196,7 +196,7 @@ void ln_pdagDelete(struct ln_pdag *DAG); /** * Add parser to dag node. - * Works on unoptimzed dag. + * Works on unoptimized dag. * * @param[in] pdag pointer to pdag to modify * @param[in] parser parser definition diff --git a/src/samp.c b/src/samp.c index d5d42c3d..4386ccaa 100644 --- a/src/samp.c +++ b/src/samp.c @@ -996,7 +996,7 @@ ln_sampChkRunawayRule(ln_ctx ctx, FILE *const __restrict__ repo, const char **in * @param[in/out] ptr to ptr of input buffer; this is used if a string is * provided instead of a file. If so, this pointer is advanced * as data is consumed. - * @param[out] isEof must be set to 0 on entry and is switched to 1 if EOF occured. + * @param[out] isEof must be set to 0 on entry and is switched to 1 if EOF occurred. * @return standard error code */ static int @@ -1123,7 +1123,7 @@ tryOpenRBFile(ln_ctx ctx, const char *const file) return repo; } -/* @return 0 if all is ok, 1 if an error occured */ +/* @return 0 if all is ok, 1 if an error occurred */ int ln_sampLoad(ln_ctx ctx, const char *file) { @@ -1138,7 +1138,7 @@ ln_sampLoad(ln_ctx ctx, const char *file) const int version = checkVersion(repo); ln_dbgprintf(ctx, "rulebase version is %d\n", version); if(version == -1) { - ln_errprintf(ctx, errno, "error determing version of %s", file); + ln_errprintf(ctx, errno, "error determining version of %s", file); goto done; } if(ctx->version != 0 && version != ctx->version) { @@ -1167,7 +1167,7 @@ ln_sampLoad(ln_ctx ctx, const char *file) return r; } -/* @return 0 if all is ok, 1 if an error occured */ +/* @return 0 if all is ok, 1 if an error occurred */ int ln_sampLoadFromString(ln_ctx ctx, const char *string) { diff --git a/src/v1_liblognorm.h b/src/v1_liblognorm.h index 166dd907..10dc38ec 100644 --- a/src/v1_liblognorm.h +++ b/src/v1_liblognorm.h @@ -66,12 +66,12 @@ * Inherit control attributes from a library context. * * This does not copy the parse-tree, but does copy - * behaviour-controling attributes such as enableRegex. + * behaviour-controlling attributes such as enableRegex. * * Just as with ln_initCtx, ln_exitCtx() must be called on a library * context that is no longer needed. * - * @return new library context or NULL if an error occured + * @return new library context or NULL if an error occurred */ ln_ctx ln_v1_inherittedCtx(ln_ctx parent); @@ -127,7 +127,7 @@ int ln_v1_loadSamples(ln_ctx ctx, const char *file); * @param[in] ctx The library context to use. * @param[in] str The message string (see note above). * @param[in] strLen The length of the message in bytes. - * @param[out] json_p A new event record or NULL if an error occured. Must be + * @param[out] json_p A new event record or NULL if an error occurred. Must be * destructed if no longer needed. * * @return Returns zero on success, something else otherwise. diff --git a/src/v1_parser.c b/src/v1_parser.c index 4d80b0ca..4e0bc88a 100644 --- a/src/v1_parser.c +++ b/src/v1_parser.c @@ -616,7 +616,7 @@ PARSER(Float) /** * Parse a hex Number. * A hex number begins with 0x and contains only hex digits until the terminating - * whitespace. Note that if a non-hex character is deteced inside the number string, + * whitespace. Note that if a non-hex character is detected inside the number string, * this is NOT considered to be a number. */ PARSER(HexNumber) @@ -704,8 +704,8 @@ PARSER(KernelTimestamp) * Parse whitespace. * This parses all whitespace until the first non-whitespace character * is found. This is primarily a tool to skip to the next "word" if - * the exact number of whitspace characters (and type of whitespace) - * is not known. The current parsing position MUST be on a whitspace, + * the exact number of whitespace characters (and type of whitespace) + * is not known. The current parsing position MUST be on a whitespace, * else the parser does not match. * This parser is also a forward-compatibility tool for the upcoming * slsa (simple log structure analyser) tool. @@ -1752,7 +1752,7 @@ static struct suffixed_parser_data_s* _suffixed_parser_data_constructor(ln_field else if (suffixes_str == NULL) ln_dbgprintf(ctx, "couldn't allocate memory for suffix-list for field: '%s'", name); else if (pData->nsuffix == 0) - ln_dbgprintf(ctx, "could't read suffix-value(s) for field: '%s'", name); + ln_dbgprintf(ctx, "couldn't read suffix-value(s) for field: '%s'", name); else if (pData->suffix_offsets == NULL) ln_dbgprintf(ctx, "couldn't allocate memory for suffix-list element references for field: " "'%s'", name); @@ -2917,7 +2917,7 @@ cefParseExtensionValue(const char *const __restrict__ str, * of end of name. * Note: ArcSight violates the CEF spec ifself: they generate * leading underscores in their extension names, which are - * definetly not alphanumeric. We still accept them... + * definitely not alphanumeric. We still accept them... * They also seem to use dots. */ static int @@ -3079,7 +3079,7 @@ PARSER(CEF) char *name = NULL; char *severity = NULL; - /* minumum header: "CEF:0|x|x|x|x|x|x|" --> 17 chars */ + /* minimum header: "CEF:0|x|x|x|x|x|x|" --> 17 chars */ if(strLen < i + 17 || str[i] != 'C' || str[i+1] != 'E' || @@ -3104,7 +3104,7 @@ PARSER(CEF) * This time, we do NOT pre-process the extension, but rather * persist them directly to JSON. This is contrary to other * parsers, but as the CEF header is pretty unique, this time - * it is exteremely unlike we will get a no-match during + * it is extremely unlikely we will get a no-match during * extension processing. Even if so, nothing bad happens, as * the extracted data is discarded. But the regular case saves * us processing time and complexity. The only time when we diff --git a/src/v1_ptree.c b/src/v1_ptree.c index 30185c58..01d9bbd8 100644 --- a/src/v1_ptree.c +++ b/src/v1_ptree.c @@ -185,7 +185,7 @@ ln_addPTree(struct ln_ptree *tree, es_str_t *str, size_t offs) LN_DBGPRINTF(tree->ctx, "addPTree: offs %zu", offs); parentptr = &(tree->subtree[es_getBufAddr(str)[offs]]); - /* First check if tree node is totaly empty. If so, we can simply add + /* First check if tree node is totally empty. If so, we can simply add * the prefix to this node. This case is important, because it happens * every time with a new field. */ @@ -807,7 +807,7 @@ LN_DBGPRINTF(tree->ctx, "%zu got return %d", offs, r); goto done; /* and finally give "rest" a try if it was present. Note that we MUST do this after - * literal evaluation, otherwise "rest" can never be overriden by other rules. + * literal evaluation, otherwise "rest" can never be overridden by other rules. */ if(restMotifNode != NULL) { LN_DBGPRINTF(tree->ctx, "rule has rest motif, forcing match via it"); diff --git a/src/v1_ptree.h b/src/v1_ptree.h index 94ac747b..26aa24eb 100644 --- a/src/v1_ptree.h +++ b/src/v1_ptree.h @@ -42,7 +42,7 @@ typedef struct ln_fieldList_s ln_fieldList_t; /** * List of supported fields inside parse tree. * This list holds all fields and their description. While normalizing, - * fields are tried in the order of this list. So the enqeue order + * fields are tried in the order of this list. So the enqueue order * dictates precedence during parsing. * * value list. This is a single-linked list. In a later stage, we should @@ -54,7 +54,7 @@ typedef struct ln_fieldList_s ln_fieldList_t; struct ln_fieldList_s { es_str_t *name; /**< field name */ es_str_t *data; /**< extra data to be passed to parser */ - es_str_t *raw_data; /**< extra untouched (unescaping is not done) data availble to be used by parser */ + es_str_t *raw_data; /**< extra untouched (unescaping is not done) data available to be used by parser */ void *parser_data; /** opaque data that the field-parser understands */ void (*parser_data_destructor)(void **); /** destroy opaque data that field-parser understands */ int (*parser)(const char*, size_t, size_t*, const ln_fieldList_t *, @@ -77,7 +77,7 @@ struct ln_ptree { unsigned isTerminal:1; /**< designates this node a terminal sequence? */ } flags; struct json_object *tags; /* tags to assign to events of this type */ - /* the respresentation below requires a lof of memory but is + /* the representation below requires a lof of memory but is * very fast. As an alternate approach, we can use a hash table * where we ignore control characters. That should work quite well. * But we do not do this in the initial step. diff --git a/src/v1_samp.h b/src/v1_samp.h index 92b3fade..993c14a6 100644 --- a/src/v1_samp.h +++ b/src/v1_samp.h @@ -52,7 +52,7 @@ struct ln_v1_samp { * @param[ctx] ctx current library context * @param[buf] cstr buffer containing the string contents of the sample * @param[lenBuf] length of the sample contained within buf - * @return Newly create object or NULL if an error occured. + * @return Newly create object or NULL if an error occurred. */ struct ln_v1_samp * ln_v1_processSamp(ln_ctx ctx, const char *buf, es_size_t lenBuf); @@ -70,8 +70,8 @@ ln_v1_processSamp(ln_ctx ctx, const char *buf, es_size_t lenBuf); * * @param[in] ctx current library context * @param[in] repo repository descriptor - * @param[out] isEof must be set to 0 on entry and is switched to 1 if EOF occured. - * @return Newly create object or NULL if an error or EOF occured. + * @param[out] isEof must be set to 0 on entry and is switched to 1 if EOF occurred. + * @return Newly create object or NULL if an error or EOF occurred. */ struct ln_v1_samp * ln_v1_sampRead(ln_ctx ctx, FILE *repo, int *isEof); diff --git a/tests/field_cef.sh b/tests/field_cef.sh index 20933b8e..5191e3dc 100755 --- a/tests/field_cef.sh +++ b/tests/field_cef.sh @@ -39,7 +39,7 @@ execute 'CEF:0|Vendor|Product|Version|Signature ID|some name|Severity| ' # singl assert_output_json_eq '{ "f": { "DeviceVendor": "Vendor", "DeviceProduct": "Product", "DeviceVersion": "Version", "SignatureID": "Signature ID", "Name": "some name", "Severity": "Severity", "Extensions": { } } }' execute 'CEF:0|Vendor|Product|Version|Signature ID|some name|Severity| ' # multiple trailing spaces - invalid -assert_output_json_eq '{ "originalmsg": "CEF:0|Vendor|Product|Version|Signature ID|some name|Severity| ", "unparsed-data": "CEF:0|Vendor|Product|Version|Signature ID|some name|Severity| " }' +assert_output_json_eq '{ "f": { "DeviceVendor": "Vendor", "DeviceProduct": "Product", "DeviceVersion": "Version", "SignatureID": "Signature ID", "Name": "some name", "Severity": "Severity", "Extensions": { } } }' execute 'CEF:0|Vendor' assert_output_json_eq '{ "originalmsg": "CEF:0|Vendor", "unparsed-data": "CEF:0|Vendor" }' diff --git a/tests/field_cef_jsoncnf.sh b/tests/field_cef_jsoncnf.sh index a516bc72..04963729 100755 --- a/tests/field_cef_jsoncnf.sh +++ b/tests/field_cef_jsoncnf.sh @@ -39,7 +39,7 @@ execute 'CEF:0|Vendor|Product|Version|Signature ID|some name|Severity| ' # singl assert_output_json_eq '{ "f": { "DeviceVendor": "Vendor", "DeviceProduct": "Product", "DeviceVersion": "Version", "SignatureID": "Signature ID", "Name": "some name", "Severity": "Severity", "Extensions": { } } }' execute 'CEF:0|Vendor|Product|Version|Signature ID|some name|Severity| ' # multiple trailing spaces - invalid -assert_output_json_eq '{ "originalmsg": "CEF:0|Vendor|Product|Version|Signature ID|some name|Severity| ", "unparsed-data": "CEF:0|Vendor|Product|Version|Signature ID|some name|Severity| " }' +assert_output_json_eq '{ "f": { "DeviceVendor": "Vendor", "DeviceProduct": "Product", "DeviceVersion": "Version", "SignatureID": "Signature ID", "Name": "some name", "Severity": "Severity", "Extensions": { } } }' execute 'CEF:0|Vendor' assert_output_json_eq '{ "originalmsg": "CEF:0|Vendor", "unparsed-data": "CEF:0|Vendor" }' diff --git a/tests/field_descent.sh b/tests/field_descent.sh index 6e0672d5..b60ea9bd 100755 --- a/tests/field_descent.sh +++ b/tests/field_descent.sh @@ -27,7 +27,7 @@ assert_output_json_eq '{"device": "gw-1", "net": {"ip_addr": "10.20.30.40"}, "tm execute 'blocked on gw-1 10.20.30.40/16 at 2014-12-08T08:53:33.05+05:30' assert_output_json_eq '{"device": "gw-1", "net": {"subnet_addr": "10.20.30.40", "mask": "16"}, "tm": "2014-12-08T08:53:33.05+05:30"}' -#descent with tail field having arbirary name +#descent with tail field having arbitrary name reset_rules add_rule 'rule=:blocked on %device:word% %net:descent:./subset.rulebase:remaining%at %tm:date-rfc5424%' reset_rules 'subset' diff --git a/tests/field_json.sh b/tests/field_json.sh index 7f063ffd..e3718648 100755 --- a/tests/field_json.sh +++ b/tests/field_json.sh @@ -18,7 +18,7 @@ add_rule 'rule=:%field:json%end' execute '{"f1": "1", "f2": 2}' assert_output_json_eq '{ "field": { "f1": "1", "f2": 2 } }' -#check if trailinge whitspace is ignored +#check if trailing whitespace is ignored execute '{"f1": "1", "f2": 2} ' assert_output_json_eq '{ "field": { "f1": "1", "f2": 2 } }' @@ -47,7 +47,7 @@ add_rule 'rule=:%field1:json%-%field2:json%' execute '{"f1": "1"}-{"f2": 2}' assert_output_json_eq '{ "field2": { "f2": 2 }, "field1": { "f1": "1" } }' -# re-check previsous def still works +# re-check previous def still works execute '{"f1": "1", "f2": 2}' assert_output_json_eq '{ "field": { "f1": "1", "f2": 2 } }' diff --git a/tests/field_json_jsoncnf.sh b/tests/field_json_jsoncnf.sh index 1903acb2..cdd4b0bd 100755 --- a/tests/field_json_jsoncnf.sh +++ b/tests/field_json_jsoncnf.sh @@ -18,7 +18,7 @@ add_rule 'rule=:%field:json%end' execute '{"f1": "1", "f2": 2}' assert_output_json_eq '{ "field": { "f1": "1", "f2": 2 } }' -#check if trailinge whitspace is ignored +#check if trailing whitespace is ignored execute '{"f1": "1", "f2": 2} ' assert_output_json_eq '{ "field": { "f1": "1", "f2": 2 } }' @@ -47,7 +47,7 @@ add_rule 'rule=:%field1:json%-%field2:json%' execute '{"f1": "1"}-{"f2": 2}' assert_output_json_eq '{ "field2": { "f2": 2 }, "field1": { "f1": "1" } }' -# re-check previsous def still works +# re-check previous def still works execute '{"f1": "1", "f2": 2}' assert_output_json_eq '{ "field": { "f1": "1", "f2": 2 } }' diff --git a/tests/field_json_v1.sh b/tests/field_json_v1.sh index bf32ab4b..b9c2ba8b 100755 --- a/tests/field_json_v1.sh +++ b/tests/field_json_v1.sh @@ -17,7 +17,7 @@ add_rule 'rule=:%field:json%end' execute '{"f1": "1", "f2": 2}' assert_output_json_eq '{ "field": { "f1": "1", "f2": 2 } }' -#check if trailinge whitspace is ignored +#check if trailing whitespace is ignored execute '{"f1": "1", "f2": 2} ' assert_output_json_eq '{ "field": { "f1": "1", "f2": 2 } }' @@ -46,7 +46,7 @@ add_rule 'rule=:%field1:json%-%field2:json%' execute '{"f1": "1"}-{"f2": 2}' assert_output_json_eq '{ "field2": { "f2": 2 }, "field1": { "f1": "1" } }' -# re-check previsous def still works +# re-check previous def still works execute '{"f1": "1", "f2": 2}' assert_output_json_eq '{ "field": { "f1": "1", "f2": 2 } }' diff --git a/tests/field_recursive.sh b/tests/field_recursive.sh index 07e82a8f..34417b6e 100755 --- a/tests/field_recursive.sh +++ b/tests/field_recursive.sh @@ -19,7 +19,7 @@ add_rule 'rule=:%word:word%' execute '123 abc 456 def' assert_output_json_eq '{"word": "123", "next": {"word": "abc", "next": {"word": "456", "next" : {"word": "def"}}}}' -#tail recursion with tail field having arbirary name +#tail recursion with tail field having arbitrary name reset_rules add_rule 'rule=:%word:word% %next:recursive:foo%' add_rule 'rule=:%word:word%' @@ -46,7 +46,7 @@ assert_output_json_eq '{"device": "gw-1", "net": {"ip_addr": "10.20.30.40"}, "tm execute 'blocked on gw-1 10.20.30.40/16 at 2014-12-08T08:53:33.05+05:30' assert_output_json_eq '{"device": "gw-1", "net": {"subnet_addr": "10.20.30.40", "mask": "16"}, "tm": "2014-12-08T08:53:33.05+05:30"}' -#non tail recursion with tail field having arbirary name +#non tail recursion with tail field having arbitrary name reset_rules add_rule 'rule=:blocked on %device:word% %net:recursive:remaining%at %tm:date-rfc5424%' add_rule 'rule=:%ip_addr:ipv4% %remaining:rest%' diff --git a/tests/field_tokenized_with_invalid_ruledef.sh b/tests/field_tokenized_with_invalid_ruledef.sh index aed62144..2577b507 100755 --- a/tests/field_tokenized_with_invalid_ruledef.sh +++ b/tests/field_tokenized_with_invalid_ruledef.sh @@ -23,13 +23,13 @@ assert_output_contains '"unparsed-data": "123 abc 456 def"' assert_output_contains '"originalmsg": "123 abc 456 def"' reset_rules -add_rule 'rule=:%arr:tokenized:quux:some_non_existant_type%' +add_rule 'rule=:%arr:tokenized:quux:some_non_existent_type%' execute '123 abc 456 def' assert_output_contains '"unparsed-data": "123 abc 456 def"' assert_output_contains '"originalmsg": "123 abc 456 def"' reset_rules -add_rule 'rule=:%arr:tokenized:quux:some_non_existant_type:%' +add_rule 'rule=:%arr:tokenized:quux:some_non_existent_type:%' execute '123 abc 456 def' assert_output_contains '"unparsed-data": "123 abc 456 def"' assert_output_contains '"originalmsg": "123 abc 456 def"' diff --git a/tests/field_whitespace.sh b/tests/field_whitespace.sh index 0e6edc1a..fb12aa20 100755 --- a/tests/field_whitespace.sh +++ b/tests/field_whitespace.sh @@ -5,7 +5,7 @@ no_solaris10 test_def $0 "whitespace parser" -# the "word" parser unfortunatly treats everything except +# the "word" parser unfortunately treats everything except # a SP as being in the word. So a HT inside a word is # permitted, which does not work well with what we # want to test here. to solve this problem, we use op-quoted-string. diff --git a/tests/field_whitespace_jsoncnf.sh b/tests/field_whitespace_jsoncnf.sh index 50e87909..7a0dabb3 100755 --- a/tests/field_whitespace_jsoncnf.sh +++ b/tests/field_whitespace_jsoncnf.sh @@ -5,7 +5,7 @@ no_solaris10 test_def $0 "whitespace parser" -# the "word" parser unfortunatly treats everything except +# the "word" parser unfortunately treats everything except # a SP as being in the word. So a HT inside a word is # permitted, which does not work well with what we # want to test here. to solve this problem, we use op-quoted-string. diff --git a/tests/field_whitespace_v1.sh b/tests/field_whitespace_v1.sh index 4ec81052..c862ad6e 100755 --- a/tests/field_whitespace_v1.sh +++ b/tests/field_whitespace_v1.sh @@ -5,7 +5,7 @@ no_solaris10 test_def $0 "whitespace parser" -# the "word" parser unfortunatly treats everything except +# the "word" parser unfortunately treats everything except # a SP as being in the word. So a HT inside a word is # permitted, which does not work well with what we # want to test here. to solve this problem, we use op-quoted-string. diff --git a/tests/parser_prios.sh b/tests/parser_prios.sh index 2704c0ab..78a3d892 100755 --- a/tests/parser_prios.sh +++ b/tests/parser_prios.sh @@ -20,7 +20,7 @@ execute 'f0-f6:1c:5f:cc-a2' assert_output_json_eq '{ "rest": "f0-f6:1c:5f:cc-a2" }' -# now the same with inverted priorites. We should now always have +# now the same with inverted priorities. We should now always have # rest matches. reset_rules add_rule 'version=2' diff --git a/tests/repeat_mismatch_in_while.sh b/tests/repeat_mismatch_in_while.sh index 4291991c..76662950 100755 --- a/tests/repeat_mismatch_in_while.sh +++ b/tests/repeat_mismatch_in_while.sh @@ -21,7 +21,7 @@ assert_output_json_eq '{ "originalmsg": "Aug 18 13:18:45 192.168.99.2 %ASA-6-106 # accept this as valid. This is needed for some use cases. See github # issue mentioned above for more details. # Note: there is something odd with the testbench driver: I cannot use two -# consequtiuve spaces +# consecutive spaces reset_rules add_rule 'version=2' add_rule 'prefix=%timestamp:date-rfc3164% %hostname:word%' diff --git a/tests/runaway_rule.sh b/tests/runaway_rule.sh index 1963c2d6..f768eb57 100755 --- a/tests/runaway_rule.sh +++ b/tests/runaway_rule.sh @@ -1,7 +1,7 @@ #!/bin/bash # added 2015-05-05 by Rainer Gerhards # This file is part of the liblognorm project, released under ASL 2.0 -# Note that this test produces an error message, as it encouters the +# Note that this test produces an error message, as it encounters the # runaway rule. This is OK and actually must happen. The prime point # of the test is that it correctly loads the second rule, which # would otherwise be consumed by the runaway rule. diff --git a/tests/runaway_rule_comment.sh b/tests/runaway_rule_comment.sh index be17ed94..3d067fc7 100755 --- a/tests/runaway_rule_comment.sh +++ b/tests/runaway_rule_comment.sh @@ -1,7 +1,7 @@ #!/bin/bash # added 2015-09-16 by Rainer Gerhards # This file is part of the liblognorm project, released under ASL 2.0 -# Note that this test produces an error message, as it encouters the +# Note that this test produces an error message, as it encounters the # runaway rule. This is OK and actually must happen. The prime point # of the test is that it correctly loads the second rule, which # would otherwise be consumed by the runaway rule. diff --git a/tests/runaway_rule_comment_v1.sh b/tests/runaway_rule_comment_v1.sh index b7d356f1..f622529f 100755 --- a/tests/runaway_rule_comment_v1.sh +++ b/tests/runaway_rule_comment_v1.sh @@ -1,7 +1,7 @@ #!/bin/bash # added 2015-05-05 by Rainer Gerhards # This file is part of the liblognorm project, released under ASL 2.0 -# Note that this test produces an error message, as it encouters the +# Note that this test produces an error message, as it encounters the # runaway rule. This is OK and actually must happen. The prime point # of the test is that it correctly loads the second rule, which # would otherwise be consumed by the runaway rule. diff --git a/tests/runaway_rule_v1.sh b/tests/runaway_rule_v1.sh index d19e4bb4..d6999c3c 100755 --- a/tests/runaway_rule_v1.sh +++ b/tests/runaway_rule_v1.sh @@ -1,7 +1,7 @@ #!/bin/bash # added 2015-05-05 by Rainer Gerhards # This file is part of the liblognorm project, released under ASL 2.0 -# Note that this test produces an error message, as it encouters the +# Note that this test produces an error message, as it encounters the # runaway rule. This is OK and actually must happen. The prime point # of the test is that it correctly loads the second rule, which # would otherwise be consumed by the runaway rule.