Add messageTypeId and messageTsUs proprties only if they exist. (#30)

* Add messageTypeId and messageTsUs proprties only if they exist. * Always convert message type id to string * Remove pid property from parsed message * Address comments * Add tests for log formatting * Add format tests. Update deps
alertlogic · Apr 24, 2019 · 9e55c93 · 9e55c93
1 parent de14472
commit 9e55c93
Show file tree

Hide file tree

Showing 5 changed files with 98 additions and 259 deletions.
diff --git a/EHubGeneral/format.js b/EHubGeneral/format.js
@@ -2,27 +2,52 @@
  * @copyright (C) 2018, Alert Logic, Inc
  * @doc
  *
- * The function to format 'alertlogic-log' records.
+ * Message timestamp and type property paths are based on Azure event schema definitions
+ * https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-schema#mapping-to-diagnostic-logs-schema
+ * https://docs.microsoft.com/en-us/azure/azure-monitor/platform/tutorial-dashboards
  *
  * @end
  * -----------------------------------------------------------------------------
  */
 
-const parse = require('../common/parse');
+const parse = require('@alertlogic/al-collector-js').Parse;
+
+const typeIdPaths = [
+    { path: ['category', 'value'] },
+    { path: ['category'] },
+    { path: ['operationName', 'value'] },
+    { path: ['operationName'] },
+    { path: ['RecordType'] },
+    { path: ['Operation'] },
+    { path: ['properties', 'category']},
+    { path: ['properties', 'Category']}
+];
+
+const tsPaths = [
+    { path: ['eventTimestamp'] },
+    { path: ['time'] },
+    { path: ['CreationTime'] }
+];
+
 
 const logRecord = function(msg) {
-    const ts = parse.getMsgTs(msg);
-    const typeId = parse.getMsgTypeId(msg);
-    return {
+    const ts = parse.getMsgTs(msg, tsPaths);
+    const typeId = parse.getMsgTypeId(msg, typeIdPaths);
+    let formattedMsg = {
         messageTs: ts.sec,
         priority: 11,
         progName: 'EHubGeneral',
-        pid: undefined,
         message: JSON.stringify(msg),
-        messageType: 'json/azure.ehub',
-        messageTypeId: typeId,
-        messageTsUs: ts.usec
+        messageType: 'json/azure.ehub'
     };
+
+    if (typeId !== null && typeId !== undefined) {
+        formattedMsg.messageTypeId = `${typeId}`;
+    }
+    if (ts.usec) {
+        formattedMsg.messageTsUs = ts.usec;
+    }
+    return formattedMsg;
 };
 
 module.exports = {

diff --git a/common/parse.js b/common/parse.js
diff --git a/package.json b/package.json
@@ -3,6 +3,7 @@
   "version": "1.2.0",
   "dependencies": {
     "@alertlogic/al-azure-collector-js": "^1.1.2",
+    "@alertlogic/al-collector-js": "^1.2.4",
     "async": "^2.6.1",
     "moment": "^2.24.0",
     "parse-key-value": "^1.0.0"

diff --git a/test/format_test.js b/test/format_test.js
@@ -0,0 +1,63 @@
+const assert = require('assert');
+const formatLog = require('../EHubGeneral/format').logRecord;
+const mock = require('./mock');
+
+describe('Format log units', function(){
+    it('Formats log record correctly, no optional properties', function(done){
+        let logRecord = Object.assign({}, mock.SQL_AUDIT_LOG_RECORD);
+        delete logRecord.operationName;
+        delete logRecord.category;
+        logRecord.time = "2018-12-10T00:03:46Z";
+        const formattedRecord = formatLog(logRecord);
+
+        const expectedRecord = {
+            messageTs: 1544400226,
+            priority: 11,
+            progName: 'EHubGeneral',
+            message: JSON.stringify(logRecord),
+            messageType: 'json/azure.ehub'
+        };
+
+        assert.deepEqual(formattedRecord, expectedRecord);
+        done();
+    });
+
+    it('Formats log record correctly, with optional properties', function(done){
+        let logRecord = Object.assign({}, mock.ACTIVITY_LOG_RECORD);
+        logRecord.eventTimestamp = "2018-03-21T17:00:32.125Z";
+        const formattedRecord = formatLog(logRecord);
+
+        const expectedRecord = {
+            messageTs: 1521651632,
+            priority: 11,
+            progName: 'EHubGeneral',
+            message: JSON.stringify(logRecord),
+            messageType: 'json/azure.ehub',
+            messageTypeId: `${logRecord.category.value}`,
+            messageTsUs: 125000
+        };
+
+        assert.deepEqual(formattedRecord, expectedRecord);
+        done();
+    });
+
+    it('Formats log record correctly, with message type id of Zero', function(done){
+        let logRecord = Object.assign({}, mock.AUDIT_LOG_RECORD);
+        logRecord.time = "2018-03-21T17:00:32.125Z";
+        logRecord.category = 0;
+        const formattedRecord = formatLog(logRecord);
+
+        const expectedRecord = {
+            messageTs: 1521651632,
+            priority: 11,
+            progName: 'EHubGeneral',
+            message: JSON.stringify(logRecord),
+            messageType: 'json/azure.ehub',
+            messageTypeId: '0',
+            messageTsUs: 125000
+        };
+
+        assert.deepEqual(formattedRecord, expectedRecord);
+        done();
+    });
+});
diff --git a/test/parse_test.js b/test/parse_test.js