update(test): use to iso time

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
falcosecurity · Oct 12, 2020 · 14fd25d · 14fd25d
1 parent eb0d847
commit 14fd25d
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 19 deletions.
diff --git a/test/falco_tests.yaml b/test/falco_tests.yaml
@@ -659,6 +659,7 @@ trace_files: !mux
       - rules/single_rule.yaml
     conf_file: confs/stdout_output.yaml
     trace_file: trace_files/cat_write.scap
+    time_iso_8601: true
     output_strictly_contains:
       - stdout: output_files/single_rule_with_cat_write.txt
 
@@ -670,6 +671,7 @@ trace_files: !mux
       - rules/single_rule.yaml
     conf_file: confs/stdout_output.yaml
     trace_file: trace_files/cat_write.scap
+    time_iso_8601: true
     output_strictly_contains:
       - stdout: output_files/single_rule_with_cat_write.json
 
@@ -680,6 +682,7 @@ trace_files: !mux
       - rules/single_rule.yaml
     conf_file: confs/file_output.yaml
     trace_file: trace_files/cat_write.scap
+    time_iso_8601: true
     output_strictly_contains:
       - /tmp/falco_outputs/file_output.txt: output_files/single_rule_with_cat_write.txt
 
@@ -690,6 +693,7 @@ trace_files: !mux
       - rules/single_rule.yaml
     conf_file: confs/program_output.yaml
     trace_file: trace_files/cat_write.scap
+    time_iso_8601: true
     output_strictly_contains:
       - /tmp/falco_outputs/program_output.txt: output_files/single_rule_with_cat_write.txt
 
@@ -701,6 +705,7 @@ trace_files: !mux
     conf_file: confs/grpc_unix_socket.yaml
     trace_file: trace_files/cat_write.scap
     run_duration: 5
+    time_iso_8601: true
     grpc:
       address: unix:///tmp/falco/falco.sock
       proto: outputs.proto
@@ -711,10 +716,10 @@ trace_files: !mux
         - "seconds:1470327477 nanos:881781397"
         - "priority: WARNING"
         - "rule: \"open_from_cat\""
-        - "output: \"18:17:57.881781397: Warning An open was seen (command=cat /dev/null)\""
+        - "output: \"2016-08-04T16:17:57.881781397+0000: Warning An open was seen (command=cat /dev/null)\""
         # output fields
-        - "key: \"evt.time\""
-        - "value: \"18:17:57.881781397\""
+        - "key: \"evt.time.iso8601\""
+        - "value: \"2016-08-04T16:17:57.881781397+0000\""
         - "key: \"proc.cmdline\""
         - "value: \"cat /dev/null\""
         # For the hostname, since we don't know that beforehand,

diff --git a/test/output_files/single_rule_with_cat_write.json b/test/output_files/single_rule_with_cat_write.json
@@ -1,8 +1,8 @@
-{"output":"18:17:57.881781397: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881781397Z", "output_fields": {"evt.time":1470327477881781397,"proc.cmdline":"cat /dev/null"}}
-{"output":"18:17:57.881785348: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881785348Z", "output_fields": {"evt.time":1470327477881785348,"proc.cmdline":"cat /dev/null"}}
-{"output":"18:17:57.881796705: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881796705Z", "output_fields": {"evt.time":1470327477881796705,"proc.cmdline":"cat /dev/null"}}
-{"output":"18:17:57.881799840: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881799840Z", "output_fields": {"evt.time":1470327477881799840,"proc.cmdline":"cat /dev/null"}}
-{"output":"18:17:57.882003104: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882003104Z", "output_fields": {"evt.time":1470327477882003104,"proc.cmdline":"cat /dev/null"}}
-{"output":"18:17:57.882008208: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882008208Z", "output_fields": {"evt.time":1470327477882008208,"proc.cmdline":"cat /dev/null"}}
-{"output":"18:17:57.882045694: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882045694Z", "output_fields": {"evt.time":1470327477882045694,"proc.cmdline":"cat /dev/null"}}
-{"output":"18:17:57.882054739: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882054739Z", "output_fields": {"evt.time":1470327477882054739,"proc.cmdline":"cat /dev/null"}}
+{"output":"2016-08-04T16:17:57.881781397+0000: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881781397Z", "output_fields": {"evt.time.iso8601":1470327477881781397,"proc.cmdline":"cat /dev/null"}}
+{"output":"2016-08-04T16:17:57.881785348+0000: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881785348Z", "output_fields": {"evt.time.iso8601":1470327477881785348,"proc.cmdline":"cat /dev/null"}}
+{"output":"2016-08-04T16:17:57.881796705+0000: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881796705Z", "output_fields": {"evt.time.iso8601":1470327477881796705,"proc.cmdline":"cat /dev/null"}}
+{"output":"2016-08-04T16:17:57.881799840+0000: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881799840Z", "output_fields": {"evt.time.iso8601":1470327477881799840,"proc.cmdline":"cat /dev/null"}}
+{"output":"2016-08-04T16:17:57.882003104+0000: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882003104Z", "output_fields": {"evt.time.iso8601":1470327477882003104,"proc.cmdline":"cat /dev/null"}}
+{"output":"2016-08-04T16:17:57.882008208+0000: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882008208Z", "output_fields": {"evt.time.iso8601":1470327477882008208,"proc.cmdline":"cat /dev/null"}}
+{"output":"2016-08-04T16:17:57.882045694+0000: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882045694Z", "output_fields": {"evt.time.iso8601":1470327477882045694,"proc.cmdline":"cat /dev/null"}}
+{"output":"2016-08-04T16:17:57.882054739+0000: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882054739Z", "output_fields": {"evt.time.iso8601":1470327477882054739,"proc.cmdline":"cat /dev/null"}}
diff --git a/test/output_files/single_rule_with_cat_write.txt b/test/output_files/single_rule_with_cat_write.txt
@@ -1,8 +1,8 @@
-18:17:57.881781397: Warning An open was seen (command=cat /dev/null)
-18:17:57.881785348: Warning An open was seen (command=cat /dev/null)
-18:17:57.881796705: Warning An open was seen (command=cat /dev/null)
-18:17:57.881799840: Warning An open was seen (command=cat /dev/null)
-18:17:57.882003104: Warning An open was seen (command=cat /dev/null)
-18:17:57.882008208: Warning An open was seen (command=cat /dev/null)
-18:17:57.882045694: Warning An open was seen (command=cat /dev/null)
-18:17:57.882054739: Warning An open was seen (command=cat /dev/null)
+2016-08-04T16:17:57.881781397+0000: Warning An open was seen (command=cat /dev/null)
+2016-08-04T16:17:57.881785348+0000: Warning An open was seen (command=cat /dev/null)
+2016-08-04T16:17:57.881796705+0000: Warning An open was seen (command=cat /dev/null)
+2016-08-04T16:17:57.881799840+0000: Warning An open was seen (command=cat /dev/null)
+2016-08-04T16:17:57.882003104+0000: Warning An open was seen (command=cat /dev/null)
+2016-08-04T16:17:57.882008208+0000: Warning An open was seen (command=cat /dev/null)
+2016-08-04T16:17:57.882045694+0000: Warning An open was seen (command=cat /dev/null)
+2016-08-04T16:17:57.882054739+0000: Warning An open was seen (command=cat /dev/null)