You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@metron.apache.org by ma...@apache.org on 2017/06/26 17:27:30 UTC
[09/18] metron git commit: METRON-962 Configuration Based Unit Tests
and Add integration tests (justinleet via leet) closes apache/metron#612
http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java
index bbb4e88..50fdcd0 100644
--- a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java
+++ b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/lancope/BasicLancopeParserTest.java
@@ -17,145 +17,41 @@
*/
package org.apache.metron.parsers.lancope;
+import com.github.fge.jsonschema.core.exceptions.ProcessingException;
import java.io.IOException;
import java.net.URL;
import java.util.Map;
-
+import org.apache.metron.parsers.AbstractParserConfigTest;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
-
-import org.apache.metron.parsers.AbstractSchemaTest;
import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
- /**
- * <ul>
- * <li>Title: Junit for LancopeParserTest</li>
- * <li>Description: </li>
- * <li>Created: Aug 25, 2014</li>
- * </ul>
- * @version $Revision: 1.1 $
- */
-public class BasicLancopeParserTest extends AbstractSchemaTest {
-
- /**
- * The inputStrings.
- */
- private static String[] inputStrings;
+public class BasicLancopeParserTest extends AbstractParserConfigTest {
+ @Before
+ public void setUp() throws Exception {
+ inputStrings = super.readTestDataFromFile("src/test/resources/logData/LancopeParserTest.txt");
+ parser = new BasicLancopeParser();
- /**
- * The parser.
- */
- private static BasicLancopeParser parser=null;
+ URL schema_url = getClass().getClassLoader().getResource(
+ "TestSchemas/LancopeSchema.json");
+ super.setSchemaJsonString(super.readSchemaFromFile(schema_url));
+ }
- /**
- * Constructs a new <code>BasicLancopeParserTest</code> instance.
- * @param name
- */
+ @Test
+ public void testParse() throws ParseException, IOException, ProcessingException {
+ for (String inputString : inputStrings) {
+ JSONObject parsed = parser.parse(inputString.getBytes()).get(0);
+ Assert.assertNotNull(parsed);
- public BasicLancopeParserTest(String name) {
- super(name);
- }
+ JSONParser parser = new JSONParser();
- /**
-
- * @throws java.lang.Exception
- */
- protected static void setUpBeforeClass() throws Exception {
+ Map<?, ?> json = (Map<?, ?>) parser.parse(parsed.toJSONString());
+ Assert.assertTrue(validateJsonData(getSchemaJsonString(), json.toString()));
}
-
- /**
-
- * @throws java.lang.Exception
- */
- protected static void tearDownAfterClass() throws Exception {
- }
-
- /*
- * (non-Javadoc)
- * @see junit.framework.TestCase#setUp()
- */
- @Override
- protected void setUp() throws Exception {
- super.setUp("org.apache.metron.parsers.lancope.BasicLancopeParserTest");
- setInputStrings(super.readTestDataFromFile(this.getConfig().getString("logFile")));
- BasicLancopeParserTest.setParser(new BasicLancopeParser());
-
- URL schema_url = getClass().getClassLoader().getResource(
- "TestSchemas/LancopeSchema.json");
- super.setSchemaJsonString(super.readSchemaFromFile(schema_url));
- }
-
- /*
- * (non-Javadoc)
- * @see junit.framework.TestCase#tearDown()
- */
- @Override
- protected void tearDown() throws Exception {
- super.tearDown();
- }
-
- /**
- * Test method for {@link BasicLancopeParser#parse(byte[])}.
- * @throws Exception
- * @throws IOException
- */
- public void testParse() throws IOException, Exception {
-
- for (String inputString : getInputStrings()) {
- JSONObject parsed = parser.parse(inputString.getBytes()).get(0);
- assertNotNull(parsed);
-
- System.out.println(parsed);
- JSONParser parser = new JSONParser();
-
- Map<?, ?> json=null;
- try {
- json = (Map<?, ?>) parser.parse(parsed.toJSONString());
- Assert.assertEquals(true, validateJsonData(super.getSchemaJsonString(), json.toString()));
- } catch (ParseException e) {
- e.printStackTrace();
- }
- }
- }
-
- /**
- * Returns the parser.
- * @return the parser.
- */
-
- public static BasicLancopeParser getParser() {
- return parser;
- }
-
- /**
- * Sets the parser.
- * @param parser the parser.
- */
-
- public static void setParser(BasicLancopeParser parser) {
-
- BasicLancopeParserTest.parser = parser;
- }
-
- /**
- * Returns the inputStrings.
- * @return the inputStrings.
- */
-
- public static String[] getInputStrings() {
- return inputStrings;
- }
-
- /**
- * Sets the inputStrings.
- * @param inputStrings the inputStrings.
- */
-
- public static void setInputStrings(String[] inputStrings) {
-
- BasicLancopeParserTest.inputStrings = inputStrings;
- }
+ }
}
http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java
index 6edd546..cf93c92 100644
--- a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java
+++ b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/paloalto/BasicPaloAltoFirewallParserTest.java
@@ -17,141 +17,41 @@
*/
package org.apache.metron.parsers.paloalto;
-import java.util.Iterator;
import java.util.Map;
-
-import org.apache.metron.parsers.sourcefire.BasicSourcefireParser;
+import java.util.Map.Entry;
+import org.apache.metron.parsers.AbstractParserConfigTest;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
-
-import org.apache.metron.parsers.AbstractConfigTest;
import org.junit.Assert;
-
-public class BasicPaloAltoFirewallParserTest extends AbstractConfigTest {
- /**
- * The inputStrings.
- */
- private static String[] inputStrings;
-
- /**
- * Constructs a new <code>BasicPaloAltoFirewallParserTest</code> instance.
- * @throws Exception
- */
- public BasicPaloAltoFirewallParserTest() throws Exception {
- super();
+import org.junit.Before;
+import org.junit.Test;
+
+public class BasicPaloAltoFirewallParserTest extends AbstractParserConfigTest {
+
+ @Before
+ public void setUp() throws Exception {
+ inputStrings = readTestDataFromFile(
+ "src/test/resources/logData/PaloAltoFirewallParserTest.txt");
+ parser = new BasicPaloAltoFirewallParser();
+ }
+
+ @SuppressWarnings({"rawtypes"})
+ @Test
+ public void testParse() throws ParseException {
+ for (String inputString : inputStrings) {
+ JSONObject parsed = parser.parse(inputString.getBytes()).get(0);
+ Assert.assertNotNull(parsed);
+
+ JSONParser parser = new JSONParser();
+ Map json = (Map) parser.parse(parsed.toJSONString());
+
+ for (Object o : json.entrySet()) {
+ Entry entry = (Entry) o;
+ String key = (String) entry.getKey();
+ String value = json.get(key).toString();
+ Assert.assertNotNull(value);
+ }
}
-
- /**
- * Sets the inputStrings.
- * @param inputStrings the inputStrings.
- */
-
- public static void setInputStrings(String[] inputStrings) {
-
- BasicPaloAltoFirewallParserTest.inputStrings = inputStrings;
- }
-
- /**
- * The paParser.
- */
- private BasicPaloAltoFirewallParser paParser=null;
-
- /**
- * @throws java.lang.Exception
- */
- public static void setUpBeforeClass() throws Exception {
- }
-
- /**
- * @throws java.lang.Exception
- */
- public static void tearDownAfterClass() throws Exception {
- setPAStrings(null);
- }
-
- /**
- * @throws java.lang.Exception
- */
- @Override
- public void setUp() throws Exception {
- super.setUp("org.apache.metron.parsers.paloalto.BasicPaloAltoFirewallParserTest");
- setPAStrings(super.readTestDataFromFile(this.getConfig().getString("logFile")));
- paParser = new BasicPaloAltoFirewallParser();
- }
-
- /**
- *
- *
- * @throws java.lang.Exception
- */
- @Override
- public void tearDown() throws Exception {
- paParser = null;
- }
-
- /**
- * Test method for
- * {@link BasicSourcefireParser#parse(byte[])}.
- */
- @SuppressWarnings({ "rawtypes" })
- public void testParse() {
- for (String inputString : getInputStrings()) {
- JSONObject parsed = paParser.parse(inputString.getBytes()).get(0);
- Assert.assertNotNull(parsed);
-
- System.out.println(parsed);
- JSONParser parser = new JSONParser();
-
- Map json=null;
- try {
- json = (Map) parser.parse(parsed.toJSONString());
- } catch (ParseException e) {
- e.printStackTrace();
- }
- Iterator iter = json.entrySet().iterator();
-
-
- while (iter.hasNext()) {
- Map.Entry entry = (Map.Entry) iter.next();
- String key = (String) entry.getKey();
- String value = (String) json.get(key).toString();
- Assert.assertNotNull(value);
- }
- }
- }
-
- /**
- * Returns Input String
- */
- public static String[] getInputStrings() {
- return inputStrings;
- }
-
-
- /**
- * Sets Input String
- */
- public static void setPAStrings(String[] strings) {
- BasicPaloAltoFirewallParserTest.inputStrings = strings;
- }
-
- /**
- * Returns the paParser.
- * @return the paParser.
- */
- public BasicPaloAltoFirewallParser getPaParser() {
- return paParser;
- }
-
- /**
- * Sets the paParser.
- * @param paParser the paParser.
- */
-
- public void setPaParser(BasicPaloAltoFirewallParser paParser) {
-
- this.paParser = paParser;
- }
-
- }
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java
index f5056ba..dedd9db 100644
--- a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java
+++ b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/sourcefire/BasicSourcefireParserTest.java
@@ -17,142 +17,42 @@
*/
package org.apache.metron.parsers.sourcefire;
-
-
-import java.util.Iterator;
import java.util.Map;
-
+import java.util.Map.Entry;
+import org.apache.metron.parsers.AbstractParserConfigTest;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
-
-import org.apache.metron.parsers.AbstractConfigTest;
import org.junit.Assert;
-
-/**
- * <ul>
- * <li>Title: Test For SourceFireParser</li>
- * <li>Description: </li>
- * <li>Created: July 8, 2014</li>
- * </ul>
- * @version $Revision: 1.0 $
- */
-public class BasicSourcefireParserTest extends AbstractConfigTest
-{
- /**
- * The sourceFireStrings.
- */
- private static String[] sourceFireStrings;
-
- /**
- * The sourceFireParser.
- */
- private BasicSourcefireParser sourceFireParser=null;
-
-
- /**
- * Constructs a new <code>BasicSourcefireParserTest</code> instance.
- * @throws Exception
- */
-
- public BasicSourcefireParserTest() throws Exception {
- super();
+import org.junit.Before;
+import org.junit.Test;
+
+public class BasicSourcefireParserTest extends AbstractParserConfigTest {
+
+ @Before
+ public void setUp() throws Exception {
+ inputStrings = super
+ .readTestDataFromFile("src/test/resources/logData/SourcefireParserTest.txt");
+ parser = new BasicSourcefireParser();
+ }
+
+ @SuppressWarnings({"rawtypes", "unused"})
+ @Test
+ public void testParse() throws ParseException {
+ for (String inputString : inputStrings) {
+ byte[] srcBytes = inputString.getBytes();
+ JSONObject parsed = parser.parse(inputString.getBytes()).get(0);
+ Assert.assertNotNull(parsed);
+
+ JSONParser parser = new JSONParser();
+ Map json = (Map) parser.parse(parsed.toJSONString());
+
+ for (Object o : json.entrySet()) {
+ Entry entry = (Entry) o;
+ String key = (String) entry.getKey();
+ String value = json.get("original_string").toString();
+ Assert.assertNotNull(value);
+ }
}
-
- /**
- * @throws java.lang.Exception
- */
- public static void setUpBeforeClass() throws Exception {
- }
-
- /**
- * @throws java.lang.Exception
- */
- public static void tearDownAfterClass() throws Exception {
- setSourceFireStrings(null);
- }
-
- /**
- * @throws java.lang.Exception
- */
- @Override
- public void setUp() throws Exception {
- super.setUp("org.apache.metron.parsing.test.BasicSoureceFireParserTest");
- setSourceFireStrings(super.readTestDataFromFile(this.getConfig().getString("logFile")));
- sourceFireParser = new BasicSourcefireParser();
- }
-
- /**
- *
- *
- * @throws java.lang.Exception
- */
- @Override
- public void tearDown() throws Exception {
- sourceFireParser = null;
- }
-
- /**
- * Test method for {@link BasicSourcefireParser#parse(byte[])}.
- */
- @SuppressWarnings({ "rawtypes", "unused" })
- public void testParse() {
- for (String sourceFireString : getSourceFireStrings()) {
- byte[] srcBytes = sourceFireString.getBytes();
- JSONObject parsed = sourceFireParser.parse(sourceFireString.getBytes()).get(0);
- Assert.assertNotNull(parsed);
-
- System.out.println(parsed);
- JSONParser parser = new JSONParser();
-
- Map json=null;
- try {
- json = (Map) parser.parse(parsed.toJSONString());
- } catch (ParseException e) {
- e.printStackTrace();
- }
- Iterator iter = json.entrySet().iterator();
-
-
- while (iter.hasNext()) {
- Map.Entry entry = (Map.Entry) iter.next();
- String key = (String) entry.getKey();
- String value = (String) json.get("original_string").toString();
- Assert.assertNotNull(value);
- }
- }
- }
-
- /**
- * Returns SourceFire Input String
- */
- public static String[] getSourceFireStrings() {
- return sourceFireStrings;
- }
-
-
- /**
- * Sets SourceFire Input String
- */
- public static void setSourceFireStrings(String[] strings) {
- BasicSourcefireParserTest.sourceFireStrings = strings;
- }
- /**
- * Returns the sourceFireParser.
- * @return the sourceFireParser.
- */
-
- public BasicSourcefireParser getSourceFireParser() {
- return sourceFireParser;
- }
-
- /**
- * Sets the sourceFireParser.
- * @param sourceFireParser the sourceFireParser.
- */
-
- public void setSourceFireParser(BasicSourcefireParser sourceFireParser) {
-
- this.sourceFireParser = sourceFireParser;
- }
+ }
}
http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/resources/config/GrokAsaParserTest.config
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/test/resources/config/GrokAsaParserTest.config b/metron-platform/metron-parsers/src/test/resources/config/GrokAsaParserTest.config
deleted file mode 100644
index 9dbc3b6..0000000
--- a/metron-platform/metron-parsers/src/test/resources/config/GrokAsaParserTest.config
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#GrokParserTestConfig
-logFile=src/test/resources/GrokParserTest.log
http://git-wip-us.apache.org/repos/asf/metron/blob/5b72da7b/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt b/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt
new file mode 100644
index 0000000..f3be97a
--- /dev/null
+++ b/metron-platform/metron-parsers/src/test/resources/logData/FireEyeParserTest.txt
@@ -0,0 +1,8 @@
+<164>Mar 19 05:24:39 10.220.15.15 fenotify-851983.alert: CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb 09 2015 12:28:26 UTC dvc=10.201.78.57 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=dev001srv02.example.com proto=udp cs5Label=cncHost cs5=mfdclk001.org dvchost=DEVFEYE1 spt=54527 dvc=10.100.25.16 smac=00:00:0c:07:ac:00 cn1Label=vlan cn1=0 externalId=851983 cs4Label=link cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851983 dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS
+<164>Mar 19 05:24:39 10.220.15.15 fenotify-851987.alert: CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb 09 2015 12:33:41 UTC dvc=10.201.78.113 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=dev001srv02.example.com proto=udp cs5Label=cncHost cs5=mfdclk001.org dvchost=DEVFEYE1 spt=51218 dvc=10.100.25.16 smac=00:00:0c:07:ac:00 cn1Label=vlan cn1=0 externalId=851987 cs4Label=link cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851987 dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS
+<164>Mar 19 05:24:39 10.220.15.15 fenotify-3483808.2.alert: 1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/microads/update/InjectScript.js HTTP/1.1::~~User-Agent: WinHttpClient::~~Host: www.microads.me::~~Connection: Keep-Alive::~~::~~GET /files/mic
roads/update/InjectScript.js HTTP
+<164>Mar 19 05:24:39 10.220.15.15 fenotify-793972.2.alert: Control: no-cache::~~::~~ dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Exploit.Kit.Magnitude
+<161>Apr 1 05:24:39 10.220.15.15 fenotify-864461.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar 19 2015 12:23:47 UTC src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abc123.example.com proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8 cn1Label=vlan cn1=0 externalId=864461 cs4Label=link cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461 act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS
+fireeye[-]: <161>Mar 19 05:24:39 10.220.15.15 fenotify-864461.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar 19 2015 12:23:47 UTC src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abc123.example.com proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8 cn1Label=vlan cn1=0 externalId=864461 cs4Label=link cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461 act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS
+fireeye[-]: <161>Apr 1 02:49:49 10.220.15.15 fenotify-900702.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Apr 01 2015 09:49:14 UTC src=10.1.97.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abcd0060xzy03.example.com proto=udp spt=63100 cs5Label=cncHost cs5=mfdclk001.org dvchost=DEV1FEYE1 dvc=10.220.15.16 smac=00:00:0c:07:ac:00 cn1Label=vlan cn1=0 externalId=900702 cs4Label=link cs4=https://ABCD0040CMS01.example.com/event_stream/events_for_bot?ev_id\=900702 act=notified dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS
+<161>Apr 11 05:24:39 10.220.15.15 fenotify-864461.alert: CEF:0|FireEye|CMS|7.5.1.318703|DM|domain-match|1|rt=Mar 19 2015 12:23:47 UTC src=10.191.193.20 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=abc123.example.com proto=udp spt=60903 cs5Label=cncHost cs5=mfdclk001.org dvchost=ABC123 dvc=10.190.1.16 smac=00:00:0c:07:ac:c8 cn1Label=vlan cn1=0 externalId=864461 cs4Label=link cs4=https:\/\/ABC123.example.com\/event_stream\/events_for_bot?ev_id\\=864461 act=notified dmac=88:43:e1:95:13:29 cs1Label=sname cs1=Trojan.Generic.DNS
\ No newline at end of file