#!/bin/bash # ============================================================================= # TEST LOG FORMAT - Verifica formato log e parser # ============================================================================= # Script di test per verificare che rsyslog generi il formato corretto # e che il parser Python riesca a processare i log # ============================================================================= set -e # Colori GREEN='\033[0;32m' BLUE='\033[0;34m' YELLOW='\033[1;33m' RED='\033[0;31m' NC='\033[0m' LOG_FILE="/var/log/mikrotik/raw.log" echo -e "${BLUE}πŸ§ͺ TEST FORMATO LOG MIKROTIK${NC}" echo "" # Test 1: Verifica file log esiste echo -e "${BLUE}πŸ“‹ Test 1: Verifica file log${NC}" if [ ! -f "$LOG_FILE" ]; then echo -e "${RED}❌ File log non esiste: $LOG_FILE${NC}" exit 1 fi echo -e "${GREEN}βœ… File log esiste${NC}" echo "" # Test 2: Verifica formato timestamp echo -e "${BLUE}πŸ“‹ Test 2: Verifica formato timestamp${NC}" echo -e "${YELLOW} Ultimi 5 log:${NC}" tail -5 "$LOG_FILE" || echo "File vuoto" echo "" # Conta log con timestamp corretto (formato: Nov 22 08:15:30) LOGS_WITH_TIMESTAMP=$(tail -100 "$LOG_FILE" 2>/dev/null | grep -E "^[A-Z][a-z]{2}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2}" | wc -l || echo "0") TOTAL_LOGS=$(tail -100 "$LOG_FILE" 2>/dev/null | wc -l || echo "0") echo -e "${BLUE} Log con timestamp corretto: $LOGS_WITH_TIMESTAMP / $TOTAL_LOGS${NC}" if [ "$TOTAL_LOGS" -eq 0 ]; then echo -e "${YELLOW}⚠ File log vuoto - attendi arrivo log dai router${NC}" elif [ "$LOGS_WITH_TIMESTAMP" -eq 0 ]; then echo -e "${RED}❌ ERRORE: Nessun log con timestamp!${NC}" echo -e "${YELLOW} Template rsyslog NON configurato correttamente${NC}" echo -e "${YELLOW} Esegui: sudo /opt/ids/deployment/setup_rsyslog.sh${NC}" exit 1 else PERCENTAGE=$((LOGS_WITH_TIMESTAMP * 100 / TOTAL_LOGS)) if [ "$PERCENTAGE" -ge 80 ]; then echo -e "${GREEN}βœ… Formato timestamp corretto ($PERCENTAGE%)${NC}" else echo -e "${YELLOW}⚠ Solo $PERCENTAGE% log con timestamp corretto${NC}" fi fi echo "" # Test 3: Verifica pattern parser echo -e "${BLUE}πŸ“‹ Test 3: Verifica compatibilitΓ  parser${NC}" # Estrai un log esempio SAMPLE_LOG=$(tail -10 "$LOG_FILE" 2>/dev/null | grep "forward:" | head -1 || echo "") if [ -z "$SAMPLE_LOG" ]; then echo -e "${YELLOW}⚠ Nessun log 'forward' trovato - file vuoto o formato non corretto${NC}" else echo -e "${YELLOW} Log esempio:${NC}" echo " $SAMPLE_LOG" echo "" # Verifica componenti essenziali ERRORS=0 # Verifica timestamp (formato: Nov 22 08:15:30) if echo "$SAMPLE_LOG" | grep -qE "^[A-Z][a-z]{2}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2}"; then echo -e "${GREEN} βœ… Timestamp presente${NC}" else echo -e "${RED} ❌ Timestamp mancante o formato errato${NC}" ERRORS=$((ERRORS + 1)) fi # Verifica hostname if echo "$SAMPLE_LOG" | grep -qE "^[A-Z][a-z]{2}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2}\s+\S+\s+"; then echo -e "${GREEN} βœ… Hostname presente${NC}" else echo -e "${RED} ❌ Hostname mancante${NC}" ERRORS=$((ERRORS + 1)) fi # Verifica proto UDP/TCP/ICMP if echo "$SAMPLE_LOG" | grep -qiE "proto (UDP|TCP|ICMP)"; then echo -e "${GREEN} βœ… Protocollo riconosciuto${NC}" else echo -e "${RED} ❌ Protocollo non riconosciuto${NC}" ERRORS=$((ERRORS + 1)) fi # Verifica formato IP:PORT->IP:PORT if echo "$SAMPLE_LOG" | grep -qE "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+->\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+"; then echo -e "${GREEN} βœ… Formato IP:PORT corretto${NC}" else echo -e "${RED} ❌ Formato IP:PORT errato${NC}" ERRORS=$((ERRORS + 1)) fi # Verifica len if echo "$SAMPLE_LOG" | grep -qE "len\s+\d+"; then echo -e "${GREEN} βœ… Packet length presente${NC}" else echo -e "${RED} ❌ Packet length mancante${NC}" ERRORS=$((ERRORS + 1)) fi echo "" if [ "$ERRORS" -eq 0 ]; then echo -e "${GREEN}βœ… Log formato correttamente - parser compatibile${NC}" else echo -e "${RED}❌ $ERRORS errori rilevati - parser potrebbe fallire${NC}" exit 1 fi fi echo "" # Test 4: Verifica database popolato echo -e "${BLUE}πŸ“‹ Test 4: Verifica database popolato${NC}" if [ -z "$DATABASE_URL" ]; then echo -e "${YELLOW}⚠ DATABASE_URL non configurato - skip test database${NC}" else # Conta log ultimi 5 minuti DB_LOGS=$(psql "$DATABASE_URL" -t -c "SELECT COUNT(*) FROM network_logs WHERE timestamp > NOW() - INTERVAL '5 minutes';" 2>/dev/null | tr -d ' ' || echo "0") if [ "$DB_LOGS" -gt 0 ]; then echo -e "${GREEN}βœ… Database popolato: $DB_LOGS log ultimi 5 minuti${NC}" # Mostra ultimi log echo -e "${BLUE} Ultimi 3 log nel database:${NC}" psql "$DATABASE_URL" -c "SELECT timestamp, router_name, source_ip, destination_ip, protocol, action FROM network_logs ORDER BY timestamp DESC LIMIT 3;" 2>/dev/null || true else echo -e "${YELLOW}⚠ Database vuoto negli ultimi 5 minuti${NC}" echo -e "${YELLOW} Verifica che il parser sia attivo:${NC}" echo -e "${YELLOW} sudo systemctl status ids-syslog-parser${NC}" fi fi echo "" # Test 5: Verifica volume log ridotto echo -e "${BLUE}πŸ“‹ Test 5: Verifica volume log (solo connessioni in ingresso)${NC}" # Conta log ultimi 60 secondi RECENT_LOGS=$(tail -1000 "$LOG_FILE" 2>/dev/null | wc -l || echo "0") echo -e "${BLUE} Log ultimi ~1000 righe: $RECENT_LOGS${NC}" if [ "$RECENT_LOGS" -lt 100 ]; then echo -e "${GREEN}βœ… Volume log ridotto (filtro connessioni in ingresso attivo)${NC}" elif [ "$RECENT_LOGS" -lt 500 ]; then echo -e "${YELLOW}⚠ Volume log moderato${NC}" else echo -e "${YELLOW}⚠ Volume log elevato - verifica filtro MikroTik${NC}" fi echo "" # Riepilogo finale echo -e "${GREEN}╔═══════════════════════════════════════════════╗${NC}" echo -e "${GREEN}β•‘ βœ… TEST COMPLETATO β•‘${NC}" echo -e "${GREEN}β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•${NC}" echo "" echo -e "${BLUE}πŸ“Š PROSSIMI PASSI:${NC}" echo -e " 1. Verifica parser attivo: ${YELLOW}sudo systemctl status ids-syslog-parser${NC}" echo -e " 2. Monitora log: ${YELLOW}tail -f $LOG_FILE${NC}" echo -e " 3. Verifica database: ${YELLOW}psql \$DATABASE_URL -c 'SELECT COUNT(*) FROM network_logs;'${NC}" echo ""