wazuh · snaow · Jan 27, 2022 · Nov 3, 2021 · Dec 7, 2021 · Dec 9, 2021
diff --git a/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml b/deps/wazuh_testing/wazuh_testing/qa_docs/schema.yaml
@@ -254,6 +254,10 @@ predefined_values:
     - key_polling
     - limits
     - logcollector
+    - logcollector_age
+    - logcollector_cmd_exec
+    - logcollector_configuration
+    - logcollector_keep_running
     - logging
     - logs
     - logs

diff --git a/tests/integration/test_logcollector/test_age/test_age_basic.py b/tests/integration/test_logcollector/test_age/test_age_basic.py
@@ -1,6 +1,70 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <info@wazuh.com>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+           Created by Wazuh, Inc. <info@wazuh.com>.
+
+           This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages.
+       Specifically, these tests will check if the 'age' option work as expected, ignoring files that
+       have not been modified for a time greater than the 'age' value using the current date.
+       Log data collection is the real-time process of making sense out of the records generated by
+       servers or devices. This component can receive logs through text files or Windows event logs.
+       It can also directly receive logs via remote syslog which is useful for firewalls and
+       other such devices.
+
+tier: 0
+
+modules:
+    - logcollector
+
+components:
+    - agent
+    - manager
+
+daemons:
+    - wazuh-logcollector
+
+os_platform:
+    - linux
+    - windows
+
+os_version:
+    - Arch Linux
+    - Amazon Linux 2
+    - Amazon Linux 1
+    - CentOS 8
+    - CentOS 7
+    - CentOS 6
+    - Ubuntu Focal
+    - Ubuntu Bionic
+    - Ubuntu Xenial
+    - Ubuntu Trusty
+    - Debian Buster
+    - Debian Stretch
+    - Debian Jessie
+    - Debian Wheezy
+    - Red Hat 8
+    - Red Hat 7
+    - Red Hat 6
+    - Windows 10
+    - Windows 8
+    - Windows 7
+    - Windows Server 2019
+    - Windows Server 2016
+    - Windows Server 2012
+    - Windows Server 2003
+    - Windows XP
+
+references:
+    - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html
+    - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#age
+
+tags:
+    - logcollector_age
+'''
 import os
 import tempfile
 
@@ -96,16 +160,60 @@ def get_local_internal_options():
 def test_configuration_age_basic(configure_local_internal_options_module, get_files_list,
                                  create_file_structure_function, get_configuration, configure_environment,
                                  file_monitoring, restart_logcollector):
-    """Check if logcollector works correctly and uses the specified age value.
-
-    Check that those files that have not been modified for a time greater than age value, are ignored for logcollector.
-    Otherwise, files should not be ignored. Also, it checks logcollector detect modification time changes in monitored
-    files and catch new logs from ignored and not ignored files.
-
-    Raises:
-        TimeoutError: If the expected callbacks are not generated.
-    """
-
+    '''
+    description: Check if the 'wazuh-logcollector' daemon ignores the monitored files that have not been modified
+                 for a time greater than the value set in the 'age' tag. For this purpose, the test will create a
+                 folder with a testing log file to be monitored and configure different values for the 'age' option.
+                 Once the logcollector has started, it will wait for the event that indicates that the log file is
+                 being monitored, and depending on the 'age' value, check if the 'ignore' event is triggered or not.
+                 Finally, the test will modify the logs and verify that 'read' events are generated from ignored
+                 and not ignored files.
+
+    wazuh_min_version: 4.2.0
+
+    parameters:
+        - configure_local_internal_options_module:
+            type: fixture
+            brief: Configure the Wazuh local internal options file.
+        - get_files_list:
+            type: fixture
+            brief: Get file list to create from the module.
+        - create_file_structure_function:
+            type: fixture
+            brief: Create the specified file tree structure.
+        - get_configuration:
+            type: fixture
+            brief: Get configurations from the module.
+        - configure_environment:
+            type: fixture
+            brief: Configure a custom environment for testing.
+        - file_monitoring:
+            type: fixture
+            brief: Handle the monitoring of a specified file.
+        - restart_logcollector:
+            type: fixture
+            brief: Clear the 'ossec.log' file and start a new monitor.
+
+    assertions:
+        - Verify that the logcollector detects the testing log file to monitor.
+        - Verify that the logcollector ignores the monitored files that have not been modified
+          for a time greater than the 'age' value.
+        - Verify that the logcollector does not ignore the monitored files that have been modified
+          for a time greater than the 'age' value.
+
+    input_description: A configuration template (test_age) is contained in an external YAML file (wazuh_age.yaml),
+                       which includes configuration settings for the 'wazuh-logcollector' daemon and, it is
+                       combined with the test cases (settings and files to monitor) defined in the module.
+
+    expected_output:
+        - r'New file that matches the .* pattern.*'
+        - r'DEBUG: Ignoring file .* due to modification time'
+        - r'DEBUG: Reading syslog message.*'
+        - r'DEBUG: Read .* lines from.*'
+
+    tags:
+        - logs
+    '''
     cfg = get_configuration['metadata']
     age_seconds = time_to_seconds(cfg['age'])
 

diff --git a/tests/integration/test_logcollector/test_age/test_age_datetime_changed.py b/tests/integration/test_logcollector/test_age/test_age_datetime_changed.py
@@ -1,6 +1,71 @@
-# Copyright (C) 2015-2021, Wazuh Inc.
-# Created by Wazuh, Inc. <info@wazuh.com>.
-# This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+copyright: Copyright (C) 2015-2021, Wazuh Inc.
+
+           Created by Wazuh, Inc. <info@wazuh.com>.
+
+           This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+
+type: integration
+
+brief: The 'wazuh-logcollector' daemon monitors configured files and commands for new log messages.
+       Specifically, these tests will check if the 'age' option work as expected, ignoring files
+       that have not been modified for a time greater than the 'age' value when the system datetime
+       is changed while the logcollector process is running.
+       Log data collection is the real-time process of making sense out of the records generated by
+       servers or devices. This component can receive logs through text files or Windows event logs.
+       It can also directly receive logs via remote syslog which is useful for firewalls and
+       other such devices.
+
+tier: 0
+
+modules:
+    - logcollector
+
+components:
+    - agent
+    - manager
+
+daemons:
+    - wazuh-logcollector
+
+os_platform:
+    - linux
+    - windows
+
+os_version:
+    - Arch Linux
+    - Amazon Linux 2
+    - Amazon Linux 1
+    - CentOS 8
+    - CentOS 7
+    - CentOS 6
+    - Ubuntu Focal
+    - Ubuntu Bionic
+    - Ubuntu Xenial
+    - Ubuntu Trusty
+    - Debian Buster
+    - Debian Stretch
+    - Debian Jessie
+    - Debian Wheezy
+    - Red Hat 8
+    - Red Hat 7
+    - Red Hat 6
+    - Windows 10
+    - Windows 8
+    - Windows 7
+    - Windows Server 2019
+    - Windows Server 2016
+    - Windows Server 2012
+    - Windows Server 2003
+    - Windows XP
+
+references:
+    - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html
+    - https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#age
+
+tags:
+    - logcollector_age
+'''
 import os
 import time
 import tempfile
@@ -82,14 +147,65 @@ def restart_logcollector_function():
 def test_configuration_age_datetime(get_configuration, configure_environment, configure_local_internal_options_module,
                                     restart_monitord, restart_logcollector_function, file_monitoring,
                                     new_datetime, get_files_list, create_file_structure_function):
-    """Check if logcollector age option works correctly when date time of the system changes.
-
-    Ensure that when date of the system change logcollector use properly age value, ignoring files that have not been
-    modified for a time greater than age value using current date.
-
-    Raises:
-        TimeoutError: If the expected callbacks are not generated.
-    """
+    '''
+    description: Check if the 'wazuh-logcollector' daemon ignores the monitored files that have not been modified
+                 for a time greater than the value set in the 'age' tag, and the system datetime is changed. For
+                 this purpose, the test will create a folder with a testing log file to be monitored and configure
+                 different values for the 'age' option. Once the logcollector has started, it will change the system
+                 datetime and wait for the event that indicates that the log file is being monitored. Finally,
+                 depending on the 'age' value, the test will verify that the 'ignore' event is triggered or not
+                 and restore the system datetime to its initial value.
+
+    wazuh_min_version: 4.2.0
+
+    parameters:
+        - get_configuration:
+            type: fixture
+            brief: Get configurations from the module.
+        - configure_environment:
+            type: fixture
+            brief: Configure a custom environment for testing.
+        - configure_local_internal_options_module:
+            type: fixture
+            brief: Configure the Wazuh local internal options.
+        - restart_monitord:
+            type: fixture
+            brief: Reset the log file and start a new monitor.
+        - restart_logcollector_function:
+            type: fixture
+            brief: Clear the 'ossec.log' file and start a new monitor
+        - file_monitoring:
+            type: fixture
+            brief: Handle the monitoring of a specified file.
+        - new_datetime:
+            type: str
+            brief: Time to forward/backward the current datetime.
+        - get_files_list:
+            type: fixture
+            brief: Get file list to create from the module.
+        - create_file_structure_function:
+            type: fixture
+            brief: Create the specified file tree structure.
+
+    assertions:
+        - Verify that the logcollector detects the testing log file to monitor.
+        - Verify that the logcollector ignores the monitored files that have not been modified
+          for a time greater than the 'age' value.
+        - Verify that the logcollector does not ignore the monitored files that have been modified
+          for a time greater than the 'age' value.
+
+    input_description: A configuration template (test_age) is contained in an external YAML file (wazuh_age.yaml),
+                       which includes configuration settings for the 'wazuh-logcollector' daemon and, it is combined
+                       with the test cases (settings, time offset, and files to monitor) defined in the module.
+
+    expected_output:
+        - r'New file that matches the .* pattern.*'
+        - r'DEBUG: Ignoring file .* due to modification time''
+
+    tags:
+        - logs
+        - time_travel
+    '''
     cfg = get_configuration['metadata']
     age_seconds = time_to_seconds(cfg['age'])