andrewkroh/winlogbeat_testing.md

## winlogbeat_testing.md

      
        

            Raw
  

        
        
          
            
          
          
            
              winlogbeat_testing.md
            
          
        
      
      
    Winlogbeat Development
Start a Windows VM
vagrant up win2012

Login Options
You can connect to the VM in multiple ways.

Microsoft Remote Desktop (available in Mac App Store)
SSH
VirtualBox Console

Remote Desktop
Connect to 127.0.0.1:33389 with vagrant/vagrant.
SSH
vagrant ssh-config win2012 > ssh-config
echo '  HostKeyAlgorithms +ssh-dss' >> ssh-config
ssh -F ssh-config win2012
powershell

VirtualBox
Open VirtualBox, Click Show on VM
Testing
On the host machine (not Windows) update the generated files.
make update

There are two types of tests -- Go unit tests and Python unit tests. Neither require any external services like Elasticsearch.
cd $Env:GOPATH/src/github.com/elastic/beats/winlogbeat 

Unit Test
go test -v ./...

Python Unit Tests
go test -c
nosetests.exe -v tests\system

Building winlogbeat.exe
go build

Running Winlogbeat
Clear registry file.
To make tests repeatable you will want to delete the state
persisted by Winlogbeat.
rm .\data\.winlogbeat.yml

Output Events to JSON File
.\winlogbeat.exe -c winlogbeat.yml -e -d eventlog -E output.elasticsearch.enabled=false -E output.file.path=output -E output.file.filename=events.json

Output to Elasticsearch
If you have Elasticsearch running on the VirtualBox host machine you can access it at 10.0.2.2.
.\winlogbeat.exe -c winlogbeat.yml -e -d eventlog -E "output.elasticsearch.hosts=[http://10.0.2.2:9200]"