From 166b296124ec69215c51852b6112d71556dac099 Mon Sep 17 00:00:00 2001
From: Shashwat Jaiswal <shashwatjaiswal2001@gmail.com>
Date: Wed, 24 Aug 2022 11:49:30 +0530
Subject: [PATCH] nginx support flow layout files added

Signed-off-by: Shashwat Jaiswal <shashwatjaiswal2001@gmail.com>
---
 .../src/main/conf/xml/FlowLayoutNginx.xml     | 181 ++++++++++++++++++
 .../src/main/conf/xml/FlowLayoutNginx.xsd     | 175 +++++++++++++++++
 .../ext/os/parser/TestNginxLogLineParser.java |  97 +++++-----
 .../ext/os/parser/TestNginxLogParserBase.java |   1 -
 4 files changed, 409 insertions(+), 45 deletions(-)
 create mode 100644 ade-assembly/src/main/conf/xml/FlowLayoutNginx.xml
 create mode 100644 ade-assembly/src/main/conf/xml/FlowLayoutNginx.xsd

diff --git a/ade-assembly/src/main/conf/xml/FlowLayoutNginx.xml b/ade-assembly/src/main/conf/xml/FlowLayoutNginx.xml
new file mode 100644
index 0000000..24c314f
--- /dev/null
+++ b/ade-assembly/src/main/conf/xml/FlowLayoutNginx.xml
@@ -0,0 +1,181 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  Copyright Contributors to the ADE Project.
+
+  SPDX-License-Identifier: GPL-3.0-or-later
+ **/
+ This file is part of Anomaly Detection Engine for Linux Logs (ADE).
+
+ ADE is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ ADE is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with ADE.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+<tns:Layout xmlns:tns="http://flow.impl.ade.openmainframe.org/factory" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="FlowLayoutNginx.xsd ">
+  <!--  In order to stay compatible with 1.8 behavior (the Summary Type stored in the DB Table),
+        databaseId must be 0 for tenMinutes, and all upload must be using tenMinutes -->
+  <tns:FramingFlow consecutive="true" duration="60000" name="oneMinuteTrain" databaseId="0">
+    <tns:FramerClass>ConsecutiveTimeFramer</tns:FramerClass>
+    <tns:FramerProperty Key="Permanent_Split_Factor" Value="1"/>
+    <tns:FramerProperty Key="Temporary_Split_Factor" Value="1"/>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="600000" name="tenMinutesTrain" databaseId="0">
+    <tns:FramerClass>ConsecutiveTimeFramer</tns:FramerClass>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="600000" name="tenMinutes" databaseId="0">
+    <tns:FramerClass>ContinuousTimeFramer</tns:FramerClass>
+    <tns:FramerProperty Key="Permanent_Split_Factor" Value="1"/>
+    <tns:FramerProperty Key="Temporary_Split_Factor" Value="5"/>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="1200000" name="twentyMinutesTrain" databaseId="2">
+    <tns:FramerClass>ConsecutiveTimeFramer</tns:FramerClass>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="1200000" name="twentyMinutes" databaseId="2">
+    <tns:FramerClass>ContinuousTimeFramer</tns:FramerClass>
+    <tns:FramerProperty Key="Permanent_Split_Factor" Value="2"/>
+    <tns:FramerProperty Key="Temporary_Split_Factor" Value="5"/>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="1800000" name="thirtyMinutesTrain" databaseId="3">
+    <tns:FramerClass>ConsecutiveTimeFramer</tns:FramerClass>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="1800000" name="thirtyMinutes" databaseId="3">
+    <tns:FramerClass>ContinuousTimeFramer</tns:FramerClass>
+    <tns:FramerProperty Key="Permanent_Split_Factor" Value="3"/>
+    <tns:FramerProperty Key="Temporary_Split_Factor" Value="5"/>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="2400000" name="fortyMinutesTrain" databaseId="4">
+    <tns:FramerClass>ConsecutiveTimeFramer</tns:FramerClass>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="2400000" name="fortyMinutes" databaseId="4">
+    <tns:FramerClass>ContinuousTimeFramer</tns:FramerClass>
+    <tns:FramerProperty Key="Permanent_Split_Factor" Value="4"/>
+    <tns:FramerProperty Key="Temporary_Split_Factor" Value="5"/>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="3600000" name="oneHourTrain" databaseId="6">
+    <tns:FramerClass>ConsecutiveTimeFramer</tns:FramerClass>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="3600000" name="oneHour" databaseId="6">
+    <tns:FramerClass>ContinuousTimeFramer</tns:FramerClass>
+    <tns:FramerProperty Key="Permanent_Split_Factor" Value="6"/>
+    <!--60 minutes will be split into 6 permanent XML output, which is 10 minutes per output-->
+    <tns:FramerProperty Key="Temporary_Split_Factor" Value="5"/>
+    <!--10 minutes will be split into 5 temporary XML output, which is 2 minutes per output-->
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="7200000" name="twoHoursTrain" databaseId="12">
+    <tns:FramerClass>ConsecutiveTimeFramer</tns:FramerClass>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="7200000" name="twoHours" databaseId="12">
+    <tns:FramerClass>ContinuousTimeFramer</tns:FramerClass>
+    <tns:FramerProperty Key="Permanent_Split_Factor" Value="12"/>
+    <tns:FramerProperty Key="Temporary_Split_Factor" Value="5"/>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="10800000" name="threeHoursTrain" databaseId="18">
+    <tns:FramerClass>ConsecutiveTimeFramer</tns:FramerClass>
+  </tns:FramingFlow>
+  <tns:FramingFlow consecutive="true" duration="10800000" name="threeHours" databaseId="18">
+    <tns:FramerClass>ContinuousTimeFramer</tns:FramerClass>
+    <tns:FramerProperty Key="Permanent_Split_Factor" Value="18"/>
+    <tns:FramerProperty Key="Temporary_Split_Factor" Value="5"/>
+  </tns:FramingFlow>
+  <!-- *************************************************************** -->
+  <!-- NGINX                                                           -->
+  <!-- *************************************************************** -->
+  <tns:AnalysisGroupFlow name="NGINX">
+    <tns:UploadFramingFlow>oneMinuteTrain</tns:UploadFramingFlow>
+    <tns:TrainingIntervalFactor>1</tns:TrainingIntervalFactor>
+    <tns:AnalysisFramingFlow>oneMinuteTrain</tns:AnalysisFramingFlow>
+    <tns:ScoringSchema id="NGINX61" ScoredEntity="message">
+      <tns:ScorerClass>CriticalWordCountReporter</tns:ScorerClass>
+    </tns:ScoringSchema>
+    <tns:ScoringSchema id="NGINX01" ScoredEntity="message">
+      <tns:ScorerClass>ClusteringContextScore</tns:ScorerClass>
+      <tns:ScorerProperty Key="numClustersSqrtNumMsgs" Value="true"/>
+      <tns:ScorerProperty Key="numClustersSqrtNumMsgsFactor" Value="3"/>
+      <tns:ScorerProperty Key="numRuns" Value="50"/>
+      <tns:ScorerProperty Key="clusterContextFraction" Value="0.3"/>
+      <tns:ScorerProperty Key="seed" Value="1"/>
+      <tns:ScorerProperty Key="maxTrials" Value="100000"/>
+      <tns:ScorerProperty Key="maxIdleTrials" Value="15000"/>
+      <tns:ScorerProperty Key="minAppearThresh" Value="3"/>
+      <tns:ScorerProperty Key="alpha" Value="0.1"/>
+      <tns:ScorerProperty Key="minAverageInformationRatio" Value="2"/>
+      <tns:ScorerProperty Key="allowEmptyClusters" Value="false"/>
+      <tns:ScorerProperty Key="useTimelineForMutualInformation" Value="true"/>
+      <tns:ScorerProperty Key="trace" Value="false"/>
+    </tns:ScoringSchema>
+    <tns:ScoringSchema id="NGINX02" ScoredEntity="message">
+      <tns:ScorerClass>FullBernoulliClusterAwareScore</tns:ScorerClass>
+      <tns:ScorerProperty Key="ClusteringScorer" Value="ClusteringContextScore"/>
+      <tns:ScorerProperty Key="FullProb" Value="true"/>
+      <tns:DependsOn>NGINX01</tns:DependsOn>
+    </tns:ScoringSchema>
+    <tns:ScoringSchema id="NGINX11" ScoredEntity="message">
+      <tns:ScorerClass>LastSeenLoggingScorerContinuous</tns:ScorerClass>
+    </tns:ScoringSchema>
+    <tns:ScoringSchema id="NGINX12" ScoredEntity="message">
+      <tns:ScorerClass>LastSeenScorer</tns:ScorerClass>
+      <tns:DependsOn>NGINX11</tns:DependsOn>
+    </tns:ScoringSchema>
+    <tns:ScoringSchema id="NGINX21" ScoredEntity="message">
+      <tns:ScorerClass>BestOfTwoScorer</tns:ScorerClass>
+      <tns:ScorerProperty Key="firstScoreString" Value="FullBernoulliClusterAwareScore.logProb"/>
+      <tns:ScorerProperty Key="secondScoreString" Value="LastSeenScorer.LogProbGivenLast"/>
+      <tns:DependsOn>NGINX02</tns:DependsOn>
+      <tns:DependsOn>NGINX12</tns:DependsOn>
+    </tns:ScoringSchema>
+    <tns:ScoringSchema id="NGINX31" ScoredEntity="message">
+      <tns:ScorerClass>SeverityScore</tns:ScorerClass>
+    </tns:ScoringSchema>
+    <tns:ScoringSchema id="NGINX41" ScoredEntity="message">
+      <tns:ScorerClass>LogNormalScore</tns:ScorerClass>
+      <tns:ScorerProperty Key="baseScorer" Value="ClusteringContextScore"/>
+      <tns:ScorerProperty Key="noPeneltyOnMean" Value="true"/>
+    </tns:ScoringSchema>
+    <tns:ScoringSchema id="NGINX51" ScoredEntity="message">
+      <tns:ScorerClass>AdeWeightedMessageAnomalyScorerLogNormal</tns:ScorerClass>
+      <tns:ScorerProperty Key="baseScorer" Value="ClusteringContextScore"/>
+      <tns:ScorerProperty Key="severityScorer" Value="SeverityScore"/>
+      <tns:ScorerProperty Key="rarityScorer" Value="BestOfTwoScorer"/>
+      <tns:ScorerProperty Key="countScorer" Value="LogNormalScore"/>
+      <tns:DependsOn>NGINX01</tns:DependsOn>
+      <tns:DependsOn>NGINX31</tns:DependsOn>
+      <tns:DependsOn>NGINX21</tns:DependsOn>
+      <tns:DependsOn>NGINX41</tns:DependsOn>
+    </tns:ScoringSchema>
+    <tns:ScoringSchema id="NGINX52" ScoredEntity="interval">
+      <tns:ScorerClass>AdeAnomalyIntervalScorer</tns:ScorerClass>
+      <tns:DependsOn>NGINX51</tns:DependsOn>
+    </tns:ScoringSchema>
+    <tns:Outputer id="NGINXx12">
+      <tns:OutputerClass>org.openmainframe.ade.ext.output.ExtendedAnalyzedIntervalDbStorer</tns:OutputerClass>
+    </tns:Outputer>
+    <tns:Outputer id="NGINXx24">
+      <tns:OutputerClass>org.openmainframe.ade.ext.output.ExtJaxbAnalyzedPeriodV2XmlStorer</tns:OutputerClass>
+      <tns:OutputerProperty Key="outputOnTheFly" Value="true"/>
+      <tns:OutputerProperty Key="createXSLDirectory" Value="true"/>
+      <tns:OutputerProperty Key="formatXMLOutput" Value="true"/>
+    </tns:Outputer>
+    <tns:Outputer id="NGINXx32">
+      <tns:OutputerClass>org.openmainframe.ade.ext.output.ExtAnalyzedIntervalV2FullXmlStorer</tns:OutputerClass>
+      <tns:OutputerProperty Key="createXSLDirectory" Value="true"/>
+      <tns:OutputerProperty Key="outputInGZipFormat" Value="false"/>
+    </tns:Outputer>
+    <tns:Outputer id="NGINXx35">
+      <tns:OutputerClass>org.openmainframe.ade.ext.output.ExtJaxbAnalyzedIntervalV2XmlStorer</tns:OutputerClass>
+      <tns:OutputerProperty Key="createXSLDirectory" Value="true"/>
+      <tns:OutputerProperty Key="formatXMLOutput" Value="true"/>
+    </tns:Outputer>
+    <tns:FinalAnomalyMessageScorer>NGINX51</tns:FinalAnomalyMessageScorer>
+    <tns:FinalAnomalyIntervalScorer>NGINX52</tns:FinalAnomalyIntervalScorer>
+  </tns:AnalysisGroupFlow>
+</tns:Layout>
\ No newline at end of file
diff --git a/ade-assembly/src/main/conf/xml/FlowLayoutNginx.xsd b/ade-assembly/src/main/conf/xml/FlowLayoutNginx.xsd
new file mode 100644
index 0000000..aac5564
--- /dev/null
+++ b/ade-assembly/src/main/conf/xml/FlowLayoutNginx.xsd
@@ -0,0 +1,175 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  Copyright Contributors to the ADE Project.
+
+  SPDX-License-Identifier: GPL-3.0-or-later
+ **/
+ This file is part of Anomaly Detection Engine for Linux Logs (ADE).
+ ADE is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ ADE is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ You should have received a copy of the GNU General Public License
+ along with ADE.  If not, see <http://www.gnu.org/licenses/>.
+-->
+<schema xmlns="http://www.w3.org/2001/XMLSchema" 
+targetNamespace="http://flow.impl.ade.openmainframe.org/factory" 
+xmlns:tns="http://flow.impl.ade.openmainframe.org/factory" 
+xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
+jaxb:version="2.0"
+elementFormDefault="qualified">
+
+    <element name="Layout" type="tns:LayoutType">
+       <key name="framingFlowKey">
+         <selector xpath="tns:FramingFlow"/>
+         <field xpath="@name" />
+       </key>
+       <keyref name="framingFlowRef1" refer="tns:framingFlowKey">
+          <selector xpath="tns:AnalysisGroupFlow" />
+          <field xpath="tns:AnalysisFramingFlow" />
+       </keyref>
+       <keyref name="framingFlowRef2" refer="tns:framingFlowKey">
+          <selector xpath="tns:AnalysisGroupFlow/tns:ScoringSchema" />
+          <field xpath="tns:TrainingFramingFlow" />
+       </keyref>
+       <keyref name="framingFlowRef3" refer="tns:framingFlowKey">
+          <selector xpath="tns:AnalysisGroupFlow/tns:Outputer" />
+          <field xpath="tns:TrainingFramingFlow" />
+       </keyref>
+       
+       <key name="scorerKey">
+	      <selector xpath="tns:AnalysisGroupFlow/tns:ScoringSchema"/>
+	      <field xpath="@id" />
+       </key>
+       <keyref name="ScorerRef1" refer="tns:scorerKey">
+          <selector xpath="tns:AnalysisGroupFlow/tns:ScoringSchema/tns:LinkedScorer" />
+          <field xpath="tns:Scorer" />
+       </keyref>
+       <keyref name="ScorerRef2" refer="tns:scorerKey">
+          <selector xpath="tns:AnalysisGroupFlow/tns:ScoringSchema/tns:DependsOn" />
+          <field xpath="." />
+       </keyref>
+       <keyref name="ScorerRef3" refer="tns:scorerKey">
+          <selector xpath="tns:AnalysisGroupFlow" />
+          <field xpath="tns:FinalAnomalyIntervalScorer" />
+       </keyref>
+       <keyref name="ScorerRef4" refer="tns:scorerKey">
+          <selector xpath="tns:AnalysisGroupFlow" />
+          <field xpath="tns:FinalAnomalyMessageScorer" />
+       </keyref>
+    </element>
+
+    <complexType name="LayoutType">
+    	<sequence>
+       	    <element name="FramingFlow"
+    			 type="tns:FramingFlowType" maxOccurs="unbounded" minOccurs="1"/>
+    		<element name="AnalysisGroupFlow"
+    			type="tns:AnalysisGroupFlowType" maxOccurs="unbounded" minOccurs="1"/>    		
+    	</sequence>
+    </complexType>
+
+
+    <complexType name="PropertyType">
+    	<sequence></sequence>
+    	<attribute name="Key" type="string"></attribute>
+    	<attribute name="Value" type="string"></attribute>
+    </complexType>
+
+    <complexType name="LinkType">
+    	<sequence></sequence>
+    	<attribute name="Key" type="string"></attribute>
+    	<attribute name="Scorer" type="string">
+    	</attribute>
+    </complexType>
+
+
+    <complexType name="FramingFlowType">
+    	<sequence>
+    		<element name="FramerClass" type="string" maxOccurs="1"
+    			minOccurs="1">
+    		</element>
+    		<element name="FramerProperty" type="tns:PropertyType"
+    			maxOccurs="unbounded" minOccurs="0">
+    		</element>
+    	</sequence>
+    	<attribute name="name" type="string" use="required"></attribute>
+    	<attribute name="databaseId" type="int" use="required"></attribute>
+    	<attribute name="duration" type="long" use="required"></attribute>
+    	<attribute name="consecutive" type="boolean" use="required"></attribute>
+    </complexType>
+
+
+	<simpleType name="ScoredEntityEnum">
+		<restriction base="string">
+			<enumeration value="message"></enumeration>
+			<enumeration value="interval"></enumeration>
+		</restriction>
+   	</simpleType>    
+
+
+    <complexType name="ScoringSchemaType">
+    	<sequence>
+    		<element name="ScorerClass" type="string" maxOccurs="1"
+    			minOccurs="1">
+    		</element>
+    		<element name="ScorerProperty" type="tns:PropertyType"
+    			maxOccurs="unbounded" minOccurs="0">
+    		</element>
+    		<element name="LinkedScorer" type="tns:LinkType"
+    			maxOccurs="unbounded" minOccurs="0">
+    		</element>
+    		<element name="TrainingFramingFlow" type="string" minOccurs="0"/>    		    			           	
+    		<element name="DependsOn" type="string"
+    			maxOccurs="unbounded" minOccurs="0">
+    		</element>    		
+    	</sequence>
+
+        <attribute name="id" type="string" use="required"/>
+        
+        <attribute name="ScoredEntity" use="required" type="tns:ScoredEntityEnum"></attribute>
+    </complexType>
+
+    <complexType name="AnalysisGroupFlowType">
+    		<sequence>
+    		<element name="UploadFramingFlow" type="string" maxOccurs="1" minOccurs="0"/>
+    		<element name="TrainingIntervalFactor" type="int" maxOccurs="1" minOccurs="0"/>
+    		<element name="AnalysisFramingFlow" type="string" maxOccurs="1" minOccurs="0"/>    		    			    	
+    		<element name="ScoringSchema" type="tns:ScoringSchemaType"
+    			maxOccurs="unbounded" minOccurs="1">
+    		</element>
+    		<element name="Outputer" type="tns:OutputerType"
+    			maxOccurs="unbounded" minOccurs="0">
+    		</element>
+    		<element name="FinalAnomalyMessageScorer" type="string" maxOccurs="1" minOccurs="1"></element>
+    		<element name="FinalAnomalyIntervalScorer" type="string" maxOccurs="1" minOccurs="0"></element>
+    	</sequence>
+    	<attribute name="name" type="string" use="required"></attribute>
+    </complexType>
+    
+    <complexType name="OutputerType">
+    	<sequence>
+    		<element name="OutputerClass" type="string" maxOccurs="1"
+    			minOccurs="1">
+    		</element>
+    		<element name="OutputerProperty" type="tns:PropertyType"
+    			maxOccurs="unbounded" minOccurs="0">
+    		</element>
+    		<element name="LinkedScorer" type="tns:LinkType"
+    			maxOccurs="unbounded" minOccurs="0">
+    		</element>
+    		<element name="TrainingFramingFlow" type="string"
+    			maxOccurs="1" minOccurs="0"/>    			      	
+    	</sequence>
+
+        <attribute name="id" type="string" use="required"/>
+        
+    </complexType>
+    
+    
+    
+</schema>
\ No newline at end of file
diff --git a/ade-ext/src/test/java/org/openmainframe/ade/ext/os/parser/TestNginxLogLineParser.java b/ade-ext/src/test/java/org/openmainframe/ade/ext/os/parser/TestNginxLogLineParser.java
index 887440e..528e4c0 100644
--- a/ade-ext/src/test/java/org/openmainframe/ade/ext/os/parser/TestNginxLogLineParser.java
+++ b/ade-ext/src/test/java/org/openmainframe/ade/ext/os/parser/TestNginxLogLineParser.java
@@ -31,6 +31,7 @@ This file is part of Anomaly Detection Engine for Linux Logs (ADE).
 import java.util.regex.Pattern;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 import static org.openmainframe.ade.ext.os.parser.NginxLogParserBase.NGINX_LOG;
 
 public class TestNginxLogLineParser {
@@ -55,50 +56,58 @@ public void testWithRealLog() {
         final Pattern pattern = Pattern.compile(NGINX_LOG);
         final String line = "93.180.71.3 - - [17/May/2015:08:05:32 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.21)\"";
         assertEquals(true, slp.parseLine(pattern, 1,2,3,4,5,6,line));
-        System.out.println(slp);
     }
 
-//    @Test
-//    public void testParseLineWithMatchingPattern() {
-//        Pattern pattern = Pattern.compile("^([^:]+):.*COMMAND=(.*)$");
-//        assertEquals("Pattern matches for all parameters ",true, slp.parseLine(pattern,1,2,2,2,2,2,"(username):.COMMAND=nub"));
-//    }
-
-//    @Test
-//    public void testParseLineWith255CharacterHostname() {
-//        Pattern pattern = Pattern.compile("^([^:]+):.*COMMAND=(.*)$");
-//        assertEquals("Pattern matches but hostname has over 255 chars ",true, slp.parseLine(pattern,1,1,1,1,1,1,longString + ":.COMMAND=nub"));
-//    }
-
-//    @Test
-//    public void testParseLineWith255CharacterHostnameSecondTime() {
-//        Pattern pattern = Pattern.compile("^([^:]+):.*COMMAND=(.*)$");
-//        slp.parseLine(pattern,1,1,1,1,1,1,longString + ":.COMMAND=nub");
-//
-//        assertEquals("Hostname over 255 characters but we go through parseLine twice to skip the logging "
-//                ,true,slp.parseLine(pattern,1,1,1,1,1,1,longString + ":.COMMAND=nub"));
-//    }
-
-//    @Test
-//    public void testGettersGetCorrectInfoAfterRunningParseLine() {
-//        Pattern pattern = Pattern.compile("^([^:]+):.*COMMAND=(.*)$");
-//        slp.parseLine(pattern,0,1,0,1,0,1,"(username):.COMMAND=nub");
-//
-//        assertEquals("The message time is thee",null,slp.getMsgTime());
-//        assertEquals("The source is in the first matched group third param ","(username)",slp.getRemoteAddress());
-//
-//        slp.parseLine(pattern,0,0,2,2,2,2,"(PID!):.COMMAND=msgBody");
-//        assertEquals("The messsage body is in second group and 6th param","msgBody",slp.getRequest());
-//    }
-
-//    @Test
-//    public void testToString() {
-//        Pattern pattern = Pattern.compile("^([^:]+):.*COMMAND=(.*)$");
-//        slp.parseLine(pattern,2,2,2,2,2,2,"(username):.COMMAND=nub");
-//        assertEquals("Testing to String works correctly "
-//                , "timestamp=(null) "
-//                        + "hostname=(nub) "
-//                        + "msg=(nub)"
-//                ,slp.toString());
-//    }
+    @Test
+    public void testParseLineWithMatchingPattern() {
+        final Pattern pattern = Pattern.compile(NGINX_LOG);
+        final String line = "address - - [17/May/2015:08:05:32 +0000] \"GET\" 0 0 \"-\" \"-\"";
+        assertEquals("Pattern matches for all parameters ",true, slp.parseLine(pattern,1,2,3,4,5,6,line));
+    }
+
+    @Test
+    public void testParseLineWith255CharacterHostname() {
+        final Pattern pattern = Pattern.compile(NGINX_LOG);
+        final String line = "address - - [17/May/2015:08:05:32 +0000] \"GET\" 0 0 \"-\" \"-\"";
+        assertTrue("Pattern matches but hostname has over 255 chars ", slp.parseLine(pattern, 1, 2, 3, 4, 5, 6, longString + line));
+    }
+
+    @Test
+    public void testParseLineWith255CharacterHostnameSecondTime() {
+        final Pattern pattern = Pattern.compile(NGINX_LOG);
+        final String line = "address - - [17/May/2015:08:05:32 +0000] \"GET\" 0 0 \"-\" \"-\"";
+        slp.parseLine(pattern,1,2,3,4,5,6,longString + line);
+
+        assertEquals("Hostname over 255 characters but we go through parseLine twice to skip the logging "
+                ,true,slp.parseLine(pattern,1,2,3,4,5,6,longString + line));
+    }
+
+    @Test
+    public void testGettersGetCorrectInfoAfterRunningParseLine() {
+        final Pattern pattern = Pattern.compile(NGINX_LOG);
+        final String line = "address - - [17/May/2015:08:05:32 +0000] \"GET\" 0 0 \"-\" \"-\"";
+        slp.parseLine(pattern,1,2,3,4,5,6,line);
+
+        assertEquals(null, slp.getMsgTime());
+        assertEquals("address",slp.getRemoteAddress());
+        assertEquals("GET",slp.getRequest());
+        assertEquals("-", slp.getRemoteUser());
+        assertEquals(0, slp.getBytes());
+        assertEquals(0, slp.getStatus());
+    }
+
+    @Test
+    public void testToString() {
+        final Pattern pattern = Pattern.compile(NGINX_LOG);
+        final String line = "nub - nub [17/May/2015:08:05:32 +0000] \"nub\" 0 0 \"-\" \"nub\"";
+        slp.parseLine(pattern,1,2,3,4,5,6,line);
+        assertEquals("Testing to String works correctly "
+                , "timestamp=(null) "
+                        + "remote_address=(nub) "
+                        + "remote_user=(nub) "
+                        + "request=(nub) "
+                        + "status=(0) "
+                        + "bytes=(0)"
+                ,slp.toString());
+    }
 }
diff --git a/ade-ext/src/test/java/org/openmainframe/ade/ext/os/parser/TestNginxLogParserBase.java b/ade-ext/src/test/java/org/openmainframe/ade/ext/os/parser/TestNginxLogParserBase.java
index 8735fef..43a76b4 100644
--- a/ade-ext/src/test/java/org/openmainframe/ade/ext/os/parser/TestNginxLogParserBase.java
+++ b/ade-ext/src/test/java/org/openmainframe/ade/ext/os/parser/TestNginxLogParserBase.java
@@ -46,7 +46,6 @@ This file is part of Anomaly Detection Engine for Linux Logs (ADE).
 public class TestNginxLogParserBase {
     Ade ade;
 
-//    @Before
     public void setup() throws AdeException{
         ade = mock(Ade.class, RETURNS_DEEP_STUBS);
         when(ade.getConfigProperties().database().getDatabaseDriver()).thenReturn("derby");