From: Philippe Antoine Date: Thu, 20 Mar 2025 10:48:04 +0000 (+0100) Subject: smb/log: add tests for configured logging X-Git-Tag: suricata-7.0.11~112 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2352%2Fhead;p=thirdparty%2Fsuricata-verify.git smb/log: add tests for configured logging being less verbose Ticket: 7620 --- diff --git a/tests/smb-log-conf-01/README.md b/tests/smb-log-conf-01/README.md new file mode 100644 index 000000000..d0b27e17f --- /dev/null +++ b/tests/smb-log-conf-01/README.md @@ -0,0 +1,7 @@ +# Description + +Test smb logging configuration options + +https://redmine.openinfosecfoundation.org/issues/7620 + +Pcap reused diff --git a/tests/smb-log-conf-01/suricata.yaml b/tests/smb-log-conf-01/suricata.yaml new file mode 100644 index 000000000..8f457dc8f --- /dev/null +++ b/tests/smb-log-conf-01/suricata.yaml @@ -0,0 +1,10 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filename: eve.json + types: + - smb: + types: [create, file, rename, set_file_path_info] \ No newline at end of file diff --git a/tests/smb-log-conf-01/test.yaml b/tests/smb-log-conf-01/test.yaml new file mode 100644 index 000000000..2b83bc308 --- /dev/null +++ b/tests/smb-log-conf-01/test.yaml @@ -0,0 +1,29 @@ +requires: + min-version: 8 + +args: +- --set stream.reassembly.depth=0 +- -k none + +pcap: ../smb2-01/smb2-peter.pcap + +checks: + - filter: + count: 108 + match: + event_type: smb + - filter: + count: 57 + match: + event_type: smb + smb.command: SMB2_COMMAND_CREATE + - filter: + count: 34 + match: + event_type: smb + smb.command: SMB2_COMMAND_READ + - filter: + count: 17 + match: + event_type: smb + smb.command: SMB2_COMMAND_WRITE diff --git a/tests/smb-log-conf-02/README.md b/tests/smb-log-conf-02/README.md new file mode 100644 index 000000000..d0b27e17f --- /dev/null +++ b/tests/smb-log-conf-02/README.md @@ -0,0 +1,7 @@ +# Description + +Test smb logging configuration options + +https://redmine.openinfosecfoundation.org/issues/7620 + +Pcap reused diff --git a/tests/smb-log-conf-02/suricata.yaml b/tests/smb-log-conf-02/suricata.yaml new file mode 100644 index 000000000..ac6df48ca --- /dev/null +++ b/tests/smb-log-conf-02/suricata.yaml @@ -0,0 +1,10 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filename: eve.json + types: + - smb: + types: [tree_connect, negotiate, session_setup] \ No newline at end of file diff --git a/tests/smb-log-conf-02/test.yaml b/tests/smb-log-conf-02/test.yaml new file mode 100644 index 000000000..80ad43ebb --- /dev/null +++ b/tests/smb-log-conf-02/test.yaml @@ -0,0 +1,29 @@ +requires: + min-version: 8 + +args: +- --set stream.reassembly.depth=0 +- -k none + +pcap: ../smb2-01/smb2-peter.pcap + +checks: + - filter: + count: 4 + match: + event_type: smb + - filter: + count: 1 + match: + event_type: smb + smb.command: SMB2_COMMAND_NEGOTIATE_PROTOCOL + - filter: + count: 2 + match: + event_type: smb + smb.command: SMB2_COMMAND_SESSION_SETUP + - filter: + count: 1 + match: + event_type: smb + smb.command: SMB2_COMMAND_TREE_CONNECT