From 79d5af08c86f402cb72f5f5a8960342807ad4028 Mon Sep 17 00:00:00 2001
From: Sascha Steinbiss <satta@debian.org>
Date: Sat, 26 Jun 2021 14:12:50 +0200
Subject: [PATCH] mqtt: add suricata.yaml enabling MQTT for testing

---
 tests/mqtt-events-invalid-qos/suricata.yaml     | 17 +++++++++++++++++
 tests/mqtt-events-missing-connect/suricata.yaml | 17 +++++++++++++++++
 .../suricata.yaml                               | 17 +++++++++++++++++
 tests/mqtt-events-unintroduced/suricata.yaml    | 17 +++++++++++++++++
 4 files changed, 68 insertions(+)
 create mode 100644 tests/mqtt-events-invalid-qos/suricata.yaml
 create mode 100644 tests/mqtt-events-missing-connect/suricata.yaml
 create mode 100644 tests/mqtt-events-unassigned-msgtype/suricata.yaml
 create mode 100644 tests/mqtt-events-unintroduced/suricata.yaml

diff --git a/tests/mqtt-events-invalid-qos/suricata.yaml b/tests/mqtt-events-invalid-qos/suricata.yaml
new file mode 100644
index 0000000..e9d9a4a
--- /dev/null
+++ b/tests/mqtt-events-invalid-qos/suricata.yaml
@@ -0,0 +1,17 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - mqtt
+        - alert
+        - anomaly
+
+app-layer:
+  protocols:
+    mqtt:
+      enabled: yes
\ No newline at end of file
diff --git a/tests/mqtt-events-missing-connect/suricata.yaml b/tests/mqtt-events-missing-connect/suricata.yaml
new file mode 100644
index 0000000..e9d9a4a
--- /dev/null
+++ b/tests/mqtt-events-missing-connect/suricata.yaml
@@ -0,0 +1,17 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - mqtt
+        - alert
+        - anomaly
+
+app-layer:
+  protocols:
+    mqtt:
+      enabled: yes
\ No newline at end of file
diff --git a/tests/mqtt-events-unassigned-msgtype/suricata.yaml b/tests/mqtt-events-unassigned-msgtype/suricata.yaml
new file mode 100644
index 0000000..e9d9a4a
--- /dev/null
+++ b/tests/mqtt-events-unassigned-msgtype/suricata.yaml
@@ -0,0 +1,17 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - mqtt
+        - alert
+        - anomaly
+
+app-layer:
+  protocols:
+    mqtt:
+      enabled: yes
\ No newline at end of file
diff --git a/tests/mqtt-events-unintroduced/suricata.yaml b/tests/mqtt-events-unintroduced/suricata.yaml
new file mode 100644
index 0000000..e9d9a4a
--- /dev/null
+++ b/tests/mqtt-events-unintroduced/suricata.yaml
@@ -0,0 +1,17 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - mqtt
+        - alert
+        - anomaly
+
+app-layer:
+  protocols:
+    mqtt:
+      enabled: yes
\ No newline at end of file
-- 
2.47.3