From c10aed0b554b5d9e8a98259e339d41ce1d0fb7fe Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 20 Mar 2025 11:48:04 +0100 Subject: [PATCH] smb/log: add tests for configured logging being less verbose Ticket: 7620 --- tests/smb-log-conf-01/README.md | 7 +++++++ tests/smb-log-conf-01/suricata.yaml | 10 ++++++++++ tests/smb-log-conf-01/test.yaml | 29 +++++++++++++++++++++++++++++ tests/smb-log-conf-02/README.md | 7 +++++++ tests/smb-log-conf-02/suricata.yaml | 10 ++++++++++ tests/smb-log-conf-02/test.yaml | 29 +++++++++++++++++++++++++++++ 6 files changed, 92 insertions(+) create mode 100644 tests/smb-log-conf-01/README.md create mode 100644 tests/smb-log-conf-01/suricata.yaml create mode 100644 tests/smb-log-conf-01/test.yaml create mode 100644 tests/smb-log-conf-02/README.md create mode 100644 tests/smb-log-conf-02/suricata.yaml create mode 100644 tests/smb-log-conf-02/test.yaml diff --git a/tests/smb-log-conf-01/README.md b/tests/smb-log-conf-01/README.md new file mode 100644 index 000000000..d0b27e17f --- /dev/null +++ b/tests/smb-log-conf-01/README.md @@ -0,0 +1,7 @@ +# Description + +Test smb logging configuration options + +https://redmine.openinfosecfoundation.org/issues/7620 + +Pcap reused diff --git a/tests/smb-log-conf-01/suricata.yaml b/tests/smb-log-conf-01/suricata.yaml new file mode 100644 index 000000000..8f457dc8f --- /dev/null +++ b/tests/smb-log-conf-01/suricata.yaml @@ -0,0 +1,10 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filename: eve.json + types: + - smb: + types: [create, file, rename, set_file_path_info] \ No newline at end of file diff --git a/tests/smb-log-conf-01/test.yaml b/tests/smb-log-conf-01/test.yaml new file mode 100644 index 000000000..2b83bc308 --- /dev/null +++ b/tests/smb-log-conf-01/test.yaml @@ -0,0 +1,29 @@ +requires: + min-version: 8 + +args: +- --set stream.reassembly.depth=0 +- -k none + +pcap: ../smb2-01/smb2-peter.pcap + +checks: + - filter: + count: 108 + match: + event_type: smb + - filter: + count: 57 + match: + event_type: smb + smb.command: SMB2_COMMAND_CREATE + - filter: + count: 34 + match: + event_type: smb + smb.command: SMB2_COMMAND_READ + - filter: + count: 17 + match: + event_type: smb + smb.command: SMB2_COMMAND_WRITE diff --git a/tests/smb-log-conf-02/README.md b/tests/smb-log-conf-02/README.md new file mode 100644 index 000000000..d0b27e17f --- /dev/null +++ b/tests/smb-log-conf-02/README.md @@ -0,0 +1,7 @@ +# Description + +Test smb logging configuration options + +https://redmine.openinfosecfoundation.org/issues/7620 + +Pcap reused diff --git a/tests/smb-log-conf-02/suricata.yaml b/tests/smb-log-conf-02/suricata.yaml new file mode 100644 index 000000000..ac6df48ca --- /dev/null +++ b/tests/smb-log-conf-02/suricata.yaml @@ -0,0 +1,10 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filename: eve.json + types: + - smb: + types: [tree_connect, negotiate, session_setup] \ No newline at end of file diff --git a/tests/smb-log-conf-02/test.yaml b/tests/smb-log-conf-02/test.yaml new file mode 100644 index 000000000..80ad43ebb --- /dev/null +++ b/tests/smb-log-conf-02/test.yaml @@ -0,0 +1,29 @@ +requires: + min-version: 8 + +args: +- --set stream.reassembly.depth=0 +- -k none + +pcap: ../smb2-01/smb2-peter.pcap + +checks: + - filter: + count: 4 + match: + event_type: smb + - filter: + count: 1 + match: + event_type: smb + smb.command: SMB2_COMMAND_NEGOTIATE_PROTOCOL + - filter: + count: 2 + match: + event_type: smb + smb.command: SMB2_COMMAND_SESSION_SETUP + - filter: + count: 1 + match: + event_type: smb + smb.command: SMB2_COMMAND_TREE_CONNECT -- 2.47.2