dhcp: adds check for app-layer metadata logging in alerts

author Philippe Antoine <pantoine@oisf.net>

Tue, 7 Apr 2026 19:43:00 +0000 (21:43 +0200)

committer Victor Julien <vjulien@oisf.net>

Wed, 8 Apr 2026 20:44:48 +0000 (20:44 +0000)
author Philippe Antoine <pantoine@oisf.net>
Tue, 7 Apr 2026 19:43:00 +0000 (21:43 +0200)
committer Victor Julien <vjulien@oisf.net>
Wed, 8 Apr 2026 20:44:48 +0000 (20:44 +0000)
diff --git a/tests/dhcp-eve-extended/test.yaml b/tests/dhcp-eve-extended/test.yaml

index e566ad6b244a16e92666487d5dc54740db2affd1..ffa293b966afa794377f9916ca3925f6e2299fe5 100644 (file)
--- a/tests/dhcp-eve-extended/test.yaml
+++ b/tests/dhcp-eve-extended/test.yaml
@@ -73,6 +73,14 @@ checks:
      match:
        event_type: alert
        alert.signature_id: 1
      match:
        event_type: alert
        alert.signature_id: 1
+- filter:
+    requires:
+      min-version: 9
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+      dhcp.type: reply
  - filter:
      requires:
        min-version: 7
  - filter:
      requires:
        min-version: 7
author	Philippe Antoine <pantoine@oisf.net>
	Tue, 7 Apr 2026 19:43:00 +0000 (21:43 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Wed, 8 Apr 2026 20:44:48 +0000 (20:44 +0000)