tests/pop3 add eve output checks

Ticket: 3243

diff --git a/tests/pop3/test.yaml b/tests/pop3/test.yaml
index 34a811b0c80c29e5f58db443f347355e9e206577..d406ca5c0d0cd18c6f08a960a10372c237a2487e 100644 (file)
--- a/tests/pop3/test.yaml
+++ b/tests/pop3/test.yaml
@@ -2,8 +2,63 @@ requires:
   min-version: 8
 
 checks:
-  - filter:
-      count: 1
-      match:
-        event_type: flow
-        app_proto: pop3
+- filter:
+    count: 5
+    # count: 56
+    match:
+      event_type: pop3
+
+- filter:
+    count: 1
+    match:
+      dest_ip: 74.208.5.11
+      pop3.response.success: true
+      pop3.response.status: "OK"
+      pop3.response.header: "POP server ready H mieueus020 1Mw7UO-1j88qA02mS-00sOH0"
+
+- filter:
+    count: 1
+    match:
+      dest_ip: 74.208.5.11
+      pop3.request.command: "USER"
+      pop3.request.args[0]: "moises.nunez@ingenierianumar.com"
+      pop3.response.success: true
+      pop3.response.status: "OK"
+      pop3.response.header: "password required for user \"moises.nunez@ingenierianumar.com\""
+
+- filter:
+    count: 1
+    match:
+      pop3.request.command: "PASS"
+      pop3.response.success: true
+
+- filter:
+    count: 1
+    match:
+      pop3.request.command: "STAT"
+      pop3.response.success: true
+
+- filter:
+    count: 1
+    match:
+      pop3.request.command: "LIST"
+      pop3.response.success: true
+
+# Bug with sawp_pop3 causing early exit
+# - filter:
+#     count: 1
+#     match:
+#       pop3.request.command: "RSET"
+#       pop3.response.success: true
+
+# - filter:
+#     count: 1
+#     match:
+#       pop3.request.command: "UIDL"
+#       pop3.response.success: true
+
+# - filter:
+#     count: 49
+#     match:
+#       pop3.request.command: "TOP"
+#       pop3.response.success: true