Test that no src_ip, dest_ip are logged instead of just empty strings.
Ticket: https://redmine.openinfosecfoundation.org/issues/7460
--- /dev/null
+Test that alerts that have unknown IP addresses and ports don't log them.
+
+Ticket: https://redmine.openinfosecfoundation.org/issues/7460
--- /dev/null
+alert pkthdr any any -> any any (msg:"SURICATA IPv4 truncated packet"; decode-event:ipv4.trunc_pkt; classtype:protocol-command-decode; sid:2200003; rev:2;)
--- /dev/null
+checks:
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ src_ip: null
+ dest_ip: null
+ src_port: null
+ dest_port: null
projects / thirdparty / suricata-verify.git / commitdiff
