]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7cc0e1b)
test: eve/dns aaaa only logging
authorJason Ish <ish@unx.ca>
Thu, 13 Jul 2017 16:33:11 +0000 (10:33 -0600)
committerJason Ish <ish@unx.ca>
Thu, 13 Jul 2017 16:33:11 +0000 (10:33 -0600)
dns-udp-eve-log-aaaa-only/README.md [new file with mode: 0644] patch | blob
dns-udp-eve-log-aaaa-only/check.sh [new file with mode: 0755] patch | blob
dns-udp-eve-log-aaaa-only/dns-udp-google.com-a-aaaa-mx.pcap [new file with mode: 0644] patch | blob
dns-udp-eve-log-aaaa-only/suricata.yaml [new file with mode: 0644] patch | blob

diff --git a/dns-udp-eve-log-aaaa-only/README.md b/dns-udp-eve-log-aaaa-only/README.md
new file mode 100644 (file)
index 0000000..88649bf
--- /dev/null
+++ b/dns-udp-eve-log-aaaa-only/README.md
@@ -0,0 +1,2 @@
+Test custom eve DNS logging by configuring it to log only AAAA
+records, and verifying that only AAAA records are logged.
diff --git a/dns-udp-eve-log-aaaa-only/check.sh b/dns-udp-eve-log-aaaa-only/check.sh
new file mode 100755 (executable)
index 0000000..ef8ffd3
--- /dev/null
+++ b/dns-udp-eve-log-aaaa-only/check.sh
@@ -0,0 +1,12 @@
+#! /bin/sh
+
+. ../functions.sh
+
+n=$(jq_count output/eve.json 'select(.dns.rrtype == "AAAA")')
+assert_eq 2 $n "expected 2 aaaa records"
+
+n=$(jq_count output/eve.json 'select(.dns.rrtype != "AAAA")')
+assert_eq 0 $n "expected 0 non-aaaa records"
+
+exit 0
+
diff --git a/dns-udp-eve-log-aaaa-only/dns-udp-google.com-a-aaaa-mx.pcap b/dns-udp-eve-log-aaaa-only/dns-udp-google.com-a-aaaa-mx.pcap
new file mode 100644 (file)
index 0000000..def918f
Binary files /dev/null and b/dns-udp-eve-log-aaaa-only/dns-udp-google.com-a-aaaa-mx.pcap differ
diff --git a/dns-udp-eve-log-aaaa-only/suricata.yaml b/dns-udp-eve-log-aaaa-only/suricata.yaml
new file mode 100644 (file)
index 0000000..8b56c20
--- /dev/null
+++ b/dns-udp-eve-log-aaaa-only/suricata.yaml
@@ -0,0 +1,11 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - dns:
+            custom: [aaaa]
Mirror of https://github.com/OISF/suricata-verify.git