]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9ba0db4)
new test: netflow-eve: basic check of netflow records 264/head
authorJason Ish <jason.ish@oisf.net>
Thu, 2 Jul 2020 17:19:14 +0000 (11:19 -0600)
committerJason Ish <jason.ish@oisf.net>
Tue, 7 Jul 2020 22:14:12 +0000 (16:14 -0600)
tests/netflow-eve/input.pcap [new file with mode: 0644] patch | blob
tests/netflow-eve/suricata.yaml [new file with mode: 0644] patch | blob
tests/netflow-eve/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/netflow-eve/input.pcap b/tests/netflow-eve/input.pcap
new file mode 100644 (file)
index 0000000..868c57e
Binary files /dev/null and b/tests/netflow-eve/input.pcap differ
diff --git a/tests/netflow-eve/suricata.yaml b/tests/netflow-eve/suricata.yaml
new file mode 100644 (file)
index 0000000..cc3aa14
--- /dev/null
+++ b/tests/netflow-eve/suricata.yaml
@@ -0,0 +1,7 @@
+%YAML 1.1
+---
+outputs:
+  - eve-log:
+      enabled: true
+      types:
+        - netflow
diff --git a/tests/netflow-eve/test.yaml b/tests/netflow-eve/test.yaml
new file mode 100644 (file)
index 0000000..3f9ba5a
--- /dev/null
+++ b/tests/netflow-eve/test.yaml
@@ -0,0 +1,45 @@
+checks:
+- filter:
+    count: 1
+    match:
+      app_proto: http
+      dest_ip: 82.165.177.154
+      dest_port: 80
+      event_type: netflow
+      netflow.age: 0
+      netflow.bytes: 425
+      netflow.end: 2016-05-27T06:56:11.900923+0000
+      netflow.max_ttl: 64
+      netflow.min_ttl: 64
+      netflow.pkts: 6
+      netflow.start: 2016-05-27T06:56:11.304062+0000
+      proto: TCP
+      src_ip: 10.16.1.11
+      src_port: 46652
+      tcp.ack: true
+      tcp.fin: true
+      tcp.psh: true
+      tcp.syn: true
+      tcp.tcp_flags: 1b
+- filter:
+    count: 1
+    match:
+      app_proto: http
+      dest_ip: 10.16.1.11
+      dest_port: 46652
+      event_type: netflow
+      netflow.age: 0
+      netflow.bytes: 495
+      netflow.end: 2016-05-27T06:56:11.900923+0000
+      netflow.max_ttl: 50
+      netflow.min_ttl: 50
+      netflow.pkts: 4
+      netflow.start: 2016-05-27T06:56:11.304062+0000
+      proto: TCP
+      src_ip: 82.165.177.154
+      src_port: 80
+      tcp.ack: true
+      tcp.fin: true
+      tcp.psh: true
+      tcp.syn: true
+      tcp.tcp_flags: 1b
Mirror of https://github.com/OISF/suricata-verify.git