-/*/output
+/tests/*/output
/private
*~
Note: You may want to add something like:
```
- include: ../etc/suricata-3.1.2
+ include: ../../etc/suricata-3.1.2
```
to the top and then just make the necessary overrides in the tests
suricata.yaml.
+++ /dev/null
-%YAML 1.1
----
-
-include: ../etc/suricata-3.1.2.yaml
+++ /dev/null
-%YAML 1.1
----
-
-include: ../etc/suricata-3.1.2.yaml
+++ /dev/null
-%YAML 1.1
----
-
-include: ../etc/suricata-3.1.2.yaml
+++ /dev/null
-%YAML 1.1
----
-
-include: ../etc/suricata-3.1.2.yaml
passed = 0
failed = 0
- for dirpath, dirnames, filenames in os.walk(topdir):
+ for dirpath, dirnames, filenames in os.walk(os.path.join(topdir, "tests")):
# The top directory is not a test...
- if dirpath == topdir:
- dirnames.remove(".git")
- dirnames.remove("etc")
+ if dirpath == os.path.join(topdir, "tests"):
continue
# We only want to go one level deep.
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
# Should have one fast log entry.
n=$(cat output/fast.log | wc -l | xargs)
## Step 2: select the rules to enable or disable
##
-default-rule-path: /home/jason/projects/oisf/etc/suricata/rules
+default-rule-path: /home/jason/projects/oi../../etc/suricata/rules
rule-files:
- botcc.rules
- ciarmy.rules
# - modbus-events.rules # available in suricata sources under rules dir
# - app-layer-events.rules # available in suricata sources under rules dir
-classification-file: ../etc/classification.config
-reference-config-file: ../etc/reference.config
-# threshold-file: /home/jason/projects/oisf/etc/suricata/threshold.config
+classification-file: ../../etc/classification.config
+reference-config-file: ../../etc/reference.config
+# threshold-file: /home/jason/projects/oi../../etc/suricata/threshold.config
##
# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output
- lua:
enabled: no
- #scripts-dir: /etc/suricata/lua-output/
+ #scripts-dir../../etc/suricata/lua-output/
scripts:
# - script1.lua
# - alert
# IP Reputation
-#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt
-#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep
+#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt
+#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep
#reputation-files:
# - reputation.list
# For FreeBSD ipfw(8) divert(4) support.
# Please make sure you have ipfw_load="YES" and ipdivert_load="YES"
-# in /etc/loader.conf or kldload'ing the appropriate kernel modules.
+# i../../etc/loader.conf or kldload'ing the appropriate kernel modules.
# Additionally, you need to have an ipfw rule for the engine to see
# the packets from ipfw. For Example:
#
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
# Should have one fast log entry.
n=$(cat output/fast.log | wc -l | xargs)
## Step 2: select the rules to enable or disable
##
-default-rule-path: /home/jason/projects/oisf/etc/suricata/rules
+default-rule-path: /home/jason/projects/oi../../etc/suricata/rules
rule-files:
- botcc.rules
- ciarmy.rules
# - modbus-events.rules # available in suricata sources under rules dir
# - app-layer-events.rules # available in suricata sources under rules dir
-classification-file: ../etc/classification.config
-reference-config-file: ../etc/reference.config
-# threshold-file: /home/jason/projects/oisf/etc/suricata/threshold.config
+classification-file: ../../etc/classification.config
+reference-config-file: ../../etc/reference.config
+# threshold-file: /home/jason/projects/oi../../etc/suricata/threshold.config
##
# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output
- lua:
enabled: no
- #scripts-dir: /etc/suricata/lua-output/
+ #scripts-dir../../etc/suricata/lua-output/
scripts:
# - script1.lua
# - alert
# IP Reputation
-#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt
-#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep
+#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt
+#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep
#reputation-files:
# - reputation.list
# For FreeBSD ipfw(8) divert(4) support.
# Please make sure you have ipfw_load="YES" and ipdivert_load="YES"
-# in /etc/loader.conf or kldload'ing the appropriate kernel modules.
+# i../../etc/loader.conf or kldload'ing the appropriate kernel modules.
# Additionally, you need to have an ipfw rule for the engine to see
# the packets from ipfw. For Example:
#
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
# Should have 4 DNP3 data match alerts.
n=$(grep "DNP3 Data match" output/eve.json | wc -l | xargs)
%YAML 1.1
---
-include: ../etc/suricata-3.1.2.yaml
+include: ../../etc/suricata-3.1.2.yaml
outputs:
- eve-log:
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
# Should have one alert sid 1.
n=$(jq_count output/eve.json 'select(.alert.signature_id == 1)')
%YAML 1.1
---
-include: ../etc/suricata-3.1.2.yaml
+include: ../../etc/suricata-3.1.2.yaml
outputs:
- eve-log:
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
n=$(jq_count output/eve.json 'select(.event_type == "dnp3")')
assert_eq 55 "$n" "bad dnp3 event count"
%YAML 1.1
---
-include: ../etc/suricata-3.1.2.yaml
+include: ../../etc/suricata-3.1.2.yaml
outputs:
- eve-log:
# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output
- lua:
enabled: no
- #scripts-dir: /etc/suricata/lua-output/
+ #scripts-dir../../etc/suricata/lua-output/
scripts:
# - script1.lua
# You can specify a threshold config file by setting "threshold-file"
# to the path of the threshold config file:
-# threshold-file: /etc/suricata/threshold.config
+# threshold-file../../etc/suricata/threshold.config
# The detection engine builds internal groups of signatures. The engine
# allow us to specify the profile to use for them, to manage memory on an
# For FreeBSD ipfw(8) divert(4) support.
# Please make sure you have ipfw_load="YES" and ipdivert_load="YES"
-# in /etc/loader.conf or kldload'ing the appropriate kernel modules.
+# i../../etc/loader.conf or kldload'ing the appropriate kernel modules.
# Additionally, you need to have an ipfw rule for the engine to see
# the packets from ipfw. For Example:
#
# Set the default rule path here to search for the files.
# if not set, it will look at the current working dir
-default-rule-path: /home/jason/projects/oisf/etc/suricata/rules
+default-rule-path: /home/jason/projects/oi../../etc/suricata/rules
rule-files:
- botcc.rules
- ciarmy.rules
# - modbus-events.rules # available in suricata sources under rules dir
- app-layer-events.rules # available in suricata sources under rules dir
-classification-file: /home/jason/projects/oisf/etc/suricata/classification.config
-reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config
+classification-file: /home/jason/projects/oi../../etc/suricata/classification.config
+reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config
# Holds variables that would be used by the engine.
vars:
# - alert
# IP Reputation
-#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt
-#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep
+#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt
+#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep
#reputation-files:
# - reputation.list
--- /dev/null
+%YAML 1.1
+---
+
+include: ../../etc/suricata-3.1.2.yaml
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
# As a request was missing, we should have 2 requests, but 26
# responses, as each request resulted in 12 responses.
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
# One DNS request.
n=$(jq_count output/eve.json 'select(.event_type == "dns") | select(.dns.type == "query")')
%YAML 1.1
---
-include: ../etc/suricata-3.1.2.yaml
+include: ../../etc/suricata-3.1.2.yaml
# Remove stats logging.
stats:
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
n=$(cat output/eve.json | jq -c 'select(.dns.type == "query")' | wc -l | xargs)
assert_eq 1 $n
%YAML 1.1
---
-include: ../etc/suricata-3.1.2.yaml
+include: ../../etc/suricata-3.1.2.yaml
outputs:
- dns-log:
--- /dev/null
+%YAML 1.1
+---
+
+include: ../../etc/suricata-3.1.2.yaml
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
n=$(jq_count output/eve.json 'select(.dns.rrtype == "AAAA")')
assert_eq 2 $n "expected 2 aaaa records"
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
# Should be no answers.
n=$(jq_count output/eve.json 'select(.event_type == "dns") | select(.dns.type != "answer")')
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
n=$(jq_count output/eve.json 'select(.dns.rrtype != "MX")')
assert_eq 0 $n "only expected mx records"
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
# Should be no answers.
n=$(jq_count output/eve.json 'select(.event_type == "dns") | select(.dns.type != "query")')
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
# Look for 2 responses with rcode == "NXDOMAIN".
n=$(jq_count output/eve.json 'select(.dns.rcode == "NXDOMAIN")')
--- /dev/null
+%YAML 1.1
+---
+
+include: ../../etc/suricata-3.1.2.yaml
--- /dev/null
+%YAML 1.1
+---
+
+include: ../../etc/suricata-3.1.2.yaml
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
# Check that there are no events.
n=$(cat output/fast.log | wc -l | xargs)
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
# 4 queries.
n=$(jq_count output/eve.json 'select(.dns.type == "query")')
# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output
- lua:
enabled: no
- #scripts-dir: /etc/suricata/lua-output/
+ #scripts-dir../../etc/suricata/lua-output/
scripts:
# - script1.lua
# You can specify a threshold config file by setting "threshold-file"
# to the path of the threshold config file:
-# threshold-file: /etc/suricata/threshold.config
+# threshold-file../../etc/suricata/threshold.config
# The detection engine builds internal groups of signatures. The engine
# allow us to specify the profile to use for them, to manage memory on an
# For FreeBSD ipfw(8) divert(4) support.
# Please make sure you have ipfw_load="YES" and ipdivert_load="YES"
-# in /etc/loader.conf or kldload'ing the appropriate kernel modules.
+# i../../etc/loader.conf or kldload'ing the appropriate kernel modules.
# Additionally, you need to have an ipfw rule for the engine to see
# the packets from ipfw. For Example:
#
# Set the default rule path here to search for the files.
# if not set, it will look at the current working dir
-default-rule-path: /home/jason/projects/oisf/etc/suricata/rules
+default-rule-path: /home/jason/projects/oi../../etc/suricata/rules
rule-files:
- botcc.rules
- ciarmy.rules
# - modbus-events.rules # available in suricata sources under rules dir
- app-layer-events.rules # available in suricata sources under rules dir
-classification-file: /home/jason/projects/oisf/etc/suricata/classification.config
-reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config
+classification-file: /home/jason/projects/oi../../etc/suricata/classification.config
+reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config
# Holds variables that would be used by the engine.
vars:
# - alert
# IP Reputation
-#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt
-#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep
+#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt
+#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep
#reputation-files:
# - reputation.list
%YAML 1.1
---
-include: ../etc/suricata-3.1.2.yaml
+include: ../../etc/suricata-3.1.2.yaml
rule-files:
outputs:
- lua:
enabled: yes
- scripts-dir: ../verify/lua-output-dns
+ scripts-dir: ../verify/tests/lua-output-dns
scripts:
- test.lua
## Step 2: select the rules to enable or disable
##
-default-rule-path: /home/jason/projects/oisf/etc/suricata/rules
+default-rule-path: /home/jason/projects/oi../../etc/suricata/rules
rule-files:
- botcc.rules
- ciarmy.rules
# - modbus-events.rules # available in suricata sources under rules dir
# - app-layer-events.rules # available in suricata sources under rules dir
-classification-file: /home/jason/projects/oisf/etc/suricata/classification.config
-reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config
-# threshold-file: /home/jason/projects/oisf/etc/suricata/threshold.config
+classification-file: /home/jason/projects/oi../../etc/suricata/classification.config
+reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config
+# threshold-file: /home/jason/projects/oi../../etc/suricata/threshold.config
##
# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output
- lua:
enabled: no
- #scripts-dir: /etc/suricata/lua-output/
+ #scripts-dir../../etc/suricata/lua-output/
scripts:
# - script1.lua
# - alert
# IP Reputation
-#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt
-#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep
+#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt
+#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep
#reputation-files:
# - reputation.list
# For FreeBSD ipfw(8) divert(4) support.
# Please make sure you have ipfw_load="YES" and ipdivert_load="YES"
-# in /etc/loader.conf or kldload'ing the appropriate kernel modules.
+# i../../etc/loader.conf or kldload'ing the appropriate kernel modules.
# Additionally, you need to have an ipfw rule for the engine to see
# the packets from ipfw. For Example:
#
outputs:
- lua:
enabled: yes
- scripts-dir: ../verify/lua-output-http
+ scripts-dir: ../verify/tests/lua-output-http
scripts:
- http.lua
## Step 2: select the rules to enable or disable
##
-default-rule-path: /home/jason/projects/oisf/etc/suricata/rules
+default-rule-path: /home/jason/projects/oi../../etc/suricata/rules
rule-files:
- botcc.rules
- ciarmy.rules
# - modbus-events.rules # available in suricata sources under rules dir
# - app-layer-events.rules # available in suricata sources under rules dir
-classification-file: /home/jason/projects/oisf/etc/suricata/classification.config
-reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config
-# threshold-file: /home/jason/projects/oisf/etc/suricata/threshold.config
+classification-file: /home/jason/projects/oi../../etc/suricata/classification.config
+reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config
+# threshold-file: /home/jason/projects/oi../../etc/suricata/threshold.config
##
# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output
- lua:
enabled: no
- #scripts-dir: /etc/suricata/lua-output/
+ #scripts-dir../../etc/suricata/lua-output/
scripts:
# - script1.lua
# - alert
# IP Reputation
-#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt
-#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep
+#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt
+#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep
#reputation-files:
# - reputation.list
# For FreeBSD ipfw(8) divert(4) support.
# Please make sure you have ipfw_load="YES" and ipdivert_load="YES"
-# in /etc/loader.conf or kldload'ing the appropriate kernel modules.
+# i../../etc/loader.conf or kldload'ing the appropriate kernel modules.
# Additionally, you need to have an ipfw rule for the engine to see
# the packets from ipfw. For Example:
#
outputs:
- lua:
enabled: yes
- scripts-dir: ../verify/lua-output-smtp
+ scripts-dir: ../verify/tests/lua-output-smtp
scripts:
- smtp.lua
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
filename=$(cat output/eve.json | jq -c .fileinfo.filename)
assert_eq '"eicar.com"' "$filename" "bad filename"
# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output
- lua:
enabled: no
- #scripts-dir: /etc/suricata/lua-output/
+ #scripts-dir../../etc/suricata/lua-output/
scripts:
# - script1.lua
# You can specify a threshold config file by setting "threshold-file"
# to the path of the threshold config file:
-# threshold-file: /etc/suricata/threshold.config
+# threshold-file../../etc/suricata/threshold.config
# The detection engine builds internal groups of signatures. The engine
# allow us to specify the profile to use for them, to manage memory on an
# For FreeBSD ipfw(8) divert(4) support.
# Please make sure you have ipfw_load="YES" and ipdivert_load="YES"
-# in /etc/loader.conf or kldload'ing the appropriate kernel modules.
+# i../../etc/loader.conf or kldload'ing the appropriate kernel modules.
# Additionally, you need to have an ipfw rule for the engine to see
# the packets from ipfw. For Example:
#
# Set the default rule path here to search for the files.
# if not set, it will look at the current working dir
-default-rule-path: /home/jason/projects/oisf/etc/suricata/rules
+default-rule-path: /home/jason/projects/oi../../etc/suricata/rules
rule-files:
- botcc.rules
- ciarmy.rules
# - modbus-events.rules # available in suricata sources under rules dir
- app-layer-events.rules # available in suricata sources under rules dir
-classification-file: /home/jason/projects/oisf/etc/suricata/classification.config
-reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config
+classification-file: /home/jason/projects/oi../../etc/suricata/classification.config
+reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config
# Holds variables that would be used by the engine.
vars:
# - alert
# IP Reputation
-#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt
-#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep
+#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt
+#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep
#reputation-files:
# - reputation.list
## Step 2: select the rules to enable or disable
##
-default-rule-path: /home/jason/projects/oisf/etc/suricata/rules
+default-rule-path: /home/jason/projects/oi../../etc/suricata/rules
rule-files:
- botcc.rules
- ciarmy.rules
# - modbus-events.rules # available in suricata sources under rules dir
# - app-layer-events.rules # available in suricata sources under rules dir
-classification-file: /home/jason/projects/oisf/etc/suricata/classification.config
-reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config
-# threshold-file: /home/jason/projects/oisf/etc/suricata/threshold.config
+classification-file: /home/jason/projects/oi../../etc/suricata/classification.config
+reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config
+# threshold-file: /home/jason/projects/oi../../etc/suricata/threshold.config
##
# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output
- lua:
enabled: no
- #scripts-dir: /etc/suricata/lua-output/
+ #scripts-dir../../etc/suricata/lua-output/
scripts:
# - script1.lua
# - alert
# IP Reputation
-#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt
-#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep
+#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt
+#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep
#reputation-files:
# - reputation.list
# For FreeBSD ipfw(8) divert(4) support.
# Please make sure you have ipfw_load="YES" and ipdivert_load="YES"
-# in /etc/loader.conf or kldload'ing the appropriate kernel modules.
+# i../../etc/loader.conf or kldload'ing the appropriate kernel modules.
# Additionally, you need to have an ipfw rule for the engine to see
# the packets from ipfw. For Example:
#
## Step 2: select the rules to enable or disable
##
-default-rule-path: /home/jason/projects/oisf/etc/suricata/rules
+default-rule-path: /home/jason/projects/oi../../etc/suricata/rules
rule-files:
- botcc.rules
- ciarmy.rules
# - modbus-events.rules # available in suricata sources under rules dir
# - app-layer-events.rules # available in suricata sources under rules dir
-classification-file: /home/jason/projects/oisf/etc/suricata/classification.config
-reference-config-file: /home/jason/projects/oisf/etc/suricata/reference.config
-# threshold-file: /home/jason/projects/oisf/etc/suricata/threshold.config
+classification-file: /home/jason/projects/oi../../etc/suricata/classification.config
+reference-config-file: /home/jason/projects/oi../../etc/suricata/reference.config
+# threshold-file: /home/jason/projects/oi../../etc/suricata/threshold.config
##
# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_Output
- lua:
enabled: no
- #scripts-dir: /etc/suricata/lua-output/
+ #scripts-dir../../etc/suricata/lua-output/
scripts:
# - script1.lua
# - alert
# IP Reputation
-#reputation-categories-file: /home/jason/projects/oisf/etc/suricata/iprep/categories.txt
-#default-reputation-path: /home/jason/projects/oisf/etc/suricata/iprep
+#reputation-categories-file: /home/jason/projects/oi../../etc/suricata/iprep/categories.txt
+#default-reputation-path: /home/jason/projects/oi../../etc/suricata/iprep
#reputation-files:
# - reputation.list
# For FreeBSD ipfw(8) divert(4) support.
# Please make sure you have ipfw_load="YES" and ipdivert_load="YES"
-# in /etc/loader.conf or kldload'ing the appropriate kernel modules.
+# i../../etc/loader.conf or kldload'ing the appropriate kernel modules.
# Additionally, you need to have an ipfw rule for the engine to see
# the packets from ipfw. For Example:
#
#! /bin/sh
-. ../functions.sh
+. ../../util/functions.sh
# One query for suricon.net.
n=$(jq_count output/eve.json 'select(.dns.type == "query") | select(.dns.rrname == "suricon.net")')
%YAML 1.1
---
-include: ../etc/suricata-3.1.2.yaml
+include: ../../etc/suricata-3.1.2.yaml
outputs:
- eve-log:
%YAML 1.1
---
-include: ../etc/suricata-3.1.2.yaml
+include: ../../etc/suricata-3.1.2.yaml
rule-files:
- empty.rules
%YAML 1.1
---
-include: ../etc/suricata-3.1.2.yaml
+include: ../../etc/suricata-3.1.2.yaml
outputs:
- eve-log:
%YAML 1.1
---
-include: ../etc/suricata-3.1.2.yaml
+include: ../../etc/suricata-3.1.2.yaml
outputs:
- eve-log:
%YAML 1.1
---
-include: ../etc/suricata-3.1.2.yaml
+include: ../../etc/suricata-3.1.2.yaml
outputs:
- eve-log:
projects / thirdparty / suricata-verify.git / commitdiff
