pgsql: update bug 6983 test

With the tracking of transaction completion per-direction, in IPS mode,
the engine will match on the rule before it sees the response message,
so it won't log the full transaction with the alert.

Update the checks for the alert to keep it simpler and thus compatible
with both Suri-7 and Suri-8.

Related to
Bug #7113

diff --git a/tests/pgsql/pgsql-bug-6983-ips/test.yaml b/tests/pgsql/pgsql-bug-6983-ips/test.yaml
index e7f22f0683abc288e5dbd5a320670f1af9a09b38..2ee0eaaf74ab1009fce496039116089e55e158f5 100644 (file)
--- a/tests/pgsql/pgsql-bug-6983-ips/test.yaml
+++ b/tests/pgsql/pgsql-bug-6983-ips/test.yaml
@@ -13,7 +13,8 @@ checks:
     match:
       event_type: pgsql
 - filter:
-    # in ips mode, as this rule inspects the stream only (no pgsql keywords), we end up getting two alerts instead of one
+    # in ips mode, as this rule inspects the stream only (no pgsql keywords),
+    # we end up getting two alerts instead of one
     count: 2
     match:
       event_type: alert
@@ -24,4 +25,3 @@ checks:
       event_type: alert
       alert.signature_id: 1
       pgsql.request.simple_query: "select * from rules where sid = 2021701;"
-      pgsql.response.field_count: 10