dns test: move to test.yaml

diff --git a/tests/dns-udp-dig-a-www-suricata-ids-org/check.sh b/tests/dns-udp-dig-a-www-suricata-ids-org/check.sh
deleted file mode 100755 (executable)
index 56e6cbc..0000000
--- a/tests/dns-udp-dig-a-www-suricata-ids-org/check.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#! /bin/sh
-
-. ../../util/functions.sh
-
-n=$(cat output/eve.json | jq -c 'select(.dns.type == "query")' | wc -l | xargs)
-assert_eq 1 $n
-
-n=$(cat output/eve.json | jq -c 'select(.dns.type == "answer")' | wc -l | xargs)
-assert_eq 3 $n
-
-n=$(cat output/eve.json | jq -c 'select(.dns.rrtype == "CNAME")' | wc -l | xargs)
-assert_eq 1 $n
-
-n=$(cat output/eve.json | jq -c 'select(.dns.rrtype == "A")' | wc -l | xargs)
-assert_eq 3 $n

diff --git a/tests/dns-udp-dig-a-www-suricata-ids-org/test.yaml b/tests/dns-udp-dig-a-www-suricata-ids-org/test.yaml
new file mode 100644 (file)
index 0000000..1285cba
--- /dev/null
+++ b/tests/dns-udp-dig-a-www-suricata-ids-org/test.yaml
@@ -0,0 +1,29 @@
+checks:
+
+  - filter:
+      comment: dns query count
+      count: 1
+      match:
+        event_type: dns
+        dns.type: query
+
+  - filter:
+      comment: cname count
+      count: 1
+      match:
+        event_type: dns
+        dns.rrtype: CNAME
+
+  - filter:
+      comment: a rrtype count
+      count: 3
+      match:
+        event_type: dns
+        dns.rrtype: A
+
+  - filter:
+      comment: answer count
+      count: 3
+      match:
+        event_type: dns
+        dns.type: answer