tests/anomaly: Test case for mult. loggers

This commit adds a test case for the issue described in bug 3835.
Multiple anomaly loggers aren't supported.

diff --git a/tests/output-eve-anomaly-04/input.pcap b/tests/output-eve-anomaly-04/input.pcap
new file mode 100644 (file)
index 0000000..d50be33
Binary files /dev/null and b/tests/output-eve-anomaly-04/input.pcap differ

diff --git a/tests/output-eve-anomaly-04/suricata.yaml b/tests/output-eve-anomaly-04/suricata.yaml
new file mode 100644 (file)
index 0000000..44deda8
--- /dev/null
+++ b/tests/output-eve-anomaly-04/suricata.yaml
@@ -0,0 +1,23 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      filetype: regular
+      types:
+        - anomaly:
+            types:
+                stream: yes
+                applayer: no
+
+  - eve-log:
+      enabled: yes
+      filename: eve2.json
+      filetype: regular
+      types:
+        - anomaly:
+            types:
+                stream: yes
+                applayer: no

diff --git a/tests/output-eve-anomaly-04/test.yaml b/tests/output-eve-anomaly-04/test.yaml
new file mode 100644 (file)
index 0000000..cc1cb37
--- /dev/null
+++ b/tests/output-eve-anomaly-04/test.yaml
@@ -0,0 +1,10 @@
+requires:
+  min-version: 6
+
+args:
+  - -k none
+
+checks:
+    - shell:
+        args: grep "only one 'anomaly' logger can be enabled" stderr | wc -l | xargs
+        expect: 1