]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c0bae48)
tests: filestore alert event 1325/head
authorEric Leblond <el@stamus-networks.com>
Wed, 19 Oct 2022 14:07:00 +0000 (16:07 +0200)
committerVictor Julien <victor@inliniac.net>
Tue, 25 Jul 2023 13:10:09 +0000 (15:10 +0200)
tests/filestore-alert-log/README.md [new file with mode: 0644] patch | blob
tests/filestore-alert-log/suricata.yaml [new file with mode: 0644] patch | blob
tests/filestore-alert-log/test.rules [new file with mode: 0644] patch | blob
tests/filestore-alert-log/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/filestore-alert-log/README.md b/tests/filestore-alert-log/README.md
new file mode 100644 (file)
index 0000000..7b7d4bb
--- /dev/null
+++ b/tests/filestore-alert-log/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test alert event with filestore
+
+# PCAP
+
+The pcap comes from test filestore-filecontainer-http
diff --git a/tests/filestore-alert-log/suricata.yaml b/tests/filestore-alert-log/suricata.yaml
new file mode 100644 (file)
index 0000000..66ab441
--- /dev/null
+++ b/tests/filestore-alert-log/suricata.yaml
@@ -0,0 +1,15 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - files
+        - stats
+        - alert
+  - file-store:
+      version: 2
+      enabled: yes
+      stream-depth: 0
+      write-fileinfo: true
diff --git a/tests/filestore-alert-log/test.rules b/tests/filestore-alert-log/test.rules
new file mode 100644 (file)
index 0000000..c60c01b
--- /dev/null
+++ b/tests/filestore-alert-log/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"store png images"; filemagic:"PNG image data"; filestore; sid:13371338; rev:1;)
diff --git a/tests/filestore-alert-log/test.yaml b/tests/filestore-alert-log/test.yaml
new file mode 100644 (file)
index 0000000..16143c2
--- /dev/null
+++ b/tests/filestore-alert-log/test.yaml
@@ -0,0 +1,19 @@
+pcap: ../filestore-filecontainer-http/filecontainer-http.pcap
+
+requires:
+  features:
+    - MAGIC
+  files:
+    - src/output-filestore.c
+
+checks:
+
+  - shell:
+        args: test -e filestore/e0/e092858d5bd66ab33085a966ee4ac0bf0edf6eab8d8b1e66432ee600e904bb4f
+
+  - filter:
+      min-version: 7
+      count: 1
+      match:
+        event_type: alert
+        files[0].storing: true
Mirror of https://github.com/OISF/suricata-verify.git