test: update checks for logging

author Sam Muhammed <ghostinthehive.vx@gmail.com>

Fri, 4 Mar 2022 13:02:41 +0000 (15:02 +0200)

committer Jason Ish <jason.ish@oisf.net>

Fri, 29 Apr 2022 18:32:08 +0000 (12:32 -0600)
author Sam Muhammed <ghostinthehive.vx@gmail.com>
Fri, 4 Mar 2022 13:02:41 +0000 (15:02 +0200)
committer Jason Ish <jason.ish@oisf.net>
Fri, 29 Apr 2022 18:32:08 +0000 (12:32 -0600)
diff --git a/tests/nfs4-01/test.rules b/tests/nfs4-01/test.rules

new file mode 100644 (file)

index 0000000..f34ae99
--- /dev/null
+++ b/tests/nfs4-01/test.rules
@@ -0,0 +1 @@
+alert nfs any any -> any any (nfs_version:4; flow:to_server; sid:1;)
+\ No newline at end of file
diff --git a/tests/nfs4-01/test.yaml b/tests/nfs4-01/test.yaml

index 6e2d12fd147eca83b38dab71f2e57322a8f26da2..fca022560a2c5fb86ed929319fd908696408ec81 100644 (file)
--- a/tests/nfs4-01/test.yaml
+++ b/tests/nfs4-01/test.yaml
@@ -1,5 +1,3 @@
-# *** Add configuration here ***
-
  args:
  - -k none
  
@@ -54,26 +52,5 @@ checks:
  - filter:
      count: 1
      match:
+      event_type: alert
        app_proto: nfs
-      dest_ip: 192.168.0.61
-      dest_port: 2049
-      event_type: flow
-      flow.age: 4
-      flow.alerted: false
-      flow.bytes_toclient: 8392
-      flow.bytes_toserver: 8742
-      flow.pkts_toclient: 38
-      flow.pkts_toserver: 43
-      flow.reason: shutdown
-      flow.state: closed
-      proto: TCP
-      src_ip: 192.168.0.26
-      src_port: 880
-      tcp.ack: true
-      tcp.fin: true
-      tcp.psh: true
-      tcp.state: closed
-      tcp.syn: true
-      tcp.tcp_flags: 1b
-      tcp.tcp_flags_tc: 1b
-      tcp.tcp_flags_ts: 1b
author	Sam Muhammed <ghostinthehive.vx@gmail.com>
	Fri, 4 Mar 2022 13:02:41 +0000 (15:02 +0200)
committer	Jason Ish <jason.ish@oisf.net>
	Fri, 29 Apr 2022 18:32:08 +0000 (12:32 -0600)
tests/nfs4-01/test.rules	[new file with mode: 0644]	patch \| blob
tests/nfs4-01/test.yaml		patch \| blob \| blame \| history