--- /dev/null
+%YAML 1.1
+---
+
+outputs:
+ - eve-log:
+ enabled: yes
+ types:
+ - files
+ - stats
+ - file-store:
+ version: 1
+ enabled: yes
+ force-filestore: yes
+ stream-depth: 0
+
+app-layer:
+ protocols:
+ http:
+ enabled: yes
+ libhtp:
+ default-config:
+ personality: IDS
+ response-body-limit: 100kb
--- /dev/null
+alert http any any -> any any (filestore; sid:1; rev:1;)
--- /dev/null
+requires:
+ features:
+ - HAVE_LIBJANSSON
+ min-version: 5.0.0
+
+args:
+ - -k none
+
+pcap: ../filestore-v2.1-forced/suricata-update-pdf.pcap
+
+checks:
+
+ - filter:
+ count: 1
+ match:
+ event_type: fileinfo
+ fileinfo.state: "CLOSED"
+ fileinfo.stored: true
--- /dev/null
+%YAML 1.1
+---
+
+outputs:
+ - eve-log:
+ enabled: yes
+ types:
+ - files
+ - stats
+ - file-store:
+ version: 2
+ enabled: yes
+ force-filestore: yes
+ stream-depth: 0
+
+app-layer:
+ protocols:
+ http:
+ enabled: yes
+ libhtp:
+ default-config:
+ personality: IDS
+ response-body-limit: 100kb
--- /dev/null
+alert http any any -> any any (filestore; sid:1; rev:1;)
--- /dev/null
+requires:
+ features:
+ - HAVE_LIBJANSSON
+ - HAVE_NSS
+ files:
+ - src/output-filestore.c
+ min-version: 5.0.0
+
+args:
+ - -k none
+
+pcap: ../filestore-v2.1-forced/suricata-update-pdf.pcap
+
+checks:
+
+ - filter:
+ count: 1
+ match:
+ event_type: fileinfo
+ fileinfo.state: "CLOSED"
+ fileinfo.stored: true
projects / thirdparty / suricata-verify.git / commitdiff
