smb/log: add tests for configured logging

author Philippe Antoine <pantoine@oisf.net>

Thu, 20 Mar 2025 10:48:04 +0000 (11:48 +0100)

committer Philippe Antoine <pantoine@oisf.net>

Sat, 5 Apr 2025 19:43:17 +0000 (21:43 +0200)
author Philippe Antoine <pantoine@oisf.net>
Thu, 20 Mar 2025 10:48:04 +0000 (11:48 +0100)
committer Philippe Antoine <pantoine@oisf.net>
Sat, 5 Apr 2025 19:43:17 +0000 (21:43 +0200)
diff --git a/tests/smb-log-conf-01/README.md b/tests/smb-log-conf-01/README.md

new file mode 100644 (file)

index 0000000..d0b27e1
--- /dev/null
+++ b/tests/smb-log-conf-01/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test smb logging configuration options
+
+https://redmine.openinfosecfoundation.org/issues/7620
+
+Pcap reused
diff --git a/tests/smb-log-conf-01/suricata.yaml b/tests/smb-log-conf-01/suricata.yaml

new file mode 100644 (file)

index 0000000..8f457dc
--- /dev/null
+++ b/tests/smb-log-conf-01/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      types:
+        - smb:
+            types: [create, file, rename, set_file_path_info]
+\ No newline at end of file
diff --git a/tests/smb-log-conf-01/test.yaml b/tests/smb-log-conf-01/test.yaml

new file mode 100644 (file)

index 0000000..2b83bc3
--- /dev/null
+++ b/tests/smb-log-conf-01/test.yaml
@@ -0,0 +1,29 @@
+requires:
+  min-version: 8
+
+args:
+- --set stream.reassembly.depth=0
+- -k none
+
+pcap: ../smb2-01/smb2-peter.pcap
+
+checks:
+  - filter:
+      count: 108
+      match:
+        event_type: smb
+  - filter:
+      count: 57
+      match:
+        event_type: smb
+        smb.command: SMB2_COMMAND_CREATE
+  - filter:
+      count: 34
+      match:
+        event_type: smb
+        smb.command: SMB2_COMMAND_READ
+  - filter:
+      count: 17
+      match:
+        event_type: smb
+        smb.command: SMB2_COMMAND_WRITE
diff --git a/tests/smb-log-conf-02/README.md b/tests/smb-log-conf-02/README.md

new file mode 100644 (file)

index 0000000..d0b27e1
--- /dev/null
+++ b/tests/smb-log-conf-02/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test smb logging configuration options
+
+https://redmine.openinfosecfoundation.org/issues/7620
+
+Pcap reused
diff --git a/tests/smb-log-conf-02/suricata.yaml b/tests/smb-log-conf-02/suricata.yaml

new file mode 100644 (file)

index 0000000..ac6df48
--- /dev/null
+++ b/tests/smb-log-conf-02/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      types:
+        - smb:
+            types: [tree_connect, negotiate, session_setup]
+\ No newline at end of file
diff --git a/tests/smb-log-conf-02/test.yaml b/tests/smb-log-conf-02/test.yaml

new file mode 100644 (file)

index 0000000..80ad43e
--- /dev/null
+++ b/tests/smb-log-conf-02/test.yaml
@@ -0,0 +1,29 @@
+requires:
+  min-version: 8
+
+args:
+- --set stream.reassembly.depth=0
+- -k none
+
+pcap: ../smb2-01/smb2-peter.pcap
+
+checks:
+  - filter:
+      count: 4
+      match:
+        event_type: smb
+  - filter:
+      count: 1
+      match:
+        event_type: smb
+        smb.command: SMB2_COMMAND_NEGOTIATE_PROTOCOL
+  - filter:
+      count: 2
+      match:
+        event_type: smb
+        smb.command: SMB2_COMMAND_SESSION_SETUP
+  - filter:
+      count: 1
+      match:
+        event_type: smb
+        smb.command: SMB2_COMMAND_TREE_CONNECT
author	Philippe Antoine <pantoine@oisf.net>
	Thu, 20 Mar 2025 10:48:04 +0000 (11:48 +0100)
committer	Philippe Antoine <pantoine@oisf.net>
	Sat, 5 Apr 2025 19:43:17 +0000 (21:43 +0200)
tests/smb-log-conf-01/README.md	[new file with mode: 0644]	patch \| blob
tests/smb-log-conf-01/suricata.yaml	[new file with mode: 0644]	patch \| blob
tests/smb-log-conf-01/test.yaml	[new file with mode: 0644]	patch \| blob
tests/smb-log-conf-02/README.md	[new file with mode: 0644]	patch \| blob
tests/smb-log-conf-02/suricata.yaml	[new file with mode: 0644]	patch \| blob
tests/smb-log-conf-02/test.yaml	[new file with mode: 0644]	patch \| blob