--- /dev/null
+#! /usr/bin/env bash
+
+# Check for a single alert.
+n=$(cat output/eve.json | jq -c 'select(.event_type == "alert")' | wc -l)
+if test "${n}" -ne 1; then
+ echo "expected 1 event, found ${n}"
+ exit 1
+fi
+
+exit 0
+++ /dev/null
-{"timestamp":"2016-09-19T15:13:55.657253+0000","flow_id":1880489165303449,"pcap_cnt":12,"event_type":"alert","src_ip":"24.244.4.23","src_port":443,"dest_ip":"10.16.1.11","dest_port":54684,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":1,"rev":1,"signature":"TLS FINGERPRINT TEST","category":"","severity":3},"tls":{"subject":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com","issuerdn":"C=US, O=Google Inc, CN=Google Internet Authority G2","fingerprint":"90:86:a4:3b:f5:cf:1b:2e:4e:f7:97:96:f9:de:ba:b9:66:35:86:3f","sni":"www.google.com","version":"TLS 1.2","notbefore":"2016-09-14T08:20:40","notafter":"2016-12-07T08:19:00"},"payload":"FgMDAGQCAABgAwNX4ACzYMKFFPUfj3GwtnkXASPvrc9DSYl7rvIWYcfU3CAwoyN7H55ZUoQwUM4cl8eGnXx0ALlMd6ZjKzFAWWZgmMAvAAAY\/wEAAQAAAAAAABAABQADAmgyAAsAAgEAFgMDDAkLAAwFAAwCAASEMIIEgDCCA2igAwIBAgIIK6L1O7WFg3UwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTYwOTE0MDgyMDQwWhcNMTYxMjA3MDgxOTAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCAmQKHoFWTZ2HK2CN21xj8iEDvGoySc4qlPD3pmJpJFxO533WEPhnd\/\/6QF+Krr3DMaLzS8dj0mzSTHRnBgecv8\/IYtvwaon28S8fdTJExgEZopfyCRTxG8FZc2v5t5VLW9Cd+iuaQfAUTmAHcrq304XAjjaypJZ4ggnMzsJqaK2aRZUzVwzsADFjrMGjF9KGiu+DyobsuATblK9rgFixm2NQipPtt4kRuJbPp9qpJMcZael30mrunV8FLLIgLgEWYUzhO+AOWeomKSHKsZO8akY7DFmSLpoY7A9BKHCByjbf9fwXuBFDrSPfpekYW2kT4NfHU8mBpqyyrSCIzEhv3AgMBAAGjggFLMIIBRzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBSlyYl+\/3NDrJ9jQw7V9viRhoXF2jAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAPSDolYdq1tkYsmeAz1Pmb2MwA23nhcyUTP00QYLMYYG\/8CxGhUc1tonuzA\/ws0uy+3z+vF\/4UxsGTlJLyOMon68TU1OYGuGlQTLV7CUVb8K348dSz\/Yv9zLGSX1CdD7OwurPKgSzyqfaLzgosn9YycO0SHlVRYf9hADKthZXjprnXScJ\/uYWYqRn36Yd70zojdLqak0DUl51quVy4s1VSauEEj76Prrq0L6HOw86CMIKWnLRTBGT7Y75g8ELD53H\/j\/rGJDrbFZOu3N0aPcpIifFRyflDAY52c3DaLBlKnx6OBXaFoJwXa54ncQs4DXhJvzNDqf+X6BgTJ9xjaMH7AAD9DCCA\/AwggLYoAMCAQICAwI6kjANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE1MDQwMTAwMDAwMFoXDTE3MTIzMTIzNTk1OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk\/8RlwGohGfuCPxfGJziHuWv5hDbcyRImgdAtTT1WkzoJile7rWV\/G4QWAEsRelD+8W0g49FP3JOb7kekVxM\/0Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf\/86PKc3Bo69SxEE630k3ub5\/DFx+5TVYPMuSq9C0svqxGoassxT3RVLix\/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7jgEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFErdBhYbvPZotXb1gba7Yhq6WoEvMA4GA1UdDwEB\/wQEAwIBBjAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTASBgNVHRMBAf8ECDAGAQH\/AgEAMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwDQYJKoZIhvcNAQELBQADggEBAAhOBKeAfxAWQ14CrddCgPSwjtKus+sRfZCEGH3nkBX7SX+omQWRu3rJ1jw3GAmatseSIAc1MwnkKGNyDbTgMpyHmMQbdolnwVBYsBOqExobMqW+6hGVTEhjSemZXSA3zP4qaVEWlUup3kmCwBBw9Czz7LwkJNBOrKXZXh5tksGnrEg1gfnl5Jxlac2HpEFQPy5XpZFRElgOjAmhrHqkEqUn85oQl31VAwb3ZlhfX2Thq11tpTlIdZhMKVo6jdMrypxVBL\/05hTVgKwm7ReJppNsXKTMuPBmjmTjfZriALNJx+QKqt1bg8dwkEZOvtDbWZZsLvUWNt5xzAHCEsEhxhYAA4EwggN9MIIC5qADAgECAgMSu+YwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMjA1MjEwNDAwMDBaFw0xODA4MjEwNDAwMDBaMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazBhjMP30FyMaVn5b3zxsOORxt3iR1Lyh2Ez4qEO2A+lNIQcIiNpYL2Y5Kb0FeIudOOgFt2p+caTmxGCmsO+A5IkoD54l1u2D862mkceYyUIYNRSdrZhGki5PyvGHQ8EWlVctUO+JLYB6V63y7l9r0gCNuRT4FBU12cBGo3tyyJG\/yVUrzdCXPpwmZMzfzoMZccpO5tTVe6kZzVXeyOzSXjhT5VxPjC3+UCM2\/Gbmy46kORkAt5UCOZELDv44LtEdBZr2TT5vDwcdrywej2A54vo2UxM51F4mK9s9qBS9MusYAyhSBHHlqzM94Ti7BzaEYpx56hYw9F\/AK+hxa+T5AgMBAAGjgfAwge0wHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFMB6mGiNifurBWQMEX2qfWW4ysxOMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsME4GA1UdIARHMEUwQwYEVR0gADA7MDkGCCsGAQUFBwIBFi1odHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkwDQYJKoZIhvcNAQEFBQADgYEAduESbk5LFhKGMAaygQjP8AjHx3F+Zu7C7dQ7H\/\/w8MhO1kM4sLkwfRjQVYOiass2EZzoSGajbX+4E9RH\/otaXHP8rtkbMhk4q5c0FKqW0uujHBQISba75ZHvgzbrHVZvytq8c2OQ5H97PiLLPQftXzh0nOMDUE6hr5juYfKEPxIWAwMBTQwAAUkDABdBBFkEmhWPRTvJcZlswbVdtkvJRJ\/KS6fn9Om3AJrM1DOnPOkP1Cdf3FQSbFIp\/7yv0Tupa\/+VgIHv6ZssppN0W3MGAQEAAIp7vMeKQeQpI9IWy8kovZE3ccSRwMJVUPEpLBu5lrfebNHrzG\/6GlFnfHBlWa56gIrpclgpTvQsWdbbPUFgXQTpl+1P7n1P8+oW1uFHjuKi9553hyzDgDkKx9P1znj2l8xgnyghTnzmGzfaIA\/qGJljj+7hJ1B7QmTRDpE2NV9J5mo+FPj9k6cqBLqlCkEMHrNkdctbZDVWv+Q9WFqNhLNkQydpJNx2N1YJGPIF01AKmHCJtwccV6iMp4tFpv6D6s0IOXIrAStoifAfHLZmiKIjf6DBvQe89aotZsugTwCuJ6tfk8+MpqtdD4iln5HbTacjTPt\/Av5nVJqGHxzeVhYDAwAEDgAAAA==","stream":1,"packet":"2MuK7aFGABUXDQb3CABFAAXc744AADgGZWgY9AQXChABCwG71ZyefKS608Ty7YAQAOvOagAAAQEICh4H5Ncjgy1QFgMDAGQCAABgAwNX4ACzYMKFFPUfj3GwtnkXASPvrc9DSYl7rvIWYcfU3CAwoyN7H55ZUoQwUM4cl8eGnXx0ALlMd6ZjKzFAWWZgmMAvAAAY\/wEAAQAAAAAAABAABQADAmgyAAsAAgEAFgMDDAkLAAwFAAwCAASEMIIEgDCCA2igAwIBAgIIK6L1O7WFg3UwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTYwOTE0MDgyMDQwWhcNMTYxMjA3MDgxOTAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCAmQKHoFWTZ2HK2CN21xj8iEDvGoySc4qlPD3pmJpJFxO533WEPhnd\/\/6QF+Krr3DMaLzS8dj0mzSTHRnBgecv8\/IYtvwaon28S8fdTJExgEZopfyCRTxG8FZc2v5t5VLW9Cd+iuaQfAUTmAHcrq304XAjjaypJZ4ggnMzsJqaK2aRZUzVwzsADFjrMGjF9KGiu+DyobsuATblK9rgFixm2NQipPtt4kRuJbPp9qpJMcZael30mrunV8FLLIgLgEWYUzhO+AOWeomKSHKsZO8akY7DFmSLpoY7A9BKHCByjbf9fwXuBFDrSPfpekYW2kT4NfHU8mBpqyyrSCIzEhv3AgMBAAGjggFLMIIBRzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBSlyYl+\/3NDrJ9jQw7V9viRhoXF2jAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAPSDolYdq1tkYsmeAz1Pmb2MwA23nhcyUTP00QYLMYYG\/8CxGhUc1tonuzA\/ws0uy+3z+vF\/4UxsGTlJLyOMon68TU1OYGuGlQTLV7CUVb8K348dSz\/Yv9zLGSX1CdD7OwurPKgSzyqfaLzgosn9YycO0SHlVRYf9hADKthZXjprnXScJ\/uYWYqRn36Yd70zojdLqak0DUl51quVy4s1VSauEEj76Prrq0L6HOw86CMIKWnLRTBGT7Y75g8ELD53H\/j\/rGJDrbFZOu3N0aPcpIifFRyflDAY52c3DaLBlKnx6OBXaFoJwXa54ncQs4DXhJvzNDqf+X6BgTJ9xjaMH7AAD9DCCA\/AwggLYoAMCAQICAwI6kjANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE1MDQwMTAwMDAwMFoXDTE3MTIzMTIzNTk1OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmM=","packet_info":{"linktype":1}}
-{"timestamp":"2016-09-19T15:13:55.657253+0000","flow_id":1880489165303449,"pcap_cnt":12,"event_type":"tls","src_ip":"10.16.1.11","src_port":54684,"dest_ip":"24.244.4.23","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com","issuerdn":"C=US, O=Google Inc, CN=Google Internet Authority G2","fingerprint":"90:86:a4:3b:f5:cf:1b:2e:4e:f7:97:96:f9:de:ba:b9:66:35:86:3f","sni":"www.google.com","version":"TLS 1.2","notbefore":"2016-09-14T08:20:40","notafter":"2016-12-07T08:19:00"}}
--- /dev/null
+#! /usr/bin/env bash
+
+# Check for 1 tls event.
+n=$(cat output/eve.json | jq -c 'select(.event_type == "tls")' | wc -l)
+if test "${n}" -ne 1; then
+ echo "expected 1 event, got $n"
+ exit 1
+fi
+
+exit 0
+
+
+++ /dev/null
-{"timestamp":"2016-09-19T15:13:55.657295+0000","flow_id":1880489165303449,"pcap_cnt":13,"event_type":"tls","src_ip":"10.16.1.11","src_port":54684,"dest_ip":"24.244.4.23","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com","issuerdn":"C=US, O=Google Inc, CN=Google Internet Authority G2","fingerprint":"90:86:a4:3b:f5:cf:1b:2e:4e:f7:97:96:f9:de:ba:b9:66:35:86:3f","sni":"www.google.com","version":"TLS 1.2","notbefore":"2016-09-14T08:20:40","notafter":"2016-12-07T08:19:00"}}
--- /dev/null
+#! /usr/bin/env bash
+
+# Check for 1 tls event.
+n=$(cat output/eve.json | jq -c 'select(.event_type == "tls")' | wc -l)
+if test "${n}" -ne 1; then
+ echo "expected 1 event, got $n"
+ exit 1
+fi
+
+exit 0
+
+
+++ /dev/null
-{"timestamp":"2016-09-19T15:13:55.657253+0000","flow_id":1880489165303449,"pcap_cnt":12,"event_type":"tls","src_ip":"10.16.1.11","src_port":54684,"dest_ip":"24.244.4.23","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com","issuerdn":"C=US, O=Google Inc, CN=Google Internet Authority G2","fingerprint":"90:86:a4:3b:f5:cf:1b:2e:4e:f7:97:96:f9:de:ba:b9:66:35:86:3f","sni":"www.google.com","version":"TLS 1.2","notbefore":"2016-09-14T08:20:40","notafter":"2016-12-07T08:19:00"}}
projects / thirdparty / suricata-verify.git / commitdiff
