]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ecb8abd)
test/alert-max: add check for discarded alerts 896/head
authorJuliana Fajardini <jufajardini@gmail.com>
Tue, 5 Apr 2022 19:47:31 +0000 (16:47 -0300)
committerVictor Julien <victor@inliniac.net>
Thu, 28 Jul 2022 10:20:16 +0000 (12:20 +0200)
Check that we correctly log to stats how many alerts have been discarded
due to packet alert queue overflow.

Task #5179

tests/alert-max/alert-max-append-higher-priority/suricata.yaml patch | blob | blame | history
tests/alert-max/alert-max-append-higher-priority/test.rules patch | blob | blame | history
tests/alert-max/alert-max-append-higher-priority/test.yaml patch | blob | blame | history

diff --git a/tests/alert-max/alert-max-append-higher-priority/suricata.yaml b/tests/alert-max/alert-max-append-higher-priority/suricata.yaml
index affc4f2048e637f34066772916f58600fb996b0b..36e3dc31d47c203578912f1b9ade6661dc6c599e 100644 (file)
--- a/tests/alert-max/alert-max-append-higher-priority/suricata.yaml
+++ b/tests/alert-max/alert-max-append-higher-priority/suricata.yaml
@@ -15,6 +15,7 @@ outputs:
       types:
         - alert
         - http
+        - stats
 
 # Define maximum number of possible alerts that can be triggered for the same
 # packet. Default is 15
diff --git a/tests/alert-max/alert-max-append-higher-priority/test.rules b/tests/alert-max/alert-max-append-higher-priority/test.rules
index 3c0133f94ae3f8307e0638ffc73d952203d267e3..46e020e39a463a38be4244513bcf58232b89c440 100644 (file)
--- a/tests/alert-max/alert-max-append-higher-priority/test.rules
+++ b/tests/alert-max/alert-max-append-higher-priority/test.rules
@@ -14,3 +14,11 @@ alert http any any -> any any (msg:"Match rule internal id 5"; uricontent:"/inde
 alert http any any -> any any (msg:"Match rule internal id 6"; http.request_line; bsize:10<>100; sid:7; rev:1;)
 # Internal id 7
 alert http any any -> any any (msg:"Match rule internal id 7"; http.request_line; content:"GET /index.html HTTP/1.0"; sid:8;)
+# internal id doesn't matter here
+alert tcp any any -> any any (msg:"No match rule 8"; dsize:>140; sid:9; rev:1;)
+# internal id doesn't matter here
+alert http any any -> any any (msg:"Match rule 9"; http.request_line; content:"GET /index.html HTTP/1.0"; sid:10;)
+# internal id doesn't matter here
+alert http any any -> any any (msg:"Match rule 10"; uricontent:"/index.html"; sid:11; rev:1;)
+# internal id doesn't matter here
+alert http any any -> any any (msg:"Match rule 11"; http.request_line; content:"GET /index.html HTTP/1.0"; sid:12;)
diff --git a/tests/alert-max/alert-max-append-higher-priority/test.yaml b/tests/alert-max/alert-max-append-higher-priority/test.yaml
index 6d71b42186ed522093380825b4f6d7533e5f7985..a81975ba9a9d89ee099a9397c757e828ece7976b 100644 (file)
--- a/tests/alert-max/alert-max-append-higher-priority/test.yaml
+++ b/tests/alert-max/alert-max-append-higher-priority/test.yaml
@@ -52,3 +52,9 @@ checks:
     match:
       event_type: alert
       alert.signature_id: 8
+# Subtest 9
+- filter:
+    count: 1
+    match:
+      event_type: stats
+      stats.detect.alert_queue_overflow: 4
Mirror of https://github.com/OISF/suricata-verify.git