test: test for empty dns/eve formats

Test that when dns/eve "formats" is empty, it uses the default of all.

Bug: #6420

diff --git a/tests/dns/dns-eve-empty-format/README.md b/tests/dns/dns-eve-empty-format/README.md
new file mode 100644 (file)
index 0000000..e82386f
--- /dev/null
+++ b/tests/dns/dns-eve-empty-format/README.md
@@ -0,0 +1,5 @@
+Test that emtpy EVE/DNS "formats" configuration results in the default
+of both formats.
+
+https://redmine.openinfosecfoundation.org/issues/6420
+

diff --git a/tests/dns/dns-eve-empty-format/input.pcap b/tests/dns/dns-eve-empty-format/input.pcap
new file mode 100644 (file)
index 0000000..5c9ee35
Binary files /dev/null and b/tests/dns/dns-eve-empty-format/input.pcap differ

diff --git a/tests/dns/dns-eve-empty-format/suricata.yaml b/tests/dns/dns-eve-empty-format/suricata.yaml
new file mode 100644 (file)
index 0000000..47b4352
--- /dev/null
+++ b/tests/dns/dns-eve-empty-format/suricata.yaml
@@ -0,0 +1,11 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - dns:
+            formats:

diff --git a/tests/dns/dns-eve-empty-format/test.yaml b/tests/dns/dns-eve-empty-format/test.yaml
new file mode 100644 (file)
index 0000000..0be5eb8
--- /dev/null
+++ b/tests/dns/dns-eve-empty-format/test.yaml
@@ -0,0 +1,7 @@
+checks:
+  - filter:
+      count: 1
+      match:
+        pcap_cnt: 8
+        dns.answers[0].rrtype: A
+        dns.grouped.A[0]: "52.85.112.21"