flow: log elephant flow count and bool

Feature 5647

diff --git a/tests/elephant-flow-tracking/README.md b/tests/elephant-flow-tracking/README.md
new file mode 100644 (file)
index 0000000..eff8dcc
--- /dev/null
+++ b/tests/elephant-flow-tracking/README.md
@@ -0,0 +1,9 @@
+Test Description
+================
+
+Test to show the output logged in case of elephant flow detected.
+
+Redmine Ticket
+==============
+
+https://redmine.openinfosecfoundation.org/issues/5647

diff --git a/tests/elephant-flow-tracking/suricata.yaml b/tests/elephant-flow-tracking/suricata.yaml
new file mode 100644 (file)
index 0000000..201593c
--- /dev/null
+++ b/tests/elephant-flow-tracking/suricata.yaml
@@ -0,0 +1,15 @@
+%YAML 1.1
+---
+
+flow:
+  rate-tracking:
+    bytes: 10KiB
+    interval: 10
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      types:
+        - flow
+        - stats

diff --git a/tests/elephant-flow-tracking/test.yaml b/tests/elephant-flow-tracking/test.yaml
new file mode 100644 (file)
index 0000000..b95c4eb
--- /dev/null
+++ b/tests/elephant-flow-tracking/test.yaml
@@ -0,0 +1,15 @@
+pcap: ../tcp-urgp-09-oob-exceed-limit-inline/tcp-urgent-1byte-66k.pcap
+
+requires:
+  min-version: 8
+
+checks:
+  - filter:
+      count: 1
+      match:
+        stats.flow.elephant: 1
+
+  - filter:
+      count: 1
+      match:
+        flow.elephant: true