--- /dev/null
+# Test
+
+Showcase/ test PGSQL events.
+
+# Pcap
+
+Provided by Victor Julien.
+
+# Ticket
+
+https://redmine.openinfosecfoundation.org/issues/5566
--- /dev/null
+%YAML 1.1
+---
+
+outputs:
+ - eve-log:
+ enabled: yes
+ filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+ filename: eve.json
+ types:
+ - pgsql:
+ enabled: yes
+ - alert
+ - flow
+ - stats
+
+app-layer:
+ protocols:
+ pgsql:
+ enabled: yes
+ # Stream reassembly size for PostgreSQL. By default, track it completely.
+ stream-depth: 0
+ # Maximum number of live PostgreSQL transactions per flow
+ # max-tx: 1024
--- /dev/null
+alert pgsql any any -> any any (msg:"PGSQL unknown/ malformed message"; app-layer-event:pgsql.malformed_request; flow:to_server; sid:1;)
--- /dev/null
+requires:
+ min-version: 8
+
+args:
+- -k none --set stream.midstream=true --set stream.inline=true
+
+checks:
+ - filter:
+ filename: eve.json
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 1
projects / thirdparty / suricata-verify.git / commitdiff
