From: Jason Ish <ish@unx.ca>
Date: Thu, 13 Jul 2017 16:33:11 +0000 (-0600)
Subject: test: eve/dns aaaa only logging
X-Git-Tag: suricata-6.0.4~579
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d1cc3c9a2ba9718328543bfa358fe9c0e1cef66;p=thirdparty%2Fsuricata-verify.git

test: eve/dns aaaa only logging
---

diff --git a/dns-udp-eve-log-aaaa-only/README.md b/dns-udp-eve-log-aaaa-only/README.md
new file mode 100644
index 000000000..88649bff1
--- /dev/null
+++ b/dns-udp-eve-log-aaaa-only/README.md
@@ -0,0 +1,2 @@
+Test custom eve DNS logging by configuring it to log only AAAA
+records, and verifying that only AAAA records are logged.
diff --git a/dns-udp-eve-log-aaaa-only/check.sh b/dns-udp-eve-log-aaaa-only/check.sh
new file mode 100755
index 000000000..ef8ffd303
--- /dev/null
+++ b/dns-udp-eve-log-aaaa-only/check.sh
@@ -0,0 +1,12 @@
+#! /bin/sh
+
+. ../functions.sh
+
+n=$(jq_count output/eve.json 'select(.dns.rrtype == "AAAA")')
+assert_eq 2 $n "expected 2 aaaa records"
+
+n=$(jq_count output/eve.json 'select(.dns.rrtype != "AAAA")')
+assert_eq 0 $n "expected 0 non-aaaa records"
+
+exit 0
+
diff --git a/dns-udp-eve-log-aaaa-only/dns-udp-google.com-a-aaaa-mx.pcap b/dns-udp-eve-log-aaaa-only/dns-udp-google.com-a-aaaa-mx.pcap
new file mode 100644
index 000000000..def918f21
Binary files /dev/null and b/dns-udp-eve-log-aaaa-only/dns-udp-google.com-a-aaaa-mx.pcap differ
diff --git a/dns-udp-eve-log-aaaa-only/suricata.yaml b/dns-udp-eve-log-aaaa-only/suricata.yaml
new file mode 100644
index 000000000..8b56c205d
--- /dev/null
+++ b/dns-udp-eve-log-aaaa-only/suricata.yaml
@@ -0,0 +1,11 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - dns:
+            custom: [aaaa]