From: Jason Ish Date: Mon, 3 Dec 2018 16:38:01 +0000 (-0600) Subject: dns tests: enable eve v1 tests for Rust builds. X-Git-Tag: suricata-6.0.4~488 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5cfaddcb10848a342cd9470bd2658143ee509c5c;p=thirdparty%2Fsuricata-verify.git dns tests: enable eve v1 tests for Rust builds. Suricata branch ish/rust-dns-v1/v1 brings DNS v1 logging support for Rust. --- diff --git a/tests/dns-eve/suricata.yaml b/tests/dns-eve/suricata.yaml index 62cad45ef..cda656a47 100644 --- a/tests/dns-eve/suricata.yaml +++ b/tests/dns-eve/suricata.yaml @@ -11,26 +11,8 @@ stats: outputs: - eve-log: enabled: yes - filetype: regular #regular|syslog|unix_dgram|unix_stream|redis + filetype: regular filename: eve.json - #prefix: "@cee: " # prefix to prepend to each log entry - # the following are valid when type: syslog above - #identity: "suricata" - #facility: local5 - #level: Info ## possible levels: Emergency, Alert, Critical, - ## Error, Warning, Notice, Info, Debug - #redis: - # server: 127.0.0.1 - # port: 6379 - # mode: list ## possible values: list (default), channel - # key: suricata ## key or channel to use (default to suricata) - # Redis pipelining set up. This will enable to only do a query every - # 'batch-size' events. This should lower the latency induced by network - # connection at the cost of some memory. There is no flushing implemented - # so this setting as to be reserved to high traffic suricata. - # pipelining: - # enabled: yes ## set enable to yes to enable query pipelining - # batch-size: 10 ## number of entry to keep in buffer types: - alert: # payload: yes # enable dumping payload in Base64 @@ -64,7 +46,8 @@ outputs: # custom allows additional http fields to be included in eve-log # the example below adds three additional fields when uncommented #custom: [Accept-Encoding, Accept-Language, Authorization] - - dns + - dns: + version: 1 - tls: extended: yes # enable this for extended logging information - files: diff --git a/tests/dns-eve/test.yaml b/tests/dns-eve/test.yaml index 9051dd814..56ea9b0d5 100644 --- a/tests/dns-eve/test.yaml +++ b/tests/dns-eve/test.yaml @@ -1,7 +1,3 @@ requires: features: - HAVE_LIBJANSSON - -skip: - - feature: RUST - msg: eve dns v1 not supported by rust diff --git a/tests/dns-json-log/suricata.yaml b/tests/dns-json-log/suricata.yaml index 19bd407a4..4daa2b75f 100644 --- a/tests/dns-json-log/suricata.yaml +++ b/tests/dns-json-log/suricata.yaml @@ -3,5 +3,6 @@ outputs: - dns-json-log: + version: 1 enabled: yes filename: dns.json diff --git a/tests/dns-json-log/test.yaml b/tests/dns-json-log/test.yaml index 9051dd814..56ea9b0d5 100644 --- a/tests/dns-json-log/test.yaml +++ b/tests/dns-json-log/test.yaml @@ -1,7 +1,3 @@ requires: features: - HAVE_LIBJANSSON - -skip: - - feature: RUST - msg: eve dns v1 not supported by rust diff --git a/tests/dns-lua-rules/test.yaml b/tests/dns-lua-rules/test.yaml index e3fc984da..656f5eeaa 100644 --- a/tests/dns-lua-rules/test.yaml +++ b/tests/dns-lua-rules/test.yaml @@ -2,9 +2,9 @@ requires: features: - HAVE_LUA -skip: - - feature: RUST - msg: Known issue with feature RUST +# skip: +# - feature: RUST +# msg: Known issue with feature RUST checks: - filter: diff --git a/tests/dns-single-request/suricata.yaml b/tests/dns-single-request/suricata.yaml index 356034273..5f7eded22 100644 --- a/tests/dns-single-request/suricata.yaml +++ b/tests/dns-single-request/suricata.yaml @@ -1,11 +1,10 @@ %YAML 1.1 --- -include: ../../etc/suricata-3.1.2.yaml - outputs: - eve-log: enabled: yes filename: eve.json types: - - dns + - dns: + version: 1 diff --git a/tests/dns-single-request/test.yaml b/tests/dns-single-request/test.yaml index 1fae0c7db..56ea9b0d5 100644 --- a/tests/dns-single-request/test.yaml +++ b/tests/dns-single-request/test.yaml @@ -1,6 +1,3 @@ requires: features: - HAVE_LIBJANSSON -skip: - - feature: RUST - msg: eve dns v1 not supported by rust diff --git a/tests/dns-tcp-multirequest-buffer-1/suricata.yaml b/tests/dns-tcp-multirequest-buffer-1/suricata.yaml index 502e7076d..60e848851 100644 --- a/tests/dns-tcp-multirequest-buffer-1/suricata.yaml +++ b/tests/dns-tcp-multirequest-buffer-1/suricata.yaml @@ -1,4 +1,10 @@ %YAML 1.1 --- -include: ../../etc/suricata-3.1.2.yaml +outputs: + - eve-log: + enabled: yes + types: + - dns: + version: 1 + diff --git a/tests/dns-tcp-multirequest-buffer-1/test.yaml b/tests/dns-tcp-multirequest-buffer-1/test.yaml index d1d279875..695f2f882 100644 --- a/tests/dns-tcp-multirequest-buffer-1/test.yaml +++ b/tests/dns-tcp-multirequest-buffer-1/test.yaml @@ -1,8 +1,4 @@ requires: features: - HAVE_LIBJANSSON - -skip: - - feature: RUST - msg: eve dns v1 not supported by rust diff --git a/tests/dns-tcp-ts-gap/check.sh b/tests/dns-tcp-ts-gap/check.sh deleted file mode 100755 index d1544764f..000000000 --- a/tests/dns-tcp-ts-gap/check.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /bin/sh - -. ${TOPDIR}/util/functions.sh - -# As a request was missing, we should have 2 requests, but 26 -# responses, as each request resulted in 12 responses. -log=./eve.json - -n=$(cat ${log} | \ - jq -c 'select(.event_type == "dns") | select(.dns.type == "query")' | \ - wc -l | xargs) -assert_eq 2 $n - -n=$(cat ${log} | \ - jq -c 'select(.event_type == "dns") | select(.dns.type == "answer")' | \ - wc -l | xargs) -assert_eq 36 $n - -exit 0 diff --git a/tests/dns-tcp-ts-gap/suricata.yaml b/tests/dns-tcp-ts-gap/suricata.yaml new file mode 100644 index 000000000..5f7eded22 --- /dev/null +++ b/tests/dns-tcp-ts-gap/suricata.yaml @@ -0,0 +1,10 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filename: eve.json + types: + - dns: + version: 1 diff --git a/tests/dns-tcp-ts-gap/test.yaml b/tests/dns-tcp-ts-gap/test.yaml index bcf978036..5b643dfac 100644 --- a/tests/dns-tcp-ts-gap/test.yaml +++ b/tests/dns-tcp-ts-gap/test.yaml @@ -4,7 +4,14 @@ requires: features: - HAVE_LIBJANSSON -skip: - - config: - # Skip if using eve.dns version 2. - outputs.\d.eve-log.types.\d.dns.version: 2 +checks: + - filter: + count: 2 + match: + event_type: dns + dns.type: query + - filter: + count: 36 + match: + event_type: dns + dns.type: answer diff --git a/tests/dns-tcp-www-google-com/check.sh b/tests/dns-tcp-www-google-com/check.sh deleted file mode 100755 index e3e3b7fbd..000000000 --- a/tests/dns-tcp-www-google-com/check.sh +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/sh - -. ${TOPDIR}/util/functions.sh - -# One DNS request. -n=$(jq_count eve.json 'select(.event_type == "dns") | select(.dns.type == "query")') -assert_eq 1 $n "dns requests" - -# 12 DNS responses. -n=$(jq_count eve.json 'select(.event_type == "dns") | select(.dns.type == "answer")') -assert_eq 12 $n "dns responses" diff --git a/tests/dns-tcp-www-google-com/suricata.yaml b/tests/dns-tcp-www-google-com/suricata.yaml index 311725564..6e0f4008d 100644 --- a/tests/dns-tcp-www-google-com/suricata.yaml +++ b/tests/dns-tcp-www-google-com/suricata.yaml @@ -1,8 +1,13 @@ %YAML 1.1 --- -include: ../../etc/suricata-3.1.2.yaml - # Remove stats logging. stats: enabled: no + +outputs: + - eve-log: + enabled: yes + types: + - dns: + version: 1 diff --git a/tests/dns-tcp-www-google-com/test.yaml b/tests/dns-tcp-www-google-com/test.yaml index d1d279875..6abaebc5b 100644 --- a/tests/dns-tcp-www-google-com/test.yaml +++ b/tests/dns-tcp-www-google-com/test.yaml @@ -2,7 +2,14 @@ requires: features: - HAVE_LIBJANSSON -skip: - - feature: RUST - msg: eve dns v1 not supported by rust - +checks: + - filter: + count: 1 + match: + event_type: dns + dns.type: query + - filter: + count: 12 + match: + event_type: dns + dns.type: answer diff --git a/tests/dns-udp-dig-a-www-suricata-ids-org/suricata.yaml b/tests/dns-udp-dig-a-www-suricata-ids-org/suricata.yaml new file mode 100644 index 000000000..04fea5f3a --- /dev/null +++ b/tests/dns-udp-dig-a-www-suricata-ids-org/suricata.yaml @@ -0,0 +1,11 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filetype: regular + filename: eve.json + types: + - dns: + version: 1 diff --git a/tests/dns-udp-dig-a-www-suricata-ids-org/test.yaml b/tests/dns-udp-dig-a-www-suricata-ids-org/test.yaml index a3efcb3f6..23a2d9671 100644 --- a/tests/dns-udp-dig-a-www-suricata-ids-org/test.yaml +++ b/tests/dns-udp-dig-a-www-suricata-ids-org/test.yaml @@ -2,11 +2,6 @@ requires: features: - HAVE_LIBJANSSON -skip: - - config: - # Skip if using eve.dns version 2. - outputs.\d.eve-log.types.\d.dns.version: 2 - checks: - filter: diff --git a/tests/dns-udp-double-request-response/check.sh b/tests/dns-udp-double-request-response/check.sh deleted file mode 100755 index d8f04ecf7..000000000 --- a/tests/dns-udp-double-request-response/check.sh +++ /dev/null @@ -1,15 +0,0 @@ -#! /bin/sh - -# Check queries. -c=$(cat eve.json | jq -c 'select(.dns.type == "query")' | wc -l | xargs) -if [ "${c}" -ne 2 ]; then - echo "error: expected 2 DNS queries, got ${c}" - exit 1 -fi - -# Check answer count. -c=$(cat eve.json | jq -c 'select(.dns.type == "answer")' | wc -l | xargs) -if [ "${c}" -ne 9 ]; then - echo "error: expected 9 DNS answers, got ${c}" - exit 1 -fi diff --git a/tests/dns-udp-double-request-response/suricata.yaml b/tests/dns-udp-double-request-response/suricata.yaml index 502e7076d..5f7eded22 100644 --- a/tests/dns-udp-double-request-response/suricata.yaml +++ b/tests/dns-udp-double-request-response/suricata.yaml @@ -1,4 +1,10 @@ %YAML 1.1 --- -include: ../../etc/suricata-3.1.2.yaml +outputs: + - eve-log: + enabled: yes + filename: eve.json + types: + - dns: + version: 1 diff --git a/tests/dns-udp-double-request-response/test.yaml b/tests/dns-udp-double-request-response/test.yaml index 9051dd814..7804b105b 100644 --- a/tests/dns-udp-double-request-response/test.yaml +++ b/tests/dns-udp-double-request-response/test.yaml @@ -2,6 +2,14 @@ requires: features: - HAVE_LIBJANSSON -skip: - - feature: RUST - msg: eve dns v1 not supported by rust +checks: + - filter: + count: 2 + match: + event_type: dns + dns.type: query + - filter: + count: 9 + match: + event_type: dns + dns.type: answer diff --git a/tests/dns-udp-eve-log-aaaa-only/suricata.yaml b/tests/dns-udp-eve-log-aaaa-only/suricata.yaml index 8b56c205d..2c9df4c08 100644 --- a/tests/dns-udp-eve-log-aaaa-only/suricata.yaml +++ b/tests/dns-udp-eve-log-aaaa-only/suricata.yaml @@ -8,4 +8,5 @@ outputs: filename: eve.json types: - dns: + version: 1 custom: [aaaa] diff --git a/tests/dns-udp-eve-log-aaaa-only/test.yaml b/tests/dns-udp-eve-log-aaaa-only/test.yaml index 9051dd814..56ea9b0d5 100644 --- a/tests/dns-udp-eve-log-aaaa-only/test.yaml +++ b/tests/dns-udp-eve-log-aaaa-only/test.yaml @@ -1,7 +1,3 @@ requires: features: - HAVE_LIBJANSSON - -skip: - - feature: RUST - msg: eve dns v1 not supported by rust diff --git a/tests/dns-udp-eve-log-answer-only/suricata.yaml b/tests/dns-udp-eve-log-answer-only/suricata.yaml index 1bf5f71d8..e4ac0832e 100644 --- a/tests/dns-udp-eve-log-answer-only/suricata.yaml +++ b/tests/dns-udp-eve-log-answer-only/suricata.yaml @@ -8,6 +8,7 @@ outputs: filename: eve.json types: - dns: + version: 1 query: no answer: yes diff --git a/tests/dns-udp-eve-log-answer-only/test.yaml b/tests/dns-udp-eve-log-answer-only/test.yaml index 9051dd814..56ea9b0d5 100644 --- a/tests/dns-udp-eve-log-answer-only/test.yaml +++ b/tests/dns-udp-eve-log-answer-only/test.yaml @@ -1,7 +1,3 @@ requires: features: - HAVE_LIBJANSSON - -skip: - - feature: RUST - msg: eve dns v1 not supported by rust diff --git a/tests/dns-udp-eve-log-mx-only/suricata.yaml b/tests/dns-udp-eve-log-mx-only/suricata.yaml index af5d3f6fe..a27aeb3e1 100644 --- a/tests/dns-udp-eve-log-mx-only/suricata.yaml +++ b/tests/dns-udp-eve-log-mx-only/suricata.yaml @@ -8,4 +8,5 @@ outputs: filename: eve.json types: - dns: + version: 1 custom: [mx] diff --git a/tests/dns-udp-eve-log-mx-only/test.yaml b/tests/dns-udp-eve-log-mx-only/test.yaml index 9051dd814..56ea9b0d5 100644 --- a/tests/dns-udp-eve-log-mx-only/test.yaml +++ b/tests/dns-udp-eve-log-mx-only/test.yaml @@ -1,7 +1,3 @@ requires: features: - HAVE_LIBJANSSON - -skip: - - feature: RUST - msg: eve dns v1 not supported by rust diff --git a/tests/dns-udp-eve-log-query-only/suricata.yaml b/tests/dns-udp-eve-log-query-only/suricata.yaml index 298b4f802..dfa6e4cb4 100644 --- a/tests/dns-udp-eve-log-query-only/suricata.yaml +++ b/tests/dns-udp-eve-log-query-only/suricata.yaml @@ -8,6 +8,7 @@ outputs: filename: eve.json types: - dns: + version: 1 query: yes answer: no diff --git a/tests/dns-udp-eve-log-query-only/test.yaml b/tests/dns-udp-eve-log-query-only/test.yaml index 9051dd814..56ea9b0d5 100644 --- a/tests/dns-udp-eve-log-query-only/test.yaml +++ b/tests/dns-udp-eve-log-query-only/test.yaml @@ -1,7 +1,3 @@ requires: features: - HAVE_LIBJANSSON - -skip: - - feature: RUST - msg: eve dns v1 not supported by rust diff --git a/tests/dns-udp-eve-log-txt/suricata.yaml b/tests/dns-udp-eve-log-txt/suricata.yaml new file mode 100644 index 000000000..5f7eded22 --- /dev/null +++ b/tests/dns-udp-eve-log-txt/suricata.yaml @@ -0,0 +1,10 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filename: eve.json + types: + - dns: + version: 1 diff --git a/tests/dns-udp-eve-log-txt/test.yaml b/tests/dns-udp-eve-log-txt/test.yaml index 6f5121f57..56ea9b0d5 100644 --- a/tests/dns-udp-eve-log-txt/test.yaml +++ b/tests/dns-udp-eve-log-txt/test.yaml @@ -1,8 +1,3 @@ requires: features: - HAVE_LIBJANSSON - -skip: - - config: - # Skip if using eve.dns version 2. - outputs.\d.eve-log.types.\d.dns.version: 2 diff --git a/tests/dns-udp-nxdomain-soa/check.sh b/tests/dns-udp-nxdomain-soa/check.sh deleted file mode 100755 index 05a855591..000000000 --- a/tests/dns-udp-nxdomain-soa/check.sh +++ /dev/null @@ -1,9 +0,0 @@ -#! /bin/sh - -. ${TOPDIR}/util/functions.sh - -# Look for 2 responses with rcode == "NXDOMAIN". -n=$(jq_count eve.json 'select(.dns.rcode == "NXDOMAIN")') -assert_eq 2 "$n" "nxdomain responses" - -exit 0 diff --git a/tests/dns-udp-nxdomain-soa/suricata.yaml b/tests/dns-udp-nxdomain-soa/suricata.yaml index 502e7076d..ea4c8d626 100644 --- a/tests/dns-udp-nxdomain-soa/suricata.yaml +++ b/tests/dns-udp-nxdomain-soa/suricata.yaml @@ -1,4 +1,11 @@ %YAML 1.1 --- -include: ../../etc/suricata-3.1.2.yaml +outputs: + - eve-log: + enabled: yes + filename: eve.json + types: + - dns: + version: 1 + diff --git a/tests/dns-udp-nxdomain-soa/test.yaml b/tests/dns-udp-nxdomain-soa/test.yaml index 9051dd814..fd8ea68f0 100644 --- a/tests/dns-udp-nxdomain-soa/test.yaml +++ b/tests/dns-udp-nxdomain-soa/test.yaml @@ -2,6 +2,10 @@ requires: features: - HAVE_LIBJANSSON -skip: - - feature: RUST - msg: eve dns v1 not supported by rust +checks: + - filter: + count: 2 + match: + event_type: dns + dns.rcode: NXDOMAIN + diff --git a/tests/dns-udp-unsolicited-response/check.sh b/tests/dns-udp-unsolicited-response/check.sh deleted file mode 100755 index f876b16cf..000000000 --- a/tests/dns-udp-unsolicited-response/check.sh +++ /dev/null @@ -1,21 +0,0 @@ -#! /bin/sh - -# Check for 1 DNS request. -n=$(cat eve.json | jq -c 'select(.dns.type == "query")' | wc -l | xargs) -if [ ${n} -ne 1 ]; then - exit 1 -fi - -# Check for 1 DNS response. -n=$(cat eve.json | jq -c 'select(.dns.type == "answer")' | wc -l | xargs) -if [ ${n} -ne 2 ]; then - exit 1 -fi - -# Check for one alert. -n=$(cat eve.json | jq -c 'select(.event_type == "alert")' | wc -l | xargs) -if [ ${n} -ne 1 ]; then - exit 1 -fi - -exit 0 diff --git a/tests/dns-udp-unsolicited-response/dns-events.rules b/tests/dns-udp-unsolicited-response/dns-events.rules deleted file mode 100644 index 82ee63311..000000000 --- a/tests/dns-udp-unsolicited-response/dns-events.rules +++ /dev/null @@ -1,15 +0,0 @@ -# Response (answer) we didn't see a Request for. Could be packet loss. -alert dns any any -> any any (msg:"SURICATA DNS Unsolicited response"; flow:to_client; app-layer-event:dns.unsollicited_response; sid:2240001; rev:1;) -# Malformed data in request. Malformed means length fields are wrong, etc. -alert dns any any -> any any (msg:"SURICATA DNS malformed request data"; flow:to_server; app-layer-event:dns.malformed_data; sid:2240002; rev:1;) -alert dns any any -> any any (msg:"SURICATA DNS malformed response data"; flow:to_client; app-layer-event:dns.malformed_data; sid:2240003; rev:1;) -# Response flag set on to_server packet -alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server; app-layer-event:dns.not_a_request; sid:2240004; rev:1;) -# Response flag not set on to_client packet -alert dns any any -> any any (msg:"SURICATA DNS Not a response"; flow:to_client; app-layer-event:dns.not_a_response; sid:2240005; rev:1;) -# Z flag (reserved) not 0 -alert dns any any -> any any (msg:"SURICATA DNS Z flag set"; app-layer-event:dns.z_flag_set; sid:2240006; rev:1;) -# Request Flood Detected -alert dns any any -> any any (msg:"SURICATA DNS request flood detected"; flow:to_server; app-layer-event:dns.flooded; sid:2240007; rev:1;) -# Per-flow (state) memcap reached. Relates to the app-layer.protocols.dns.state-memcap setting. -alert dns any any -> any any (msg:"SURICATA DNS flow memcap reached"; flow:to_server; app-layer-event:dns.state_memcap_reached; sid:2240008; rev:2;) diff --git a/tests/dns-udp-unsolicited-response/suricata.yaml b/tests/dns-udp-unsolicited-response/suricata.yaml index 502e7076d..f4b03a5c5 100644 --- a/tests/dns-udp-unsolicited-response/suricata.yaml +++ b/tests/dns-udp-unsolicited-response/suricata.yaml @@ -1,4 +1,11 @@ %YAML 1.1 --- -include: ../../etc/suricata-3.1.2.yaml +outputs: + - eve-log: + enabled: true + filename: eve.json + types: + - alert + - dns: + version: 1 diff --git a/tests/dns-udp-unsolicited-response/test.yaml b/tests/dns-udp-unsolicited-response/test.yaml index 1d9dd5bcb..e26348f01 100644 --- a/tests/dns-udp-unsolicited-response/test.yaml +++ b/tests/dns-udp-unsolicited-response/test.yaml @@ -2,5 +2,14 @@ requires: features: - HAVE_LIBJANSSON -skip: - - feature: RUST +checks: + - filter: + count: 1 + match: + event_type: dns + dns.type: query + - filter: + count: 2 + match: + event_type: dns + dns.type: answer diff --git a/tests/eve-alert-metadata-defaults/test.yaml b/tests/eve-alert-metadata-defaults/test.yaml index 982b04d04..be9aebb5b 100644 --- a/tests/eve-alert-metadata-defaults/test.yaml +++ b/tests/eve-alert-metadata-defaults/test.yaml @@ -3,10 +3,6 @@ requires: script: - grep METADATA_DEFAULTS src/output-json-alert.c > /dev/null -skip: - - feature: RUST - msg: eve dns v1 not supported by rust - checks: - filter: diff --git a/tests/eve-alert-metadata-enable-rule/test.yaml b/tests/eve-alert-metadata-enable-rule/test.yaml index 6ed696750..42bd1a0a3 100644 --- a/tests/eve-alert-metadata-enable-rule/test.yaml +++ b/tests/eve-alert-metadata-enable-rule/test.yaml @@ -3,10 +3,6 @@ requires: script: - grep METADATA_DEFAULTS src/output-json-alert.c > /dev/null -skip: - - feature: RUST - msg: eve dns v1 not supported by rust - checks: - filter: diff --git a/tests/eve-alert-metadata-off/test.yaml b/tests/eve-alert-metadata-off/test.yaml index bfeedf9fe..c1bdf6273 100644 --- a/tests/eve-alert-metadata-off/test.yaml +++ b/tests/eve-alert-metadata-off/test.yaml @@ -3,10 +3,6 @@ requires: script: - grep METADATA_DEFAULTS src/output-json-alert.c > /dev/null -skip: - - feature: RUST - msg: eve dns v1 not supported by rust - checks: - filter: diff --git a/tests/eve-metadata/test.yaml b/tests/eve-metadata/test.yaml index 6efb97ba1..4e8a560d6 100644 --- a/tests/eve-metadata/test.yaml +++ b/tests/eve-metadata/test.yaml @@ -1,14 +1,3 @@ -requires: - - # Require that we have metadata support, checked by looking for a - # function. - script: - - grep JsonAddMetadata src/output-json.h > /dev/null - -skip: - - feature: RUST - msg: eve dns v1 not supported by rust - checks: - filter: