From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 2 Feb 2022 23:11:22 +0000 (-0600)
Subject: tftp: test loading of a tftp rule
X-Git-Tag: suricata-5.0.10~46
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f4a3fc047300f406c9e0c1693fefb5326a4db58;p=thirdparty%2Fsuricata-verify.git

tftp: test loading of a tftp rule

Update an existing tftp test to add a rule to test that rule can be
loaded.

Ticket: https://redmine.openinfosecfoundation.org/issues/5038
---

diff --git a/tests/output-eve-tftp-01/suricata.yaml b/tests/output-eve-tftp-01/suricata.yaml
index cb84c7858..32f960cfc 100644
--- a/tests/output-eve-tftp-01/suricata.yaml
+++ b/tests/output-eve-tftp-01/suricata.yaml
@@ -6,5 +6,6 @@ outputs:
       enabled: true
       filename: eve.json
       types:
+        - alert
         - tftp:
       community-id: true
diff --git a/tests/output-eve-tftp-01/test.rules b/tests/output-eve-tftp-01/test.rules
new file mode 100644
index 000000000..f3f5f401c
--- /dev/null
+++ b/tests/output-eve-tftp-01/test.rules
@@ -0,0 +1 @@
+alert tftp any any -> any any (msg:"TFTP Test Rule"; pkt_data; content:"rfc1350"; sid:1; rev:1;)
diff --git a/tests/output-eve-tftp-01/test.yaml b/tests/output-eve-tftp-01/test.yaml
index 4d7c5a182..b83cefc3e 100644
--- a/tests/output-eve-tftp-01/test.yaml
+++ b/tests/output-eve-tftp-01/test.yaml
@@ -10,4 +10,8 @@ checks:
 - filter:
     count: 1
     match:
-      has-key: community_id
+      event_type: tftp
+- filter:
+    count: 1
+    match:
+      event_type: alert