From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Sat, 1 Aug 2020 13:59:27 +0000 (-0400)
Subject: tests/anomaly: Test case for mult. loggers
X-Git-Tag: suricata-6.0.4~267
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96e7d4759fc731f7d66a759a08560494e880d856;p=thirdparty%2Fsuricata-verify.git

tests/anomaly: Test case for mult. loggers

This commit adds a test case for the issue described in bug 3835.
Multiple anomaly loggers aren't supported.
---

diff --git a/tests/output-eve-anomaly-04/input.pcap b/tests/output-eve-anomaly-04/input.pcap
new file mode 100644
index 000000000..d50be3325
Binary files /dev/null and b/tests/output-eve-anomaly-04/input.pcap differ
diff --git a/tests/output-eve-anomaly-04/suricata.yaml b/tests/output-eve-anomaly-04/suricata.yaml
new file mode 100644
index 000000000..44deda8ce
--- /dev/null
+++ b/tests/output-eve-anomaly-04/suricata.yaml
@@ -0,0 +1,23 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      filetype: regular
+      types:
+        - anomaly:
+            types:
+                stream: yes
+                applayer: no
+
+  - eve-log:
+      enabled: yes
+      filename: eve2.json
+      filetype: regular
+      types:
+        - anomaly:
+            types:
+                stream: yes
+                applayer: no
diff --git a/tests/output-eve-anomaly-04/test.yaml b/tests/output-eve-anomaly-04/test.yaml
new file mode 100644
index 000000000..cc1cb3753
--- /dev/null
+++ b/tests/output-eve-anomaly-04/test.yaml
@@ -0,0 +1,10 @@
+requires:
+  min-version: 6
+
+args:
+  - -k none
+
+checks:
+    - shell:
+        args: grep "only one 'anomaly' logger can be enabled" stderr | wc -l | xargs
+        expect: 1