From: Sam Muhammed <ghostinthehive.vx@gmail.com>
Date: Fri, 4 Mar 2022 13:02:41 +0000 (+0200)
Subject: test: update checks for logging
X-Git-Tag: suricata-5.0.10~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a91b51fc56aa7f2e0e86790ecbdfc662a5229faa;p=thirdparty%2Fsuricata-verify.git

test: update checks for logging
---

diff --git a/tests/nfs4-01/test.rules b/tests/nfs4-01/test.rules
new file mode 100644
index 000000000..f34ae996d
--- /dev/null
+++ b/tests/nfs4-01/test.rules
@@ -0,0 +1 @@
+alert nfs any any -> any any (nfs_version:4; flow:to_server; sid:1;)
\ No newline at end of file
diff --git a/tests/nfs4-01/test.yaml b/tests/nfs4-01/test.yaml
index 6e2d12fd1..fca022560 100644
--- a/tests/nfs4-01/test.yaml
+++ b/tests/nfs4-01/test.yaml
@@ -1,5 +1,3 @@
-# *** Add configuration here ***
-
 args:
 - -k none
 
@@ -54,26 +52,5 @@ checks:
 - filter:
     count: 1
     match:
+      event_type: alert
       app_proto: nfs
-      dest_ip: 192.168.0.61
-      dest_port: 2049
-      event_type: flow
-      flow.age: 4
-      flow.alerted: false
-      flow.bytes_toclient: 8392
-      flow.bytes_toserver: 8742
-      flow.pkts_toclient: 38
-      flow.pkts_toserver: 43
-      flow.reason: shutdown
-      flow.state: closed
-      proto: TCP
-      src_ip: 192.168.0.26
-      src_port: 880
-      tcp.ack: true
-      tcp.fin: true
-      tcp.psh: true
-      tcp.state: closed
-      tcp.syn: true
-      tcp.tcp_flags: 1b
-      tcp.tcp_flags_tc: 1b
-      tcp.tcp_flags_ts: 1b