From: Sascha Steinbiss Date: Tue, 3 Nov 2020 23:55:36 +0000 (+0100) Subject: dns: add test for SRV EVE-JSON output X-Git-Tag: suricata-6.0.4~208 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e8088aa2cbab91dbf7457810748ca111bc63fbad;p=thirdparty%2Fsuricata-verify.git dns: add test for SRV EVE-JSON output --- diff --git a/tests/dns-udp-eve-log-srv/input.pcap b/tests/dns-udp-eve-log-srv/input.pcap new file mode 100644 index 000000000..a3a58db6f Binary files /dev/null and b/tests/dns-udp-eve-log-srv/input.pcap differ diff --git a/tests/dns-udp-eve-log-srv/suricata.yaml b/tests/dns-udp-eve-log-srv/suricata.yaml new file mode 100644 index 000000000..e1afb7b14 --- /dev/null +++ b/tests/dns-udp-eve-log-srv/suricata.yaml @@ -0,0 +1,15 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filetype: regular + filename: eve.json + types: + - dns + +app-layer: + protocols: + dns: + enabled: yes diff --git a/tests/dns-udp-eve-log-srv/test.yaml b/tests/dns-udp-eve-log-srv/test.yaml new file mode 100644 index 000000000..cfcfff007 --- /dev/null +++ b/tests/dns-udp-eve-log-srv/test.yaml @@ -0,0 +1,33 @@ +requires: + script: + - grep -q parse_rdata_srv rust/src/dns/parser.rs + +args: + - -k none + +checks: + + - filter: + count: 1 + match: + event_type: dns + dns.type: query + dns.rrname: _sip._udp.sip.voice.google.com + dns.rrtype: SRV + + - filter: + count: 1 + match: + event_type: dns + dns.type: answer + dns.rrname: _sip._udp.sip.voice.google.com + dns.rrtype: SRV + dns.rcode: NOERROR + dns.answers[0].srv.priority: 20 + dns.answers[0].srv.weight: 1 + dns.answers[0].srv.port: 5060 + dns.answers[0].srv.name: sip-anycast-2.voice.google.com + dns.answers[1].srv.priority: 10 + dns.answers[1].srv.weight: 1 + dns.answers[1].srv.port: 5060 + dns.answers[1].srv.name: sip-anycast-1.voice.google.com