From: Alice Akaki <akakialice@gmail.com>
Date: Wed, 2 Apr 2025 19:21:35 +0000 (-0400)
Subject: detect/email: add custom log information for tests detect-email-subject and detect... 
X-Git-Tag: suricata-7.0.11~120
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec4b103e186a21560b845574de744a49ed3287dc;p=thirdparty%2Fsuricata-verify.git

detect/email: add custom log information for tests detect-email-subject and detect-email-date
---

diff --git a/tests/detect-email-date/suricata.yaml b/tests/detect-email-date/suricata.yaml
new file mode 100644
index 000000000..153a39649
--- /dev/null
+++ b/tests/detect-email-date/suricata.yaml
@@ -0,0 +1,29 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      types:
+        - alert:
+            tagged-packets: yes
+        - smtp:
+            custom: [date]    # for 'date' logging information
+        - drop:
+            alerts: yes      # log alerts that caused drops
+            flows: all       # start or all: 'start' logs only a single drop
+        - stats
+        - flow
+  - stats:
+       enabled: yes
+       filename: stats.log
+       append: yes
+
+action-order:
+  - pass
+  - drop
+  - reject
+  - alert
+
+exception-policy: ignore
diff --git a/tests/detect-email-date/test.yaml b/tests/detect-email-date/test.yaml
index 54585f3ba..b71f2527f 100644
--- a/tests/detect-email-date/test.yaml
+++ b/tests/detect-email-date/test.yaml
@@ -11,6 +11,11 @@ checks:
     count: 1
     match:
       event_type: alert
-      email.date: Fri, 21 Apr 2023 05:10:36 +0000
       pcap_cnt: 13
       alert.signature_id: 1
+- filter:
+    count: 1
+    match:
+      event_type: smtp
+      email.date: Fri, 21 Apr 2023 05:10:36 +0000
+      pcap_cnt: 13
diff --git a/tests/detect-email-subject/suricata.yaml b/tests/detect-email-subject/suricata.yaml
new file mode 100644
index 000000000..f54ab2658
--- /dev/null
+++ b/tests/detect-email-subject/suricata.yaml
@@ -0,0 +1,29 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      types:
+        - alert:
+            tagged-packets: yes
+        - smtp:
+            custom: [subject]    # for 'subject' logging information
+        - drop:
+            alerts: yes      # log alerts that caused drops
+            flows: all       # start or all: 'start' logs only a single drop
+        - stats
+        - flow
+  - stats:
+       enabled: yes
+       filename: stats.log
+       append: yes
+
+action-order:
+  - pass
+  - drop
+  - reject
+  - alert
+
+exception-policy: ignore
diff --git a/tests/detect-email-subject/test.yaml b/tests/detect-email-subject/test.yaml
index 4ba8abbcd..b9f0ccac3 100644
--- a/tests/detect-email-subject/test.yaml
+++ b/tests/detect-email-subject/test.yaml
@@ -13,3 +13,9 @@ checks:
       event_type: alert
       pcap_cnt: 13
       alert.signature_id: 1
+- filter:
+    count: 1
+    match:
+      event_type: smtp
+      pcap_cnt: 13
+      email.subject: This is a test email