From: Victor Julien <victor@inliniac.net>
Date: Tue, 21 May 2024 07:51:01 +0000 (+0200)
Subject: tests: add pcap logging tests
X-Git-Tag: suricata-6.0.20~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1848%2Fhead;p=thirdparty%2Fsuricata-verify.git

tests: add pcap logging tests
---

diff --git a/tests/pcap-log-uncompressed-01/README.md b/tests/pcap-log-uncompressed-01/README.md
new file mode 100644
index 000000000..87ab1ba45
--- /dev/null
+++ b/tests/pcap-log-uncompressed-01/README.md
@@ -0,0 +1 @@
+Test that Suricata will write 3 uncompressed pcap files.
diff --git a/tests/pcap-log-uncompressed-01/suricata.yaml b/tests/pcap-log-uncompressed-01/suricata.yaml
new file mode 100644
index 000000000..46f108476
--- /dev/null
+++ b/tests/pcap-log-uncompressed-01/suricata.yaml
@@ -0,0 +1,22 @@
+%YAML 1.1
+---
+
+outputs:
+  - pcap-log:
+      enabled: yes
+      filename: log.pcap
+      compression: none
+      mode: normal
+      limit: 4mb
+      ts-format: usec
+
+# Enable enging logging to JSON so we can verify it.
+logging:
+  outputs:
+    - console:
+        enabled: yes
+    - file:
+        enabled: yes
+        level: perf
+        filename: eve.json
+        type: json
diff --git a/tests/pcap-log-uncompressed-01/test.yaml b/tests/pcap-log-uncompressed-01/test.yaml
new file mode 100644
index 000000000..72ec392ff
--- /dev/null
+++ b/tests/pcap-log-uncompressed-01/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8
+      
+pcap: ../bug-2482-01/proxyCONNECT_443.pcap
+
+args:
+  - --runmode=single
+
+checks:
+    - shell:
+        args: find . -type f -name 'log.pcap.1523389*.*' | wc -l | xargs
+        expect: 3
diff --git a/tests/pcap-log-uncompressed-02-multi/README.md b/tests/pcap-log-uncompressed-02-multi/README.md
new file mode 100644
index 000000000..e87bbfd50
--- /dev/null
+++ b/tests/pcap-log-uncompressed-02-multi/README.md
@@ -0,0 +1 @@
+Test that Suricata will write 3 uncompressed pcap files in multi mode.
diff --git a/tests/pcap-log-uncompressed-02-multi/suricata.yaml b/tests/pcap-log-uncompressed-02-multi/suricata.yaml
new file mode 100644
index 000000000..99dba944d
--- /dev/null
+++ b/tests/pcap-log-uncompressed-02-multi/suricata.yaml
@@ -0,0 +1,22 @@
+%YAML 1.1
+---
+
+outputs:
+  - pcap-log:
+      enabled: yes
+      filename: log.pcap.%n-%t-%i
+      compression: none
+      mode: multi
+      limit: 4mb
+      ts-format: usec
+
+# Enable enging logging to JSON so we can verify it.
+logging:
+  outputs:
+    - console:
+        enabled: yes
+    - file:
+        enabled: yes
+        level: perf
+        filename: eve.json
+        type: json
diff --git a/tests/pcap-log-uncompressed-02-multi/test.yaml b/tests/pcap-log-uncompressed-02-multi/test.yaml
new file mode 100644
index 000000000..9d081028d
--- /dev/null
+++ b/tests/pcap-log-uncompressed-02-multi/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8
+      
+pcap: ../bug-2482-01/proxyCONNECT_443.pcap
+
+args:
+  - --runmode=single
+
+checks:
+    - shell:
+        args: find . -type f -name 'log.pcap.1-1523389*.*-*' | wc -l | xargs
+        expect: 3