From: Jason Ish Date: Thu, 2 Jul 2020 17:19:14 +0000 (-0600) Subject: new test: netflow-eve: basic check of netflow records X-Git-Tag: suricata-6.0.4~283 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F264%2Fhead;p=thirdparty%2Fsuricata-verify.git new test: netflow-eve: basic check of netflow records --- diff --git a/tests/netflow-eve/input.pcap b/tests/netflow-eve/input.pcap new file mode 100644 index 000000000..868c57e59 Binary files /dev/null and b/tests/netflow-eve/input.pcap differ diff --git a/tests/netflow-eve/suricata.yaml b/tests/netflow-eve/suricata.yaml new file mode 100644 index 000000000..cc3aa143f --- /dev/null +++ b/tests/netflow-eve/suricata.yaml @@ -0,0 +1,7 @@ +%YAML 1.1 +--- +outputs: + - eve-log: + enabled: true + types: + - netflow diff --git a/tests/netflow-eve/test.yaml b/tests/netflow-eve/test.yaml new file mode 100644 index 000000000..3f9ba5a15 --- /dev/null +++ b/tests/netflow-eve/test.yaml @@ -0,0 +1,45 @@ +checks: +- filter: + count: 1 + match: + app_proto: http + dest_ip: 82.165.177.154 + dest_port: 80 + event_type: netflow + netflow.age: 0 + netflow.bytes: 425 + netflow.end: 2016-05-27T06:56:11.900923+0000 + netflow.max_ttl: 64 + netflow.min_ttl: 64 + netflow.pkts: 6 + netflow.start: 2016-05-27T06:56:11.304062+0000 + proto: TCP + src_ip: 10.16.1.11 + src_port: 46652 + tcp.ack: true + tcp.fin: true + tcp.psh: true + tcp.syn: true + tcp.tcp_flags: 1b +- filter: + count: 1 + match: + app_proto: http + dest_ip: 10.16.1.11 + dest_port: 46652 + event_type: netflow + netflow.age: 0 + netflow.bytes: 495 + netflow.end: 2016-05-27T06:56:11.900923+0000 + netflow.max_ttl: 50 + netflow.min_ttl: 50 + netflow.pkts: 4 + netflow.start: 2016-05-27T06:56:11.304062+0000 + proto: TCP + src_ip: 82.165.177.154 + src_port: 80 + tcp.ack: true + tcp.fin: true + tcp.psh: true + tcp.syn: true + tcp.tcp_flags: 1b