From a91b51fc56aa7f2e0e86790ecbdfc662a5229faa Mon Sep 17 00:00:00 2001
From: Sam Muhammed <ghostinthehive.vx@gmail.com>
Date: Fri, 4 Mar 2022 15:02:41 +0200
Subject: [PATCH] test: update checks for logging

---
 tests/nfs4-01/test.rules |  1 +
 tests/nfs4-01/test.yaml  | 25 +------------------------
 2 files changed, 2 insertions(+), 24 deletions(-)
 create mode 100644 tests/nfs4-01/test.rules

diff --git a/tests/nfs4-01/test.rules b/tests/nfs4-01/test.rules
new file mode 100644
index 000000000..f34ae996d
--- /dev/null
+++ b/tests/nfs4-01/test.rules
@@ -0,0 +1 @@
+alert nfs any any -> any any (nfs_version:4; flow:to_server; sid:1;)
\ No newline at end of file
diff --git a/tests/nfs4-01/test.yaml b/tests/nfs4-01/test.yaml
index 6e2d12fd1..fca022560 100644
--- a/tests/nfs4-01/test.yaml
+++ b/tests/nfs4-01/test.yaml
@@ -1,5 +1,3 @@
-# *** Add configuration here ***
-
 args:
 - -k none
 
@@ -54,26 +52,5 @@ checks:
 - filter:
     count: 1
     match:
+      event_type: alert
       app_proto: nfs
-      dest_ip: 192.168.0.61
-      dest_port: 2049
-      event_type: flow
-      flow.age: 4
-      flow.alerted: false
-      flow.bytes_toclient: 8392
-      flow.bytes_toserver: 8742
-      flow.pkts_toclient: 38
-      flow.pkts_toserver: 43
-      flow.reason: shutdown
-      flow.state: closed
-      proto: TCP
-      src_ip: 192.168.0.26
-      src_port: 880
-      tcp.ack: true
-      tcp.fin: true
-      tcp.psh: true
-      tcp.state: closed
-      tcp.syn: true
-      tcp.tcp_flags: 1b
-      tcp.tcp_flags_tc: 1b
-      tcp.tcp_flags_ts: 1b
-- 
2.47.2