Project

General

Profile

Actions
Copy link

Feature #2923

closed
VJ SB

suricata-verify: eve2test util

Feature #2923: suricata-verify: eve2test util

Added by Victor Julien about 7 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
High
Assignee:
Shivani Bhardwaj
Target version:
QA
Effort:
Difficulty:
Label:

Description

The suricata-verify test.yaml contains a great way to create regression tests. However creating the test files is tedious. It usually involves taking a eve.json record and then manually creating a matching test.yaml.

I would like to have a small util script in python, that converts an eve.json to the test.yaml format.

Something like:

eve2test eve.json > test.yaml

Related issues 1 (0 open1 closed)

Related to Suricata - Task #3269: Script for creating test with paramsClosedShivani BhardwajActions

SB Updated by Shivani Bhardwaj almost 7 years ago Actions
Copy link
 #1

  • Status changed from New to Assigned

SB Updated by Shivani Bhardwaj almost 7 years ago Actions
Copy link
 #2

If I understand correctly, only the verification filters are run over `eve.json` so this utility should actually create just the `filter` block and write it in a test file. Developer may then provide all other options like min-version of Suricata, requires, etc. Please let me know.

VJ Updated by Victor Julien almost 7 years ago Actions
Copy link
 #3

Lets start that way, yes. We can consider adding more logic later, but this is the most valuable first step I think.

SB Updated by Shivani Bhardwaj almost 7 years ago Actions
Copy link
 #4

  • Status changed from Assigned to Feedback

PM Updated by Peter Manev almost 7 years ago Actions
Copy link
 #5

Some very good reassembly/defrag/vlan corner cases could be found here - https://github.com/pevma/PtP/blob/master/Examples/Example with the actual pcaps and rules located here - https://github.com/pevma/PtP/blob/master/Examples/PacifyOneHttpRequest.tar.gz . I think the utility would make it much easier to add those form the respective resulting eve.jsons into the suricata-verify.

SB Updated by Shivani Bhardwaj almost 7 years ago Actions
Copy link
 #6

Unmerged, open for testing: https://github.com/shivan1b/eve2test

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
 #7

  • Target version changed from TBD to QA

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
 #8

  • Priority changed from Normal to High

SB Updated by Shivani Bhardwaj about 6 years ago Actions
Copy link
 #9

  • Related to Task #3269: Script for creating test with params added

SB Updated by Shivani Bhardwaj about 6 years ago Actions
Copy link
 #10

  • Status changed from Feedback to In Review

SB Updated by Shivani Bhardwaj almost 6 years ago Actions
Copy link
 #11

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: PDF Atom