suricata-verify: eve2test util
The suricata-verify test.yaml contains a great way to create regression tests. However creating the test files is tedious. It usually involves taking a eve.json record and then manually creating a matching test.yaml.
I would like to have a small util script in python, that converts an eve.json to the test.yaml format.
eve2test eve.json > test.yaml
Updated by Shivani Bhardwaj over 2 years ago
If I understand correctly, only the verification filters are run over `eve.json` so this utility should actually create just the `filter` block and write it in a test file. Developer may then provide all other options like min-version of Suricata, requires, etc. Please let me know.
Updated by Peter Manev over 2 years ago
Some very good reassembly/defrag/vlan corner cases could be found here - https://github.com/pevma/PtP/blob/master/Examples/Example with the actual pcaps and rules located here - https://github.com/pevma/PtP/blob/master/Examples/PacifyOneHttpRequest.tar.gz . I think the utility would make it much easier to add those form the respective resulting eve.jsons into the suricata-verify.