Feature #2923
closedsuricata-verify: eve2test util
Description
The suricata-verify test.yaml contains a great way to create regression tests. However creating the test files is tedious. It usually involves taking a eve.json record and then manually creating a matching test.yaml.
I would like to have a small util script in python, that converts an eve.json to the test.yaml format.
Something like:
eve2test eve.json > test.yaml
Updated by Shivani Bhardwaj over 5 years ago
- Status changed from New to Assigned
Updated by Shivani Bhardwaj over 5 years ago
If I understand correctly, only the verification filters are run over `eve.json` so this utility should actually create just the `filter` block and write it in a test file. Developer may then provide all other options like min-version of Suricata, requires, etc. Please let me know.
Updated by Victor Julien over 5 years ago
Lets start that way, yes. We can consider adding more logic later, but this is the most valuable first step I think.
Updated by Shivani Bhardwaj over 5 years ago
- Status changed from Assigned to Feedback
Updated by Peter Manev over 5 years ago
Some very good reassembly/defrag/vlan corner cases could be found here - https://github.com/pevma/PtP/blob/master/Examples/Example with the actual pcaps and rules located here - https://github.com/pevma/PtP/blob/master/Examples/PacifyOneHttpRequest.tar.gz . I think the utility would make it much easier to add those form the respective resulting eve.jsons into the suricata-verify.
Updated by Shivani Bhardwaj over 5 years ago
Unmerged, open for testing: https://github.com/shivan1b/eve2test
Updated by Victor Julien almost 5 years ago
- Priority changed from Normal to High
Updated by Shivani Bhardwaj almost 5 years ago
- Related to Task #3269: Script for creating test with params added
Updated by Shivani Bhardwaj almost 5 years ago
- Status changed from Feedback to In Review
Updated by Shivani Bhardwaj over 4 years ago
- Status changed from In Review to Closed