tests: update the test cases

influxdata · May 1, 2023 · 0ef0df5 · 0ef0df5
1 parent 7729aa8
commit 0ef0df5
Show file tree

Hide file tree

Showing 3 changed files with 168 additions and 385 deletions.
diff --git a/plugins/inputs/suricata/suricata_test.go b/plugins/inputs/suricata/suricata_test.go
@@ -385,28 +385,173 @@ func TestSuricataParseVersion2(t *testing.T) {
 	tests := []struct {
 		filename string
 		expected []telegraf.Metric
-	}{{
-		filename: "v2/flow.json",
-		expected: []telegraf.Metric{
-			testutil.MustMetric(
-				"suricata",
-				map[string]string{
-					"event_type": "flow",
-					"in_iface":   "eth1",
-					"proto":      "TCP",
-				},
-				map[string]interface{}{
-					"age":       float64(0),
-					"dest_ip":   "142.251.130.3",
-					"dest_port": int64(443),
-					"src_ip":    "192.168.0.121",
-					"src_port":  int64(50212),
-					"state":     "new",
-				},
-				time.Unix(0, 0),
-			),
+	}{
+		{
+			filename: "v2/alert.json",
+			expected: []telegraf.Metric{
+				testutil.MustMetric(
+					"suricata",
+					map[string]string{
+						"event_type": "alert",
+						"in_iface":   "s1-suricata",
+						"proto":      "TCP",
+					},
+					map[string]interface{}{
+						"action":       "allowed",
+						"category":     "Misc activity",
+						"dest_ip":      "179.60.192.3",
+						"dest_port":    int64(80),
+						"gid":          float64(1),
+						"rev":          float64(0),
+						"severity":     float64(3),
+						"signature":    "Corrupted HTTP body",
+						"signature_id": float64(6),
+						"sourceip":     "10.0.0.5",
+						"sourceport":   float64(18715),
+						"src_ip":       "10.0.0.5",
+						"src_port":     int64(18715),
+						"targetip":     "179.60.192.3",
+						"targetport":   float64(80),
+					},
+					time.Unix(0, 0),
+				),
+			},
+		},
+		{
+			filename: "v2/dns.json",
+			expected: []telegraf.Metric{
+				testutil.MustMetric(
+					"suricata",
+					map[string]string{
+						"event_type": "dns",
+						"in_iface":   "eth1",
+						"proto":      "UDP",
+					},
+					map[string]interface{}{
+						"dest_ip":   "192.168.0.1",
+						"dest_port": int64(53),
+						"id":        float64(7145),
+						"rrname":    "reddit.com",
+						"rrtype":    "A",
+						"src_ip":    "192.168.0.100",
+						"type":      "query",
+						"src_port":  int64(39262),
+						"tx_id":     float64(10),
+					},
+					time.Unix(0, 0),
+				),
+			},
+		},
+		{
+			filename: "v2/drop.json",
+			expected: []telegraf.Metric{
+				testutil.MustMetric(
+					"suricata",
+					map[string]string{
+						"event_type": "drop",
+						"in_iface":   "eth1",
+						"proto":      "TCP",
+					},
+					map[string]interface{}{
+						"dest_ip":   "54.192.18.125",
+						"dest_port": int64(443),
+						"ipid":      float64(62316),
+						"len":       float64(76),
+						"reason":    "stream error",
+						"src_ip":    "192.168.0.110",
+						"src_port":  int64(46016),
+						"tcpack":    float64(2339873683),
+						"tcpres":    float64(0),
+						"tcpseq":    float64(3900248957),
+						"tcpurgp":   float64(0),
+						"tcpwin":    float64(501),
+						"tos":       float64(0),
+						"ttl":       float64(64),
+					},
+					time.Unix(0, 0),
+				),
+			},
+		},
+		{
+			filename: "v2/flow.json",
+			expected: []telegraf.Metric{
+				testutil.MustMetric(
+					"suricata",
+					map[string]string{
+						"event_type": "flow",
+						"in_iface":   "eth1",
+						"proto":      "TCP",
+					},
+					map[string]interface{}{
+						"age":       float64(0),
+						"dest_ip":   "142.251.130.3",
+						"dest_port": int64(443),
+						"src_ip":    "192.168.0.121",
+						"src_port":  int64(50212),
+						"state":     "new",
+					},
+					time.Unix(0, 0),
+				),
+			},
+		},
+		{
+			filename: "v2/http.json",
+			expected: []telegraf.Metric{
+				testutil.MustMetric(
+					"suricata",
+					map[string]string{
+						"event_type": "http",
+						"in_iface":   "eth2",
+						"proto":      "TCP",
+					},
+					map[string]interface{}{
+						"dest_ip":           "203.205.239.179",
+						"dest_port":         int64(80),
+						"hostname":          "hkminorshort.weixin.qq.com",
+						"http_content_type": "application/octet-stream",
+						"http_method":       "POST",
+						"http_user_agent":   "MicroMessenger Client",
+						"length":            float64(245),
+						"protocol":          "HTTP/1.1",
+						"src_ip":            "192.168.0.120",
+						"src_port":          int64(33950),
+						"status":            float64(200),
+						"url":               "/mmtls/2d6d45f1",
+					},
+					time.Unix(0, 0),
+				),
+			},
+		},
+		{
+			filename: "v2/status.json",
+			expected: []telegraf.Metric{
+				testutil.MustMetric(
+					"suricata",
+					map[string]string{
+						"event_type": "stats",
+					},
+					map[string]interface{}{
+						"captureerrors":          float64(0),
+						"capturekernel_drops":    float64(0),
+						"capturekernel_packets":  float64(522),
+						"flowemerg_mode_entered": float64(0),
+						"flowemerg_mode_over":    float64(0),
+						"flowmemcap":             float64(0),
+						"flowmemuse":             float64(9965056),
+						"flowmgrclosed_pruned":   float64(0),
+						"flowmgrfull_hash_pass":  float64(1),
+						"flowmgrnew_pruned":      float64(0),
+						"flowspare":              float64(10100),
+						"flowtcp":                float64(15),
+						"flowudp":                float64(13),
+						"flowwrkspare_sync":      float64(11),
+						"flowwrkspare_sync_avg":  float64(100),
+						"uptime":                 float64(160),
+					},
+					time.Unix(0, 0),
+				),
+			},
 		},
-	},
 	}
 
 	for _, tc := range tests {

diff --git a/plugins/inputs/suricata/testdata/v2/invalid_event.json b/plugins/inputs/suricata/testdata/v2/invalid_event.json