10 lines
437 B
Plaintext
10 lines
437 B
Plaintext
# @TEST-REQUIRES: which jq
|
|
# @TEST-DOC: Test the policy for removing the unknown IP protocol field and connections from conn.log
|
|
# @TEST-EXEC: zeek -r $TRACES/cisco-fabric-path.pcap %INPUT
|
|
# @TEST-EXEC: test $(head -1 conn.log | jq 'has("ip_proto")') = "false"
|
|
# @TEST-EXEC-FAIL: cat conn.log | jq .proto | sort | uniq | grep unknown_transport
|
|
|
|
@load policy/protocols/conn/disable-unknown-ip-proto-support
|
|
|
|
redef LogAscii::use_json = T;
|