17 lines
547 B
Plaintext
17 lines
547 B
Plaintext
# @TEST-REQUIRES: which jq
|
|
# @TEST-DOC: Tests the ip-proto-name-logging policy file
|
|
# @TEST-EXEC: zeek -r $TRACES/cisco-fabric-path.pcap %INPUT > out
|
|
|
|
# @TEST-EXEC-FAIL: cat conn.log | jq 'has("ip_proto_name")' | grep "false"
|
|
# @TEST-EXEC: cat conn.log | jq .ip_proto_name | sort | uniq | grep private-encryption
|
|
# @TEST-EXEC: btest-diff out
|
|
|
|
@load policy/protocols/conn/ip-proto-name-logging
|
|
|
|
redef LogAscii::use_json = T;
|
|
|
|
event zeek_init() {
|
|
# Test printing out an unknown value from the protocol_names table
|
|
print IP::protocol_names[500];
|
|
}
|