summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-06-01 17:15:07 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-06-03 11:53:06 +0200
commita24552c165346f087e82a52807d134e3910387a8 (patch)
tree378f69e8fe6c10ac6fd0d111313c3b0ed14371d5 /tests
parentefc8a83e943d54e0ca88548a0eaff056ad2a650d (diff)
log: Add support for audit logging
This is implemented via a pseudo log level. The kernel ignores any other parameter, so reject those at evaluation stage. Audit logging is therefore simply a matter of: | log level audit Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
-rw-r--r--tests/py/any/log.t8
-rw-r--r--tests/py/any/log.t.json9
-rw-r--r--tests/py/any/log.t.payload4
3 files changed, 21 insertions, 0 deletions
diff --git a/tests/py/any/log.t b/tests/py/any/log.t
index d1b4ab62..f4ccaf05 100644
--- a/tests/py/any/log.t
+++ b/tests/py/any/log.t
@@ -15,10 +15,18 @@ log level warn;ok;log
log level notice;ok
log level info;ok
log level debug;ok
+log level audit;ok
log level emerg group 2;fail
log level alert group 2 prefix "log test2";fail
+# log level audit must reject all other parameters
+log level audit prefix "foo";fail
+log level audit group 42;fail
+log level audit snaplen 23;fail
+log level audit queue-threshold 1337;fail
+log level audit flags all;fail
+
log prefix aaaaa-aaaaaa group 2 snaplen 33;ok;log prefix "aaaaa-aaaaaa" group 2 snaplen 33
# TODO: Add an exception: 'queue-threshold' attribute needs 'group' attribute
# The correct rule is log group 2 queue-threshold 2
diff --git a/tests/py/any/log.t.json b/tests/py/any/log.t.json
index 9c89dff8..7bcc20e8 100644
--- a/tests/py/any/log.t.json
+++ b/tests/py/any/log.t.json
@@ -77,6 +77,15 @@
}
]
+# log level audit
+[
+ {
+ "log": {
+ "level": "audit"
+ }
+ }
+]
+
# log prefix aaaaa-aaaaaa group 2 snaplen 33
[
{
diff --git a/tests/py/any/log.t.payload b/tests/py/any/log.t.payload
index ffb914d2..1330445b 100644
--- a/tests/py/any/log.t.payload
+++ b/tests/py/any/log.t.payload
@@ -34,6 +34,10 @@ ip test-ip4 output
ip test-ip4 output
[ log level 7 ]
+# log level audit
+ip test-ip4 output
+ [ log level 8 ]
+
# log prefix aaaaa-aaaaaa group 2 snaplen 33
ip test-ip4 output
[ log prefix aaaaa-aaaaaa group 2 snaplen 33 qthreshold 0 ]