X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=blobdiff_plain;f=contrib%2Fossec-testing%2Ftests%2Fdnsmasq.ini;fp=contrib%2Fossec-testing%2Ftests%2Fdnsmasq.ini;h=96f2236efa9c31634806d0e48cff1b43a97c906c;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/contrib/ossec-testing/tests/dnsmasq.ini b/contrib/ossec-testing/tests/dnsmasq.ini
new file mode 100644
index 0000000..96f2236
--- /dev/null
+++ b/contrib/ossec-testing/tests/dnsmasq.ini
@@ -0,0 +1,9 @@
+[dnsmasq group]
+log 1 pass = Jul 17 14:49:57 dnsmasq[15210]: 21745 10.10.10.33/59490 query[A] server.example.com from 10.10.10.33
+log 2 pass = Jul 17 14:49:57 dnsmasq[15210]: 21745 10.10.10.33/59490 forwarded server.example.com to 10.20.20.10
+log 3 pass = Jul 17 14:49:57 dnsmasq[15210]: 21745 10.10.10.33/59490 reply server.example.com is <CNAME>
+
+rule = 53551
+alert = 0
+decoder = dnsmasq
+