diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
index 4b4f076a0..360c8b0be 100644
--- a/.github/workflows/builds.yml
+++ b/.github/workflows/builds.yml
@@ -83,7 +83,7 @@ jobs:
           make -j2
       - name: Running suricata-verify
         working-directory: suricata
-        run: python3 ../run.py --quiet --outdir /tmp/sv-output
+        run: python3 ../run.py --debug-failed --quiet --outdir /tmp/sv-output
 
   almalinux:
     name: AlmaLinux 8
@@ -150,4 +150,4 @@ jobs:
           make -j2
       - name: Running suricata-verify
         working-directory: suricata
-        run: python3 ../run.py --quiet
+        run: python3 ../run.py --quiet --debug-failed
diff --git a/tests/smtp-bug-5981/README.md b/tests/smtp-bug-5981/README.md
new file mode 100644
index 000000000..4d4bd09e6
--- /dev/null
+++ b/tests/smtp-bug-5981/README.md
@@ -0,0 +1,12 @@
+# Test Description
+
+This test shows how we handle long DATA lines for SMTP.
+
+## PCAP
+
+PCAP comes from ttps://osqa-ask.wireshark.org/questions/33094/extract-an-attachment-email-smtp-cap
+and has been modified to have a really long DATA line (6512 Bytes).
+
+## Related issues
+
+https://redmine.openinfosecfoundation.org/issues/5981
diff --git a/tests/smtp-bug-5981/input.pcap b/tests/smtp-bug-5981/input.pcap
new file mode 100644
index 000000000..64e9c59d0
Binary files /dev/null and b/tests/smtp-bug-5981/input.pcap differ
diff --git a/tests/smtp-bug-5981/suricata.yaml b/tests/smtp-bug-5981/suricata.yaml
new file mode 100644
index 000000000..68e84b7f3
--- /dev/null
+++ b/tests/smtp-bug-5981/suricata.yaml
@@ -0,0 +1,14 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      types:
+        - files
+        - smtp
+        - anomaly
+  - file-store:
+      version: 2
+      enabled: yes
+      force-filestore: yes
diff --git a/tests/smtp-bug-5981/test.yaml b/tests/smtp-bug-5981/test.yaml
new file mode 100644
index 000000000..007fd5663
--- /dev/null
+++ b/tests/smtp-bug-5981/test.yaml
@@ -0,0 +1,68 @@
+requires:
+  features:
+    - HAVE_NSS
+  min-version: 7
+
+args:
+- -k none
+- --simulate-ips
+
+checks:
+- filter:
+    count: 0
+    match:
+      event_type: anomaly
+      src_ip: 192.168.1.4
+      src_port: 3326
+      dest_ip: 217.12.11.66
+      dest_port: 587
+      proto: TCP
+      pkt_src: wire/pcap
+      tx_id: 0
+      anomaly.app_proto: smtp
+      anomaly.type: applayer
+      anomaly.event: TRUNCATED_LINE
+      anomaly.layer: proto_parser
+
+- filter:
+    count: 1
+    match:
+      event_type: fileinfo
+      fileinfo.filename: winmail.dat
+      fileinfo.sha256: 5f41c213e35d8421647181cc9b8925a5b2ab34c23102907581214fd574157fff
+      fileinfo.size: 10451
+
+- filter:
+    count: 1
+    match:
+      event_type: smtp
+      src_ip: 192.168.1.4
+      src_port: 3326
+      dest_ip: 217.12.11.66
+      dest_port: 587
+      proto: TCP
+      pkt_src: wire/pcap
+      tx_id: 0
+      smtp.helo: Percival
+      smtp.mail_from: <xxxxxx@xxxxx.co.uk>
+      smtp.rcpt_to[0]: <xxxxxx@xxxxx.co.uk>
+      email.status: PARSE_DONE
+      email.from: '"Xxxxxx xxxx" <xxxxxx@xxxxx.co.uk>'
+      email.to[0]: <xxxxxx@xxxxx.co.uk>
+      email.subject: Testing testing 1 2 3 (Multiple attachments)
+      email.x_mailer: Microsoft Office Outlook, Build 11.0.5510
+      email.date: Sat, 14 Jul 2007 10:31:37 +0200
+      email.subject_md5: 3b37c0a6fd82b99b144a7be7274f03f5
+
+- filter:
+    count: 1
+    match:
+      event_type: smtp
+      src_ip: 192.168.1.4
+      src_port: 3326
+      dest_ip: 217.12.11.66
+      dest_port: 587
+      proto: TCP
+      pkt_src: stream (flow timeout)
+      tx_id: 1
+      smtp.helo: Percival
diff --git a/tests/smtp-bug-5989/README.md b/tests/smtp-bug-5989/README.md
new file mode 100644
index 000000000..c42af5627
--- /dev/null
+++ b/tests/smtp-bug-5989/README.md
@@ -0,0 +1,12 @@
+# Test Description
+
+This test shows that currently the command followed by a long line (>4k) is skipped even
+if it has LF. This is incorrect.
+
+## PCAP
+
+Locally modified.
+
+## Related issues
+
+https://redmine.openinfosecfoundation.org/issues/5989
diff --git a/tests/smtp-bug-5989/input.pcap b/tests/smtp-bug-5989/input.pcap
new file mode 100644
index 000000000..5b7ac08c2
Binary files /dev/null and b/tests/smtp-bug-5989/input.pcap differ
diff --git a/tests/smtp-bug-5989/test.yaml b/tests/smtp-bug-5989/test.yaml
new file mode 100644
index 000000000..45a2ffe96
--- /dev/null
+++ b/tests/smtp-bug-5989/test.yaml
@@ -0,0 +1,12 @@
+min-version: 7
+
+args:
+- -k none
+- --simulate-ips
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: smtp
+      smtp.helo: "Percival"
diff --git a/tests/smtp-bug-6053/Makefile b/tests/smtp-bug-6053/Makefile
new file mode 100644
index 000000000..9a0280e70
--- /dev/null
+++ b/tests/smtp-bug-6053/Makefile
@@ -0,0 +1,3 @@
+input.pcap: smtp-too-long-command.syn
+	flowsynth.py -f pcap -w $@ $^
+
diff --git a/tests/smtp-bug-6053/README.md b/tests/smtp-bug-6053/README.md
new file mode 100644
index 000000000..713156eda
--- /dev/null
+++ b/tests/smtp-bug-6053/README.md
@@ -0,0 +1,15 @@
+# Test Description
+
+This test shows that SMTP long lines should be handled per direction.
+Currently, we track long lines in one variable per state.
+In this test, as EHLO comes after the long line, it is ignored by the
+parser and EHLO command is not logged. It has been fixed as a part of
+the fix for redmine ticket 6053
+
+## PCAP
+
+Locally generated.
+
+## Related issues
+
+https://redmine.openinfosecfoundation.org/issues/6053
diff --git a/tests/smtp-bug-6053/input.pcap b/tests/smtp-bug-6053/input.pcap
new file mode 100644
index 000000000..e2393aad8
Binary files /dev/null and b/tests/smtp-bug-6053/input.pcap differ
diff --git a/tests/smtp-bug-6053/smtp-too-long-command.syn b/tests/smtp-bug-6053/smtp-too-long-command.syn
new file mode 100644
index 000000000..30a2446bb
--- /dev/null
+++ b/tests/smtp-bug-6053/smtp-too-long-command.syn
@@ -0,0 +1,16 @@
+flow default tcp 1.1.1.1:5555 > 2.2.2.2:25 (tcp.initialize; mss:9000;);
+default < (content:"220 smtpblah.mailserver.xxx.com ESMTP AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ";);
+default > (content:"EHLO Simone\x0d\x0a";);
+default < (content:"250-smtp001.mail.xxx.xxxxx.com\x0d\x0a";);
+default > (content:"AUTH LOGIN\x0d\x0a";);
+default < (content:"334 VXNlcm5hbWU6\x0d\x0a";);
+default > (content:"Z2FsdW50\x0d\x0a";);
+default < (content:"334 UGFzc3dvcmQ6\x0d\x0a";);
+default > (content:"VjF2MXRyMG4=\x0d\x0a";);
+default < (content:"235 ok, go ahead (#2.0.0)\x0d\x0a";);
+default > (content:"MAIL FROM: <xxxxxx@xxxxx.co.uk>\x0d\x0a";);
+default < (content:"250 ok\x0d\x0a";);
+default > (content:"RCPT TO: <xxxxx@aba.com>\x0d\x0a";);
+default < (content:"250 ok\x0d\x0a";);
+default > (content:"QUIT\x0d\x0a";);
+default < (content:"221 smtp001.mail.xxx.xxxxx.com\x0d\x0a";);
diff --git a/tests/smtp-bug-6053/test.yaml b/tests/smtp-bug-6053/test.yaml
new file mode 100644
index 000000000..88353dbd5
--- /dev/null
+++ b/tests/smtp-bug-6053/test.yaml
@@ -0,0 +1,10 @@
+min-version: 7
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      smtp.helo: Simone
diff --git a/tests/smtp-long-command/README.md b/tests/smtp-long-command/README.md
new file mode 100644
index 000000000..2bf3a8082
--- /dev/null
+++ b/tests/smtp-long-command/README.md
@@ -0,0 +1,12 @@
+Description
+===========
+This test demonstrates that an SMTP line with LF occuring post the hard set line
+limit should also raise an anomaly event for TRUNCATED_LINE.
+
+Redmine ticket
+==============
+https://redmine.openinfosecfoundation.org/issues/5819
+
+PCAP
+====
+Locally generated
diff --git a/tests/smtp-long-command/input.pcap b/tests/smtp-long-command/input.pcap
new file mode 100644
index 000000000..5b35500d5
Binary files /dev/null and b/tests/smtp-long-command/input.pcap differ
diff --git a/tests/smtp-long-command/test.yaml b/tests/smtp-long-command/test.yaml
new file mode 100644
index 000000000..347b999c9
--- /dev/null
+++ b/tests/smtp-long-command/test.yaml
@@ -0,0 +1,22 @@
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      dest_ip: 83.215.238.27
+      dest_port: 25
+      event_type: smtp
+      pcap_cnt: 73
+      pkt_src: wire/pcap
+      proto: TCP
+      smtp.helo: OBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAHOBLAH
+      src_ip: 192.168.164.35
+      src_port: 59096
+      tx_id: 0
+    count: 1
+    match:
+      event_type: anomaly
+      anomaly.app_proto: smtp
+      anomaly.event: TRUNCATED_LINE