Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 05:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/seth/log-framework-ext'

Browse source 
* origin/topic/seth/log-framework-ext:
  Log extensions: series of small fixes and new tests.
  Change the function for log extension to take a path only and update tests.
  Final changes to log framework ext code.
  Add logging framework metadata mechanism.
  Add unrolling separator & field name map to logging framework.
This commit is contained in:
Johanna Amann 2016-08-10 20:29:48 -07:00
commit 0e44b91cd9
24 changed files with 882 additions and 292 deletions
Download patch file Download diff file Expand all files Collapse all files

37
testing/btest/scripts/base/frameworks/logging/field-extension-complex.bro Normal file
View file

@ -0,0 +1,37 @@
# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: btest-diff conn.log
@load base/protocols/conn
type InnerRecord: record {
a: count;
b: count;
c: count;
};
type InnerLoggedRecord: record {
a: count &log;
b: count;
c: count &log;
d: set[count] &log;
};
type Extension: record {
write_ts: time &log;
stream: string &log;
inner: InnerRecord;
innerLogged: InnerLoggedRecord &log;
system_name: string &log;
};
function add_extension(path: string): Extension
{
return Extension($write_ts = network_time(),
$stream = path,
$system_name = peer_description,
$inner = InnerRecord($a=1,$b=2,$c=3),
$innerLogged = InnerLoggedRecord($a=1,$b=2,$c=3,$d=set(1,2,3,4))
);
}
redef Log::default_ext_func = add_extension;

17
testing/btest/scripts/base/frameworks/logging/field-extension-invalid.bro Normal file
View file

@ -0,0 +1,17 @@
# @TEST-EXEC: bro -b -r $TRACES/http/get.trace %INPUT
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff .stderr
@load base/protocols/conn
type Extension: record {
write_ts: time &log;
stream: string &log;
system_name: string &log;
};
function add_extension(path: string): Extension
{
}
redef Log::default_ext_func = add_extension;

20
testing/btest/scripts/base/frameworks/logging/field-extension-optional.bro Normal file
View file

@ -0,0 +1,20 @@
# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: btest-diff conn.log
@load base/protocols/conn
type Extension: record {
write_ts: time &log;
stream: string;
system_name: string &log &optional;
undefined_string: string &log &optional;
};
function add_extension(path: string): Extension
{
return Extension($write_ts = network_time(),
$stream = path,
$system_name = peer_description);
}
redef Log::default_ext_func = add_extension;

22
testing/btest/scripts/base/frameworks/logging/field-extension-table.bro Normal file
View file

@ -0,0 +1,22 @@
# @TEST-EXEC-FAIL: bro -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
@load base/protocols/conn
type Extension: record {
write_ts: time &log;
stream: string &log;
tab: table[count] of count &log;
system_name: string &log;
};
function add_extension(path: string): Extension
{
return Extension($write_ts = network_time(),
$stream = path,
$system_name = peer_description,
$tab = { [1] = 2, [2] = 3}
);
}
redef Log::default_ext_func = add_extension;

19
testing/btest/scripts/base/frameworks/logging/field-extension.bro Normal file
View file

@ -0,0 +1,19 @@
# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: btest-diff conn.log
@load base/protocols/conn
type Extension: record {
write_ts: time &log;
stream: string &log;
system_name: string &log;
};
function add_extension(path: string): Extension
{
return Extension($write_ts = network_time(),
$stream = path,
$system_name = peer_description);
}
redef Log::default_ext_func = add_extension;

11
testing/btest/scripts/base/frameworks/logging/field-name-map.bro Normal file
View file

@ -0,0 +1,11 @@
# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: btest-diff conn.log
@load base/protocols/conn
redef Log::default_field_name_map = {
["id.orig_h"] = "src",
["id.orig_p"] = "src_port",
["id.resp_h"] = "dst",
["id.resp_p"] = "dst_port",
};

6
testing/btest/scripts/base/frameworks/logging/scope_sep.bro Normal file
View file

@ -0,0 +1,6 @@
# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: btest-diff conn.log
@load base/protocols/conn
redef Log::default_scope_sep = "_";

15
testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.bro Normal file
View file

@ -0,0 +1,15 @@
# This tests the order in which the unrolling and field name
# renaming occurs.
# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: btest-diff conn.log
@load base/protocols/conn
redef Log::default_scope_sep = "*";
redef Log::default_field_name_map = {
["id*orig_h"] = "src",
["id*orig_p"] = "src_port",
["id*resp_h"] = "dst",
["id*resp_p"] = "dst_port",
};