Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 03:28:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

spciy-redis: Bring Redis analyzer into Zeek proper

Browse source
This commit is contained in:
Evan Typanski 2025-03-19 13:50:11 -04:00
parent aef9fe11dc
commit 11777bd6d5
39 changed files with 293 additions and 279 deletions
Download patch file Download diff file Expand all files Collapse all files

14
testing/btest/scripts/base/protocols/redis/pipelined-with-commands.zeek
View file

@ -1,20 +1,22 @@
# @TEST-DOC: Test Zeek parsing "pipelined" data responses
# @TEST-REQUIRES: have-spicy
#
# @TEST-EXEC: zeek -Cr $TRACES/redis/pipeline-with-commands.pcap base/protocols/redis %INPUT >output
# @TEST-EXEC: zeek -b -Cr $TRACES/redis/pipeline-with-commands.pcap %INPUT >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: btest-diff redis.log
# Sometimes commands aren't serialized, like when pipelining. This still works! So we
# should handle this. This particular example has a few commands, amongst them a SET and
# a GET.
event Redis::set_command(c: connection, is_orig: bool,
command: Redis::SetCommand)
@load base/protocols/redis
event Redis::set_command(c: connection, command: Redis::SetCommand)
{
print fmt("SET: %s %s", command$key, command$value);
}
event Redis::get_command(c: connection, is_orig: bool,
command: Redis::GetCommand)
event Redis::get_command(c: connection, key: string)
{
print fmt("GET: %s", command);
print fmt("GET: %s", key);
}