dpd->analyzer.log change - rename files

To address review feedback in GH-4362: rename analyzer-failed-log.zeek
to loggig.zeek, analyzer-debug-log.zeek to debug-logging.zeek and
dpd-log.zeek to deprecated-dpd-log.zeek.

Includes respective test, NEWS, etc updates.

scripts/base/frameworks/analyzer/__load__.zeek

@@ -1,3 +1,3 @@
 @load ./main
 @load ./dpd
-@load ./analyzer-failed-log
+@load ./logging

scripts/base/frameworks/analyzer/logging.zeek

@@ -100,6 +100,8 @@ event analyzer_failed(ts: time, atype: AllAnalyzers::Tag, info: AnalyzerViolatio
 		return;
 
 	# log only for previously confirmed service that did not already log violation
+	# note that analyzers can fail repeatedly in some circumstances - e.g. when they
+	# are re-attached by the dynamic protocol detection due to later data.
 	local analyzer_name = Analyzer::name(atype);
 	if ( analyzer_name !in info$c$service || analyzer_name in info$c$service_violation )
 		return;

scripts/policy/frameworks/analyzer/debug-logging.zeek

@@ -1,4 +1,4 @@
-#! Logging analyzer confirmations and violations into analyzer-debug.log
+##! Logging analyzer confirmations and violations into analyzer-debug.log
 
 @load base/frameworks/config
 @load base/frameworks/logging
@@ -18,7 +18,7 @@ export {
 		## Timestamp of confirmation or violation.
 		ts:             time              &log;
 		## What caused this log entry to be produced. This can
-		## currently be "violation" or "confirmation".
+		## currently be "violation", "confirmation", or "disabled".
 		cause:          string            &log;
 		## The kind of analyzer involved. Currently "packet", "file"
 		## or "protocol".

scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek

@@ -1,8 +1,6 @@
 ##! Creates the now deprecated dpd.logfile.
 # Remove in v8.1
 
-@deprecated("dpd.log is deprecated; remove in 8.1")
-
 module DPD;
 
 export {
@@ -38,7 +36,7 @@ event zeek_init() &priority=5
 	Log::create_stream(DPD::LOG, [$columns=Info, $path="dpd", $policy=log_policy]);
 	}
 
-# Runs before the same event handler in base/frameworks/analyzer/dpd.zeek
+# before the same event in dpd.zeek
 event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo) &priority=15
 	{
 	if ( ! is_protocol_analyzer(atype) && ! is_packet_analyzer(atype) )

scripts/policy/frameworks/dpd/packet-segment-logging.zeek

@@ -6,7 +6,7 @@
 ##! A caveat to logging packet data is that in some cases, the packet may
 ##! not be the packet that actually caused the protocol violation.
 
-@load frameworks/analyzer/dpd-log
+@load frameworks/analyzer/deprecated-dpd-log
 
 module DPD;
 

scripts/test-all-policy.zeek

@@ -9,8 +9,8 @@
 
 # The base/ scripts are all loaded by default and not included here.
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
-# @load frameworks/analyzer/dpd-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
+# @load frameworks/analyzer/deprecated-dpd-log.zeek
 @load frameworks/analyzer/packet-segment-logging.zeek
 # @load frameworks/control/controllee.zeek
 # @load frameworks/control/controller.zeek

scripts/zeekygen/__load__.zeek

@@ -1,7 +1,7 @@
 @load test-all-policy.zeek
 
 # Scripts which are commented out in test-all-policy.zeek.
-@load frameworks/analyzer/dpd-log.zeek
+@load frameworks/analyzer/deprecated-dpd-log.zeek
 @load protocols/ssl/decryption.zeek
 @ifdef ( Cluster::CLUSTER_BACKEND_ZEROMQ )
 @load frameworks/cluster/backend/zeromq/connect.zeek