dpd->analyzer.log change - rename files

To address review feedback in GH-4362: rename analyzer-failed-log.zeek
to loggig.zeek, analyzer-debug-log.zeek to debug-logging.zeek and
dpd-log.zeek to deprecated-dpd-log.zeek.

Includes respective test, NEWS, etc updates.

scripts/base/frameworks/analyzer/__load__.zeek

@@ -1,3 +1,3 @@
 @load ./main
 @load ./dpd
-@load ./analyzer-failed-log
+@load ./logging

scripts/base/frameworks/analyzer/logging.zeek

@@ -100,6 +100,8 @@ event analyzer_failed(ts: time, atype: AllAnalyzers::Tag, info: AnalyzerViolatio
 		return;
 
 	# log only for previously confirmed service that did not already log violation
+	# note that analyzers can fail repeatedly in some circumstances - e.g. when they
+	# are re-attached by the dynamic protocol detection due to later data.
 	local analyzer_name = Analyzer::name(atype);
 	if ( analyzer_name !in info$c$service || analyzer_name in info$c$service_violation )
 		return;

scripts/policy/frameworks/analyzer/debug-logging.zeek

@@ -1,4 +1,4 @@
-#! Logging analyzer confirmations and violations into analyzer-debug.log
+##! Logging analyzer confirmations and violations into analyzer-debug.log
 
 @load base/frameworks/config
 @load base/frameworks/logging
@@ -18,7 +18,7 @@ export {
 		## Timestamp of confirmation or violation.
 		ts:             time              &log;
 		## What caused this log entry to be produced. This can
-		## currently be "violation" or "confirmation".
+		## currently be "violation", "confirmation", or "disabled".
 		cause:          string            &log;
 		## The kind of analyzer involved. Currently "packet", "file"
 		## or "protocol".

scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek

@@ -1,8 +1,6 @@
 ##! Creates the now deprecated dpd.logfile.
 # Remove in v8.1
 
-@deprecated("dpd.log is deprecated; remove in 8.1")
-
 module DPD;
 
 export {
@@ -38,7 +36,7 @@ event zeek_init() &priority=5
 	Log::create_stream(DPD::LOG, [$columns=Info, $path="dpd", $policy=log_policy]);
 	}
 
-# Runs before the same event handler in base/frameworks/analyzer/dpd.zeek
+# before the same event in dpd.zeek
 event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo) &priority=15
 	{
 	if ( ! is_protocol_analyzer(atype) && ! is_packet_analyzer(atype) )

scripts/policy/frameworks/dpd/packet-segment-logging.zeek

@@ -6,7 +6,7 @@
 ##! A caveat to logging packet data is that in some cases, the packet may
 ##! not be the packet that actually caused the protocol violation.
 
-@load frameworks/analyzer/dpd-log
+@load frameworks/analyzer/deprecated-dpd-log
 
 module DPD;
 

scripts/test-all-policy.zeek

@@ -9,8 +9,8 @@
 
 # The base/ scripts are all loaded by default and not included here.
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
-# @load frameworks/analyzer/dpd-log.zeek
+# @load frameworks/analyzer/deprecated-dpd-log.zeek
 @load frameworks/analyzer/packet-segment-logging.zeek
 # @load frameworks/control/controllee.zeek
 # @load frameworks/control/controller.zeek

scripts/zeekygen/__load__.zeek

@@ -1,7 +1,7 @@
 @load test-all-policy.zeek
 
 # Scripts which are commented out in test-all-policy.zeek.
-@load frameworks/analyzer/dpd-log.zeek
+@load frameworks/analyzer/deprecated-dpd-log.zeek
 @load protocols/ssl/decryption.zeek
 @ifdef ( Cluster::CLUSTER_BACKEND_ZEROMQ )
 @load frameworks/cluster/backend/zeromq/connect.zeek

testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log

@@ -146,7 +146,7 @@ scripts/base/init-frameworks-and-bifs.zeek
     scripts/base/frameworks/config/weird.zeek
   scripts/base/frameworks/analyzer/__load__.zeek
     scripts/base/frameworks/analyzer/dpd.zeek
-    scripts/base/frameworks/analyzer/analyzer-failed-log.zeek
+    scripts/base/frameworks/analyzer/logging.zeek
   scripts/base/frameworks/files/__load__.zeek
     scripts/base/frameworks/files/main.zeek
       scripts/base/utils/site.zeek

testing/btest/Baseline/coverage.bare-mode-errors/errors

@@ -1,8 +1,5 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ### NOTE: This file has been sorted with diff-sort.
 warning in <...>/detect-sqli.zeek, line 16: deprecated script loaded from command line arguments "Remove in v8.1: Switch to the improved detect-sql-injection script"
-warning in <...>/dpd-log.zeek, line 4: deprecated script loaded from <...>/__load__.zeek:4 ("dpd.log is deprecated; remove in 8.1")
-warning in <...>/dpd-log.zeek, line 4: deprecated script loaded from <...>/packet-segment-logging.zeek:9 ("dpd.log is deprecated; remove in 8.1")
-warning in <...>/dpd-log.zeek, line 4: deprecated script loaded from command line arguments ("dpd.log is deprecated; remove in 8.1")
 warning in <...>/packet-segment-logging.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:12 ("Please switch to frameworks<...>/packet-segment-logging, which logs to analyzer.log. Remove in 8.1")
 warning in <...>/packet-segment-logging.zeek, line 1: deprecated script loaded from command line arguments ("Please switch to frameworks<...>/packet-segment-logging, which logs to analyzer.log. Remove in 8.1")

testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log

@@ -146,7 +146,7 @@ scripts/base/init-frameworks-and-bifs.zeek
     scripts/base/frameworks/config/weird.zeek
   scripts/base/frameworks/analyzer/__load__.zeek
     scripts/base/frameworks/analyzer/dpd.zeek
-    scripts/base/frameworks/analyzer/analyzer-failed-log.zeek
+    scripts/base/frameworks/analyzer/logging.zeek
   scripts/base/frameworks/files/__load__.zeek
     scripts/base/frameworks/files/main.zeek
       scripts/base/utils/site.zeek

testing/btest/Baseline/plugins.hooks/output

@@ -441,7 +441,6 @@
 0.000000   MetaHookPost  LoadFile(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./addrs, <...>/addrs.zeek) -> -1
-0.000000   MetaHookPost  LoadFile(0, ./analyzer-failed-log, <...>/analyzer-failed-log.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./api, <...>/api.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./backpressure, <...>/backpressure.zeek) -> -1
@@ -464,6 +463,7 @@
 0.000000   MetaHookPost  LoadFile(0, ./input, <...>/input.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./input.bif.zeek, <...>/input.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./log, <...>/log.zeek) -> -1
+0.000000   MetaHookPost  LoadFile(0, ./logging, <...>/logging.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./logging.bif.zeek, <...>/logging.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./magic, <...>/magic) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./main, <...>/main.zeek) -> -1
@@ -755,7 +755,6 @@
 0.000000   MetaHookPost  LoadFileExtended(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./addrs, <...>/addrs.zeek) -> (-1, <no content>)
-0.000000   MetaHookPost  LoadFileExtended(0, ./analyzer-failed-log, <...>/analyzer-failed-log.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./api, <...>/api.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./backpressure, <...>/backpressure.zeek) -> (-1, <no content>)
@@ -778,6 +777,7 @@
 0.000000   MetaHookPost  LoadFileExtended(0, ./input, <...>/input.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./input.bif.zeek, <...>/input.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./log, <...>/log.zeek) -> (-1, <no content>)
+0.000000   MetaHookPost  LoadFileExtended(0, ./logging, <...>/logging.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./logging.bif.zeek, <...>/logging.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./magic, <...>/magic) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./main, <...>/main.zeek) -> (-1, <no content>)
@@ -1380,7 +1380,6 @@
 0.000000   MetaHookPre   LoadFile(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./addrs, <...>/addrs.zeek)
-0.000000   MetaHookPre   LoadFile(0, ./analyzer-failed-log, <...>/analyzer-failed-log.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./api, <...>/api.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./backpressure, <...>/backpressure.zeek)
@@ -1403,6 +1402,7 @@
 0.000000   MetaHookPre   LoadFile(0, ./input, <...>/input.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./input.bif.zeek, <...>/input.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./log, <...>/log.zeek)
+0.000000   MetaHookPre   LoadFile(0, ./logging, <...>/logging.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./logging.bif.zeek, <...>/logging.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./magic, <...>/magic)
 0.000000   MetaHookPre   LoadFile(0, ./main, <...>/main.zeek)
@@ -1694,7 +1694,6 @@
 0.000000   MetaHookPre   LoadFileExtended(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./addrs, <...>/addrs.zeek)
-0.000000   MetaHookPre   LoadFileExtended(0, ./analyzer-failed-log, <...>/analyzer-failed-log.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./api, <...>/api.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./backpressure, <...>/backpressure.zeek)
@@ -1717,6 +1716,7 @@
 0.000000   MetaHookPre   LoadFileExtended(0, ./input, <...>/input.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./input.bif.zeek, <...>/input.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./log, <...>/log.zeek)
+0.000000   MetaHookPre   LoadFileExtended(0, ./logging, <...>/logging.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./logging.bif.zeek, <...>/logging.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./magic, <...>/magic)
 0.000000   MetaHookPre   LoadFileExtended(0, ./main, <...>/main.zeek)
@@ -2318,7 +2318,6 @@
 0.000000 | HookLoadFile  ./Zeek_X509.types.bif.zeek <...>/Zeek_X509.types.bif.zeek
 0.000000 | HookLoadFile  ./Zeek_XMPP.events.bif.zeek <...>/Zeek_XMPP.events.bif.zeek
 0.000000 | HookLoadFile  ./addrs <...>/addrs.zeek
-0.000000 | HookLoadFile  ./analyzer-failed-log <...>/analyzer-failed-log.zeek
 0.000000 | HookLoadFile  ./analyzer.bif.zeek <...>/analyzer.bif.zeek
 0.000000 | HookLoadFile  ./api <...>/api.zeek
 0.000000 | HookLoadFile  ./archive <...>/archive.sig
@@ -2350,6 +2349,7 @@
 0.000000 | HookLoadFile  ./java <...>/java.sig
 0.000000 | HookLoadFile  ./libmagic <...>/libmagic.sig
 0.000000 | HookLoadFile  ./log <...>/log.zeek
+0.000000 | HookLoadFile  ./logging <...>/logging.zeek
 0.000000 | HookLoadFile  ./logging.bif.zeek <...>/logging.bif.zeek
 0.000000 | HookLoadFile  ./magic <...>/magic
 0.000000 | HookLoadFile  ./main <...>/main.zeek
@@ -2632,7 +2632,6 @@
 0.000000 | HookLoadFileExtended ./Zeek_X509.types.bif.zeek <...>/Zeek_X509.types.bif.zeek
 0.000000 | HookLoadFileExtended ./Zeek_XMPP.events.bif.zeek <...>/Zeek_XMPP.events.bif.zeek
 0.000000 | HookLoadFileExtended ./addrs <...>/addrs.zeek
-0.000000 | HookLoadFileExtended ./analyzer-failed-log <...>/analyzer-failed-log.zeek
 0.000000 | HookLoadFileExtended ./analyzer.bif.zeek <...>/analyzer.bif.zeek
 0.000000 | HookLoadFileExtended ./api <...>/api.zeek
 0.000000 | HookLoadFileExtended ./archive <...>/archive.sig
@@ -2664,6 +2663,7 @@
 0.000000 | HookLoadFileExtended ./java <...>/java.sig
 0.000000 | HookLoadFileExtended ./libmagic <...>/libmagic.sig
 0.000000 | HookLoadFileExtended ./log <...>/log.zeek
+0.000000 | HookLoadFileExtended ./logging <...>/logging.zeek
 0.000000 | HookLoadFileExtended ./logging.bif.zeek <...>/logging.bif.zeek
 0.000000 | HookLoadFileExtended ./magic <...>/magic
 0.000000 | HookLoadFileExtended ./main <...>/main.zeek

testing/btest/plugins/writer.zeek

@@ -6,5 +6,5 @@
 # @TEST-EXEC: ZEEK_PLUGIN_PATH=`pwd` zeek -r $TRACES/socks.trace Log::default_writer=Log::WRITER_FOO %INPUT | sort >>output
 # @TEST-EXEC: btest-diff output
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
 

testing/btest/scripts/base/protocols/dce-rpc/ntlm-empty-av-pair-seq.zeek

@@ -4,7 +4,7 @@
 # @TEST-EXEC: btest-diff ntlm.log
 # @TEST-EXEC: btest-diff analyzer_failed.log
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
 @load base/protocols/dce-rpc
 @load base/protocols/ntlm
 

testing/btest/scripts/base/protocols/modbus/modbus_and_non_modbus_on_port_502.test

@@ -31,4 +31,4 @@
 # The pcap has non Modbus traffic (i.e., DCERPC, HTTP, Magellan, NFS, RDP, TLS) on TCP port 502.
 # This traffic should not be labelled as Modbus in conn.log, and not generate any Modbus events.
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek

testing/btest/scripts/base/protocols/pop3/bad-list-retr-crafted.zeek

@@ -4,7 +4,7 @@
 # @TEST-EXEC: btest-diff weird.log
 # @TEST-EXEC: btest-diff analyzer_debug.log
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
 @load base/frameworks/notice/weird
 @load base/protocols/conn
 @load base/protocols/pop3

testing/btest/scripts/base/protocols/pop3/redis.zeek

@@ -5,7 +5,7 @@
 # @TEST-EXEC: btest-diff weird.log
 # @TEST-EXEC: btest-diff analyzer_debug.log
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
 @load base/frameworks/notice/weird
 @load base/protocols/conn
 @load base/protocols/pop3

testing/btest/scripts/base/protocols/postgresql/http-on-port-5432.zeek

@@ -9,6 +9,6 @@
 # @TEST-EXEC: TEST_DIFF_CANONIFIER="sed -r 's,(.*) \(/[^\)]+\),\1 (...),'" btest-diff analyzer.cut
 # @TEST-EXEC: test ! -f postgresql.log
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
 @load base/protocols/conn
 @load base/protocols/postgresql

testing/btest/scripts/base/protocols/postgresql/mysql-on-port-5432.zeek

@@ -9,6 +9,6 @@
 # @TEST-EXEC: TEST_DIFF_CANONIFIER="sed -r 's,(.*) \(/[^\)]+\),\1 (...),'" btest-diff analyzer.cut
 # @TEST-EXEC: test ! -f postgresql.log
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
 @load base/protocols/conn
 @load base/protocols/postgresql

testing/btest/scripts/base/protocols/quic/decrypt-crash.zeek

@@ -7,4 +7,4 @@
 # @TEST-EXEC: btest-diff conn.log.cut
 # @TEST-EXEC: TEST_DIFF_CANONIFIER='sed -E "s/\((.+)\.spicy:[0-9]+:[0-9]+(-[0-9]+:[0-9]+)?\)/(\1.spicy:<location>)/g" | $SCRIPTS/diff-remove-abspath' btest-diff analyzer_debug.log.cut
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek

testing/btest/scripts/base/protocols/quic/vector-max-size-crash.zeek

@@ -10,7 +10,7 @@
 
 # @TEST-EXEC: TEST_DIFF_CANONIFIER='sed -E "s/\((.+)\.spicy:[0-9]+:[0-9]+(-[0-9]+:[0-9]+)?\)/(\1.spicy:<location>)/g" | $SCRIPTS/diff-remove-abspath' btest-diff analyzer_debug.log.cut
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
 
 event QUIC::unhandled_version(c: connection, is_orig: bool, version: count, dcid: string, scid: string)
 	{

testing/btest/scripts/base/protocols/rdp/rdp-invalid-length.zeek

@@ -5,5 +5,5 @@
 # @TEST-EXEC: zeek -C -b -r $TRACES/rdp/rdp-invalid-length.pcap %INPUT
 # @TEST-EXEC: btest-diff analyzer_debug.log
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
 @load base/protocols/rdp

testing/btest/scripts/base/protocols/smb/smb1-OSS-fuzz-54883.test

@@ -3,7 +3,7 @@
 #@TEST-EXEC: ! test -f reporter.log
 
 @load base/protocols/smb
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
 
 # The traffic generated by OSS Fuzz is broken to the extreme, ensure
 # the analyzer isn't disabled so the original scripting issue triggers.

testing/btest/scripts/base/protocols/ssh/half-duplex-client.zeek

@@ -7,5 +7,5 @@
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff .stdout
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
 

testing/btest/scripts/base/protocols/ssh/half-duplex-server.zeek

@@ -7,4 +7,4 @@
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff .stdout
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek

testing/btest/scripts/base/protocols/ssh/http-port-22.test

@@ -6,5 +6,5 @@
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff analyzer_debug.log
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
 

testing/btest/scripts/policy/frameworks/analyzer/logging-debug.zeek

@@ -14,7 +14,7 @@
 @load base/protocols/dns
 @load base/protocols/socks
 
-@load frameworks/analyzer/analyzer-debug-log
+@load frameworks/analyzer/debug-logging
 
 # DCE RPC violations are ignored by default. Consider violations for this
 # test so that the analyzer will be disabled eventually.

testing/btest/spicy/decline_input.spicy

@@ -1,7 +1,7 @@
 # @TEST-REQUIRES: have-spicy
 #
 # @TEST-EXEC: spicyz -d -o foo.hlto foo.spicy foo.evt %INPUT
-# @TEST-EXEC: zeek -Cr ${TRACES}/udp-packet.pcap frameworks/analyzer/analyzer-debug-log.zeek Analyzer::DebugLogging::include_disabling=F Analyzer::DebugLogging::include_confirmations=F foo.hlto foo.zeek
+# @TEST-EXEC: zeek -Cr ${TRACES}/udp-packet.pcap frameworks/analyzer/debug-logging.zeek Analyzer::DebugLogging::include_disabling=F Analyzer::DebugLogging::include_confirmations=F foo.hlto foo.zeek
 # @TEST-EXEC: cat analyzer_debug.log | zeek-cut analyzer_name failure_reason failure_data > analyzer_debug.log2 && mv analyzer_debug.log2 analyzer_debug.log
 # @TEST-EXEC: btest-diff analyzer_debug.log
 #

testing/btest/spicy/ssh-banner.zeek

@@ -6,7 +6,7 @@
 # @TEST-EXEC: btest-diff weird.log
 # @TEST-EXEC: echo === violation >>output
 # Note: The following removes the payload data from the violation log, as that's a recent addition that breaks older version. Can remove later.
-# @TEST-EXEC: zeek frameworks/analyzer/analyzer-debug-log.zeek -r ${TRACES}/http/post.trace -s ./ssh.sig Zeek::Spicy ssh.hlto  ./extern.zeek %INPUT | sed 's/ \[POST.*//g' | sort >>output
+# @TEST-EXEC: zeek frameworks/analyzer/debug-logging.zeek -r ${TRACES}/http/post.trace -s ./ssh.sig Zeek::Spicy ssh.hlto  ./extern.zeek %INPUT | sed 's/ \[POST.*//g' | sort >>output
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=diff-remove-abspath btest-diff output
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=diff-canonifier-spicy btest-diff analyzer_debug.log
 # @TEST-EXEC: test '!' -f reporter.log

testing/btest/spicy/tcp-eod-behavior.zeek

@@ -47,7 +47,7 @@
 # @TEST-EXEC: test '!' -f analyzer_debug.log
 # @TEST-EXEC: btest-diff output-eod-no-fins
 
-@load frameworks/analyzer/analyzer-debug-log.zeek
+@load frameworks/analyzer/debug-logging.zeek
 redef Analyzer::DebugLogging::include_confirmations = F;
 redef Analyzer::DebugLogging::include_disabling = F;