Merge remote branch 'origin/topic/robin/logging-internals'

Includes some additional cleanup.

testing/btest/Baseline/language.rec-nested-opt/output

@@ -0,0 +1,3 @@
+{
+[Wget/1.9+cvs-stable (Red Hat modified)] = [name=Wget, version=[major=1, minor=9, addl=+cvs], host=0.0.0.0, ts=0.0]
+}

testing/btest/Baseline/language.rec-table-default/output

@@ -0,0 +1,14 @@
+{
+[foo] = T
+}
+{
+
+}
+{
+B,
+A,
+C
+}
+{
+
+}

testing/btest/Baseline/language.record-extension/output

@@ -0,0 +1,2 @@
+[a=21, b=<uninitialized>, c=42, d=<uninitialized>]
+[a=21, b=<uninitialized>, c=42, d=XXX]

testing/btest/Baseline/language.record-ref-assign/output

@@ -0,0 +1 @@
+XXX, XXX

testing/btest/Baseline/language.vector-coerce-expr/output

@@ -0,0 +1,4 @@
+[]
+[1, 2, 3]
+[T, F, T]
+[]

testing/btest/Baseline/language.wrong-record-extension/output

@@ -0,0 +1 @@
+ error, extension field must be &optional or have &default

testing/btest/Baseline/logging.adapt-filter/ssh-new-default.log

@@ -0,0 +1,3 @@
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718503.40319	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1299718503.40319	1.2.3.4	1234	2.3.4.5	80	failure	US

testing/btest/Baseline/logging.ascii-empty/output

@@ -0,0 +1,6 @@
+PREFIX<>t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b
+1299718506.56593|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET
+1299718506.56593|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET
+1299718506.56593|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET
+1299718506.56593|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET
+1299718506.56593|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T

testing/btest/Baseline/logging.ascii-options/output

@@ -0,0 +1,5 @@
+1299718506.38074|1.2.3.4|1234|2.3.4.5|80|success|unknown
+1299718506.38074|1.2.3.4|1234|2.3.4.5|80|failure|US
+1299718506.38074|1.2.3.4|1234|2.3.4.5|80|failure|UK
+1299718506.38074|1.2.3.4|1234|2.3.4.5|80|success|BR
+1299718506.38074|1.2.3.4|1234|2.3.4.5|80|failure|MX

testing/btest/Baseline/logging.attr-extend/ssh.log

@@ -0,0 +1,2 @@
+# status	country	a1	b1	b2
+success	unknown	1	3	4

testing/btest/Baseline/logging.attr/ssh.log

@@ -0,0 +1,6 @@
+# status	country
+success	unknown
+failure	US
+failure	UK
+success	BR
+failure	MX

testing/btest/Baseline/logging.empty-event/ssh.log

@@ -0,0 +1,6 @@
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299809561.67372	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1299809561.67372	1.2.3.4	1234	2.3.4.5	80	failure	US
+1299809561.67372	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1299809561.67372	1.2.3.4	1234	2.3.4.5	80	success	BR
+1299809561.67372	1.2.3.4	1234	2.3.4.5	80	failure	MX

testing/btest/Baseline/logging.events/output

@@ -0,0 +1,2 @@
+[t=1299718502.96511, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=success, country=<uninitialized>]
+[t=1299718502.96511, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=failure, country=US]

testing/btest/Baseline/logging.exclude/ssh.log

@@ -0,0 +1,6 @@
+# id.orig_p	id.resp_h	id.resp_p	status	country
+1234	2.3.4.5	80	success	unknown
+1234	2.3.4.5	80	failure	US
+1234	2.3.4.5	80	failure	UK
+1234	2.3.4.5	80	success	BR
+1234	2.3.4.5	80	failure	MX

testing/btest/Baseline/logging.file/ssh.log

@@ -0,0 +1,2 @@
+# t	f
+1303098703.62603	Foo.log

testing/btest/Baseline/logging.include/ssh.log

@@ -0,0 +1,6 @@
+# t	id.orig_h
+1303064007.48299	1.2.3.4
+1303064007.48299	1.2.3.4
+1303064007.48299	1.2.3.4
+1303064007.48299	1.2.3.4
+1303064007.48299	1.2.3.4

testing/btest/Baseline/logging.path-func/output

@@ -0,0 +1,13 @@
+static-prefix-0.log
+static-prefix-1.log
+static-prefix-2.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718503.05867	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1299718503.05867	1.2.3.4	1234	2.3.4.5	80	success	BR
+1299718503.05867	1.2.3.4	1234	2.3.4.5	80	failure	MX3
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718503.05867	1.2.3.4	1234	2.3.4.5	80	failure	US
+1299718503.05867	1.2.3.4	1234	2.3.4.5	80	failure	MX
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718503.05867	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1299718503.05867	1.2.3.4	1234	2.3.4.5	80	failure	MX2

testing/btest/Baseline/logging.pred/ssh.failure.log

@@ -0,0 +1,2 @@
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718503.16177	1.2.3.4	1234	2.3.4.5	80	failure	US

testing/btest/Baseline/logging.pred/ssh.success.log

@@ -0,0 +1,2 @@
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718503.16177	1.2.3.4	1234	2.3.4.5	80	success	-

testing/btest/Baseline/logging.remote-types/receiver.ssh.log

@@ -0,0 +1,2 @@
+# b	i	e	c	p	sn	n	a	d	t	iv	s	sc	ss	se	vc	ve
+T	-42	SSH::SSH	21	123	10.0.0.0/24	10.0.0.0	1.2.3.4	3.14	1301360085.98852	100.0	hurz	4,1,3,2	CC,BB,AA	EMPTY	10,20,30	EMPTY

testing/btest/Baseline/logging.remote/sender.ssh.failure.log

@@ -0,0 +1,4 @@
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718503.72819	1.2.3.4	1234	2.3.4.5	80	failure	US
+1299718503.72819	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1299718503.72819	1.2.3.4	1234	2.3.4.5	80	failure	MX

testing/btest/Baseline/logging.remote/sender.ssh.log

@@ -0,0 +1,6 @@
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718503.72819	1.2.3.4	1234	2.3.4.5	80	success	-
+1299718503.72819	1.2.3.4	1234	2.3.4.5	80	failure	US
+1299718503.72819	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1299718503.72819	1.2.3.4	1234	2.3.4.5	80	success	BR
+1299718503.72819	1.2.3.4	1234	2.3.4.5	80	failure	MX

testing/btest/Baseline/logging.remote/sender.ssh.success.log

@@ -0,0 +1,3 @@
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718503.72819	1.2.3.4	1234	2.3.4.5	80	success	-
+1299718503.72819	1.2.3.4	1234	2.3.4.5	80	success	BR

testing/btest/Baseline/logging.remove/ssh.failure.log

@@ -0,0 +1,3 @@
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718503.28253	1.2.3.4	1234	2.3.4.5	80	failure	US
+1299718503.28253	1.2.3.4	1234	2.3.4.5	80	failure	UK

testing/btest/Baseline/logging.remove/ssh.log

@@ -0,0 +1,4 @@
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718503.28253	1.2.3.4	1234	2.3.4.5	80	failure	US
+1299718503.28253	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1299718503.28253	1.2.3.4	1234	2.3.4.5	80	failure	BR

testing/btest/Baseline/logging.rotate-custom/out

@@ -0,0 +1,134 @@
+2nd test2-11-03-06_19.00.05.log test2.log 11-03-06_19.00.05 11-03-06_19.59.55 0
+1st test-11-03-06_19.00.05.log test.log 11-03-06_19.00.05 11-03-06_20.00.05 0
+2nd test2-11-03-06_19.59.55.log test2.log 11-03-06_19.59.55 11-03-06_20.00.05 0
+2nd test2-11-03-06_20.00.05.log test2.log 11-03-06_20.00.05 11-03-06_20.59.55 0
+1st test-11-03-06_20.00.05.log test.log 11-03-06_20.00.05 11-03-06_21.00.05 0
+2nd test2-11-03-06_20.59.55.log test2.log 11-03-06_20.59.55 11-03-06_21.00.05 0
+2nd test2-11-03-06_21.00.05.log test2.log 11-03-06_21.00.05 11-03-06_21.59.55 0
+1st test-11-03-06_21.00.05.log test.log 11-03-06_21.00.05 11-03-06_22.00.05 0
+2nd test2-11-03-06_21.59.55.log test2.log 11-03-06_21.59.55 11-03-06_22.00.05 0
+2nd test2-11-03-06_22.00.05.log test2.log 11-03-06_22.00.05 11-03-06_22.59.55 0
+1st test-11-03-06_22.00.05.log test.log 11-03-06_22.00.05 11-03-06_23.00.05 0
+2nd test2-11-03-06_22.59.55.log test2.log 11-03-06_22.59.55 11-03-06_23.00.05 0
+2nd test2-11-03-06_23.00.05.log test2.log 11-03-06_23.00.05 11-03-06_23.59.55 0
+1st test-11-03-06_23.00.05.log test.log 11-03-06_23.00.05 11-03-07_00.00.05 0
+2nd test2-11-03-06_23.59.55.log test2.log 11-03-06_23.59.55 11-03-07_00.00.05 0
+2nd test2-11-03-07_00.00.05.log test2.log 11-03-07_00.00.05 11-03-07_00.59.55 0
+1st test-11-03-07_00.00.05.log test.log 11-03-07_00.00.05 11-03-07_01.00.05 0
+2nd test2-11-03-07_00.59.55.log test2.log 11-03-07_00.59.55 11-03-07_01.00.05 0
+2nd test2-11-03-07_01.00.05.log test2.log 11-03-07_01.00.05 11-03-07_01.59.55 0
+1st test-11-03-07_01.00.05.log test.log 11-03-07_01.00.05 11-03-07_02.00.05 0
+2nd test2-11-03-07_01.59.55.log test2.log 11-03-07_01.59.55 11-03-07_02.00.05 0
+2nd test2-11-03-07_02.00.05.log test2.log 11-03-07_02.00.05 11-03-07_02.59.55 0
+1st test-11-03-07_02.00.05.log test.log 11-03-07_02.00.05 11-03-07_03.00.05 0
+2nd test2-11-03-07_02.59.55.log test2.log 11-03-07_02.59.55 11-03-07_03.00.05 0
+2nd test2-11-03-07_03.00.05.log test2.log 11-03-07_03.00.05 11-03-07_03.59.55 0
+1st test-11-03-07_03.00.05.log test.log 11-03-07_03.00.05 11-03-07_04.00.05 0
+2nd test2-11-03-07_03.59.55.log test2.log 11-03-07_03.59.55 11-03-07_04.00.05 0
+2nd test2-11-03-07_04.00.05.log test2.log 11-03-07_04.00.05 11-03-07_04.59.55 0
+1st test-11-03-07_04.00.05.log test.log 11-03-07_04.00.05 11-03-07_04.59.55 1
+2nd test2-11-03-07_04.59.55.log test2.log 11-03-07_04.59.55 11-03-07_04.59.55 1
+> test-11-03-06_19.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299466805.0	10.0.0.1	20	10.0.0.2	1024
+1299470395.0	10.0.0.2	20	10.0.0.3	0
+> test-11-03-06_20.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299470405.0	10.0.0.1	20	10.0.0.2	1025
+1299473995.0	10.0.0.2	20	10.0.0.3	1
+> test-11-03-06_21.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299474005.0	10.0.0.1	20	10.0.0.2	1026
+1299477595.0	10.0.0.2	20	10.0.0.3	2
+> test-11-03-06_22.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299477605.0	10.0.0.1	20	10.0.0.2	1027
+1299481195.0	10.0.0.2	20	10.0.0.3	3
+> test-11-03-06_23.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299481205.0	10.0.0.1	20	10.0.0.2	1028
+1299484795.0	10.0.0.2	20	10.0.0.3	4
+> test-11-03-07_00.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299484805.0	10.0.0.1	20	10.0.0.2	1029
+1299488395.0	10.0.0.2	20	10.0.0.3	5
+> test-11-03-07_01.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299488405.0	10.0.0.1	20	10.0.0.2	1030
+1299491995.0	10.0.0.2	20	10.0.0.3	6
+> test-11-03-07_02.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299492005.0	10.0.0.1	20	10.0.0.2	1031
+1299495595.0	10.0.0.2	20	10.0.0.3	7
+> test-11-03-07_03.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299495605.0	10.0.0.1	20	10.0.0.2	1032
+1299499195.0	10.0.0.2	20	10.0.0.3	8
+> test-11-03-07_04.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299499205.0	10.0.0.1	20	10.0.0.2	1033
+1299502795.0	10.0.0.2	20	10.0.0.3	9
+> test2-11-03-06_19.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299466805.0	10.0.0.1	20	10.0.0.2	1024
+> test2-11-03-06_19.59.55.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299470395.0	10.0.0.2	20	10.0.0.3	0
+> test2-11-03-06_20.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299470405.0	10.0.0.1	20	10.0.0.2	1025
+> test2-11-03-06_20.59.55.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299473995.0	10.0.0.2	20	10.0.0.3	1
+> test2-11-03-06_21.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299474005.0	10.0.0.1	20	10.0.0.2	1026
+> test2-11-03-06_21.59.55.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299477595.0	10.0.0.2	20	10.0.0.3	2
+> test2-11-03-06_22.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299477605.0	10.0.0.1	20	10.0.0.2	1027
+> test2-11-03-06_22.59.55.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299481195.0	10.0.0.2	20	10.0.0.3	3
+> test2-11-03-06_23.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299481205.0	10.0.0.1	20	10.0.0.2	1028
+> test2-11-03-06_23.59.55.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299484795.0	10.0.0.2	20	10.0.0.3	4
+> test2-11-03-07_00.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299484805.0	10.0.0.1	20	10.0.0.2	1029
+> test2-11-03-07_00.59.55.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299488395.0	10.0.0.2	20	10.0.0.3	5
+> test2-11-03-07_01.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299488405.0	10.0.0.1	20	10.0.0.2	1030
+> test2-11-03-07_01.59.55.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299491995.0	10.0.0.2	20	10.0.0.3	6
+> test2-11-03-07_02.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299492005.0	10.0.0.1	20	10.0.0.2	1031
+> test2-11-03-07_02.59.55.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299495595.0	10.0.0.2	20	10.0.0.3	7
+> test2-11-03-07_03.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299495605.0	10.0.0.1	20	10.0.0.2	1032
+> test2-11-03-07_03.59.55.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299499195.0	10.0.0.2	20	10.0.0.3	8
+> test2-11-03-07_04.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299499205.0	10.0.0.1	20	10.0.0.2	1033
+> test2-11-03-07_04.59.55.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299502795.0	10.0.0.2	20	10.0.0.3	9
+> test2.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+> test.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p

testing/btest/Baseline/logging.rotate/out

@@ -0,0 +1,50 @@
+test-11-03-06_19.00.05.log test.log 11-03-06_19.00.05 11-03-06_20.00.05 0
+test-11-03-06_20.00.05.log test.log 11-03-06_20.00.05 11-03-06_21.00.05 0
+test-11-03-06_21.00.05.log test.log 11-03-06_21.00.05 11-03-06_22.00.05 0
+test-11-03-06_22.00.05.log test.log 11-03-06_22.00.05 11-03-06_23.00.05 0
+test-11-03-06_23.00.05.log test.log 11-03-06_23.00.05 11-03-07_00.00.05 0
+test-11-03-07_00.00.05.log test.log 11-03-07_00.00.05 11-03-07_01.00.05 0
+test-11-03-07_01.00.05.log test.log 11-03-07_01.00.05 11-03-07_02.00.05 0
+test-11-03-07_02.00.05.log test.log 11-03-07_02.00.05 11-03-07_03.00.05 0
+test-11-03-07_03.00.05.log test.log 11-03-07_03.00.05 11-03-07_04.00.05 0
+test-11-03-07_04.00.05.log test.log 11-03-07_04.00.05 11-03-07_04.59.55 1
+> test-11-03-06_19.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299466805.0	10.0.0.1	20	10.0.0.2	1024
+1299470395.0	10.0.0.2	20	10.0.0.3	0
+> test-11-03-06_20.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299470405.0	10.0.0.1	20	10.0.0.2	1025
+1299473995.0	10.0.0.2	20	10.0.0.3	1
+> test-11-03-06_21.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299474005.0	10.0.0.1	20	10.0.0.2	1026
+1299477595.0	10.0.0.2	20	10.0.0.3	2
+> test-11-03-06_22.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299477605.0	10.0.0.1	20	10.0.0.2	1027
+1299481195.0	10.0.0.2	20	10.0.0.3	3
+> test-11-03-06_23.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299481205.0	10.0.0.1	20	10.0.0.2	1028
+1299484795.0	10.0.0.2	20	10.0.0.3	4
+> test-11-03-07_00.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299484805.0	10.0.0.1	20	10.0.0.2	1029
+1299488395.0	10.0.0.2	20	10.0.0.3	5
+> test-11-03-07_01.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299488405.0	10.0.0.1	20	10.0.0.2	1030
+1299491995.0	10.0.0.2	20	10.0.0.3	6
+> test-11-03-07_02.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299492005.0	10.0.0.1	20	10.0.0.2	1031
+1299495595.0	10.0.0.2	20	10.0.0.3	7
+> test-11-03-07_03.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299495605.0	10.0.0.1	20	10.0.0.2	1032
+1299499195.0	10.0.0.2	20	10.0.0.3	8
+> test-11-03-07_04.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+1299499205.0	10.0.0.1	20	10.0.0.2	1033
+1299502795.0	10.0.0.2	20	10.0.0.3	9

testing/btest/Baseline/logging.stdout/output

@@ -0,0 +1,6 @@
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718506.28824	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1299718506.28824	1.2.3.4	1234	2.3.4.5	80	failure	US
+1299718506.28824	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1299718506.28824	1.2.3.4	1234	2.3.4.5	80	success	BR
+1299718506.28824	1.2.3.4	1234	2.3.4.5	80	failure	MX

testing/btest/Baseline/logging.test-logging/ssh.log

@@ -0,0 +1,6 @@
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
+1299718506.1313	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1299718506.1313	1.2.3.4	1234	2.3.4.5	80	failure	US
+1299718506.1313	1.2.3.4	1234	2.3.4.5	80	failure	UK
+1299718506.1313	1.2.3.4	1234	2.3.4.5	80	success	BR
+1299718506.1313	1.2.3.4	1234	2.3.4.5	80	failure	MX

testing/btest/Baseline/logging.types/ssh.log

@@ -0,0 +1,2 @@
+# b	i	e	c	p	sn	n	a	d	t	iv	s	sc	ss	se	vc	ve
+T	-42	SSH::SSH	21	123	10.0.0.0/24	10.0.0.0	1.2.3.4	3.14	1301359781.8203	100.0	hurz	4,1,3,2	CC,BB,AA	EMPTY	10,20,30	EMPTY

testing/btest/Baseline/logging.vec/ssh.log

@@ -0,0 +1,2 @@
+# vec
+-,2,-,-,5

testing/btest/btest.cfg

@@ -1,10 +1,9 @@
-
 [btest]
-TestDirs    = doc bifs
+TestDirs    = doc bifs logging language
 TmpDir      = %(testbase)s/.tmp
 BaselineDir = %(testbase)s/Baseline
 IgnoreDirs  = .svn CVS .tmp
-IgnoreFiles = *.tmp *.swp #*
+IgnoreFiles = *.tmp *.swp #* *.trace
 
 [environment]
 BROPATH=`bash -c %(testbase)s/../../build/bro-path-dev`

testing/btest/language/rec-nested-opt.bro

@@ -0,0 +1,25 @@
+
+# @TEST-EXEC: bro %INPUT >output 2>&1
+# @TEST-EXEC: btest-diff output
+
+type Version: record {
+        major:  count &optional;    ##< Major version number
+        minor:  count &optional;    ##< Minor version number
+        addl:   string &optional;  ##< Additional version string (e.g. "beta42")
+} &log;
+
+type Info: record {
+	name: string;
+	version: Version;
+	host: addr;
+	ts: time;
+};
+
+
+# Important thing to note here is that $minor2 is not include in the $version field.
+global matched_software: table[string] of Info = {
+        ["Wget/1.9+cvs-stable (Red Hat modified)"] =
+                [$name="Wget", $version=[$major=1,$minor=9,$addl="+cvs"], $host=0.0.0.0, $ts=network_time()],
+};
+
+print matched_software;

testing/btest/language/rec-table-default.bro

@@ -0,0 +1,19 @@
+
+# @TEST-EXEC: bro %INPUT >output 2>&1
+# @TEST-EXEC: btest-diff output
+
+type X: record {
+     a: table[string] of bool &default=table( ["foo"] = T );
+     b: table[string] of bool &default=table();
+     c: set[string] &default=set("A", "B", "C");
+     d: set[string] &default=set();
+};
+
+global x: X;
+global y: table[string] of bool &default=T;
+
+print x$a;
+print x$b;
+print x$c;
+print x$d;
+

testing/btest/language/record-extension.bro

@@ -0,0 +1,19 @@
+# @TEST-EXEC: bro %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+type Foo: record {
+        a: count;
+        b: count &optional;
+};
+
+redef record Foo += {
+        c: count &default=42;
+        d: count &optional;
+};
+
+global f1: Foo = [$a=21];
+global f2: Foo = [$a=21, $d="XXX"];
+
+print f1;
+print f2;
+

testing/btest/language/record-ref-assign.bro

@@ -0,0 +1,12 @@
+# @TEST-EXEC: bro %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+type State: record {
+	host: string &default="NOT SET";
+};
+
+global session: State;
+global s: State;
+s = session;
+s$host = "XXX";
+print s$host, session$host;

testing/btest/language/vector-coerce-expr.bro

@@ -0,0 +1,20 @@
+# @TEST-EXEC: bro %INPUT >output 2>&1
+# @TEST-EXEC: btest-diff output
+
+type X: record {
+     a: vector of bool &default=vector(T, F, T);
+     b: vector of bool &default=vector();
+};
+
+global x: X;
+
+global a: vector of count;
+
+a = vector();
+print a;
+
+a = vector(1,2,3);
+print a;
+
+print x$a;
+print x$b;

testing/btest/language/wrong-record-extension.bro

@@ -0,0 +1,14 @@
+# @TEST-EXEC-FAIL: bro %INPUT  >output.tmp 2>&1 
+# @TEST-EXEC: sed 's#^.*:##g' <output.tmp >output
+# @TEST-EXEC: btest-diff output
+
+type Foo: record {
+        a: count;
+        b: count &optional;
+};
+
+redef record Foo += {
+        c: count;
+        d: string &optional;
+};
+

testing/btest/logging/adapt-filter.bro

@@ -0,0 +1,35 @@
+
+# @TEST-EXEC: bro %INPUT 
+# @TEST-EXEC: btest-diff ssh-new-default.log
+# @TEST-EXEC: test '!' -e ssh.log
+
+module SSH;
+
+@load logging
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { SSH };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+	local filter = Log::get_filter(SSH, "default");
+	filter$path= "ssh-new-default";
+	Log::add_filter(SSH, filter);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+}

testing/btest/logging/ascii-empty.bro

@@ -0,0 +1,38 @@
+#
+# @TEST-EXEC: bro %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+redef LogAscii::output_to_stdout = T;
+redef LogAscii::separator = "|";
+redef LogAscii::empty_field = "EMPTY";
+redef LogAscii::unset_field = "NOT-SET";
+redef LogAscii::header_prefix = "PREFIX<>";
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+		b: bool &optional;
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $b=T, $status="failure", $country=""]);
+	
+}
+

testing/btest/logging/ascii-escape.bro

@@ -0,0 +1,32 @@
+#
+# @TEST-EXEC: bro %INPUT 
+# @TEST-EXEC: btest-diff ssh.log
+
+redef LogAscii::separator = "||";
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="fa||ure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="su||ess", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);	
+}
+

testing/btest/logging/ascii-options.bro

@@ -0,0 +1,35 @@
+#
+# @TEST-EXEC: bro %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+redef LogAscii::output_to_stdout = T;
+redef LogAscii::separator = "|";
+redef LogAscii::include_header = F;
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	
+}
+

testing/btest/logging/attr-extend.bro

@@ -0,0 +1,37 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id;
+		status: string &optional &log;
+		country: string &default="unknown" &log;
+	};
+}
+
+redef record Log += {
+	a1: count &log &optional;
+	a2: count &optional;
+};
+
+redef record Log += {
+	b1: count &optional;
+	b2: count &optional;
+} &log;
+
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $a1=1, $a2=2, $b1=3, $b2=4]);
+}
+

testing/btest/logging/attr.bro

@@ -0,0 +1,31 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id;
+		status: string &optional &log;
+		country: string &default="unknown" &log;
+	};
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	
+}
+

testing/btest/logging/disable-stream.bro

@@ -0,0 +1,33 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: test '!' -e ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+	Log::disable_stream(SSH);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	
+}
+

testing/btest/logging/empty-event.bro

@@ -0,0 +1,33 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+global log_ssh: event(rec: Log);
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log, $ev=log_ssh]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	
+}
+

testing/btest/logging/events.bro

@@ -0,0 +1,39 @@
+
+# @TEST-EXEC: bro %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+module SSH;
+
+@load logging
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { SSH };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+global ssh_log: event(rec: Log);
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log, $ev=ssh_log]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+	local r: Log = [$t=network_time(), $id=cid, $status="success"];
+	Log::write(SSH, r);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	
+}
+
+event ssh_log(rec: Log)
+	{
+	print rec;
+	}

testing/btest/logging/exclude.bro

@@ -0,0 +1,34 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+	Log::remove_default_filter(SSH);
+	Log::add_filter(SSH, [$name="f1", $exclude=set("t", "id.orig_h")]);
+
+	local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	
+}
+

testing/btest/logging/file.bro

@@ -0,0 +1,23 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		f: file;
+	} &log;
+}
+
+const foo_log = open_log_file("Foo") &redef;
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+	Log::write(SSH, [$t=network_time(), $f=foo_log]);
+}
+

testing/btest/logging/include.bro

@@ -0,0 +1,34 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+	Log::remove_default_filter(SSH);
+	Log::add_filter(SSH, [$name="default", $include=set("t", "id.orig_h")]);
+
+	local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	
+}
+

testing/btest/logging/no-local.bro

@@ -0,0 +1,33 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: test '!' -e ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+redef Log::enable_local_logging = F;
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	
+}
+

testing/btest/logging/path-func.bro

@@ -0,0 +1,50 @@
+
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: ( ls static-*; cat static-* ) >output
+# @TEST-EXEC: btest-diff output
+
+module SSH;
+
+@load logging
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { SSH };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+global c = -1;
+
+function path_func(id: Log::ID, path: string) : string
+	{
+	c = (c + 1) % 3;
+
+	return fmt("%s-%d", path, c);
+	}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+	Log::remove_default_filter(SSH);
+
+	Log::add_filter(SSH, [$name="dyn", $path="static-prefix", $path_func=path_func]);
+
+	Log::set_buf(SSH, F);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX2"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX3"]);
+}

testing/btest/logging/pred.bro

@@ -0,0 +1,41 @@
+
+# @TEST-EXEC: bro %INPUT 
+# @TEST-EXEC: btest-diff ssh.success.log
+# @TEST-EXEC: btest-diff ssh.failure.log
+
+module SSH;
+
+@load logging
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { SSH };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+function fail(rec: Log): bool
+	{
+	return rec$status != "success";
+	}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+	Log::remove_default_filter(SSH);
+	Log::add_filter(SSH, [$name="f1", $path="ssh.success", $pred=function(rec: Log): bool { return rec$status == "success"; }]);
+	Log::add_filter(SSH, [$name="f2", $path="ssh.failure", $pred=fail]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+	local r: Log = [$t=network_time(), $id=cid, $status="success"];
+	Log::write(SSH, r);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	
+}

testing/btest/logging/remote-types.bro

@@ -0,0 +1,93 @@
+#
+# @TEST-EXEC: btest-bg-run sender bro --pseudo-realtime %INPUT ../sender.bro
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run receiver bro --pseudo-realtime %INPUT ../receiver.bro
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-wait -k 1
+# @TEST-EXEC: btest-diff receiver/ssh.log
+# @TEST-EXEC: cmp receiver/ssh.log sender/ssh.log
+
+# Remote version testing all types.
+
+# This is the common part loaded by both sender and receiver.
+
+redef LogAscii::empty_field = "EMPTY";
+
+module SSH;
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		b: bool;
+		i: int;
+		e: Log::ID;
+		c: count;
+		p: port;
+		sn: subnet;
+		n: net;
+		a: addr;
+		d: double;
+		t: time;
+		iv: interval;
+		s: string;
+		sc: set[count];
+		ss: set[string];
+		se: set[string];
+		vc: vector of count;
+		ve: vector of string;
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+}
+
+#####
+
+@TEST-START-FILE sender.bro
+
+module SSH;
+
+@load listen-clear
+
+event remote_connection_handshake_done(p: event_peer)
+	{
+	local empty_set: set[string];
+	local empty_vector: vector of string;
+
+	Log::write(SSH, [
+		$b=T,
+		$i=-42,
+		$e=SSH,
+		$c=21,
+		$p=123/tcp,
+		$sn=10.0.0.1/24,
+		$n=10.0.,
+		$a=1.2.3.4,
+		$d=3.14,
+		$t=network_time(),
+		$iv=100secs,
+		$s="hurz",
+		$sc=set(1,2,3,4),
+		$ss=set("AA", "BB", "CC"),
+		$se=empty_set,
+		$vc=vector(10, 20, 30),
+		$ve=empty_vector
+		]);
+	}
+@TEST-END-FILE
+
+@TEST-START-FILE receiver.bro
+
+#####
+
+@load remote
+
+redef Remote::destinations += {
+    ["foo"] = [$host = 127.0.0.1, $connect=T, $request_logs=T]
+};
+
+@TEST-END-FILE

testing/btest/logging/remote.bro

@@ -0,0 +1,77 @@
+#
+# @TEST-EXEC: btest-bg-run sender bro --pseudo-realtime %INPUT ../sender.bro
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run receiver bro --pseudo-realtime %INPUT ../receiver.bro
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-wait -k 1
+# @TEST-EXEC: btest-diff sender/ssh.log
+# @TEST-EXEC: btest-diff sender/ssh.failure.log
+# @TEST-EXEC: btest-diff sender/ssh.success.log
+# @TEST-EXEC: cmp receiver/ssh.log sender/ssh.log
+# @TEST-EXEC: cmp receiver/ssh.failure.log sender/ssh.failure.log
+# @TEST-EXEC: cmp receiver/ssh.success.log sender/ssh.success.log
+
+# This is the common part loaded by both sender and receiver.
+module SSH;
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { SSH };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+	Log::add_filter(SSH, [$name="f1", $path="ssh.success", $pred=function(rec: Log): bool { return rec$status == "success"; }]);
+}
+
+#####
+
+@TEST-START-FILE sender.bro
+
+module SSH;
+
+@load listen-clear
+
+function fail(rec: Log): bool
+	{
+	return rec$status != "success";
+	}
+
+event remote_connection_handshake_done(p: event_peer)
+	{
+	Log::add_filter(SSH, [$name="f2", $path="ssh.failure", $pred=fail]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	local r: Log = [$t=network_time(), $id=cid, $status="success"];
+
+	# Log something.
+	Log::write(SSH, r);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	}
+@TEST-END-FILE
+
+@TEST-START-FILE receiver.bro
+
+#####
+
+@load remote
+
+redef Remote::destinations += {
+    ["foo"] = [$host = 127.0.0.1, $connect=T, $request_logs=T]
+};
+
+@TEST-END-FILE

testing/btest/logging/remove.bro

@@ -0,0 +1,41 @@
+#
+# @TEST-EXEC: bro -B logging %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+# @TEST-EXEC: btest-diff ssh.failure.log
+
+module SSH;
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { SSH };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+	Log::add_filter(SSH, [$name="f1", $path="ssh.failure", $pred=function(rec: Log): bool { return rec$status == "failure"; }]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	# Log something.
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+
+	Log::remove_filter(SSH, "f1");
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="BR"]);
+
+	Log::remove_filter(SSH, "default");
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+
+	Log::remove_filter(SSH, "doesn-not-exist");
+}
+

testing/btest/logging/rotate-custom.bro

@@ -0,0 +1,37 @@
+#
+# @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT >out
+# @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done >>out
+# @TEST-EXEC: btest-diff out
+
+module Test;
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { Test };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+	} &log;
+}
+
+redef Log::default_rotation_interval = 1hr;
+redef Log::default_rotation_postprocessor = "echo 1st";
+
+redef Log::rotation_control += {
+	[Log::WRITER_ASCII, "test2"] = [$interv=30mins, $postprocessor="echo 2nd"]
+};
+
+event bro_init()
+{
+	Log::create_stream(Test, [$columns=Log]);
+	Log::add_filter(Test, [$name="2nd", $path="test2"]);
+
+}
+
+event new_connection(c: connection)
+	{
+	Log::write(Test, [$t=network_time(), $id=c$id]);
+	}

testing/btest/logging/rotate.bro

@@ -0,0 +1,31 @@
+#
+# @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT >out
+# @TEST-EXEC: for i in test-*.log; do printf '> %s\n' $i; cat $i; done >>out
+# @TEST-EXEC: btest-diff out
+
+module Test;
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { Test };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+	} &log;
+}
+
+redef Log::default_rotation_interval = 1hr;
+redef Log::default_rotation_postprocessor = "echo";
+
+event bro_init()
+{
+	Log::create_stream(Test, [$columns=Log]);
+}
+
+event new_connection(c: connection)
+	{
+	Log::write(Test, [$t=network_time(), $id=c$id]);
+	}

testing/btest/logging/stdout.bro

@@ -0,0 +1,36 @@
+#
+# @TEST-EXEC: bro %INPUT >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: test '!' -e ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+	local filter = Log::get_filter(SSH, "default");
+	filter$path= "/dev/stdout";
+	Log::add_filter(SSH, filter);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	
+}
+

testing/btest/logging/test-logging.bro

@@ -0,0 +1,31 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	
+}
+

testing/btest/logging/types.bro

@@ -0,0 +1,62 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+#
+# Testing all possible types.
+
+redef LogAscii::empty_field = "EMPTY";
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		b: bool;
+		i: int;
+		e: Log::ID;
+		c: count;
+		p: port;
+		sn: subnet;
+		n: net;
+		a: addr;
+		d: double;
+		t: time;
+		iv: interval;
+		s: string;
+		sc: set[count];
+		ss: set[string];
+		se: set[string];
+		vc: vector of count;
+		ve: vector of string;
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+	local empty_set: set[string];
+	local empty_vector: vector of string;
+
+	Log::write(SSH, [
+		$b=T,
+		$i=-42,
+		$e=SSH,
+		$c=21,
+		$p=123/tcp,
+		$sn=10.0.0.1/24,
+		$n=10.0.,
+		$a=1.2.3.4,
+		$d=3.14,
+		$t=network_time(),
+		$iv=100secs,
+		$s="hurz",
+		$sc=set(1,2,3,4),
+		$ss=set("AA", "BB", "CC"),
+		$se=empty_set,
+		$vc=vector(10, 20, 30),
+		$ve=empty_vector
+		]);
+}
+

testing/btest/logging/vec.bro

@@ -0,0 +1,27 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+        vec: vector of string &log;
+	};
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+    local v: vector of string;
+
+	v[2] = "2";
+	v[5] = "5";
+
+	Log::write(SSH, [$vec=v]);
+}
+
+