Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Initial API for Intel framework is complete.

Browse source 
- More inline docs added.

- Removing some debugging code.

- New test for the intel framework data distribution mechanism.
This commit is contained in:
Seth Hall 2012-10-10 11:15:34 -04:00
parent 6538f70e2c
commit 21473b0557
6 changed files with 131 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

0
testing/btest/Baseline/scripts.base.frameworks.intel.read-file-dist-cluster/manager-1..stdout Normal file
View file

13
testing/btest/Baseline/scripts.base.frameworks.intel.read-file-dist-cluster/manager-1.intel.log Normal file
View file

@ -0,0 +1,13 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path intel
#open 2012-10-10-15-05-23
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.host seen.str seen.str_type seen.where sources
#types time string addr port addr port addr string enum enum table[string]
1349881523.548946 - - - - - 1.2.3.4 - - Intel::IN_A_TEST source1
1349881523.548946 - - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST source1
1349881524.567896 - - - - - 1.2.3.4 - - Intel::IN_A_TEST source1
1349881524.567896 - - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST source1
#close 2012-10-10-15-05-24

0
testing/btest/Baseline/scripts.base.frameworks.intel.read-file-dist-cluster/worker-1..stdout Normal file
View file

0
testing/btest/Baseline/scripts.base.frameworks.intel.read-file-dist-cluster/worker-2..stdout Normal file
View file