Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Updating test baselines for new dictionary code due to changes in ordering of fields in the dictionary

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-02-28 16:06:36 -07:00
parent 10e4694f8e
commit 21872aef39
153 changed files with 1958 additions and 1962 deletions
Download patch file Download diff file Expand all files Collapse all files

16
testing/btest/Baseline/bifs.filter_subnet_table/output
View file

@ -1,16 +1,16 @@
{
10.2.0.2/31,
10.0.0.0/8,
10.2.0.0/16,
10.2.0.2/31
10.2.0.0/16
}
{
[10.2.0.2/31] = c,
[10.0.0.0/8] = a,
[10.2.0.0/16] = b
}
{
[10.0.0.0/8] = a,
[10.2.0.0/16] = b,
[10.2.0.2/31] = c
}
{
[10.3.0.0/16] = e,
[10.0.0.0/8] = a
[10.3.0.0/16] = e
}
{

2
testing/btest/Baseline/bifs.find_all/out
View file

@ -1,4 +1,4 @@
es
hi
es
-------------------
0

20
testing/btest/Baseline/bifs.matching_subnets/output
View file

@ -1,16 +1,16 @@
{
5.0.0.0/8,
7.2.0.0/32,
10.3.0.0/16,
2607:f8b0:4007:807::200e/128,
10.0.0.0/8,
2607:f8b0:4007:807::/64,
10.1.0.0/16,
5.2.0.0/32,
10.2.0.0/16,
2607:f8b0:4008:807::/64,
10.2.0.2/31,
5.5.0.0/25
10.2.0.0/16,
5.5.0.0/25,
10.1.0.0/16,
10.0.0.0/8,
7.2.0.0/32,
5.2.0.0/32,
2607:f8b0:4007:807::200e/128,
2607:f8b0:4007:807::/64,
5.0.0.0/8,
10.3.0.0/16
}
[10.2.0.2/31, 10.2.0.0/16, 10.0.0.0/8]
[2607:f8b0:4007:807::200e/128, 2607:f8b0:4007:807::/64]

4
testing/btest/Baseline/bifs.netbios-functions/out
View file

@ -1,7 +1,7 @@
\x01\x02__MSBROWSE__\x02
1
WORKGROUP
27
\x01\x02__MSBROWSE__\x02
1
MARTIN
3
ISATAP

42
testing/btest/Baseline/bifs.records_fields/out
View file

@ -1,32 +1,32 @@
[a=42, b=Foo, c=<uninitialized>, d=Bar, e=tt]
{
[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>],
[b] = [type_name=string, log=F, value=Foo, default_val=Foo],
[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
[e] = [type_name=any, log=F, value=tt, default_val=<uninitialized>],
[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>]
[e] = [type_name=any, log=F, value=tt, default_val=<uninitialized>]
}
F
{
[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
[a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>],
[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>]
}
{
[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
[a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>],
[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>]
}
{
[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>],
[b] = [type_name=string, log=F, value=Foo, default_val=Foo],
[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
[e] = [type_name=any, log=F, value=mystring, default_val=<uninitialized>],
[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>]
[e] = [type_name=any, log=F, value=mystring, default_val=<uninitialized>]
}
{
@ -35,23 +35,23 @@ F
[myfield] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>]
}
{
[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
[a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>],
[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>]
}
{
[a] = [type_name=count, log=F, value=<uninitialized>, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Foo],
[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
[e] = [type_name=any, log=F, value=<uninitialized>, default_val=<uninitialized>],
[a] = [type_name=count, log=F, value=<uninitialized>, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>]
[e] = [type_name=any, log=F, value=<uninitialized>, default_val=<uninitialized>]
}
{
[a] = [type_name=set[double], log=F, value=<uninitialized>, default_val=<uninitialized>],
[d] = [type_name=table[double,string] of table[string] of vector of string, log=F, value=<uninitialized>, default_val=<uninitialized>],
[b] = [type_name=set[double,string], log=F, value=<uninitialized>, default_val=<uninitialized>],
[c] = [type_name=set[double,record r], log=F, value=<uninitialized>, default_val=<uninitialized>],
[e] = [type_name=vector of vector of string, log=F, value=<uninitialized>, default_val=<uninitialized>],
[a] = [type_name=set[double], log=F, value=<uninitialized>, default_val=<uninitialized>],
[d] = [type_name=table[double,string] of table[string] of vector of string, log=F, value=<uninitialized>, default_val=<uninitialized>]
[e] = [type_name=vector of vector of string, log=F, value=<uninitialized>, default_val=<uninitialized>]
}

4
testing/btest/Baseline/broker.store.ops/master.out
View file

@ -4,8 +4,8 @@
[4], four, Broker::SUCCESS, [data=broker::data{{1, 2, 3}}]
[5], five, Broker::FAILURE, [data=<uninitialized>]
[6], {
y,
x
x,
y
}, Broker::SUCCESS, [data=broker::data{(1/tcp, 2/tcp, 3/tcp)}]
[7], two, Broker::SUCCESS, [data=broker::data{230}]
[8], three, Broker::SUCCESS, [data=broker::data{320}]

4
testing/btest/Baseline/broker.store.sqlite/out
View file

@ -8,6 +8,6 @@ three, Broker::SUCCESS, [data=broker::data{330}]
four, Broker::SUCCESS, [data=broker::data{{1, 2, 3}}]
five, Broker::FAILURE, [data=<uninitialized>]
{
y,
x
x,
y
}, Broker::SUCCESS, [data=broker::data{(1/tcp, 2/tcp, 3/tcp)}]

8
testing/btest/Baseline/broker.store.type-conversion/master.out
View file

@ -33,13 +33,13 @@ hello
Broker::BOOL
{
two,
one,
three
three,
one
}
{
[two] = 2,
[one] = 1,
[three] = 3
[three] = 3,
[one] = 1
}
[zero, one, two]
[s=abc]

4
testing/btest/Baseline/core.fake_dns/out
View file

@ -1,7 +1,7 @@
{
7a5f:b783:9808:380e:b1a2:ce20:b58e:2a4a,
51f3:f001:5b82:e802:c401:6750:7b95:89bb,
4cc7:de52:d869:b2f9:f215:19b8:c828:3bdd
4cc7:de52:d869:b2f9:f215:19b8:c828:3bdd,
7a5f:b783:9808:380e:b1a2:ce20:b58e:2a4a
}
lookup_hostname_txt, fake_text_lookup_result_bro.wp.dg.cx
lookup_hostname, {

6
testing/btest/Baseline/core.tunnels.gtp.inner_teredo/conn.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2019-07-31-18-53-23
#open 2020-07-06-17-36-08
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458850.032887 C3eiCBGOLw3VtHfOj 10.131.42.160 62069 94.245.121.253 3544 udp teredo - - - SHR - - 0 ^d 0 0 1 84 C4J4Th3PJpwUYZZ6gc
@ -22,5 +22,5 @@
1333458850.029781 CmES5u32sYpV7JYN 190.104.181.254 2152 190.104.181.62 2152 udp gtpv1 0.000002 192 0 S0 - - 0 D 2 248 0 0 -
1333458850.035456 CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 - - 0 D 2 250 0 0 -
1333458850.016620 CUM0KZ3MLUfNB0cl11 2001:0:5ef5:79fb:38b8:1695:2b37:be8e 128 2002:2571:c817::2571:c817 129 icmp - - - - OTH - - 0 - 1 52 0 0 CtPZjS20MLrsMUOJi2
1333458850.035456 CFLRIC3zaTU1loLGxh fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH - - 0 - 2 96 0 0 C9rXSW3KSpTYvPrlI1,C0LAHyvtKSQHyJxIl
#close 2019-07-31-18-53-23
1333458850.035456 CFLRIC3zaTU1loLGxh fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH - - 0 - 2 96 0 0 C0LAHyvtKSQHyJxIl,C9rXSW3KSpTYvPrlI1
#close 2020-07-06-17-36-08

4
testing/btest/Baseline/core.tunnels.gtp.inner_teredo/tunnel.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path tunnel
#open 2019-07-31-18-53-23
#open 2020-07-06-17-36-08
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
#types time string addr port addr port enum enum
1333458850.014199 CHhAvVGS1DHFjwGM9 174.94.190.213 2152 190.104.181.57 2152 Tunnel::GTPv1 Tunnel::DISCOVER
@ -24,4 +24,4 @@
1333458850.043796 Ck51lg1bScffFj34Ri 190.104.181.57 2152 190.104.181.222 2152 Tunnel::GTPv1 Tunnel::CLOSE
1333458850.043796 CmES5u32sYpV7JYN 190.104.181.254 2152 190.104.181.62 2152 Tunnel::GTPv1 Tunnel::CLOSE
1333458850.043796 CwjjYJ2WqgTbAqiHl6 190.104.181.210 2152 190.104.181.125 2152 Tunnel::GTPv1 Tunnel::CLOSE
#close 2019-07-31-18-53-23
#close 2020-07-06-17-36-08

6
testing/btest/Baseline/core.tunnels.teredo/conn.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2020-04-30-00-45-53
#open 2020-07-06-17-36-15
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1210953047.736921 ClEkJM2Vm5giqnMf4h 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - - 0 ^fA 1 40 1 40 -
@ -24,7 +24,7 @@
1210953052.324629 CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 -
1210953060.829233 Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - - 0 Dd 12 2695 13 11607 -
1210953046.591933 CHhAvVGS1DHFjwGM9 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - - 0 D 2 472 0 0 -
1210953060.829303 C9mvWx3ezztgzcexV7 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - - 0 - 1 52 1 52 CtPZjS20MLrsMUOJi2,Ck51lg1bScffFj34Ri
1210953060.829303 C9mvWx3ezztgzcexV7 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - - 0 - 1 52 1 52 Ck51lg1bScffFj34Ri,CtPZjS20MLrsMUOJi2
1210953052.324629 CP5puj4I8PtEU4qzYg fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CmES5u32sYpV7JYN
1210953052.202579 CUM0KZ3MLUfNB0cl11 fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CtPZjS20MLrsMUOJi2
#close 2020-04-30-00-45-53
#close 2020-07-06-17-36-15

4
testing/btest/Baseline/core.tunnels.teredo/http.log
View file

@ -3,11 +3,11 @@
#empty_field (empty)
#unset_field -
#path http
#open 2020-04-30-00-45-53
#open 2020-07-06-17-36-15
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
#types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
1210953057.917183 C3eiCBGOLw3VtHfOj 192.168.2.16 1578 75.126.203.78 80 1 POST download913.avast.com /cgi-bin/iavs4stats.cgi - 1.1 Syncer/4.80 (av_pro-1169;f) - 589 0 204 <empty> - - (empty) - - - FS64me2T5SbKZ5Cp53 - text/plain - - -
1210953061.585996 CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 - 0 6640 200 OK - - (empty) - - - - - - F6Q5fr1axmaI8Oxy77 - text/html
1210953073.381474 CNnMIj2QSd84NKf7U3 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 - 0 25119 200 OK - - (empty) - - - - - - FGaesFZVSRZcEseFi - text/html
1210953074.674817 CpmdRlaUoJLN3uIRa 192.168.2.16 1580 67.228.110.120 80 1 GET www.wireshark.org / http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 - 0 11845 200 OK - - (empty) - - - - - - FxVarSo2RcFkvGFxd - text/html
#close 2020-04-30-00-45-53
#close 2020-07-06-17-36-15

4
testing/btest/Baseline/core.tunnels.teredo/tunnel.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path tunnel
#open 2020-04-30-00-45-53
#open 2020-07-06-17-36-15
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
#types time string addr port addr port enum enum
1210953052.202579 CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER
@ -12,4 +12,4 @@
1210953076.058333 CtPZjS20MLrsMUOJi2 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE
1210953076.058333 CmES5u32sYpV7JYN 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE
1210953076.058333 Ck51lg1bScffFj34Ri 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE
#close 2020-04-30-00-45-53
#close 2020-07-06-17-36-15

6
testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log
View file

@ -3,14 +3,14 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2020-04-30-00-45-55
#open 2020-07-06-17-36-24
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1340127577.354166 CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 CUM0KZ3MLUfNB0cl11
1340127577.336558 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - - 0 Dd 2 185 1 80 -
1340127577.339015 C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 ^d 0 0 1 137 -
1340127577.341510 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - - 0 Dd 12 2703 13 11607 -
1340127577.343969 CmES5u32sYpV7JYN 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - - 0 - 1 52 1 52 CUM0KZ3MLUfNB0cl11,CHhAvVGS1DHFjwGM9
1340127577.343969 CmES5u32sYpV7JYN 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - - 0 - 1 52 1 52 CHhAvVGS1DHFjwGM9,CUM0KZ3MLUfNB0cl11
1340127577.339015 CtPZjS20MLrsMUOJi2 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 C4J4Th3PJpwUYZZ6gc
1340127577.336558 ClEkJM2Vm5giqnMf4h fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CHhAvVGS1DHFjwGM9
#close 2020-04-30-00-45-55
#close 2020-07-06-17-36-24

4
testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path http
#open 2020-04-30-00-45-55
#open 2020-07-06-17-36-24
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
#types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
1340127577.361683 CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 - 0 6640 200 OK - - (empty) - - - - - - FP83rC4NcNrcMNo2vc - text/html
1340127577.379360 CP5puj4I8PtEU4qzYg 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 - 0 25119 200 OK - - (empty) - - - - - - FcGY7v3XYRhT3tOXIa - text/html
#close 2020-04-30-00-45-55
#close 2020-07-06-17-36-24

4
testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path tunnel
#open 2020-04-30-00-45-55
#open 2020-07-06-17-36-24
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
#types time string addr port addr port enum enum
1340127577.336558 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER
@ -12,4 +12,4 @@
1340127577.406995 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE
1340127577.406995 C4J4Th3PJpwUYZZ6gc 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE
1340127577.406995 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE
#close 2020-04-30-00-45-55
#close 2020-07-06-17-36-24

4
testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path weird
#open 2020-04-30-00-45-55
#open 2020-07-06-17-36-24
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
1340127577.341510 CUM0KZ3MLUfNB0cl11 192.168.2.16 3797 83.170.1.38 32900 Teredo_bubble_with_payload - F zeek
1340127577.346849 CHhAvVGS1DHFjwGM9 192.168.2.16 3797 65.55.158.80 3544 Teredo_bubble_with_payload - F zeek
#close 2020-04-30-00-45-55
#close 2020-07-06-17-36-24

32
testing/btest/Baseline/language.container-ctor-scope/out
View file

@ -1,44 +1,44 @@
{
[3/tcp] = 3,
[1/tcp] = 1,
[2/tcp] = 2,
[1/tcp] = 1
[3/tcp] = 3
}
{
[3/tcp] = 3,
[1/tcp] = 1,
[2/tcp] = 2,
[1/tcp] = 1
[3/tcp] = 3
}
{
3/tcp,
1/tcp,
2/tcp,
1/tcp
3/tcp
}
{
3/tcp,
1/tcp,
2/tcp,
1/tcp
3/tcp
}
[1/tcp, 2/tcp, 3/tcp, 1/tcp]
[1/tcp, 2/tcp, 3/tcp, 1/tcp]
{
[3/tcp] = 3,
[1/tcp] = 1,
[2/tcp] = 2,
[1/tcp] = 1
[3/tcp] = 3
}
{
[3/tcp] = 3,
[1/tcp] = 1,
[2/tcp] = 2,
[1/tcp] = 1
[3/tcp] = 3
}
{
3/tcp,
1/tcp,
2/tcp,
1/tcp
3/tcp
}
{
3/tcp,
1/tcp,
2/tcp,
1/tcp
3/tcp
}
[1/tcp, 2/tcp, 3/tcp, 1/tcp]
[1/tcp, 2/tcp, 3/tcp, 1/tcp]

4
testing/btest/Baseline/language.copy-all-types/out
View file

@ -5,8 +5,8 @@ orig=42/tcp (port) clone=42/tcp (port) equal=T same_object=T (ok)
orig=127.0.0.0/24 (subnet) clone=127.0.0.0/24 (subnet) equal=T same_object=T (ok)
orig=Foo (string) clone=Foo (string) equal=T same_object=F (ok)
orig=/^?(.*PATTERN.*)$?/ (pattern) clone=/^?(.*PATTERN.*)$?/ (pattern) same_object=F
orig=2,4,1,5,3 (set[count]) clone=2,4,1,5,3 (set[count]) equal=T same_object=F (ok)
orig=2,5,3,4,1 (set[count]) clone=2,5,3,4,1 (set[count]) equal=T same_object=F (ok)
orig=[1, 2, 3, 4, 5] (vector of count) clone=[1, 2, 3, 4, 5] (vector of count) equal=T same_object=F (ok)
orig=b=vb;a=va (table[string] of string) clone=b=vb;a=va (table[string] of string) equal=T same_object=F (ok)
orig=a=va;b=vb (table[string] of string) clone=a=va;b=vb (table[string] of string) equal=T same_object=F (ok)
orig=ENUMME (enum) clone=ENUMME (enum) equal=T same_object=T (ok)
orig=[s1=s1, s2=s2, i1=[a=a], i2=[a=a], donotset=<uninitialized>, def=5] (record { s1:string; s2:string; i1:record { a:string; }; i2:record { a:string; }; donotset:record { a:string; }; def:count; }) clone=[s1=s1, s2=s2, i1=[a=a], i2=[a=a], donotset=<uninitialized>, def=5] (record { s1:string; s2:string; i1:record { a:string; }; i2:record { a:string; }; donotset:record { a:string; }; def:count; }) equal=T same_object=F (ok)

6
testing/btest/Baseline/language.cross-product-init/output
View file

@ -1,6 +1,6 @@
{
[foo, 1.2.0.0/19] ,
[bar, 5.6.0.0/21] ,
[bar, 1.2.0.0/19] ,
[foo, 5.6.0.0/21]
[foo, 1.2.0.0/19] ,
[foo, 5.6.0.0/21] ,
[bar, 5.6.0.0/21]
}

4
testing/btest/Baseline/language.default-params/out
View file

@ -13,8 +13,8 @@ begin table_func, {
[initial] = conditions
}
end table_func, {
[initial] = conditions,
[the test] = works
[the test] = works,
[initial] = conditions
}
foo_hook, test
foo_hook, hello

460
testing/btest/Baseline/language.expire_func/output
View file

@ -1,99 +1,99 @@
{
am,
here,
[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
i
i,
am,
[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
}
{
am,
here,
i,
[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
here,
[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
i
am
}
{
here,
i,
[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
am,
[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
here,
[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
i
am
}
{
[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
am,
[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
here,
[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
i,
[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
i
}
{
[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
am,
[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
here,
[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
i
am
}
{
here,
i,
[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
am,
[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
}
{
here,
i,
[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
here,
[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
i
am
}
{
[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
am,
[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
[orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
i,
here,
[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
i
am
}
{
[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
[orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp],
am,
[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
[orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
i,
here,
[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
i
am
}
expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
expired [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp]
expired am
expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
expired [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
expired [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
expired [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp]
expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
expired here
expired [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
expired [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
expired i
expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
expired [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
expired am
{
[orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
}
{
[orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp],
[orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
}
expired [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
expired [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
{
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
}
@ -102,277 +102,277 @@ expired [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
expired [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
expired [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
expired [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
expired [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
{
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp]
}
{
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp]
}
{
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56485/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=56485/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=39723/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56485/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
}
{
[orig_h=172.16.238.131, orig_p=39723/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56485/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=123/udp, resp_h=69.50.219.51, resp_p=123/udp],
[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=39723/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp],
[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp]
[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
}

4
testing/btest/Baseline/language.expire_subnet/expire-nets-output
View file

@ -1,5 +1,5 @@
Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.078888 usecs
Expired Subnet: 192.168.1.0/24 --> one at 8.0 secs 835.0 msecs 30.078888 usecs
Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.078888 usecs
Expired Subnet: 192.168.0.0/16 --> zero at 15.0 secs 150.0 msecs 681.018829 usecs
Expired Subnet: 192.168.3.0/24 --> three at 15.0 secs 150.0 msecs 681.018829 usecs
Expired Subnet: 192.168.2.0/24 --> two at 15.0 secs 150.0 msecs 681.018829 usecs
Expired Subnet: 192.168.3.0/24 --> three at 15.0 secs 150.0 msecs 681.018829 usecs

2
testing/btest/Baseline/language.expire_subnet/expire-nums-output
View file

@ -1,5 +1,5 @@
Expired Num: 0 --> zero at 8.0 secs 835.0 msecs 30.078888 usecs
Expired Num: 4 --> four at 8.0 secs 835.0 msecs 30.078888 usecs
Expired Num: 1 --> one at 8.0 secs 835.0 msecs 30.078888 usecs
Expired Num: 0 --> zero at 8.0 secs 835.0 msecs 30.078888 usecs
Expired Num: 2 --> two at 15.0 secs 150.0 msecs 681.018829 usecs
Expired Num: 3 --> three at 15.0 secs 150.0 msecs 681.018829 usecs

8
testing/btest/Baseline/language.expire_subnet/output
View file

@ -1,14 +1,14 @@
All:
0 --> zero
2 --> two
4 --> four
1 --> one
0 --> zero
3 --> three
192.168.0.0/16 --> zero
192.168.3.0/24 --> three
192.168.2.0/24 --> two
192.168.4.0/24 --> four
192.168.1.0/24 --> one
192.168.2.0/24 --> two
192.168.3.0/24 --> three
192.168.4.0/24 --> four
Time: 0 secs
Accessed table nums: two; three

8
testing/btest/Baseline/language.index-assignment-invalid/out
View file

@ -1,5 +1,5 @@
runtime error in /home/jon/pro/zeek/zeek/scripts/base/utils/queue.zeek, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=<uninitialized>], expression: Queue::ret[Queue::j], call stack:
#0 Queue::get_vector([initialized=T, vals={[2] = test,[6] = jkl;,[4] = asdf,[1] = goodbye,[5] = 3,[0] = hello,[3] = [a=T, b=hi, c=<uninitialized>]}, settings=[max_len=<uninitialized>], top=7, bottom=0, size=0], [hello, goodbye, test]) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:19
#1 bar(55) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:27
#2 foo(hi, 13) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:39
runtime error in /Users/tim/Desktop/projects/zeek/scripts/base/utils/queue.zeek, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=<uninitialized>], expression: Queue::ret[Queue::j], call stack:
#0 Queue::get_vector([initialized=T, vals={[2] = test,[3] = [a=T, b=hi, c=<uninitialized>],[5] = 3,[0] = hello,[6] = jkl;,[4] = asdf,[1] = goodbye}, settings=[max_len=<uninitialized>], top=7, bottom=0, size=0], [hello, goodbye, test]) at /Users/tim/Desktop/projects/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:19
#1 bar(55) at /Users/tim/Desktop/projects/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:27
#2 foo(hi, 13) at /Users/tim/Desktop/projects/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:39
#3 zeek_init()

4
testing/btest/Baseline/language.key-value-for/out
View file

@ -1,4 +1,4 @@
1, hello
55, goodbye
goodbye, world, 55
1, hello
hello, world, 1
goodbye, world, 55

12
testing/btest/Baseline/language.named-set-ctors/out
View file

@ -1,13 +1,13 @@
{
3,
1,
5,
3
5
}
{
[min=<uninitialized>, max=5],
[min=<uninitialized>, max=2]
[min=<uninitialized>, max=2],
[min=<uninitialized>, max=5]
}
{
[test, 1] ,
[cool, 2]
[cool, 2] ,
[test, 1]
}

12
testing/btest/Baseline/language.named-table-ctors/out
View file

@ -1,15 +1,15 @@
{
[3] = three,
[1] = one,
[5] = five,
[3] = three
[5] = five
}
{
[[min=<uninitialized>, max=5]] = max5,
[[min=<uninitialized>, max=2]] = max2
[[min=<uninitialized>, max=2]] = max2,
[[min=<uninitialized>, max=5]] = max5
}
{
[test, 1] = test1,
[cool, 2] = cool2
[cool, 2] = cool2,
[test, 1] = test1
}
{
[two] = 2.0,

8
testing/btest/Baseline/language.next-test/output
View file

@ -1,8 +1,8 @@
1
1
0
1
1
MIDDLE
0
0
1
0
0
THE END

92
testing/btest/Baseline/language.on_change_expire/output
View file

@ -7,30 +7,30 @@ change_function, [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp
change_function, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_NEW
change_function, [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_NEW
change_function, [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp], 1, TABLE_ELEMENT_NEW
expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
change_function, [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
change_function, [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp]
change_function, [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
change_function, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
change_function, [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
change_function, [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
change_function, [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
expired a
change_function, a, 5, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
change_function, [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
change_function, [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
change_function, [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp]
change_function, [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
change_function, [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
change_function, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
change_function, [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp], 1, TABLE_ELEMENT_EXPIRED
change_function, [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp], 1, TABLE_ELEMENT_NEW
change_function, [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
expired [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
change_function, [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
change_function, [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp], 1, TABLE_ELEMENT_EXPIRED
change_function, [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp], 1, TABLE_ELEMENT_NEW
change_function, [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
change_function, [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
@ -46,36 +46,36 @@ change_function, [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2,
change_function, [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
change_function, [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
change_function, [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
expired [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
change_function, [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
change_function, [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
expired [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
change_function, [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
change_function, [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
change_function, [orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
change_function, [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp], 1, TABLE_ELEMENT_NEW

16
testing/btest/Baseline/language.patterns-stored-in-containers/out
View file

@ -6,14 +6,14 @@
/^?(b)$?/, F
/^?(o)$?/, T
---
/^?(a)$?/, F
/^?(b)$?/, F
/^?(o)$?/, T
---
/^?(a)$?/, F
/^?(b)$?/, F
/^?(o)$?/, T
---
/^?(o)$?/, T
/^?(b)$?/, F
/^?(a)$?/, F
---
/^?(o)$?/, T
/^?(b)$?/, F
/^?(a)$?/, F
---
/^?(a)$?/, F
/^?(o)$?/, T
/^?(b)$?/, F

4
testing/btest/Baseline/language.rec-table-default/output
View file

@ -5,9 +5,9 @@
}
{
B,
A,
C
C,
B
}
{

16
testing/btest/Baseline/language.record-index-complex-fields/output
View file

@ -4,24 +4,24 @@
[two] = 2,
[one] = 1
}, tags_s={
b,
a
a,
b
}]
}
}
{
[a=13, tags_v=[, , 2, 3], tags_t={
[five] = 5,
[four] = 4
[four] = 4,
[five] = 5
}, tags_s={
c,
d
d,
c
}],
[a=4, tags_v=[0, 1], tags_t={
[two] = 2,
[one] = 1
}, tags_s={
b,
a
a,
b
}]
}

14
testing/btest/Baseline/language.table-init-attrs/output
View file

@ -1,9 +1,9 @@
my_set_ctor_init
{
test4,
test2,
test3,
test1,
test2
test1
}
my_table_ctor_init
@ -17,17 +17,17 @@ nope
my_set_init
{
test4,
test2,
test3,
test1,
test2
test1
}
my_table_init
{
[2] = test2,
[4] = test4,
[1] = test1,
[3] = test3
[2] = test2,
[3] = test3,
[1] = test1
}
nope

8
testing/btest/Baseline/language.table-init-container-ctors/output
View file

@ -5,8 +5,8 @@ table of set
[baz, 4]
},
[13] = {
[foo, 1] ,
[bar, 2]
[bar, 2] ,
[foo, 1]
}
}
@ -23,8 +23,8 @@ table of table
[baz, 4] = 4
},
[13] = {
[foo, 1] = 1,
[bar, 2] = 2
[bar, 2] = 2,
[foo, 1] = 1
}
}

6
testing/btest/Baseline/language.table-init-record-idx-2/output
View file

@ -16,10 +16,10 @@ F
F
now here's the foo table...
{
[[a=foo, b=1], 1] = 1,
[[a=baz, b=5], 5] = 5,
[[a=foo, b=2], 2] = 2,
[[a=bar, b=3], 3] = 3,
[[a=baz, b=6], 6] = 6,
[[a=baz, b=5], 5] = 5,
[[a=foo, b=2], 2] = 2,
[[a=foo, b=1], 1] = 1,
[[a=bar, b=4], 4] = 4
}

4
testing/btest/Baseline/language.table-init-record-idx-3/output
View file

@ -20,6 +20,6 @@ now here's the foo table...
[[a=foo, b=1]] = 1,
[[a=bar, b=3]] = 3,
[[a=baz, b=6]] = 6,
[[a=baz, b=5]] = 5,
[[a=bar, b=4]] = 4
[[a=bar, b=4]] = 4,
[[a=baz, b=5]] = 5
}

6
testing/btest/Baseline/language.table-init-record-idx-4/output
View file

@ -16,10 +16,10 @@ F
F
now here's the foo table...
{
[[a=foo, b=1], 1] = 1,
[[a=baz, b=5], 5] = 5,
[[a=foo, b=2], 2] = 2,
[[a=bar, b=3], 3] = 3,
[[a=baz, b=6], 6] = 6,
[[a=baz, b=5], 5] = 5,
[[a=foo, b=2], 2] = 2,
[[a=foo, b=1], 1] = 1,
[[a=bar, b=4], 4] = 4
}

4
testing/btest/Baseline/language.table-init-record-idx/output
View file

@ -20,6 +20,6 @@ now here's the foo table...
[[a=foo, b=1]] = 1,
[[a=bar, b=3]] = 3,
[[a=baz, b=6]] = 6,
[[a=baz, b=5]] = 5,
[[a=bar, b=4]] = 4
[[a=bar, b=4]] = 4,
[[a=baz, b=5]] = 5
}

8
testing/btest/Baseline/language.table-pattern-index/out
View file

@ -4,16 +4,16 @@
/^?(four)$?/
-----------------
/^?(two|oob)$?/
/^?(four)$?/
/^?(one|foo|bar)$?/
/^?(four)$?/
/^?(three|oob)$?/
-----------------
/^?(two|oob)$?/, 1
/^?(four)$?/, 3
/^?(one|foo|bar)$?/, 0
/^?(four)$?/, 3
/^?(three|oob)$?/, 2
-----------------
/^?(three|oob)$?/, 4, 4
/^?(two|oob)$?/, 3, 2
/^?(one|foo|bar)$?/, 2, 0
/^?(four)$?/, 5, 6
/^?(two|oob)$?/, 3, 2
/^?(three|oob)$?/, 4, 4

6
testing/btest/Baseline/language.table-redef/out
View file

@ -1,6 +1,6 @@
{
[cool] = 28.0,
[def] = 99.0,
[abc] = 8.0,
[neat] = 1.0,
[abc] = 8.0
[cool] = 28.0,
[def] = 99.0
}

8
testing/btest/Baseline/language.while/out
View file

@ -3,10 +3,10 @@ s
ss
sss
{
9,
1,
7,
5,
3
7,
3,
9,
1
}
[number 0, number 1, number 2, number 3, number 4, number 5, number 6, number 7, number 8, number 9, number 10, number 11, number 12]

56
testing/btest/Baseline/plugins.hooks/output
View file

@ -133,14 +133,14 @@
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_AYIYA, {5072/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DCE_RPC, {135/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DHCP, {67<...>/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5355<...>/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5353<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DTLS, {443/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2123<...>/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {8080<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IMAP, {143/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6669<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6666<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB, {88/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB_TCP, {88/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_MODBUS, {502/tcp})) -> <no result>
@ -151,11 +151,11 @@
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_RDPEUDP, {3389/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SIP, {5060/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMB, {139<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {587<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SNMP, {162<...>/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSH, {22/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {5223<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {563<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SYSLOG, {514/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_VXLAN, {4789/udp})) -> <no result>
@ -282,7 +282,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@ -463,7 +463,7 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@ -1056,14 +1056,14 @@
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_AYIYA, {5072/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DCE_RPC, {135/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DHCP, {67<...>/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5355<...>/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5353<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DTLS, {443/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2123<...>/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {8080<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2152<...>/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {80<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IMAP, {143/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6669<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6666<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB, {88/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB_TCP, {88/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_MODBUS, {502/tcp}))
@ -1074,11 +1074,11 @@
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_RDPEUDP, {3389/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SIP, {5060/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMB, {139<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {587<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {25<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SNMP, {162<...>/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SOCKS, {1080/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSH, {22/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {5223<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {563<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SYSLOG, {514/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_TEREDO, {3544/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_VXLAN, {4789/udp}))
@ -1205,7 +1205,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@ -1386,7 +1386,7 @@
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
@ -1979,14 +1979,14 @@
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_AYIYA, {5072/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DCE_RPC, {135/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, {67<...>/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5355<...>/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5353<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, {443/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, {2811<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, {2123<...>/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {8080<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, {2152<...>/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {80<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IMAP, {143/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, {6669<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, {6666<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB, {88/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB_TCP, {88/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, {502/tcp})
@ -1997,11 +1997,11 @@
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RDPEUDP, {3389/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SIP, {5060/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, {139<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, {587<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, {25<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, {162<...>/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, {1080/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, {22/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, {5223<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, {563<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, {514/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, {3544/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_VXLAN, {4789/udp})
@ -2127,7 +2127,7 @@
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@ -2308,7 +2308,7 @@
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction NetControl::check_plugins()
0.000000 | HookCallFunction NetControl::init()
0.000000 | HookCallFunction Notice::want_pp()
@ -2762,7 +2762,7 @@
0.000000 | HookLoadFile base<...>/xmpp
0.000000 | HookLoadFile base<...>/zeek.bif.zeek
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
0.000000 | HookLogWrite packet_filter [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T]
0.000000 | HookLogWrite packet_filter [ts=1594057891.733070, node=zeek, filter=ip or not ip, init=T, success=T]
0.000000 | HookQueueEvent NetControl::init()
0.000000 | HookQueueEvent filter_change_tracking()
0.000000 | HookQueueEvent zeek_init()

2
testing/btest/Baseline/plugins.logging-hooks/output
View file

@ -1 +1 @@
1488216470.960453 | HookLogInit ssh 1/1 {b (bool), i (int), e (enum), c (count), p (port), sn (subnet), a (addr), d (double), t (time), iv (interval), s (string), sc (set[count]), ss (set[string]), se (set[string]), vc (vector[count]), ve (vector[string]), f (func)}
1594057911.083127 | HookLogInit ssh 1/1 {b (bool), i (int), e (enum), c (count), p (port), sn (subnet), a (addr), d (double), t (time), iv (interval), s (string), sc (set[count]), ss (set[string]), se (set[string]), vc (vector[count]), ve (vector[string]), f (func)}

8
testing/btest/Baseline/plugins.logging-hooks/ssh.log
View file

@ -3,9 +3,9 @@
#empty_field EMPTY
#unset_field -
#path ssh
#open 2017-02-27-17-27-50
#open 2020-07-06-17-51-51
#fields b i e c p sn a d t iv s sc ss se vc ve f
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
F -2 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1488216470.960453 100.000000 hurz 2,4,1,3 BB,AA,CC EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
T - SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1488216470.960453 100.000000 hurz 2,4,1,3 BB,AA,CC EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
#close 2017-02-27-17-27-50
F -2 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1594057911.083127 100.000000 hurz 4,2,3,1 CC,BB,AA EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
T - SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1594057911.083127 100.000000 hurz 4,2,3,1 CC,BB,AA EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
#close 2020-07-06-17-51-51

4
testing/btest/Baseline/plugins.writer/output
View file

@ -3,7 +3,7 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
===
[conn] 1340213005.165293|CHhAvVGS1DHFjwGM9|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|-|-|0|S|5|320|0|0|-
[conn] 1340213010.582723|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|socks,http|13.839419|3860|2934|SF|-|-|0|ShADadfF|23|5080|20|3986|-
[conn] 1340213010.582723|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|http,socks|13.839419|3860|2934|SF|-|-|0|ShADadfF|23|5080|20|3986|-
[conn] 1340213048.780152|C4J4Th3PJpwUYZZ6gc|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
[conn] 1340213097.272764|CtPZjS20MLrsMUOJi2|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
[conn] 1340213162.160367|CUM0KZ3MLUfNB0cl11|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
@ -17,6 +17,6 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
[http] 1340213020.732963|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
[http] 1340213021.300269|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
[http] 1340213021.861584|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
[packet_filter] 1588207600.726061|zeek|ip or not ip|T|T
[packet_filter] 1594057935.894949|zeek|ip or not ip|T|T
[socks] 1340213015.276495|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|-|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688
[tunnel] 1340213015.276495|-|10.0.0.55|0|60.190.189.214|8124|Tunnel::SOCKS|Tunnel::DISCOVER

36
testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek.config.log
View file

@ -3,23 +3,23 @@
#empty_field (empty)
#unset_field -
#path config
#open 2018-08-10-18-16-52
#open 2020-07-06-18-21-36
#fields ts id old_value new_value location
#types time string string string string
1533925012.140634 testbool T F ../configfile
1533925012.140634 testcount 0 1 ../configfile
1533925012.140634 testcount 1 2 ../configfile
1533925012.140634 testint 0 -1 ../configfile
1533925012.140634 testenum SSH::LOG Conn::LOG ../configfile
1533925012.140634 testport 42/tcp 45/unknown ../configfile
1533925012.140634 testporttcp 40/udp 42/tcp ../configfile
1533925012.140634 testportudp 40/tcp 42/udp ../configfile
1533925012.140634 testaddr 127.0.0.1 127.0.0.1 ../configfile
1533925012.140634 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1533925012.140634 testinterval 1.0 sec 1.0 min ../configfile
1533925012.140634 testtime 0.0 1507321987.0 ../configfile
1533925012.140634 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile
1533925012.140634 test_vector (empty) 1,2,3,4,5,6 ../configfile
1533925012.140634 test_set b,c,a,d,erdbeerschnitzel (empty) ../configfile
1533925012.140634 test_set (empty) \x2d ../configfile
#close 2018-08-10-18-16-52
1594059696.059713 testbool T F ../configfile
1594059696.059713 testcount 0 1 ../configfile
1594059696.059713 testcount 1 2 ../configfile
1594059696.059713 testint 0 -1 ../configfile
1594059696.059713 testenum SSH::LOG Conn::LOG ../configfile
1594059696.059713 testport 42/tcp 45/unknown ../configfile
1594059696.059713 testporttcp 40/udp 42/tcp ../configfile
1594059696.059713 testportudp 40/tcp 42/udp ../configfile
1594059696.059713 testaddr 127.0.0.1 127.0.0.1 ../configfile
1594059696.059713 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1594059696.059713 testinterval 1.0 sec 1.0 min ../configfile
1594059696.059713 testtime 0.0 1507321987.0 ../configfile
1594059696.059713 test_set (empty) a,d,b,c,erdbeerschnitzel ../configfile
1594059696.059713 test_vector (empty) 1,2,3,4,5,6 ../configfile
1594059696.059713 test_set a,d,b,c,erdbeerschnitzel (empty) ../configfile
1594059696.059713 test_set (empty) \x2d ../configfile
#close 2020-07-06-18-21-36

8
testing/btest/Baseline/scripts.base.frameworks.config.basic_cluster/manager-1.config.log
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path config
#open 2018-06-22-18-27-45
#open 2020-07-06-18-21-44
#fields ts id old_value new_value location
#types time string string string string
1529692065.525489 testport 42/tcp 44/tcp -
1529692065.562594 teststring a b comment
#close 2018-06-22-18-27-50
1594059704.790556 testport 42/tcp 44/tcp -
1594059704.790556 teststring a b comment
#close 2020-07-06-18-21-49

8
testing/btest/Baseline/scripts.base.frameworks.config.container-options/out
View file

@ -8,9 +8,9 @@ RED
BLUE
}
{
RED,
BLUE,
GREEN,
RED
GREEN
}
{
@ -32,9 +32,9 @@ RED
[BLUE] = blue
}
{
[RED] = red,
[BLUE] = blue,
[GREEN] = green,
[RED] = red
[GREEN] = green
}
{

34
testing/btest/Baseline/scripts.base.frameworks.config.read_config/zeek.config.log
View file

@ -3,22 +3,22 @@
#empty_field (empty)
#unset_field -
#path config
#open 2019-10-14-15-40-21
#open 2020-07-06-18-22-46
#fields ts id old_value new_value location
#types time string string string string
1571067621.558501 testbool T F ../configfile
1571067621.558501 testcount 0 1 ../configfile
1571067621.558501 testcount 1 2 ../configfile
1571067621.558501 testint 0 -1 ../configfile
1571067621.558501 testenum SSH::LOG Conn::LOG ../configfile
1571067621.558501 testport 42/tcp 45/unknown ../configfile
1571067621.558501 testaddr 127.0.0.1 127.0.0.1 ../configfile
1571067621.558501 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1571067621.558501 testinterval 1.0 sec 1.0 min ../configfile
1571067621.558501 teststring a abc ../configfile
1571067621.558501 testtime 0.0 1507321987.0 ../configfile
1571067621.558501 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile
1571067621.558501 test_vector (empty) 1,2,3,4,5,6 ../configfile
1571067621.558501 test_set b,c,a,d,erdbeerschnitzel (empty) ../configfile
1571067621.558501 test_set (empty) \x2d ../configfile
#close 2019-10-14-15-40-21
1594059766.418882 testbool T F ../configfile
1594059766.418882 testcount 0 1 ../configfile
1594059766.418882 testcount 1 2 ../configfile
1594059766.418882 testint 0 -1 ../configfile
1594059766.418882 testenum SSH::LOG Conn::LOG ../configfile
1594059766.418882 testport 42/tcp 45/unknown ../configfile
1594059766.418882 testaddr 127.0.0.1 127.0.0.1 ../configfile
1594059766.418882 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1594059766.418882 testinterval 1.0 sec 1.0 min ../configfile
1594059766.418882 teststring a abc ../configfile
1594059766.418882 testtime 0.0 1507321987.0 ../configfile
1594059766.418882 test_set (empty) a,d,b,c,erdbeerschnitzel ../configfile
1594059766.418882 test_vector (empty) 1,2,3,4,5,6 ../configfile
1594059766.418882 test_set a,d,b,c,erdbeerschnitzel (empty) ../configfile
1594059766.418882 test_set (empty) \x2d ../configfile
#close 2020-07-06-18-22-46

34
testing/btest/Baseline/scripts.base.frameworks.config.read_config_cluster/manager-1.config.log
View file

@ -3,22 +3,22 @@
#empty_field (empty)
#unset_field -
#path config
#open 2018-07-20-20-40-10
#open 2020-07-06-18-22-53
#fields ts id old_value new_value location
#types time string string string string
1532119210.151927 testbool T F ../configfile
1532119210.151927 testcount 0 1 ../configfile
1532119210.151927 testcount 1 2 ../configfile
1532119210.151927 testint 0 -1 ../configfile
1532119210.151927 testenum SSH::LOG Conn::LOG ../configfile
1532119210.151927 testport 42/tcp 45/unknown ../configfile
1532119210.151927 testaddr 127.0.0.1 127.0.0.1 ../configfile
1532119210.151927 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1532119210.151927 testinterval 1.0 sec 1.0 min ../configfile
1532119210.151927 testtime 0.0 1507321987.0 ../configfile
1532119210.151927 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile
1532119210.151927 test_vector (empty) 1,2,3,4,5,6 ../configfile
1532119210.151927 test_set b,c,a,d,erdbeerschnitzel \x28empty) ../configfile
1532119210.151927 test_set \x28empty) \x2d ../configfile
1532119210.151927 test_set_full 2,1,7,15,10,3 6,4,1,7,5,3 ../configfile
#close 2018-07-20-20-40-22
1594059773.776304 testbool T F ../configfile
1594059773.776304 testcount 0 1 ../configfile
1594059773.776304 testcount 1 2 ../configfile
1594059773.776304 testint 0 -1 ../configfile
1594059773.776304 testenum SSH::LOG Conn::LOG ../configfile
1594059773.776304 testport 42/tcp 45/unknown ../configfile
1594059773.776304 testaddr 127.0.0.1 127.0.0.1 ../configfile
1594059773.776304 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1594059773.776304 testinterval 1.0 sec 1.0 min ../configfile
1594059773.776304 testtime 0.0 1507321987.0 ../configfile
1594059773.776304 test_set (empty) a,d,b,c,erdbeerschnitzel ../configfile
1594059773.776304 test_vector (empty) 1,2,3,4,5,6 ../configfile
1594059773.776304 test_set a,d,b,c,erdbeerschnitzel \x28empty) ../configfile
1594059773.776304 test_set \x28empty) \x2d ../configfile
1594059773.776304 test_set_full 2,7,3,15,10,1 3,5,7,6,4,1 ../configfile
#close 2020-07-06-18-23-04

12
testing/btest/Baseline/scripts.base.frameworks.config.read_config_cluster/worker-1..stdout
View file

@ -1,12 +1,12 @@
cluster_set_option, testtime, [data=broker::data{1507321987000000000ns}], ../configfile
cluster_set_option, testint, [data=broker::data{-1}], ../configfile
cluster_set_option, test_set_full, [data=broker::data{{1, 3, 4, 5, 6, 7}}], ../configfile
cluster_set_option, testaddr, [data=broker::data{2607:f8b0:4005:801::200e}], ../configfile
cluster_set_option, testcount, [data=broker::data{2}], ../configfile
cluster_set_option, testenum, [data=broker::data{Conn::LOG}], ../configfile
option changed, testport, 45/unknown, ../configfile
cluster_set_option, testport, [data=broker::data{45/?}], ../configfile
cluster_set_option, testinterval, [data=broker::data{60000000000ns}], ../configfile
cluster_set_option, testint, [data=broker::data{-1}], ../configfile
cluster_set_option, test_set, [data=broker::data{{-}}], ../configfile
cluster_set_option, testaddr, [data=broker::data{2607:f8b0:4005:801::200e}], ../configfile
cluster_set_option, testenum, [data=broker::data{Conn::LOG}], ../configfile
cluster_set_option, test_vector, [data=broker::data{(1, 2, 3, 4, 5, 6)}], ../configfile
cluster_set_option, testbool, [data=broker::data{F}], ../configfile
cluster_set_option, testcount, [data=broker::data{2}], ../configfile
cluster_set_option, test_set_full, [data=broker::data{{1, 3, 4, 5, 6, 7}}], ../configfile
cluster_set_option, test_vector, [data=broker::data{(1, 2, 3, 4, 5, 6)}], ../configfile

12
testing/btest/Baseline/scripts.base.frameworks.config.read_config_cluster/worker-2..stdout
View file

@ -1,12 +1,12 @@
cluster_set_option, testtime, [data=broker::data{1507321987000000000ns}], ../configfile
cluster_set_option, testint, [data=broker::data{-1}], ../configfile
cluster_set_option, test_set_full, [data=broker::data{{1, 3, 4, 5, 6, 7}}], ../configfile
cluster_set_option, testaddr, [data=broker::data{2607:f8b0:4005:801::200e}], ../configfile
cluster_set_option, testcount, [data=broker::data{2}], ../configfile
cluster_set_option, testenum, [data=broker::data{Conn::LOG}], ../configfile
option changed, testport, 45/unknown, ../configfile
cluster_set_option, testport, [data=broker::data{45/?}], ../configfile
cluster_set_option, testinterval, [data=broker::data{60000000000ns}], ../configfile
cluster_set_option, testint, [data=broker::data{-1}], ../configfile
cluster_set_option, test_set, [data=broker::data{{-}}], ../configfile
cluster_set_option, testaddr, [data=broker::data{2607:f8b0:4005:801::200e}], ../configfile
cluster_set_option, testenum, [data=broker::data{Conn::LOG}], ../configfile
cluster_set_option, test_vector, [data=broker::data{(1, 2, 3, 4, 5, 6)}], ../configfile
cluster_set_option, testbool, [data=broker::data{F}], ../configfile
cluster_set_option, testcount, [data=broker::data{2}], ../configfile
cluster_set_option, test_set_full, [data=broker::data{{1, 3, 4, 5, 6, 7}}], ../configfile
cluster_set_option, test_vector, [data=broker::data{(1, 2, 3, 4, 5, 6)}], ../configfile

32
testing/btest/Baseline/scripts.base.frameworks.config.several-files/zeek.config.log
View file

@ -1,19 +1,19 @@
#close 2018-02-07-22-20-13
#empty_field (empty)
#fields ts id old_value new_value location
#open 2018-02-07-22-20-13
#path config
#separator \x09
#set_separator ,
#types time string string string string
#empty_field (empty)
#unset_field -
1518042012.989543 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile1
1518042012.989543 test_vector (empty) 1,2,3,4,5,6 ../configfile1
1518042012.989543 testaddr 127.0.0.1 127.0.0.1 ../configfile2
1518042012.989543 testbool T F ../configfile1
1518042012.989543 testcount 0 2 ../configfile1
1518042012.989543 testenum SSH::LOG Conn::LOG ../configfile1
1518042012.989543 testint 0 -1 ../configfile1
1518042012.989543 testinterval 1.0 sec 1.0 min ../configfile2
1518042012.989543 testport 42/tcp 45/unknown ../configfile2
1518042012.989543 testtime 0.0 1507321987.0 ../configfile2
#path config
#open 2020-07-06-18-23-08
#fields ts id old_value new_value location
#types time string string string string
1594059788.562153 testbool T F ../configfile1
1594059788.562153 testcount 0 2 ../configfile1
1594059788.562153 testint 0 -1 ../configfile1
1594059788.562153 testenum SSH::LOG Conn::LOG ../configfile1
1594059788.562153 test_set (empty) a,d,b,c,erdbeerschnitzel ../configfile1
1594059788.562153 test_vector (empty) 1,2,3,4,5,6 ../configfile1
1594059788.562153 testport 42/tcp 45/unknown ../configfile2
1594059788.562153 testaddr 127.0.0.1 127.0.0.1 ../configfile2
1594059788.562153 testinterval 1.0 sec 1.0 min ../configfile2
1594059788.562153 testtime 0.0 1507321987.0 ../configfile2
#close 2020-07-06-18-23-08

40
testing/btest/Baseline/scripts.base.frameworks.config.updates/zeek.config.log
View file

@ -3,25 +3,25 @@
#empty_field (empty)
#unset_field -
#path config
#open 2018-01-18-23-16-41
#open 2020-07-06-18-23-11
#fields ts id old_value new_value location
#types time string string string string
1516317401.889929 testbool T F ../configfile
1516317401.889929 testcount 0 1 ../configfile
1516317401.889929 testcount 1 2 ../configfile
1516317401.889929 testint 0 -1 ../configfile
1516317401.889929 testenum SSH::LOG Conn::LOG ../configfile
1516317401.889929 testport 42/tcp 45/unknown ../configfile
1516317401.889929 testaddr 127.0.0.1 127.0.0.1 ../configfile
1516317401.889929 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1516317401.889929 testinterval 1.0 sec 1.0 min ../configfile
1516317401.889929 testtime 0.0 1507321987.0 ../configfile
1516317401.889929 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile
1516317401.889929 test_vector (empty) 1,2,3,4,5,6 ../configfile
1516317405.093522 testcount 2 1 ../configfile
1516317405.093522 testcount 1 2 ../configfile
1516317405.093522 testaddr 2607:f8b0:4005:801::200e 127.0.0.1 ../configfile
1516317405.093522 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1516317405.093522 test_vector 1,2,3,4,5,6 1,2,3,4,5,9 ../configfile
1516317409.199572 test_vector 1,2,3,4,5,9 1,2,3,4,5,9 ../configfile
#close 2018-01-18-23-16-49
1594059791.896375 testbool T F ../configfile
1594059791.896375 testcount 0 1 ../configfile
1594059791.896375 testcount 1 2 ../configfile
1594059791.896375 testint 0 -1 ../configfile
1594059791.896375 testenum SSH::LOG Conn::LOG ../configfile
1594059791.896375 testport 42/tcp 45/unknown ../configfile
1594059791.896375 testaddr 127.0.0.1 127.0.0.1 ../configfile
1594059791.896375 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1594059791.896375 testinterval 1.0 sec 1.0 min ../configfile
1594059791.896375 testtime 0.0 1507321987.0 ../configfile
1594059791.896375 test_set (empty) a,d,b,c,erdbeerschnitzel ../configfile
1594059791.896375 test_vector (empty) 1,2,3,4,5,6 ../configfile
1594059793.173710 testcount 2 1 ../configfile
1594059793.173710 testcount 1 2 ../configfile
1594059793.173710 testaddr 2607:f8b0:4005:801::200e 127.0.0.1 ../configfile
1594059793.173710 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile
1594059793.173710 test_vector 1,2,3,4,5,6 1,2,3,4,5,9 ../configfile
1594059795.177655 test_vector 1,2,3,4,5,9 1,2,3,4,5,9 ../configfile
#close 2020-07-06-18-23-15

4
testing/btest/Baseline/scripts.base.frameworks.config.weird/config.log
View file

@ -3,11 +3,11 @@
#empty_field (empty)
#unset_field -
#path config
#open 2018-09-05-19-30-42
#open 2020-07-06-18-23-21
#fields ts id old_value new_value location
#types time string string string string
0.000000 Weird::sampling_duration 10.0 mins 5.0 secs -
0.000000 Weird::sampling_threshold 25 10 -
0.000000 Weird::sampling_rate 1000 10 -
0.000000 Weird::sampling_whitelist (empty) whitelisted_net_weird,whitelisted_flow_weird,whitelisted_conn_weird -
#close 2018-09-05-19-30-42
#close 2020-07-06-18-23-21

4
testing/btest/Baseline/scripts.base.frameworks.config.weird/output
View file

@ -1,8 +1,8 @@
Config values set
{
whitelisted_net_weird,
whitelisted_flow_weird,
whitelisted_conn_weird
whitelisted_conn_weird,
whitelisted_flow_weird
}
10
10

6
testing/btest/Baseline/scripts.base.frameworks.file-analysis.big-bof-buffer/files.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path files
#open 2020-04-30-00-46-52
#open 2020-07-06-18-28-50
#fields ts fuid tx_hosts rx_hosts conn_uids source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted extracted_cutoff extracted_size
#types time string set[addr] set[addr] set[string] string count set[string] string string interval bool bool count count count count bool string string string string string bool count
1362692527.009512 FMnxxt3xjVcWNS2141 192.150.187.43 141.142.228.5 CHhAvVGS1DHFjwGM9 HTTP 0 MD5,SHA1 text/plain - 0.000263 - F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac 1dd7ac0398df6cbc0696445a91ec681facf4dc47 - - - -
#close 2020-04-30-00-46-52
1362692527.009512 FMnxxt3xjVcWNS2141 192.150.187.43 141.142.228.5 CHhAvVGS1DHFjwGM9 HTTP 0 SHA1,MD5 text/plain - 0.000263 - F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac 1dd7ac0398df6cbc0696445a91ec681facf4dc47 - - - -
#close 2020-07-06-18-28-50

2
testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out
View file

@ -4,8 +4,8 @@ FILE_OVER_NEW_CONNECTION
FILE_OVER_NEW_CONNECTION
FILE_STATE_REMOVE
file #0, 498668, 0
[orig_h=10.45.179.94, orig_p=19950/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
[orig_h=10.45.179.94, orig_p=19953/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
[orig_h=10.45.179.94, orig_p=19950/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
FILE_BOF_BUFFER
%PDF-1.4\x0d%\xe2
MIME_TYPE

6
testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/files.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path files
#open 2020-04-30-00-46-56
#open 2020-07-06-18-30-22
#fields ts fuid tx_hosts rx_hosts conn_uids source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted extracted_cutoff extracted_size
#types time string set[addr] set[addr] set[string] string count set[string] string string interval bool bool count count count count bool string string string string string bool count
1362692527.009512 FMnxxt3xjVcWNS2141 192.150.187.43 141.142.228.5 CHhAvVGS1DHFjwGM9 HTTP 0 MD5,EXTRACT,DATA_EVENT,SHA1,SHA256 text/plain - 0.000263 - F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac 1dd7ac0398df6cbc0696445a91ec681facf4dc47 4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18 FMnxxt3xjVcWNS2141-file F -
#close 2020-04-30-00-46-56
1362692527.009512 FMnxxt3xjVcWNS2141 192.150.187.43 141.142.228.5 CHhAvVGS1DHFjwGM9 HTTP 0 SHA256,EXTRACT,SHA1,MD5,DATA_EVENT text/plain - 0.000263 - F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac 1dd7ac0398df6cbc0696445a91ec681facf4dc47 4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18 FMnxxt3xjVcWNS2141-file F -
#close 2020-07-06-18-30-22

6
testing/btest/Baseline/scripts.base.frameworks.input.basic/out
View file

@ -1,13 +1,13 @@
{
[-42] = [b=T, bt=T, e=SSH::LOG, c=21, p=123/unknown, pp=5/icmp, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

4
testing/btest/Baseline/scripts.base.frameworks.input.bignumber/out
View file

@ -1,4 +1,4 @@
{
[-9223372036854775800] = [c=18446744073709551612],
[9223372036854775800] = [c=18446744073709551612]
[9223372036854775800] = [c=18446744073709551612],
[-9223372036854775800] = [c=18446744073709551612]
}

4
testing/btest/Baseline/scripts.base.frameworks.input.config.basic/out
View file

@ -10,10 +10,10 @@ testaddr, 2607:f8b0:4005:801::200e
testinterval, 1.0 min
testtime, 1507321987.0
test_set, {
b,
c,
a,
d,
b,
c,
erdbeerschnitzel
}
test_vector, [1, 2, 3, 4, 5, 6]

6
testing/btest/Baseline/scripts.base.frameworks.input.config.enum-set/zeek.config.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path config
#open 2019-10-03-04-02-02
#open 2020-07-06-18-34-22
#fields ts id old_value new_value location
#types time string string string string
1570075321.966826 DPD::ignore_violations (empty) Analyzer::ANALYZER_SYSLOG -
#close 2019-10-03-04-02-02
1594060462.186976 DPD::ignore_violations (empty) Analyzer::ANALYZER_SYSLOG -
#close 2020-07-06-18-34-22

4
testing/btest/Baseline/scripts.base.frameworks.input.config.spaces/out
View file

@ -4,8 +4,8 @@ testint, -1
testportandproto, 45/udp
testaddr, 127.0.0.3
test_set, {
127.0.0.2,
127.0.0.1,
127.0.0.3
127.0.0.3,
127.0.0.2
}
test_vector, [10.0.0.1/32, 10.0.0.0/16, 10.0.0.0/8]

2
testing/btest/Baseline/scripts.base.frameworks.input.invalid-lines/.stderrwithoutfirstline
View file

@ -2,8 +2,8 @@ warning: ../input.log/Input::READER_ASCII: Not enough fields in line 'T -41 SSH:
warning: ../input.log/Input::READER_ASCII: Tried to parse invalid/unknown protocol: whatever
warning: ../input.log/Input::READER_ASCII: Bad address: 342.2.3.4
warning: ../input.log/Input::READER_ASCII: Not enough fields in line 'T -41' of ../input.log. Found 1 fields, want positions 2 and -1
received termination signal
error: ../input.log/Input::READER_ASCII: Not enough fields in line 'T -41 SSH::LOG 21 123 tcp 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30' of ../input.log. Found 15 fields, want positions 17 and -1
error: ../input.log/Input::READER_ASCII: Init failed
error: ../input.log/Input::READER_ASCII: terminating thread
received termination signal
>>>

36
testing/btest/Baseline/scripts.base.frameworks.input.invalid-lines/out
View file

@ -1,37 +1,37 @@
{
[-44] = [b=T, e=SSH::LOG, c=21, p=123/udp, sn=10.0.0.0/24, a=0.0.0.0, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242 HOHOHO, sc={
2,
4,
1,
3
}, ss={
BB,
AA,
CC
}, se={
}, vc=[10, 20, 30], ve=[]],
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242 HOHOHO, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/tcp, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-44] = [b=T, e=SSH::LOG, c=21, p=123/udp, sn=10.0.0.0/24, a=0.0.0.0, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242 HOHOHO, sc={
4,
2,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

4
testing/btest/Baseline/scripts.base.frameworks.input.invalidtext/out
View file

@ -1,8 +1,8 @@
TableErrorEvent, String 'l' contained no parseable number, Reporter::WARNING
TableErrorEvent, Could not convert line '\x09l' of ../input.log to Val. Ignoring line., Reporter::WARNING
EventErrorEvent, String 'l' contained no parseable number, Reporter::WARNING
EventErrorEvent, Could not convert line '\x09l' of ../input.log to Val. Ignoring line., Reporter::WARNING
Event, [c=5]
TableErrorEvent, String 'l' contained no parseable number, Reporter::WARNING
TableErrorEvent, Could not convert line '\x09l' of ../input.log to Val. Ignoring line., Reporter::WARNING
{
[] = [c=5]
}

4
testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stdout
View file

@ -1,5 +1,5 @@
input: 1 now it does
input: 2 and more!
inputstream: 1 now it does
inputstream: 2 and more!
input: 1 now it does
input: 2 and more!
inputstream: 3 streaming still works

8
testing/btest/Baseline/scripts.base.frameworks.input.optional/out
View file

@ -1,9 +1,9 @@
{
[2] = [b=T, notb=F],
[5] = [b=F, notb=T],
[3] = [b=F, notb=T],
[7] = [b=T, notb=F],
[6] = [b=F, notb=T],
[4] = [b=F, notb=T],
[1] = [b=T, notb=F],
[7] = [b=T, notb=F],
[5] = [b=F, notb=T],
[3] = [b=F, notb=T]
[1] = [b=T, notb=F]
}

4
testing/btest/Baseline/scripts.base.frameworks.input.path-prefix.absolute-prefix/output
View file

@ -1,5 +1,5 @@
{
[127.0.3.1] = just,
[127.0.3.2] = some,
[127.0.3.3] = value,
[127.0.3.1] = just
[127.0.3.3] = value
}

4
testing/btest/Baseline/scripts.base.frameworks.input.path-prefix.no-paths/output
View file

@ -1,5 +1,5 @@
{
[127.0.0.2] = some,
[127.0.0.1] = just,
[127.0.0.3] = value
[127.0.0.3] = value,
[127.0.0.2] = some
}

2
testing/btest/Baseline/scripts.base.frameworks.input.path-prefix.relative-prefix/output
View file

@ -1,5 +1,5 @@
{
[127.0.1.1] = just,
[127.0.1.2] = some,
[127.0.1.1] = just,
[127.0.1.3] = value
}

6
testing/btest/Baseline/scripts.base.frameworks.input.patterns/out
View file

@ -2,8 +2,8 @@ T
F
T
{
[2] = [p=/^?(cat)$?/],
[4] = [p=/^?(^oob)$?/],
[1] = [p=/^?(dog)$?/],
[3] = [p=/^?(foo|bar)$?/]
[2] = [p=/^?(cat)$?/],
[3] = [p=/^?(foo|bar)$?/],
[1] = [p=/^?(dog)$?/]
}

8
testing/btest/Baseline/scripts.base.frameworks.input.raw.executestdin/out
View file

@ -1,10 +1,10 @@
Input::EVENT_NEW, cat |, input0, hello
Input::EVENT_NEW, cat |, input0, there\x01\x02\x03\x04\x05\x01\x02\x03yay0
Input::EVENT_NEW, cat |, input1, hello
Input::EVENT_NEW, cat |, input1, there\x01\x02\x03\x04\x05\x01\x02\x03yay01
Input::EVENT_NEW, cat |, input4, hello
Input::EVENT_NEW, cat |, input4, there\x01\x02\x03\x04\x05\x01\x02\x03yay01234
Input::EVENT_NEW, cat |, input0, hello
Input::EVENT_NEW, cat |, input0, there\x01\x02\x03\x04\x05\x01\x02\x03yay0
Input::EVENT_NEW, cat |, input2, hello
Input::EVENT_NEW, cat |, input2, there\x01\x02\x03\x04\x05\x01\x02\x03yay012
Input::EVENT_NEW, cat |, input4, hello
Input::EVENT_NEW, cat |, input4, there\x01\x02\x03\x04\x05\x01\x02\x03yay01234
Input::EVENT_NEW, cat |, input3, hello
Input::EVENT_NEW, cat |, input3, there\x01\x02\x03\x04\x05\x01\x02\x03yay0123

1500
testing/btest/Baseline/scripts.base.frameworks.input.reread/out
View file

File diff suppressed because it is too large Load diff

6
testing/btest/Baseline/scripts.base.frameworks.input.set/out
View file

@ -1,7 +1,7 @@
{
192.168.17.14,
192.168.17.42,
192.168.17.1,
192.168.17.42,
192.168.17.2,
192.168.17.7
192.168.17.7,
192.168.17.14
}

10
testing/btest/Baseline/scripts.base.frameworks.input.setseparator/out
View file

@ -1,10 +1,10 @@
{
[1] = [s={
b,
f,
c,
e,
a,
d
d,
f,
b,
c,
e
}, ss=[1, 2, 3, 4, 5, 6]]
}

16
testing/btest/Baseline/scripts.base.frameworks.input.setspecialcases/out
View file

@ -3,6 +3,13 @@
testing,
}, s=[testing, , testing]],
[5] = [s={
}, s=[, , , ]],
[3] = [s={
testing,
}, s=[, testing]],
[6] = [s={
}, s=[]],
@ -12,12 +19,5 @@ testing,
}, s=[testing, ]],
[1] = [s={
testing,testing,testing,
}, s=[testing,testing,testing,]],
[5] = [s={
}, s=[, , , ]],
[3] = [s={
testing,
}, s=[, testing]]
}, s=[testing,testing,testing,]]
}

6
testing/btest/Baseline/scripts.base.frameworks.input.sqlite.types/out
View file

@ -1,12 +1,12 @@
[b=T, i=-42, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1358376849.393854, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], vs=[], vn=<uninitialized>]

48
testing/btest/Baseline/scripts.base.frameworks.input.stream/out
View file

@ -2,28 +2,28 @@
Input::EVENT_NEW
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============SERVERS============
{
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
@ -32,40 +32,40 @@ CC
Input::EVENT_NEW
[i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============SERVERS============
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
@ -74,40 +74,40 @@ CC
Input::EVENT_CHANGED
[i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============SERVERS============
{
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

6
testing/btest/Baseline/scripts.base.frameworks.input.subrecord-event/out
View file

@ -1,12 +1,12 @@
[sub=[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, two=[a=1.2.3.4, d=3.14]], t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

6
testing/btest/Baseline/scripts.base.frameworks.input.subrecord/out
View file

@ -1,13 +1,13 @@
{
[-42] = [sub=[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, two=[a=1.2.3.4, d=3.14]], t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

16
testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out
View file

@ -3,27 +3,27 @@
==========SERVERS============
done
{
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

18
testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out
View file

@ -2,14 +2,14 @@
Input::EVENT_NEW
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
@ -17,14 +17,14 @@ CC
Input::EVENT_NEW
[i=-44]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
@ -32,14 +32,14 @@ CC
Input::EVENT_REMOVED
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

6
testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out
View file

@ -2,14 +2,14 @@
Input::EVENT_NEW
[i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

6
testing/btest/Baseline/scripts.base.frameworks.input.unsupported_types/out
View file

@ -1,13 +1,13 @@
{
[-42] = [fi=<uninitialized>, b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

6
testing/btest/Baseline/scripts.base.frameworks.input.windows/out
View file

@ -1,13 +1,13 @@
{
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242, sc={
2,
4,
2,
1,
3
}, ss={
BB,
CC,
AA,
CC
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

16
testing/btest/Baseline/scripts.base.frameworks.intel.expire-item/output
View file

@ -3,18 +3,15 @@
#empty_field (empty)
#unset_field -
#path intel
#open 2019-06-07-02-20-05
#open 2020-07-06-18-47-48
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.indicator seen.indicator_type seen.where seen.node matched sources fuid file_mime_type file_desc
#types time string addr port addr port string enum enum string set[enum] set[string] string string string
1559874005.130930 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE zeek Intel::ADDR source1 - - -
1559874008.152069 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE zeek Intel::ADDR source1 - - -
1559874011.172813 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE zeek Intel::ADDR source1,source2 - - -
1559874014.190374 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE zeek Intel::ADDR source1,source2 - - -
1559874017.207215 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE zeek Intel::ADDR source1,source2 - - -
#close 2019-06-07-02-20-20
1594061268.125378 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE zeek Intel::ADDR source1 - - -
1594061271.127050 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE zeek Intel::ADDR source2,source1 - - -
1594061274.130721 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE zeek Intel::ADDR source2,source1 - - -
#close 2020-07-06-18-48-00
-- Run 1 --
Trigger: 1.2.3.4
Seen: 1.2.3.4
-- Run 2 --
Trigger: 1.2.3.4
Reinsert: 1.2.3.4
@ -26,9 +23,8 @@ Expired: 192.168.0.0/16
-- Run 4 --
Trigger: 1.2.3.4
Seen: 1.2.3.4
Expired: 1.2.3.4
-- Run 5 --
Trigger: 1.2.3.4
Seen: 1.2.3.4
Expired: 1.2.3.4
-- Run 6 --
Trigger: 1.2.3.4

8
testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path ssh-new-default
#open 2012-07-20-01-49-19
#open 2020-07-06-18-39-54
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
#types time addr port addr port string string
1342748959.430282 1.2.3.4 1234 2.3.4.5 80 success unknown
1342748959.430282 1.2.3.4 1234 2.3.4.5 80 failure US
#close 2012-07-20-01-49-19
1594060794.337699 1.2.3.4 1234 2.3.4.5 80 success unknown
1594060794.337699 1.2.3.4 1234 2.3.4.5 80 failure US
#close 2020-07-06-18-39-54

10
testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log
View file

@ -5,8 +5,8 @@ PREFIX<>unset_field|NOT-SET
PREFIX<>path|ssh
PREFIX<>fields|t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b
PREFIX<>types|time|addr|port|addr|port|string|string|bool
1342748959.659721|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET
1342748959.659721|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET
1342748959.659721|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET
1342748959.659721|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET
1342748959.659721|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T
1594060800.650242|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET
1594060800.650242|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET
1594060800.650242|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET
1594060800.650242|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET
1594060800.650242|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T

6
testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-set-separator/test.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path test
#open 2016-07-13-16-15-14
#open 2020-07-06-18-40-14
#fields ss
#types set[string]
\x2c,AA,CC,\x2c\x2c
#close 2016-07-13-16-15-14
\x2c,CC,\x2c\x2c,AA
#close 2020-07-06-18-40-14

10
testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log
View file

@ -5,8 +5,8 @@
#path||ssh
#fields||t||id.orig_h||id.orig_p||id.resp_h||id.resp_p||status||country
#types||time||addr||port||addr||port||string||string
1343417536.767956||1.2.3.4||1234||2.3.4.5||80||success||unknown
1343417536.767956||1.2.3.4||1234||2.3.4.5||80||failure||US
1343417536.767956||1.2.3.4||1234||2.3.4.5||80||fa\x7c\x7cure||UK
1343417536.767956||1.2.3.4||1234||2.3.4.5||80||su\x7c\x7cess||BR
1343417536.767956||1.2.3.4||1234||2.3.4.5||80||failure||MX
1594060802.302306||1.2.3.4||1234||2.3.4.5||80||success||unknown
1594060802.302306||1.2.3.4||1234||2.3.4.5||80||failure||US
1594060802.302306||1.2.3.4||1234||2.3.4.5||80||fa\x7c\x7cure||UK
1594060802.302306||1.2.3.4||1234||2.3.4.5||80||su\x7c\x7cess||BR
1594060802.302306||1.2.3.4||1234||2.3.4.5||80||failure||MX

6
testing/btest/Baseline/scripts.base.frameworks.logging.ascii-gz/ssh-uncompressed.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path ssh-uncompressed
#open 2017-04-18-16-16-16
#open 2020-07-06-18-40-15
#fields b i e c p sn a d t iv s sc ss se vc ve f
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1215620010.543210 100.000000 hurz 2,4,1,3 BB,AA,CC (empty) 10,20,30 (empty) SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
#close 2017-04-18-16-16-16
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1215620010.543210 100.000000 hurz 4,2,3,1 CC,BB,AA (empty) 10,20,30 (empty) SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
#close 2020-07-06-18-40-15

6
testing/btest/Baseline/scripts.base.frameworks.logging.ascii-gz/ssh.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path ssh
#open 2017-04-18-16-15-17
#open 2020-07-06-18-40-15
#fields b i e c p sn a d t iv s sc ss se vc ve f
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1215620010.543210 100.000000 hurz 2,4,1,3 BB,AA,CC (empty) 10,20,30 (empty) SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
#close 2017-04-18-16-15-17
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1215620010.543210 100.000000 hurz 4,2,3,1 CC,BB,AA (empty) 10,20,30 (empty) SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
#close 2020-07-06-18-40-15

2
testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json/ssh.log
View file

@ -1 +1 @@
{"b":true,"i":-42,"e":"SSH::LOG","c":21,"p":123,"sn":"10.0.0.0/24","a":"1.2.3.4","d":3.14,"t":1215620010.54321,"iv":100.0,"s":"hurz","sc":[2,4,1,3],"ss":["BB","AA","CC"],"se":[],"vc":[10,20,30],"ve":[],"vn":[0,null,2],"f":"SSH::foo\n{ \nif (0 < SSH::i) \n\treturn (Foo);\nelse\n\treturn (Bar);\n\n}"}
{"b":true,"i":-42,"e":"SSH::LOG","c":21,"p":123,"sn":"10.0.0.0/24","a":"1.2.3.4","d":3.14,"t":1215620010.54321,"iv":100.0,"s":"hurz","sc":[4,2,3,1],"ss":["CC","BB","AA"],"se":[],"vc":[10,20,30],"ve":[],"vn":[0,null,2],"f":"SSH::foo\n{ \nif (0 < SSH::i) \n\treturn (Foo);\nelse\n\treturn (Bar);\n\n}"}

10
testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log
View file

@ -1,5 +1,5 @@
1342748960.098729|1.2.3.4|1234|2.3.4.5|80|success|unknown
1342748960.098729|1.2.3.4|1234|2.3.4.5|80|failure|US
1342748960.098729|1.2.3.4|1234|2.3.4.5|80|failure|UK
1342748960.098729|1.2.3.4|1234|2.3.4.5|80|success|BR
1342748960.098729|1.2.3.4|1234|2.3.4.5|80|failure|MX
1594060824.890596|1.2.3.4|1234|2.3.4.5|80|success|unknown
1594060824.890596|1.2.3.4|1234|2.3.4.5|80|failure|US
1594060824.890596|1.2.3.4|1234|2.3.4.5|80|failure|UK
1594060824.890596|1.2.3.4|1234|2.3.4.5|80|success|BR
1594060824.890596|1.2.3.4|1234|2.3.4.5|80|failure|MX

10
testing/btest/Baseline/scripts.base.frameworks.logging.ascii-tsv/ssh-filtered.log
View file

@ -1,6 +1,6 @@
t id.orig_h id.orig_p id.resp_h id.resp_p status country b
1353727995.082217 1.2.3.4 1234 2.3.4.5 80 success unknown -
1353727995.082217 1.2.3.4 1234 2.3.4.5 80 - US -
1353727995.082217 1.2.3.4 1234 2.3.4.5 80 failure UK -
1353727995.082217 1.2.3.4 1234 2.3.4.5 80 - BR -
1353727995.082217 1.2.3.4 1234 2.3.4.5 80 failure (empty) T
1594060827.047609 1.2.3.4 1234 2.3.4.5 80 success unknown -
1594060827.047609 1.2.3.4 1234 2.3.4.5 80 - US -
1594060827.047609 1.2.3.4 1234 2.3.4.5 80 failure UK -
1594060827.047609 1.2.3.4 1234 2.3.4.5 80 - BR -
1594060827.047609 1.2.3.4 1234 2.3.4.5 80 failure (empty) T

Some files were not shown because too many files have changed in this diff Show more