mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
spicy-redis: Add some script logic for logging
Also "rebrands" from RESP to Redis.
This commit is contained in:
Evan Typanski
parent
757cbbf902
commit
22bda56af3
36 changed files with 266 additions and 86 deletions
|
|
@ -0,0 +1,16 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path redis
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd.command cmd.key cmd.value response.err response.data
|
||||
#types time string addr port addr port string string string bool string
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 61211 ::1 6379 PING - - F PONG
|
||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 61212 ::1 6379 PING - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 61211 ::1 6379 CLIENT - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 61211 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 61212 ::1 6379 CLIENT - - - -
|
||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 ::1 61212 ::1 6379 PING - - - -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path redis
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd.command cmd.key cmd.value response.err response.data
|
||||
#types time string addr port addr port string string string bool string
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 60761 ::1 6379 PING - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 60761 ::1 6379 CLIENT - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 60761 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 60761 ::1 6379 CLIENT - - F OK
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 60761 ::1 6379 PING - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 60761 ::1 6379 CLIENT - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 60761 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 60761 ::1 6379 PING - - F PONG
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path redis
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd.command cmd.key cmd.value response.err response.data
|
||||
#types time string addr port addr port string string string bool string
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56348 ::1 6379 PING - - F PONG
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56348 ::1 6379 CLIENT - - - -
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56348 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56348 ::1 6379 CLIENT - - - -
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56348 ::1 6379 CLIENT - - F OK
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56348 ::1 6379 PING - - F PONG
|
||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc ::1 56348 ::1 6379 PING - - F PONG
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path resp
|
||||
#path redis
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd.command cmd.key cmd.value response.err response.data
|
||||
#types time string addr port addr port string string string bool string
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path resp
|
||||
#path redis
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd.command cmd.key cmd.value response.err response.data
|
||||
#types time string addr port addr port string string string bool string
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path redis
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd.command cmd.key cmd.value response.err response.data
|
||||
#types time string addr port addr port string string string bool string
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 PING - - - -
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 PING - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 - - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 - - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 - - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 - - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 - - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 - - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 - - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 - - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 - - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 - - - F PONG
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 - - - F PONG
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||
#types time string addr port addr port string string bool string string
|
||||
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h ::1 57156 ::1 6379 Redis_excessive_pipelining - F zeek -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path resp
|
||||
#path redis
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd.command cmd.key cmd.value response.err response.data
|
||||
#types time string addr port addr port string string string bool string
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path resp
|
||||
#path redis
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd.command cmd.key cmd.value response.err response.data
|
||||
#types time string addr port addr port string string string bool string
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path resp
|
||||
#path redis
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd.command cmd.key cmd.value response.err response.data
|
||||
#types time string addr port addr port string string string bool string
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path resp
|
||||
#path redis
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd.command cmd.key cmd.value response.err response.data
|
||||
#types time string addr port addr port string string string bool string
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path resp
|
||||
#path redis
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd.command cmd.key cmd.value response.err response.data
|
||||
#types time string addr port addr port string string string bool string
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path resp
|
||||
#path redis
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd.command cmd.key cmd.value response.err response.data
|
||||
#types time string addr port addr port string string string bool string
|
||||
BIN
testing/btest/Traces/redis/client-skip-while-off.trace
Normal file
BIN
testing/btest/Traces/redis/client-skip-while-off.trace
Normal file
Binary file not shown.
BIN
testing/btest/Traces/redis/excessive-pipelining.trace
Normal file
BIN
testing/btest/Traces/redis/excessive-pipelining.trace
Normal file
Binary file not shown.
BIN
testing/btest/Traces/redis/reply-off-on-2conn.trace
Normal file
BIN
testing/btest/Traces/redis/reply-off-on-2conn.trace
Normal file
Binary file not shown.
BIN
testing/btest/Traces/redis/reply-off-on.trace
Normal file
BIN
testing/btest/Traces/redis/reply-off-on.trace
Normal file
Binary file not shown.
|
|
@ -0,0 +1,5 @@
|
|||
# @TEST-DOC: Test CLIENT REPLY OFF, but turns on with new connection
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/reply-off-on-2conn.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# @TEST-DOC: Test CLIENT REPLY OFF then ON again and a SKIP
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/reply-off-on.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# @TEST-DOC: Test CLIENT REPLY OFF then ON again and a SKIP
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/client-skip-while-off.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/django-cloud.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff resp.log
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
redef Redis::ports += {
|
||||
10625/tcp,
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/django-cache.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff resp.log
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
event Redis::set_command(c: connection, is_orig: bool, command: Redis::SetCommand)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -0,0 +1,8 @@
|
|||
# @TEST-DOC: Test Zeek parsing "pipelined" data responses
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/excessive-pipelining.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
# @TEST-EXEC: btest-diff weird.log
|
||||
|
||||
# Make sure we get a weird if we go over the pipelining threshold (intentionally limited)
|
||||
redef Redis::max_pending_requests = 5;
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/pipeline-quotes.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff resp.log
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
# TODO: Make it so weird.log exists again with `zeek::weird` for inline commands
|
||||
# btest-diff weird.log
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/pipeline-with-commands.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff resp.log
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
# Sometimes commands aren't serialized, like when pipelining. This still works! So we
|
||||
# should handle this. This particular example has a few commands, amongst them a SET and
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/pipelining-example.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff resp.log
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
# Testing the example of "pipelining" in REDIS docs:
|
||||
# https://redis.io/docs/latest/develop/use/pipelining/
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/pubsub.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff resp.log
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
# Testing the example of pub sub in REDIS docs:
|
||||
# https://redis.io/docs/latest/develop/interact/pubsub/
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
# @TEST-DOC: Test parsing behavior of RESP.
|
||||
#
|
||||
# @TEST-EXEC: spicyc ${DIST}/analyzer/resp.spicy ${DIST}/analyzer/redis.spicy -j -d -o resp.hlto
|
||||
# @TEST-EXEC: spicyc ${DIST}/analyzer/resp.spicy ${DIST}/analyzer/redis.spicy -j -d -o redis.hlto
|
||||
#
|
||||
# TODO: A lot of tests are possible from the docs and having them would be nice.
|
||||
# But, a lot of characters ($, -, etc.) cause problems with TEST_EXEC. ugh.
|
||||
# @TEST-EXEC: printf "+OK\x0d\x0a" | spicy-dump -p RESP::Data resp.hlto >>output 2>&1
|
||||
# @TEST-EXEC: printf ":1000\x0d\x0a" | spicy-dump -p RESP::Data resp.hlto >>output 2>&1
|
||||
# @TEST-EXEC: printf ":-1000\x0d\x0a" | spicy-dump -p RESP::Data resp.hlto >>output 2>&1
|
||||
# @TEST-EXEC: printf ":+1000\x0d\x0a" | spicy-dump -p RESP::Data resp.hlto >>output 2>&1
|
||||
# @TEST-EXEC: printf "+OK\x0d\x0a" | spicy-dump -p RESP::Data redis.hlto >>output 2>&1
|
||||
# @TEST-EXEC: printf ":1000\x0d\x0a" | spicy-dump -p RESP::Data redis.hlto >>output 2>&1
|
||||
# @TEST-EXEC: printf ":-1000\x0d\x0a" | spicy-dump -p RESP::Data redis.hlto >>output 2>&1
|
||||
# @TEST-EXEC: printf ":+1000\x0d\x0a" | spicy-dump -p RESP::Data redis.hlto >>output 2>&1
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# @TEST-DOC: Test Zeek parsing pubsub commands
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/stream.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff resp.log
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
# Streams like with XRANGE return arrays of bulk strings. We shouldn't count the
|
||||
# response as commands.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Zeek with RESP over TLS so it doesn't get gibberish
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/tls.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC-FAIL: test -f resp.log
|
||||
# @TEST-EXEC-FAIL: test -f redis.log
|
||||
|
||||
# The logs should probably be empty since it's all encrypted
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/loop-redis.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff resp.log
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
event Redis::set_command(c: connection, is_orig: bool, command: Redis::SetCommand)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue