diff --git a/CHANGES b/CHANGES
index caaaf03689..3a486ff511 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,19 @@
 
+2.6-14 | 2018-11-29 16:27:38 -0600
+
+  * Improve introspection of Record and TypeType values (Jon Siwek, Corelight)
+
+    * TypeType values are now printable and yield the type name/alias
+    * Fix record_fields BIF to return correct type name for fields
+    * Allow TypeType values that point to a RecordType to be used with
+      record_fields BIF
+
+  * Bro plugins should support a patch version (x.y.z) (Jon Zeolla)
+
+  * GH-148: add priority to DNSSEC event handlers (Jon Siwek, Corelight)
+
+  * DNSSEC support (Fatema Bannat Wala)
+
 2.6 | 2018-11-29 10:03:33 -0600
 
   * Release 2.6.
diff --git a/NEWS b/NEWS
index 9f09bf0ac6..a78addb5de 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,40 @@
 
 This document summarizes the most important changes in the current Bro
 release. For an exhaustive list of changes, see the ``CHANGES`` file
-(note that submodules, such as BroControl and Broccoli, come with
-their own ``CHANGES``.)
+(note that submodules, such as Broker, come with their own ``CHANGES``.)
+
+Bro 2.7
+=======
+
+New Functionality
+-----------------
+
+- Added support for DNSSEC resource records RRSIG, DNSKEY, DS, NSEC, and NSEC3.
+  The associated events are:
+
+  - dns_RRSIG
+  - dns_DNSKEY
+  - dns_DS
+  - dns_NSEC
+  - dns_NSEC3
+
+- Bro's Plugin framework now allows a patch version.  If a patch version is not
+  provided, it will default to 0.  To specify this, modify the plugin
+  Configuration class in your ``src/Plugin.cc` and set
+  ``config.version.patch``.  Note that the default plugin skeleton
+  includes a unit test whose Baseline has the plugin version number in
+  it and that will now fail due to the version number now including a
+  patch number.  For those that want to keep the unit test, simply adapt
+  the unit test/baseline to include the new plugin patch number.
+
+Changed Functionality
+---------------------
+
+Removed Functionality
+---------------------
+
+Deprecated Functionality
+------------------------
 
 Bro 2.6
 =======
diff --git a/VERSION b/VERSION
index 5154b3f68e..f62ffeda4e 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.6
+2.6-14
diff --git a/aux/bro-aux b/aux/bro-aux
index a0d9d311fa..8a57979457 160000
--- a/aux/bro-aux
+++ b/aux/bro-aux
@@ -1 +1 @@
-Subproject commit a0d9d311fa3f17912d3cabc6ab51a01fd4762535
+Subproject commit 8a57979457db66957163cf0c15f0c9f1d273c52e
diff --git a/doc/devel/plugins.rst b/doc/devel/plugins.rst
index dc1c9a3cd4..bdc9305924 100644
--- a/doc/devel/plugins.rst
+++ b/doc/devel/plugins.rst
@@ -99,7 +99,7 @@ option::
     # export BRO_PLUGIN_PATH=/path/to/rot13-plugin/build
     # bro -N
     [...]
-    Demo::Rot13 - <Insert description> (dynamic, version 0.1)
+    Demo::Rot13 - <Insert description> (dynamic, version 0.1.0)
     [...]
 
 That looks quite good, except for the dummy description that we should
@@ -115,6 +115,7 @@ is about.  We do this by editing the ``config.description`` line in
         config.description = "Caesar cipher rotating a string's characters by 13 places.";
         config.version.major = 0;
         config.version.minor = 1;
+        config.version.patch = 0;
         return config;
         }
     [...]
@@ -124,14 +125,14 @@ Now rebuild and verify that the description is visible::
     # make
     [...]
     # bro -N | grep Rot13
-    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1)
+    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1.0)
 
 Bro can also show us what exactly the plugin provides with the
 more verbose option ``-NN``::
 
     # bro -NN
     [...]
-    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1)
+    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1.0)
         [Function] Demo::rot13
     [...]
 
@@ -166,7 +167,7 @@ unpacking.
 
 To distribute the plugin in binary form, the build process
 conveniently creates a corresponding tarball in ``build/dist/``. In
-this case, it's called ``Demo_Rot13-0.1.tar.gz``, with the version
+this case, it's called ``Demo_Rot13-0.1.0.tar.gz``, with the version
 number coming out of the ``VERSION`` file that ``init-plugin`` put
 into place. The binary tarball has everything needed to run the
 plugin, but no further source files. Optionally, one can include
@@ -395,7 +396,7 @@ let's get that in place::
     % 'btest-diff output' failed unexpectedly (exit code 100)
     % cat .diag
     == File ===============================
-    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1)
+    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1.0)
         [Function] Demo::rot13
 
     == Error ===============================
diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index 93bcc203b7..3f13bd232a 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -3544,6 +3544,67 @@ type dns_tsig_additional: record {
 	is_query: count;	##< TODO.
 };
 
+## A DNSSEC RRSIG record.
+##
+## .. bro:see:: dns_RRSIG
+type dns_rrsig_rr: record {
+	query: string;			##< Query.
+	answer_type: count;		##< Ans type.
+	type_covered: count;	##< qtype covered by RRSIG RR.
+	algorithm: count;		##< Algorithm.
+	labels: count;			##< Labels in the owner's name.
+	orig_ttl: interval;		##< Original TTL.
+	sig_exp: time;			##< Time when signed RR expires.
+	sig_incep: time;		##< Time when signed.
+	key_tag: count;			##< Key tag value.
+	signer_name: string;	##< Signature.
+	signature: string;		##< Hash of the RRDATA.
+	is_query: count;		##< The RR is a query/Response.
+};
+
+## A DNSSEC DNSKEY record.
+##
+## .. bro:see:: dns_DNSKEY
+type dns_dnskey_rr: record {
+	query: string;		##< Query.
+	answer_type: count;	##< Ans type.
+	flags: count;		##< flags filed.
+	protocol: count;	##< Protocol, should be always 3 for DNSSEC.
+	algorithm: count;	##< Algorithm for Public Key.
+	public_key: string;	##< Public Key
+	is_query: count;	##< The RR is a query/Response.
+};
+
+## A DNSSEC NSEC3 record.
+##
+## .. bro:see:: dns_NSEC3
+type dns_nsec3_rr: record {
+	query: string;			##< Query.
+	answer_type: count;		##< Ans type.
+	nsec_flags: count;		##< flags field.
+	nsec_hash_algo: count;	##< Hash algorithm.
+	nsec_iter: count;		##< Iterations.
+	nsec_salt_len: count; 	##< Salt length.
+	nsec_salt: string;		##< Salt value
+	nsec_hlen: count;		##< Hash length.
+	nsec_hash: string;		##< Hash value.
+	bitmaps: string_vec;	##< Type Bit Maps.
+	is_query: count;		##< The RR is a query/Response.
+};
+
+## A DNSSEC DS record.
+##
+## .. bro:see:: dns_DS
+type dns_ds_rr: record {
+	query: string;		##< Query.
+	answer_type: count;	##< Ans type.
+	key_tag: count;		##< flags filed.
+	algorithm: count;	##< Algorithm for Public Key.
+	digest_type: count;	##< Digest Type.
+	digest_val: string;	##< Digest Value.
+	is_query: count;	##< The RR is a query/Response.
+};
+
 # DNS answer types.
 #
 # .. bro:see:: dns_answerr
diff --git a/scripts/base/protocols/dns/consts.bro b/scripts/base/protocols/dns/consts.bro
index 534eb15b0f..4683a3e773 100644
--- a/scripts/base/protocols/dns/consts.bro
+++ b/scripts/base/protocols/dns/consts.bro
@@ -130,4 +130,37 @@ export {
 		[254] = "C_NONE",
 		[255] = "C_ANY",
 	} &default = function(n: count): string { return fmt("qclass-%d", n); };
+
+	## Possible values of the algorithms used in DNSKEY, DS and RRSIG records
+	const algorithms = {
+		[0] = "reserved0",
+		[1] = "RSA_MD5",
+		[2] = "Diffie_Hellman",
+		[3] = "DSA_SHA1",
+		[4] = "Elliptic_Curve",
+		[5] = "RSA_SHA1",
+		[6] = "DSA_NSEC3_SHA1",
+		[7] = "RSA_SHA1_NSEC3_SHA1",
+		[8] = "RSA_SHA256",
+		[10] = "RSA_SHA512",
+		[12] = "GOST_R_34_10_2001",
+		[13] = "ECDSA_curveP256withSHA256",
+		[14] = "ECDSA_curveP384withSHA384",
+		[15] = "Ed25519",
+		[16] = "Ed448",
+		[252] = "Indirect",
+		[253] = "PrivateDNS",
+		[254] = "PrivateOID",
+		[255] = "reserved255",
+	} &default = function(n: count): string { return fmt("algorithm-%d", n); };
+
+	## Possible digest types used in DNSSEC.
+	const digests = {
+		[0] = "reserved0",
+		[1] = "SHA1",
+		[2] = "SHA256",
+		[3] = "GOST_R_34_11_94",
+		[4] = "SHA384",
+	} &default = function(n: count): string { return fmt("digest-%d", n); };
+
 }
diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro
index a6104e12a3..a0e22aae6b 100644
--- a/scripts/base/protocols/dns/main.bro
+++ b/scripts/base/protocols/dns/main.bro
@@ -466,6 +466,38 @@ event dns_SRV_reply(c: connection, msg: dns_msg, ans: dns_answer, target: string
 #
 #	}
 
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr) &priority=5
+	{
+	local s: string;
+	s = fmt("RRSIG %s %s", rrsig$type_covered,
+	        rrsig$signer_name == "" ? "<Root>" : rrsig$signer_name);
+	hook DNS::do_reply(c, msg, ans, s);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr) &priority=5
+	{
+	local s: string;
+	s = fmt("DNSKEY %s", dnskey$algorithm);
+	hook DNS::do_reply(c, msg, ans, s);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec) &priority=5
+	{
+	hook DNS::do_reply(c, msg, ans, fmt("NSEC %s %s", ans$query, next_name));
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr) &priority=5
+	{
+	hook DNS::do_reply(c, msg, ans, "NSEC3");
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr) &priority=5
+	{
+	local s: string;
+	s = fmt("DS %s %s", ds$algorithm, ds$digest_type);
+	hook DNS::do_reply(c, msg, ans, s);
+	}
+
 event dns_rejected(c: connection, msg: dns_msg, query: string, qtype: count, qclass: count) &priority=5
 	{
 	if ( c?$dns )
diff --git a/src/NetVar.cc b/src/NetVar.cc
index 93533b9627..57a5452123 100644
--- a/src/NetVar.cc
+++ b/src/NetVar.cc
@@ -115,6 +115,10 @@ RecordType* dns_answer;
 RecordType* dns_soa;
 RecordType* dns_edns_additional;
 RecordType* dns_tsig_additional;
+RecordType* dns_rrsig_rr;
+RecordType* dns_dnskey_rr;
+RecordType* dns_nsec3_rr;
+RecordType* dns_ds_rr;
 TableVal* dns_skip_auth;
 TableVal* dns_skip_addl;
 int dns_skip_all_auth;
@@ -430,7 +434,10 @@ void init_net_var()
 		internal_type("dns_edns_additional")->AsRecordType();
 	dns_tsig_additional =
 		internal_type("dns_tsig_additional")->AsRecordType();
-
+	dns_rrsig_rr = internal_type("dns_rrsig_rr")->AsRecordType();
+	dns_dnskey_rr = internal_type("dns_dnskey_rr")->AsRecordType();
+	dns_nsec3_rr = internal_type("dns_nsec3_rr")->AsRecordType();
+	dns_ds_rr = internal_type("dns_ds_rr")->AsRecordType();
 	dns_skip_auth = internal_val("dns_skip_auth")->AsTableVal();
 	dns_skip_addl = internal_val("dns_skip_addl")->AsTableVal();
 	dns_skip_all_auth = opt_internal_int("dns_skip_all_auth");
diff --git a/src/NetVar.h b/src/NetVar.h
index 023be18867..1dee27f372 100644
--- a/src/NetVar.h
+++ b/src/NetVar.h
@@ -118,6 +118,10 @@ extern RecordType* dns_answer;
 extern RecordType* dns_soa;
 extern RecordType* dns_edns_additional;
 extern RecordType* dns_tsig_additional;
+extern RecordType* dns_rrsig_rr;
+extern RecordType* dns_dnskey_rr;
+extern RecordType* dns_nsec3_rr;
+extern RecordType* dns_ds_rr;
 extern TableVal* dns_skip_auth;
 extern TableVal* dns_skip_addl;
 extern int dns_skip_all_auth;
diff --git a/src/Val.cc b/src/Val.cc
index 144eb995ee..059ce24f4a 100644
--- a/src/Val.cc
+++ b/src/Val.cc
@@ -500,6 +500,8 @@ void Val::ValDescribe(ODesc* d) const
 			AsFunc()->Describe(d);
 		else if ( type->Tag() == TYPE_FILE )
 			AsFile()->Describe(d);
+		else if ( type->Tag() == TYPE_TYPE )
+			d->Add(type->AsTypeType()->Type()->GetName());
 		else
 			d->Add("<no value description>");
 		break;
diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc
index 145d19950f..d0b7940cee 100644
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@@ -312,6 +312,26 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg,
 			status = ParseRR_TSIG(msg, data, len, rdlength, msg_start);
 			break;
 
+		case TYPE_RRSIG:
+			status = ParseRR_RRSIG(msg, data, len, rdlength, msg_start);
+			break;
+
+		case TYPE_DNSKEY:
+			status = ParseRR_DNSKEY(msg, data, len, rdlength, msg_start);
+			break;
+
+		case TYPE_NSEC:
+			status = ParseRR_NSEC(msg, data, len, rdlength, msg_start);
+			break;
+
+		case TYPE_NSEC3:
+			status = ParseRR_NSEC3(msg, data, len, rdlength, msg_start);
+			break;
+
+		case TYPE_DS:
+			status = ParseRR_DS(msg, data, len, rdlength, msg_start);
+			break;
+
 		default:
 
 			if ( dns_unknown_reply && ! msg->skip_event )
@@ -724,6 +744,17 @@ void DNS_Interpreter::ExtractOctets(const u_char*& data, int& len,
 	len -= dlen;
 	}
 
+BroString* DNS_Interpreter::ExtractStream(const u_char*& data, int& len, int l)
+	{
+	l = max(l, 0);
+	int dlen = min(len, l); // Len in bytes of the algorithm use
+	auto rval = new BroString(data, dlen, 0);
+
+	data += dlen;
+	len -= dlen;
+	return rval;
+	}
+
 int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg,
 				const u_char*& data, int& len, int rdlength,
 				const u_char* msg_start)
@@ -769,6 +800,389 @@ int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg,
 	return 1;
 	}
 
+int DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg,
+				const u_char*& data, int& len, int rdlength,
+				const u_char* msg_start)
+	{
+	if ( ! dns_RRSIG || msg->skip_event )
+		{
+		data += rdlength;
+		len -= rdlength;
+		return 1;
+		}
+
+	if ( len < 18 )
+		return 0;
+
+	unsigned int type_covered = ExtractShort(data, len);
+	// split the two bytes for algo and labels extraction
+	uint32 algo_lab = ExtractShort(data, len);
+	unsigned int algo = (algo_lab >> 8) & 0xff;
+	unsigned int lab = algo_lab & 0xff;
+
+	uint32 orig_ttl = ExtractLong(data, len);
+	uint32 sign_exp = ExtractLong(data, len);
+	uint32 sign_incp = ExtractLong(data, len);
+	unsigned int key_tag = ExtractShort(data, len);
+
+	//implement signer's name with the msg_start offset
+	const u_char* data_start = data;
+	u_char name[513];
+	int name_len = sizeof(name) - 1;
+
+	u_char* name_end = ExtractName(data, len, name, name_len, msg_start);
+	if ( ! name_end )
+		return 0;
+
+	int sig_len = rdlength - ((data - data_start) + 18);
+	DNSSEC_Algo dsa = DNSSEC_Algo(algo);
+	BroString* sign = ExtractStream(data, len, sig_len);
+
+	switch ( dsa ) {
+		case RSA_MD5:
+			analyzer->Weird("DNSSEC_RRSIG_NotRecommended_ZoneSignAlgo", fmt("%d", algo));
+			break;
+		case Diffie_Hellman:
+			break;
+		case DSA_SHA1:
+			break;
+		case Elliptic_Curve:
+			break;
+		case RSA_SHA1:
+			break;
+		case DSA_NSEC3_SHA1:
+			break;
+		case RSA_SHA1_NSEC3_SHA1:
+			break;
+		case RSA_SHA256:
+			break;
+		case RSA_SHA512:
+			break;
+		case GOST_R_34_10_2001:
+			break;
+		case ECDSA_curveP256withSHA256:
+			break;
+		case ECDSA_curveP384withSHA384:
+			break;
+		case Indirect:
+			analyzer->Weird("DNSSEC_RRSIG_Indirect_ZoneSignAlgo", fmt("%d", algo));
+			break;
+		case PrivateDNS:
+			analyzer->Weird("DNSSEC_RRSIG_PrivateDNS_ZoneSignAlgo", fmt("%d", algo));
+			break;
+		case PrivateOID:
+			analyzer->Weird("DNSSEC_RRSIG_PrivateOID_ZoneSignAlgo", fmt("%d", algo));
+			break;
+		default:
+			analyzer->Weird("DNSSEC_RRSIG_unknown_ZoneSignAlgo", fmt("%d", algo));
+			break;
+	}
+
+	RRSIG_DATA rrsig;
+	rrsig.type_covered = type_covered;
+	rrsig.algorithm = algo;
+	rrsig.labels = lab;
+	rrsig.orig_ttl = orig_ttl;
+	rrsig.sig_exp = sign_exp;
+	rrsig.sig_incep = sign_incp;
+	rrsig.key_tag = key_tag;
+	rrsig.signer_name = new BroString(name, name_end - name, 1);
+	rrsig.signature = sign;
+
+	val_list* vl = new val_list;
+
+	vl->append(analyzer->BuildConnVal());
+	vl->append(msg->BuildHdrVal());
+	vl->append(msg->BuildAnswerVal());
+	vl->append(msg->BuildRRSIG_Val(&rrsig));
+
+	analyzer->ConnectionEvent(dns_RRSIG, vl);
+
+	return 1;
+	}
+
+int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg,
+				const u_char*& data, int& len, int rdlength,
+				const u_char* msg_start)
+	{
+	if ( ! dns_DNSKEY || msg->skip_event )
+		{
+		data += rdlength;
+		len -= rdlength;
+		return 1;
+		}
+
+	if ( len < 4 )
+		return 0;
+
+	auto dflags = ExtractShort(data, len);
+	// split the two bytes for protocol and algorithm extraction
+	auto proto_algo = ExtractShort(data, len);
+	unsigned int dprotocol = (proto_algo >> 8) & 0xff;
+	unsigned int dalgorithm = proto_algo & 0xff;
+	DNSSEC_Algo dsa = DNSSEC_Algo(dalgorithm);
+	//Evaluating the size of remaining bytes for Public Key
+	BroString* key = ExtractStream(data, len, rdlength - 4);
+
+	if ( dflags != 256 and dflags != 257 and dflags != 0 )
+		analyzer->Weird("DNSSEC_DNSKEY_Invalid_Flag", fmt("%d", dflags));
+
+	if ( dprotocol != 3 )
+		analyzer->Weird("DNSSEC_DNSKEY_Invalid_Protocol", fmt("%d", dprotocol));
+
+	switch ( dsa ) {
+		case RSA_MD5:
+			analyzer->Weird("DNSSEC_DNSKEY_NotRecommended_ZoneSignAlgo", fmt("%d", dalgorithm));
+			break;
+		case Diffie_Hellman:
+			break;
+		case DSA_SHA1:
+			break;
+		case Elliptic_Curve:
+			break;
+		case RSA_SHA1:
+			break;
+		case DSA_NSEC3_SHA1:
+			break;
+		case RSA_SHA1_NSEC3_SHA1:
+			break;
+		case RSA_SHA256:
+			break;
+		case RSA_SHA512:
+			break;
+		case GOST_R_34_10_2001:
+			break;
+		case ECDSA_curveP256withSHA256:
+			break;
+		case ECDSA_curveP384withSHA384:
+			break;
+		case Indirect:
+			analyzer->Weird("DNSSEC_DNSKEY_Indirect_ZoneSignAlgo", fmt("%d", dalgorithm));
+			break;
+		case PrivateDNS:
+			analyzer->Weird("DNSSEC_DNSKEY_PrivateDNS_ZoneSignAlgo", fmt("%d", dalgorithm));
+			break;
+		case PrivateOID:
+			analyzer->Weird("DNSSEC_DNSKEY_PrivateOID_ZoneSignAlgo", fmt("%d", dalgorithm));
+			break;
+		default:
+			analyzer->Weird("DNSSEC_DNSKEY_unknown_ZoneSignAlgo", fmt("%d", dalgorithm));
+			break;
+	}
+
+	DNSKEY_DATA dnskey;
+	dnskey.dflags = dflags;
+	dnskey.dalgorithm = dalgorithm;
+	dnskey.dprotocol = dprotocol;
+	dnskey.public_key = key;
+
+	val_list* vl = new val_list;
+
+	vl->append(analyzer->BuildConnVal());
+	vl->append(msg->BuildHdrVal());
+	vl->append(msg->BuildAnswerVal());
+	vl->append(msg->BuildDNSKEY_Val(&dnskey));
+
+	analyzer->ConnectionEvent(dns_DNSKEY, vl);
+
+	return 1;
+	}
+
+int DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
+				const u_char*& data, int& len, int rdlength,
+				const u_char* msg_start)
+	{
+	if ( ! dns_NSEC || msg->skip_event )
+		{
+		data += rdlength;
+		len -= rdlength;
+		return 1;
+		}
+
+	const u_char* data_start = data;
+	u_char name[513];
+	int name_len = sizeof(name) - 1;
+
+	u_char* name_end = ExtractName(data, len, name, name_len, msg_start);
+	if ( ! name_end )
+		return 0;
+
+	int typebitmaps_len = rdlength - (data - data_start);
+
+	VectorVal* char_strings = new VectorVal(string_vec);
+
+	while ( typebitmaps_len > 0 && len > 0 )
+		{
+		uint32 block_bmlen = ExtractShort(data, len);
+		unsigned int win_blck = (block_bmlen >> 8) & 0xff;
+		unsigned int bmlen = block_bmlen & 0xff;
+
+		if ( bmlen == 0 )
+			{
+			analyzer->Weird("DNSSEC_NSEC_bitmapLen0", fmt("%d", win_blck));
+			break;
+			}
+
+		BroString* bitmap = ExtractStream(data, len, bmlen);
+		char_strings->Assign(char_strings->Size(), new StringVal(bitmap));
+		typebitmaps_len = typebitmaps_len - (2 + bmlen);
+		}
+
+	val_list* vl = new val_list;
+
+	vl->append(analyzer->BuildConnVal());
+	vl->append(msg->BuildHdrVal());
+	vl->append(msg->BuildAnswerVal());
+	vl->append(new StringVal(new BroString(name, name_end - name, 1)));
+	vl->append(char_strings);
+
+	analyzer->ConnectionEvent(dns_NSEC, vl);
+
+	return 1;
+	}
+
+int DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
+				const u_char*& data, int& len, int rdlength,
+				const u_char* msg_start)
+	{
+	if ( ! dns_NSEC3 || msg->skip_event )
+		{
+		data += rdlength;
+		len -= rdlength;
+		return 1;
+		}
+
+	if ( len < 6 )
+		return 0;
+
+	const u_char* data_start = data;
+	uint32 halgo_flags = ExtractShort(data, len);
+	unsigned int hash_algo = (halgo_flags >> 8) & 0xff;
+	unsigned int nsec_flags = halgo_flags & 0xff;
+	unsigned int iter = ExtractShort(data, len);
+
+	uint8 salt_len = 0;
+
+	if ( len > 0 )
+		{
+		salt_len = data[0];
+		++data;
+		--len;
+		}
+
+	auto salt_val = ExtractStream(data, len, static_cast<int>(salt_len));
+
+	uint8 hash_len = 0;
+
+	if ( len > 0 )
+		{
+		hash_len = data[0];
+		++data;
+		--len;
+		}
+
+	auto hash_val = ExtractStream(data, len, static_cast<int>(hash_len));
+
+	int typebitmaps_len = rdlength - (data - data_start);
+
+	VectorVal* char_strings = new VectorVal(string_vec);
+
+	while ( typebitmaps_len > 0 && len > 0 )
+		{
+		uint32 block_bmlen = ExtractShort(data, len);
+		unsigned int win_blck = ( block_bmlen >> 8) & 0xff;
+		unsigned int bmlen = block_bmlen & 0xff;
+
+		if ( bmlen == 0 )
+			{
+			analyzer->Weird("DNSSEC_NSEC3_bitmapLen0", fmt("%d", win_blck));
+			break;
+			}
+
+		BroString* bitmap = ExtractStream(data, len, bmlen);
+		char_strings->Assign(char_strings->Size(), new StringVal(bitmap));
+		typebitmaps_len = typebitmaps_len - (2 + bmlen);
+		}
+
+	NSEC3_DATA nsec3;
+	nsec3.nsec_flags = nsec_flags;
+	nsec3.nsec_hash_algo = hash_algo;
+	nsec3.nsec_iter = iter;
+	nsec3.nsec_salt_len = salt_len;
+	nsec3.nsec_salt = salt_val;
+	nsec3.nsec_hlen = hash_len;
+	nsec3.nsec_hash = hash_val;
+	nsec3.bitmaps = char_strings;
+
+	val_list* vl = new val_list;
+
+	vl->append(analyzer->BuildConnVal());
+	vl->append(msg->BuildHdrVal());
+	vl->append(msg->BuildAnswerVal());
+	vl->append(msg->BuildNSEC3_Val(&nsec3));
+
+	analyzer->ConnectionEvent(dns_NSEC3, vl);
+
+	return 1;
+	}
+
+int DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg,
+				const u_char*& data, int& len, int rdlength,
+				const u_char* msg_start)
+	{
+	if ( ! dns_DS || msg->skip_event )
+		{
+		data += rdlength;
+		len -= rdlength;
+		return 1;
+		}
+
+	if ( len < 4 )
+		return 0;
+
+	unsigned int ds_key_tag = ExtractShort(data, len);
+	// split the two bytes for algorithm and digest type extraction
+	uint32 ds_algo_dtype = ExtractShort(data, len);
+	unsigned int ds_algo = (ds_algo_dtype >> 8) & 0xff;
+	unsigned int ds_dtype = ds_algo_dtype & 0xff;
+	DNSSEC_Digest ds_digest_type = DNSSEC_Digest(ds_dtype);
+	BroString* ds_digest = ExtractStream(data, len, rdlength - 4);
+
+	switch ( ds_digest_type ) {
+		case SHA1:
+			break;
+		case SHA256:
+			break;
+		case GOST_R_34_11_94:
+			break;
+		case SHA384:
+			break;
+		case reserved0:
+			analyzer->Weird("DNSSEC_DS_ResrevedDigestType", fmt("%d", ds_dtype));
+			break;
+		default:
+			analyzer->Weird("DNSSEC_DS_unknown_DigestType", fmt("%d", ds_dtype));
+			break;
+	}
+
+	DS_DATA ds;
+	ds.key_tag = ds_key_tag;
+	ds.algorithm = ds_algo;
+	ds.digest_type = ds_dtype;
+	ds.digest_val = ds_digest;
+
+	val_list* vl = new val_list;
+
+	vl->append(analyzer->BuildConnVal());
+	vl->append(msg->BuildHdrVal());
+	vl->append(msg->BuildAnswerVal());
+	vl->append(msg->BuildDS_Val(&ds));
+
+	analyzer->ConnectionEvent(dns_DS, vl);
+
+	return 1;
+	}
+
 int DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg,
 				const u_char*& data, int& len, int rdlength)
 	{
@@ -1063,7 +1477,7 @@ Val* DNS_MsgInfo::BuildEDNS_Val()
 
 	// Need to break the TTL field into three components:
 	// initial: [------------- ttl (32) ---------------------]
-	// after:   [DO][ ext rcode (7)][ver # (8)][ Z field (16)]
+	// after:   [ ext rcode (8)][ver # (8)][   Z field (16)  ]
 
 	unsigned int ercode = (ttl >> 24) & 0xff;
 	unsigned int version = (ttl >> 16) & 0xff;
@@ -1104,6 +1518,79 @@ Val* DNS_MsgInfo::BuildTSIG_Val()
 	return r;
 	}
 
+Val* DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
+	{
+	RecordVal* r = new RecordVal(dns_rrsig_rr);
+
+	Ref(query_name);
+	r->Assign(0, query_name);
+	r->Assign(1, new Val(int(answer_type), TYPE_COUNT));
+	r->Assign(2, new Val(rrsig->type_covered, TYPE_COUNT));
+	r->Assign(3, new Val(rrsig->algorithm, TYPE_COUNT));
+	r->Assign(4, new Val(rrsig->labels, TYPE_COUNT));
+	r->Assign(5, new IntervalVal(double(rrsig->orig_ttl), Seconds));
+	r->Assign(6, new Val(double(rrsig->sig_exp), TYPE_TIME));
+	r->Assign(7, new Val(double(rrsig->sig_incep), TYPE_TIME));
+	r->Assign(8, new Val(rrsig->key_tag, TYPE_COUNT));
+	r->Assign(9, new StringVal(rrsig->signer_name));
+	r->Assign(10, new StringVal(rrsig->signature));
+	r->Assign(11, new Val(is_query, TYPE_COUNT));
+
+	return r;
+	}
+
+Val* DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
+	{
+	RecordVal* r = new RecordVal(dns_dnskey_rr);
+
+	Ref(query_name);
+	r->Assign(0, query_name);
+	r->Assign(1, new Val(int(answer_type), TYPE_COUNT));
+	r->Assign(2, new Val(dnskey->dflags, TYPE_COUNT));
+	r->Assign(3, new Val(dnskey->dprotocol, TYPE_COUNT));
+	r->Assign(4, new Val(dnskey->dalgorithm, TYPE_COUNT));
+	r->Assign(5, new StringVal(dnskey->public_key));
+	r->Assign(6, new Val(is_query, TYPE_COUNT));
+
+	return r;
+	}
+
+Val* DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
+	{
+	RecordVal* r = new RecordVal(dns_nsec3_rr);
+
+	Ref(query_name);
+	r->Assign(0, query_name);
+	r->Assign(1, new Val(int(answer_type), TYPE_COUNT));
+	r->Assign(2, new Val(nsec3->nsec_flags, TYPE_COUNT));
+	r->Assign(3, new Val(nsec3->nsec_hash_algo, TYPE_COUNT));
+	r->Assign(4, new Val(nsec3->nsec_iter, TYPE_COUNT));
+	r->Assign(5, new Val(nsec3->nsec_salt_len, TYPE_COUNT));
+	r->Assign(6, new StringVal(nsec3->nsec_salt));
+	r->Assign(7, new Val(nsec3->nsec_hlen, TYPE_COUNT));
+	r->Assign(8, new StringVal(nsec3->nsec_hash));
+	r->Assign(9, nsec3->bitmaps);
+	r->Assign(10, new Val(is_query, TYPE_COUNT));
+
+	return r;
+	}
+
+Val* DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
+	{
+	RecordVal* r = new RecordVal(dns_ds_rr);
+
+	Ref(query_name);
+	r->Assign(0, query_name);
+	r->Assign(1, new Val(int(answer_type), TYPE_COUNT));
+	r->Assign(2, new Val(ds->key_tag, TYPE_COUNT));
+	r->Assign(3, new Val(ds->algorithm, TYPE_COUNT));
+	r->Assign(4, new Val(ds->digest_type, TYPE_COUNT));
+	r->Assign(5, new StringVal(ds->digest_val));
+	r->Assign(6, new Val(is_query, TYPE_COUNT));
+
+	return r;
+	}
+
 Contents_DNS::Contents_DNS(Connection* conn, bool orig,
 				DNS_Interpreter* arg_interp)
 : tcp::TCP_SupportAnalyzer("CONTENTS_DNS", conn, orig)
diff --git a/src/analyzer/protocol/dns/DNS.h b/src/analyzer/protocol/dns/DNS.h
index 58a263637e..f095fe96fa 100644
--- a/src/analyzer/protocol/dns/DNS.h
+++ b/src/analyzer/protocol/dns/DNS.h
@@ -57,7 +57,12 @@ typedef enum {
 	TYPE_TKEY = 249,	///< Transaction Key (RFC 2930)
 	TYPE_TSIG = 250,	///< Transaction Signature (RFC 2845)
 	TYPE_CAA = 257,		///< Certification Authority Authorization (RFC 6844)
-
+	// DNSSEC RR's
+	TYPE_RRSIG = 46,	///< RR Signature record type (RFC4043)
+	TYPE_NSEC = 47,		///< Next Secure record (RFC4043)
+	TYPE_DNSKEY = 48,	///< DNS Key record (RFC 4034)
+	TYPE_DS = 43,		///< Delegation signer (RFC 4034)
+	TYPE_NSEC3 = 50,
 	// The following are only valid in queries.
 	TYPE_AXFR = 252,
 	TYPE_ALL = 255,
@@ -75,6 +80,33 @@ typedef enum {
 	DNS_ADDITIONAL,
 } DNS_AnswerType;
 
+typedef enum {
+	reserved0 = 0,
+	RSA_MD5 = 1,          ///<	[RFC2537]  NOT RECOMMENDED
+	Diffie_Hellman = 2,	///< [RFC2539]
+	DSA_SHA1 = 3,	///< [RFC2536]  OPTIONAL
+	Elliptic_Curve = 4,
+	RSA_SHA1 = 5,	///< [RFC3110]  MANDATORY
+	DSA_NSEC3_SHA1 = 6,
+	RSA_SHA1_NSEC3_SHA1 = 7,
+	RSA_SHA256 = 8,
+	RSA_SHA512 = 10,
+	GOST_R_34_10_2001 = 12,
+	ECDSA_curveP256withSHA256 = 13,
+	ECDSA_curveP384withSHA384 =14,
+	Indirect = 252,	///<
+	PrivateDNS = 253,	///<  OPTIONAL
+	PrivateOID = 254,	///<  OPTIONAL
+	reserved255 = 255,
+} DNSSEC_Algo;
+
+typedef enum {
+	reserved = 0,
+	SHA1 = 1,          ///< [RFC3110]  MANDATORY
+	SHA256 = 2,
+	GOST_R_34_11_94 = 3,
+	SHA384 = 4,
+} DNSSEC_Digest;
 
 struct DNS_RawMsgHdr {
 	unsigned short id;
@@ -105,6 +137,43 @@ struct TSIG_DATA {
 	unsigned short rr_error;
 };
 
+struct RRSIG_DATA {
+	unsigned short type_covered;	// 16 : ExtractShort(data, len)
+	unsigned short algorithm;		// 8
+	unsigned short labels;			// 8
+	uint32 orig_ttl;				// 32
+	unsigned long sig_exp;			// 32
+	unsigned long sig_incep;		// 32
+	unsigned short key_tag;			//16
+	BroString* signer_name;
+	BroString* signature;
+};
+
+struct DNSKEY_DATA {
+	unsigned short dflags;			// 16 : ExtractShort(data, len)
+	unsigned short dalgorithm;		// 8
+	unsigned short dprotocol;		// 8
+	BroString* public_key;			// Variable lenght Public Key
+};
+
+struct NSEC3_DATA {
+	unsigned short nsec_flags;
+	unsigned short nsec_hash_algo;
+	unsigned short nsec_iter;
+	unsigned short nsec_salt_len;
+	BroString* nsec_salt;
+	unsigned short nsec_hlen;
+	BroString* nsec_hash;
+	VectorVal* bitmaps;
+};
+
+struct DS_DATA {
+	unsigned short key_tag;			// 16 : ExtractShort(data, len)
+	unsigned short algorithm;		// 8
+	unsigned short digest_type;		// 8
+	BroString* digest_val;			// Variable lenght Digest of DNSKEY RR
+};
+
 class DNS_MsgInfo {
 public:
 	DNS_MsgInfo(DNS_RawMsgHdr* hdr, int is_query);
@@ -114,6 +183,10 @@ public:
 	Val* BuildAnswerVal();
 	Val* BuildEDNS_Val();
 	Val* BuildTSIG_Val();
+	Val* BuildRRSIG_Val(struct RRSIG_DATA*);
+	Val* BuildDNSKEY_Val(struct DNSKEY_DATA*);
+	Val* BuildNSEC3_Val(struct NSEC3_DATA*);
+	Val* BuildDS_Val(struct DS_DATA*);
 
 	int id;
 	int opcode;	///< query type, see DNS_Opcode
@@ -143,8 +216,7 @@ public:
 				///< for forward lookups
 
 	// More values for spesific DNS types.
-	// struct EDNS_ADDITIONAL* edns;
-
+	//struct EDNS_ADDITIONAL* edns;
 	struct TSIG_DATA* tsig;
 };
 
@@ -183,6 +255,8 @@ protected:
 	uint32 ExtractLong(const u_char*& data, int& len);
 	void ExtractOctets(const u_char*& data, int& len, BroString** p);
 
+	BroString* ExtractStream(const u_char*& data, int& len, int sig_len);
+
 	int ParseRR_Name(DNS_MsgInfo* msg,
 				const u_char*& data, int& len, int rdlength,
 				const u_char* msg_start);
@@ -218,7 +292,21 @@ protected:
 	int ParseRR_TSIG(DNS_MsgInfo* msg,
 				const u_char*& data, int& len, int rdlength,
 				const u_char* msg_start);
-
+	int ParseRR_RRSIG(DNS_MsgInfo* msg,
+				const u_char*& data, int& len, int rdlength,
+				const u_char* msg_start);
+	int ParseRR_DNSKEY(DNS_MsgInfo* msg,
+				const u_char*& data, int& len, int rdlength,
+				const u_char* msg_start);
+	int ParseRR_NSEC(DNS_MsgInfo* msg,
+				const u_char*& data, int& len, int rdlength,
+				const u_char* msg_start);
+	int ParseRR_NSEC3(DNS_MsgInfo* msg,
+				const u_char*& data, int& len, int rdlength,
+				const u_char* msg_start);
+	int ParseRR_DS(DNS_MsgInfo* msg,
+				const u_char*& data, int& len, int rdlength,
+				const u_char* msg_start);
 	void SendReplyOrRejectEvent(DNS_MsgInfo* msg, EventHandlerPtr event,
 					const u_char*& data, int& len,
 					BroString* question_name);
@@ -270,7 +358,6 @@ public:
 	void Done() override;
 	void ConnectionClosed(tcp::TCP_Endpoint* endpoint,
 					tcp::TCP_Endpoint* peer, int gen_event) override;
-
 	void ExpireTimer(double t);
 
 	static analyzer::Analyzer* Instantiate(Connection* conn)
diff --git a/src/analyzer/protocol/dns/events.bif b/src/analyzer/protocol/dns/events.bif
index ae796c8e4c..6fe741d4d9 100644
--- a/src/analyzer/protocol/dns/events.bif
+++ b/src/analyzer/protocol/dns/events.bif
@@ -493,6 +493,73 @@ event dns_EDNS_addl%(c: connection, msg: dns_msg, ans: dns_edns_additional%);
 ##    dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth
 event dns_TSIG_addl%(c: connection, msg: dns_msg, ans: dns_tsig_additional%);
 
+## Generated for DNS replies of type *RRSIG*. For replies with multiple answers,
+## an individual event of the corresponding type is raised for each.
+##
+## c: The connection, which may be UDP or TCP depending on the type of the
+##    transport-layer session being analyzed.
+##
+## msg: The parsed DNS message header.
+##
+## ans: The type-independent part of the parsed answer record.
+##
+## rrsig: The parsed RRSIG record.
+event dns_RRSIG%(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr%);
+
+## Generated for DNS replies of type *DNSKEY*. For replies with multiple answers,
+## an individual event of the corresponding type is raised for each.
+##
+## c: The connection, which may be UDP or TCP depending on the type of the
+##    transport-layer session being analyzed.
+##
+## msg: The parsed DNS message header.
+##
+## ans: The type-independent part of the parsed answer record.
+##
+## dnskey: The parsed DNSKEY record.
+event dns_DNSKEY%(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr%);
+
+## Generated for DNS replies of type *NSEC*. For replies with multiple answers,
+## an individual event of the corresponding type is raised for each.
+##
+## c: The connection, which may be UDP or TCP depending on the type of the
+##    transport-layer session being analyzed.
+##
+## msg: The parsed DNS message header.
+##
+## ans: The type-independent part of the parsed answer record.
+##
+## next_name: The parsed next secure domain name.
+##
+## bitmaps: vector of strings in hex for the bit maps present.
+event dns_NSEC%(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec%);
+
+## Generated for DNS replies of type *NSEC3*. For replies with multiple answers,
+## an individual event of the corresponding type is raised for each.
+##
+## c: The connection, which may be UDP or TCP depending on the type of the
+##    transport-layer session being analyzed.
+##
+## msg: The parsed DNS message header.
+##
+## ans: The type-independent part of the parsed answer record.
+##
+## nsec3: The parsed RDATA of Nsec3 record.
+event dns_NSEC3%(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr%);
+
+## Generated for DNS replies of type *DS*. For replies with multiple answers,
+## an individual event of the corresponding type is raised for each.
+##
+## c: The connection, which may be UDP or TCP depending on the type of the
+##    transport-layer session being analyzed.
+##
+## msg: The parsed DNS message header.
+##
+## ans: The type-independent part of the parsed answer record.
+##
+## ds: The parsed RDATA of DS record.
+event dns_DS%(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr%);
+
 ## Generated at the end of processing a DNS packet. This event is the last
 ## ``dns_*`` event that will be raised for a DNS query/reply and signals that
 ## all resource records have been passed on.
diff --git a/src/bro.bif b/src/bro.bif
index 88aaa487d0..a550f0e36a 100644
--- a/src/bro.bif
+++ b/src/bro.bif
@@ -1896,27 +1896,50 @@ function lookup_ID%(id: string%) : any
 ## includes the field name, whether it is logged, its value (if it has one),
 ## and its default value (if specified).
 ##
-## rec: The record to inspect.
+## rec: The record value or type to inspect.
 ##
 ## Returns: A table that describes the fields of a record.
 function record_fields%(rec: any%): record_field_table
 	%{
 	TableVal* fields = new TableVal(record_field_table);
 
-	RecordVal* rv = rec->AsRecordVal();
-	RecordType* rt = rv->Type()->AsRecordType();
+	auto t = rec->Type();
 
-	if ( rt->Tag() != TYPE_RECORD )
+	if ( t->Tag() != TYPE_RECORD && t->Tag() != TYPE_TYPE )
 		{
-		reporter->Error("non-record passed to record_fields");
+		reporter->Error("non-record value/type passed to record_fields");
 		return fields;
 		}
 
+	RecordType* rt = nullptr;
+	RecordVal* rv = nullptr;
+
+	if ( t->Tag() == TYPE_RECORD )
+		{
+		rt = t->AsRecordType();
+		rv = rec->AsRecordVal();
+		}
+	else
+		{
+		t = t->AsTypeType()->Type();
+
+		if ( t->Tag() != TYPE_RECORD )
+			{
+			reporter->Error("non-record value/type passed to record_fields");
+			return fields;
+			}
+
+		rt = t->AsRecordType();
+		}
+
 	for ( int i = 0; i < rt->NumFields(); ++i )
 		{
 		BroType* ft = rt->FieldType(i);
 		TypeDecl* fd = rt->FieldDecl(i);
-		Val* fv = rv->Lookup(i);
+		Val* fv = nullptr;
+
+		if ( rv )
+			fv = rv->Lookup(i);
 
 		if ( fv )
 			Ref(fv);
@@ -1924,7 +1947,12 @@ function record_fields%(rec: any%): record_field_table
 		bool logged = (fd->attrs && fd->FindAttr(ATTR_LOG) != 0);
 
 		RecordVal* nr = new RecordVal(record_field);
-		nr->Assign(0, new StringVal(type_name(rt->Tag())));
+
+		if ( ft->Tag() == TYPE_RECORD )
+			nr->Assign(0, new StringVal("record " + ft->GetName()));
+		else
+			nr->Assign(0, new StringVal(type_name(ft->Tag())));
+
 		nr->Assign(1, new Val(logged, TYPE_BOOL));
 		nr->Assign(2, fv);
 		nr->Assign(3, rt->FieldDefault(i));
diff --git a/src/plugin/Plugin.cc b/src/plugin/Plugin.cc
index 1264759d02..92bfcae8dc 100644
--- a/src/plugin/Plugin.cc
+++ b/src/plugin/Plugin.cc
@@ -445,6 +445,8 @@ void Plugin::Describe(ODesc* d) const
 			d->Add(config.version.major);
 			d->Add(".");
 			d->Add(config.version.minor);
+			d->Add(".");
+			d->Add(config.version.patch);
 			d->Add(")");
 			}
 		else
diff --git a/src/plugin/Plugin.h b/src/plugin/Plugin.h
index 9c5416230b..369da09037 100644
--- a/src/plugin/Plugin.h
+++ b/src/plugin/Plugin.h
@@ -15,7 +15,7 @@
 
 // Increase this when making incompatible changes to the plugin API. Note
 // that the constant is never used in C code. It's picked up on by CMake.
-#define BRO_PLUGIN_API_VERSION 6
+#define BRO_PLUGIN_API_VERSION 7
 
 #define BRO_PLUGIN_BRO_VERSION BRO_VERSION_FUNCTION
 
@@ -67,18 +67,24 @@ extern const char* hook_name(HookType h);
  * Helper class to capture a plugin's version.
  * */
 struct VersionNumber {
-	int major; //< Major version number;
-	int minor; //< Minor version number;
+	int major; //< Major version number.
+	int minor; //< Minor version number.
+	int patch; //< Patch version number (available since Bro 2.7).
 
 	/**
 	 *  Constructor.
 	 */
-	VersionNumber()	{ major = minor = -1; }
+	VersionNumber()	{
+		// Major and minor versions are required.
+		major = minor = -1;
+		// Patch version is optional, and set to 0 if not manually set.
+		patch = 0;
+	}
 
 	/**
 	 *  Returns true if the version is set to a non-negative value.
 	 */
-	explicit operator bool() const { return major >= 0 && minor >= 0; }
+	explicit operator bool() const { return major >= 0 && minor >= 0 && patch >= 0; }
 };
 
 /**
diff --git a/testing/btest/Baseline/bifs.records_fields/out b/testing/btest/Baseline/bifs.records_fields/out
index d3b97c8668..01bffa1510 100644
--- a/testing/btest/Baseline/bifs.records_fields/out
+++ b/testing/btest/Baseline/bifs.records_fields/out
@@ -1,8 +1,33 @@
-[a=42, b=Foo, c=<uninitialized>, d=Bar]
+[a=42, b=Foo, c=<uninitialized>, d=Bar, e=tt]
 {
-[b] = [type_name=record, log=F, value=Foo, default_val=Foo],
-[c] = [type_name=record, log=F, value=<uninitialized>, default_val=<uninitialized>],
-[a] = [type_name=record, log=F, value=42, default_val=<uninitialized>],
-[d] = [type_name=record, log=T, value=Bar, default_val=<uninitialized>]
+[b] = [type_name=string, log=F, value=Foo, default_val=Foo],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[e] = [type_name=any, log=F, value=tt, default_val=<uninitialized>],
+[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>]
 }
 F
+{
+[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
+[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
+}
+{
+[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
+[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
+}
+{
+[b] = [type_name=string, log=F, value=Foo, default_val=Foo],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[e] = [type_name=any, log=F, value=mystring, default_val=<uninitialized>],
+[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>]
+}
+{
+
+}
diff --git a/testing/btest/Baseline/plugins.bifs-and-scripts-install/output b/testing/btest/Baseline/plugins.bifs-and-scripts-install/output
index 093ab763f6..2ce5abfcc4 100644
--- a/testing/btest/Baseline/plugins.bifs-and-scripts-install/output
+++ b/testing/btest/Baseline/plugins.bifs-and-scripts-install/output
@@ -1,4 +1,4 @@
-Demo::Foo - <Insert description> (dynamic, version 0.1)
+Demo::Foo - <Insert description> (dynamic, version 0.1.0)
     [Function] hello_plugin_world
     [Event] plugin_event
 
diff --git a/testing/btest/Baseline/plugins.bifs-and-scripts/output b/testing/btest/Baseline/plugins.bifs-and-scripts/output
index db9e4cbc49..139937d4cb 100644
--- a/testing/btest/Baseline/plugins.bifs-and-scripts/output
+++ b/testing/btest/Baseline/plugins.bifs-and-scripts/output
@@ -1,4 +1,4 @@
-Demo::Foo - <Insert description> (dynamic, version 0.1)
+Demo::Foo - <Insert description> (dynamic, version 0.1.0)
     [Function] hello_plugin_world
     [Event] plugin_event
 
diff --git a/testing/btest/Baseline/plugins.file/output b/testing/btest/Baseline/plugins.file/output
index 487fa811c3..5b0ee4919f 100644
--- a/testing/btest/Baseline/plugins.file/output
+++ b/testing/btest/Baseline/plugins.file/output
@@ -1,4 +1,4 @@
-Demo::Foo - A Foo test analyzer (dynamic, version 1.0)
+Demo::Foo - A Foo test analyzer (dynamic, version 1.0.0)
     [File Analyzer] Foo (ANALYZER_FOO)
     [Event] foo_piece
 
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index 9f609d3690..5d8c280412 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -228,53 +228,53 @@
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@@ -413,53 +413,53 @@
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (X509::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (mysql::LOG, default)) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@@ -1122,53 +1122,53 @@
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@@ -1307,53 +1307,53 @@
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (X509::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (mysql::LOG, default))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
@@ -2015,53 +2015,53 @@
 0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__create_stream(Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker])
-0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])
-0.000000 | HookCallFunction Log::__create_stream(Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])
-0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])
-0.000000 | HookCallFunction Log::__create_stream(DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])
-0.000000 | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])
-0.000000 | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])
-0.000000 | HookCallFunction Log::__create_stream(DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])
-0.000000 | HookCallFunction Log::__create_stream(DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])
-0.000000 | HookCallFunction Log::__create_stream(FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])
-0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])
-0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])
-0.000000 | HookCallFunction Log::__create_stream(IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])
-0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])
-0.000000 | HookCallFunction Log::__create_stream(KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])
-0.000000 | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])
-0.000000 | HookCallFunction Log::__create_stream(NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm])
-0.000000 | HookCallFunction Log::__create_stream(NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])
-0.000000 | HookCallFunction Log::__create_stream(NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])
-0.000000 | HookCallFunction Log::__create_stream(NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])
-0.000000 | HookCallFunction Log::__create_stream(NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])
-0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])
-0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])
-0.000000 | HookCallFunction Log::__create_stream(OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])
-0.000000 | HookCallFunction Log::__create_stream(PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])
-0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])
-0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])
-0.000000 | HookCallFunction Log::__create_stream(RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])
-0.000000 | HookCallFunction Log::__create_stream(RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb])
-0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])
-0.000000 | HookCallFunction Log::__create_stream(SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])
-0.000000 | HookCallFunction Log::__create_stream(SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files])
-0.000000 | HookCallFunction Log::__create_stream(SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping])
-0.000000 | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])
-0.000000 | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])
-0.000000 | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])
-0.000000 | HookCallFunction Log::__create_stream(SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])
-0.000000 | HookCallFunction Log::__create_stream(SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])
-0.000000 | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])
-0.000000 | HookCallFunction Log::__create_stream(Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])
-0.000000 | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])
-0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])
-0.000000 | HookCallFunction Log::__create_stream(Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])
-0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
-0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
-0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__create_stream(Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker])
+0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster])
+0.000000 | HookCallFunction Log::__create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config])
+0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn])
+0.000000 | HookCallFunction Log::__create_stream(DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc])
+0.000000 | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp])
+0.000000 | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3])
+0.000000 | HookCallFunction Log::__create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns])
+0.000000 | HookCallFunction Log::__create_stream(DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd])
+0.000000 | HookCallFunction Log::__create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp])
+0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files])
+0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http])
+0.000000 | HookCallFunction Log::__create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])
+0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])
+0.000000 | HookCallFunction Log::__create_stream(KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])
+0.000000 | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])
+0.000000 | HookCallFunction Log::__create_stream(NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm])
+0.000000 | HookCallFunction Log::__create_stream(NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])
+0.000000 | HookCallFunction Log::__create_stream(NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])
+0.000000 | HookCallFunction Log::__create_stream(NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])
+0.000000 | HookCallFunction Log::__create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])
+0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm])
+0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice])
+0.000000 | HookCallFunction Log::__create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow])
+0.000000 | HookCallFunction Log::__create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe])
+0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter])
+0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius])
+0.000000 | HookCallFunction Log::__create_stream(RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp])
+0.000000 | HookCallFunction Log::__create_stream(RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb])
+0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter])
+0.000000 | HookCallFunction Log::__create_stream(SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip])
+0.000000 | HookCallFunction Log::__create_stream(SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files])
+0.000000 | HookCallFunction Log::__create_stream(SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping])
+0.000000 | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp])
+0.000000 | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp])
+0.000000 | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks])
+0.000000 | HookCallFunction Log::__create_stream(SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh])
+0.000000 | HookCallFunction Log::__create_stream(SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl])
+0.000000 | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures])
+0.000000 | HookCallFunction Log::__create_stream(Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])
+0.000000 | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog])
+0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel])
+0.000000 | HookCallFunction Log::__create_stream(Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])
+0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
+0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
+0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@@ -2200,53 +2200,53 @@
 0.000000 | HookCallFunction Log::add_stream_filters(Weird::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(X509::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(mysql::LOG, default)
-0.000000 | HookCallFunction Log::create_stream(Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker])
-0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])
-0.000000 | HookCallFunction Log::create_stream(Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])
-0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])
-0.000000 | HookCallFunction Log::create_stream(DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])
-0.000000 | HookCallFunction Log::create_stream(DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])
-0.000000 | HookCallFunction Log::create_stream(DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])
-0.000000 | HookCallFunction Log::create_stream(DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])
-0.000000 | HookCallFunction Log::create_stream(DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])
-0.000000 | HookCallFunction Log::create_stream(FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])
-0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])
-0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])
-0.000000 | HookCallFunction Log::create_stream(IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])
-0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])
-0.000000 | HookCallFunction Log::create_stream(KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])
-0.000000 | HookCallFunction Log::create_stream(Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])
-0.000000 | HookCallFunction Log::create_stream(NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm])
-0.000000 | HookCallFunction Log::create_stream(NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])
-0.000000 | HookCallFunction Log::create_stream(NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])
-0.000000 | HookCallFunction Log::create_stream(NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])
-0.000000 | HookCallFunction Log::create_stream(NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])
-0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])
-0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])
-0.000000 | HookCallFunction Log::create_stream(OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])
-0.000000 | HookCallFunction Log::create_stream(PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])
-0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])
-0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])
-0.000000 | HookCallFunction Log::create_stream(RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])
-0.000000 | HookCallFunction Log::create_stream(RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb])
-0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])
-0.000000 | HookCallFunction Log::create_stream(SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])
-0.000000 | HookCallFunction Log::create_stream(SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files])
-0.000000 | HookCallFunction Log::create_stream(SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping])
-0.000000 | HookCallFunction Log::create_stream(SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])
-0.000000 | HookCallFunction Log::create_stream(SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])
-0.000000 | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])
-0.000000 | HookCallFunction Log::create_stream(SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])
-0.000000 | HookCallFunction Log::create_stream(SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])
-0.000000 | HookCallFunction Log::create_stream(Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])
-0.000000 | HookCallFunction Log::create_stream(Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])
-0.000000 | HookCallFunction Log::create_stream(Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])
-0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])
-0.000000 | HookCallFunction Log::create_stream(Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])
-0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
-0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
-0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::create_stream(Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker])
+0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster])
+0.000000 | HookCallFunction Log::create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config])
+0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn])
+0.000000 | HookCallFunction Log::create_stream(DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc])
+0.000000 | HookCallFunction Log::create_stream(DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp])
+0.000000 | HookCallFunction Log::create_stream(DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3])
+0.000000 | HookCallFunction Log::create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns])
+0.000000 | HookCallFunction Log::create_stream(DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd])
+0.000000 | HookCallFunction Log::create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp])
+0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files])
+0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http])
+0.000000 | HookCallFunction Log::create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])
+0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])
+0.000000 | HookCallFunction Log::create_stream(KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])
+0.000000 | HookCallFunction Log::create_stream(Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])
+0.000000 | HookCallFunction Log::create_stream(NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm])
+0.000000 | HookCallFunction Log::create_stream(NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])
+0.000000 | HookCallFunction Log::create_stream(NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])
+0.000000 | HookCallFunction Log::create_stream(NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])
+0.000000 | HookCallFunction Log::create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])
+0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm])
+0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice])
+0.000000 | HookCallFunction Log::create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow])
+0.000000 | HookCallFunction Log::create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe])
+0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter])
+0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius])
+0.000000 | HookCallFunction Log::create_stream(RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp])
+0.000000 | HookCallFunction Log::create_stream(RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb])
+0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter])
+0.000000 | HookCallFunction Log::create_stream(SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip])
+0.000000 | HookCallFunction Log::create_stream(SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files])
+0.000000 | HookCallFunction Log::create_stream(SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping])
+0.000000 | HookCallFunction Log::create_stream(SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp])
+0.000000 | HookCallFunction Log::create_stream(SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp])
+0.000000 | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks])
+0.000000 | HookCallFunction Log::create_stream(SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh])
+0.000000 | HookCallFunction Log::create_stream(SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl])
+0.000000 | HookCallFunction Log::create_stream(Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures])
+0.000000 | HookCallFunction Log::create_stream(Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])
+0.000000 | HookCallFunction Log::create_stream(Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog])
+0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel])
+0.000000 | HookCallFunction Log::create_stream(Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])
+0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
+0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
+0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction NetControl::check_plugins()
 0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()
@@ -2675,7 +2675,7 @@
 0.000000 | HookLoadFile  base<...>/x509
 0.000000 | HookLoadFile  base<...>/xmpp
 0.000000 | HookLogInit   packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
-0.000000 | HookLogWrite  packet_filter [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T]
+0.000000 | HookLogWrite  packet_filter [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T]
 0.000000 | HookQueueEvent NetControl::init()
 0.000000 | HookQueueEvent bro_init()
 0.000000 | HookQueueEvent filter_change_tracking()
diff --git a/testing/btest/Baseline/plugins.init-plugin/output b/testing/btest/Baseline/plugins.init-plugin/output
index 8869685118..7c85d7a281 100644
--- a/testing/btest/Baseline/plugins.init-plugin/output
+++ b/testing/btest/Baseline/plugins.init-plugin/output
@@ -1,3 +1,3 @@
-Demo::Foo - <Insert description> (dynamic, version 0.1)
+Demo::Foo - <Insert description> (dynamic, version 0.1.0)
 
 ===
diff --git a/testing/btest/Baseline/plugins.pktdumper/output b/testing/btest/Baseline/plugins.pktdumper/output
index 42b51e8051..1e46e199aa 100644
--- a/testing/btest/Baseline/plugins.pktdumper/output
+++ b/testing/btest/Baseline/plugins.pktdumper/output
@@ -1,4 +1,4 @@
-Demo::Foo - A Foo packet dumper (dynamic, version 1.0)
+Demo::Foo - A Foo packet dumper (dynamic, version 1.0.0)
     [Packet Dumper] FooPktDumper (dumper prefix: "foo")
 
 ===
diff --git a/testing/btest/Baseline/plugins.plugin-nopatchversion/output b/testing/btest/Baseline/plugins.plugin-nopatchversion/output
new file mode 100644
index 0000000000..03f1437035
--- /dev/null
+++ b/testing/btest/Baseline/plugins.plugin-nopatchversion/output
@@ -0,0 +1 @@
+Testing::NoPatchVersion - Testing a plugin without a specified patch version (dynamic, version 0.1.0)
diff --git a/testing/btest/Baseline/plugins.plugin-withpatchversion/output b/testing/btest/Baseline/plugins.plugin-withpatchversion/output
new file mode 100644
index 0000000000..afb9fa61c3
--- /dev/null
+++ b/testing/btest/Baseline/plugins.plugin-withpatchversion/output
@@ -0,0 +1 @@
+Testing::WithPatchVersion - Testing a plugin with a specified patch version (dynamic, version 0.1.4)
diff --git a/testing/btest/Baseline/plugins.protocol/output b/testing/btest/Baseline/plugins.protocol/output
index 1c8dccc973..675a884b16 100644
--- a/testing/btest/Baseline/plugins.protocol/output
+++ b/testing/btest/Baseline/plugins.protocol/output
@@ -1,4 +1,4 @@
-Demo::Foo - A Foo test analyzer (dynamic, version 1.0)
+Demo::Foo - A Foo test analyzer (dynamic, version 1.0.0)
     [Analyzer] Foo (ANALYZER_FOO, enabled)
     [Event] foo_message
 
diff --git a/testing/btest/Baseline/plugins.reader/output b/testing/btest/Baseline/plugins.reader/output
index 0f8980d0e7..1727ea77bc 100644
--- a/testing/btest/Baseline/plugins.reader/output
+++ b/testing/btest/Baseline/plugins.reader/output
@@ -1,4 +1,4 @@
-Demo::Foo - A Foo test input reader (dynamic, version 1.0)
+Demo::Foo - A Foo test input reader (dynamic, version 1.0.0)
     [Reader] Foo (Input::READER_FOO)
 
 ===
diff --git a/testing/btest/Baseline/plugins.writer/output b/testing/btest/Baseline/plugins.writer/output
index bbd11b8484..90cf6f42bf 100644
--- a/testing/btest/Baseline/plugins.writer/output
+++ b/testing/btest/Baseline/plugins.writer/output
@@ -1,4 +1,4 @@
-Demo::Foo - A Foo test logging writer (dynamic, version 1.0)
+Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
     [Writer] Foo (Log::WRITER_FOO)
 
 ===
diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.empty-values-hashing/out b/testing/btest/Baseline/scripts.base.frameworks.input.empty-values-hashing/out
index 7fedeac618..6348fc6a6a 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.input.empty-values-hashing/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.input.empty-values-hashing/out
@@ -11,7 +11,7 @@ Description
 [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
 [2] = [s=<uninitialized>, ss=<uninitialized>],
 [1] = [s=<uninitialized>, ss=TEST]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -43,7 +43,7 @@ Description
 [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
 [2] = [s=<uninitialized>, ss=<uninitialized>],
 [1] = [s=<uninitialized>, ss=TEST]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -88,7 +88,7 @@ Description
 [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
 [2] = [s=TEST, ss=TEST],
 [1] = [s=TEST, ss=<uninitialized>]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -120,7 +120,7 @@ Description
 [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
 [2] = [s=TEST, ss=TEST],
 [1] = [s=TEST, ss=<uninitialized>]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.event/out b/testing/btest/Baseline/scripts.base.frameworks.input.event/out
index 9f872270e0..f8f0481eb9 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.input.event/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.input.event/out
@@ -1,4 +1,4 @@
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -10,7 +10,7 @@ print outfile, A::b;
 Input::EVENT_NEW
 1
 T
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -22,7 +22,7 @@ print outfile, A::b;
 Input::EVENT_NEW
 2
 T
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -34,7 +34,7 @@ print outfile, A::b;
 Input::EVENT_NEW
 3
 F
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -46,7 +46,7 @@ print outfile, A::b;
 Input::EVENT_NEW
 4
 F
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -58,7 +58,7 @@ print outfile, A::b;
 Input::EVENT_NEW
 5
 F
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -70,7 +70,7 @@ print outfile, A::b;
 Input::EVENT_NEW
 6
 F
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.raw.basic/out b/testing/btest/Baseline/scripts.base.frameworks.input.raw.basic/out
index c2abecb575..8229dcf402 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.input.raw.basic/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.input.raw.basic/out
@@ -1,4 +1,4 @@
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -16,7 +16,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -34,7 +34,7 @@ terminate();
 }]
 Input::EVENT_NEW
 DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -52,7 +52,7 @@ terminate();
 }]
 Input::EVENT_NEW
 q3r3057fdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -70,7 +70,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdfs\d
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -88,7 +88,7 @@ terminate();
 }]
 Input::EVENT_NEW
 
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -106,7 +106,7 @@ terminate();
 }]
 Input::EVENT_NEW
 dfsdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -124,7 +124,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.raw.execute/out b/testing/btest/Baseline/scripts.base.frameworks.input.raw.execute/out
index 06fd093d26..1f779acfff 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.input.raw.execute/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.input.raw.execute/out
@@ -1,4 +1,4 @@
-[source=wc -l ../input.log |, reader=Input::READER_RAW, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=wc -l ../input.log |, reader=Input::READER_RAW, mode=Input::MANUAL, name=input, fields=Val, want_record=F, ev=line
 { 
 print outfile, description;
 print outfile, tpe;
diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.raw.rereadraw/out b/testing/btest/Baseline/scripts.base.frameworks.input.raw.rereadraw/out
index a1fdab05f5..db57aee9d6 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.input.raw.rereadraw/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.input.raw.rereadraw/out
@@ -1,4 +1,4 @@
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -16,7 +16,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -34,7 +34,7 @@ terminate();
 }]
 Input::EVENT_NEW
 DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -52,7 +52,7 @@ terminate();
 }]
 Input::EVENT_NEW
 q3r3057fdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -70,7 +70,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdfs\d
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -88,7 +88,7 @@ terminate();
 }]
 Input::EVENT_NEW
 
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -106,7 +106,7 @@ terminate();
 }]
 Input::EVENT_NEW
 dfsdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -124,7 +124,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -142,7 +142,7 @@ terminate();
 }]
 Input::EVENT_NEW
 3rw43wRRERLlL#RWERERERE.
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -160,7 +160,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -178,7 +178,7 @@ terminate();
 }]
 Input::EVENT_NEW
 DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -196,7 +196,7 @@ terminate();
 }]
 Input::EVENT_NEW
 q3r3057fdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -214,7 +214,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdfs\d
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -232,7 +232,7 @@ terminate();
 }]
 Input::EVENT_NEW
 
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -250,7 +250,7 @@ terminate();
 }]
 Input::EVENT_NEW
 dfsdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -268,7 +268,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.reread/out b/testing/btest/Baseline/scripts.base.frameworks.input.reread/out
index 4ac7a804a5..19d323afcb 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.input.reread/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.input.reread/out
@@ -28,7 +28,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -123,7 +123,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -230,7 +230,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -457,7 +457,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -582,7 +582,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -707,7 +707,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -832,7 +832,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -957,7 +957,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -1187,7 +1187,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -1240,7 +1240,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -1293,7 +1293,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -1346,7 +1346,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -1399,7 +1399,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -1452,7 +1452,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.dns-key/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.dns-key/dns.log
index 80f04fdbfa..5b3ec2a72d 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dns.dns-key/dns.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.dns-key/dns.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dns
-#open	2016-07-13-16-16-11
+#open	2018-09-21-21-01-10
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
 #types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
-1359565680.761790	CHhAvVGS1DHFjwGM9	192.168.6.10	53209	192.168.129.36	53	udp	41477	0.075138	paypal.com	1	C_INTERNET	48	DNSKEY	0	NOERROR	F	F	T	T	1	<unknown type=48>,<unknown type=48>,<unknown type=46>,<unknown type=46>	455.000000,455.000000,455.000000,455.000000	F
-#close	2016-07-13-16-16-11
+1359565680.761790	CHhAvVGS1DHFjwGM9	192.168.6.10	53209	192.168.129.36	53	udp	41477	0.075138	paypal.com	1	C_INTERNET	48	DNSKEY	0	NOERROR	F	F	T	T	1	DNSKEY 5,DNSKEY 5,RRSIG 48 paypal.com,RRSIG 48 paypal.com	455.000000,455.000000,455.000000,455.000000	F
+#close	2018-09-21-21-01-10
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.dnskey/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.dnskey/dns.log
new file mode 100644
index 0000000000..0382413627
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.dnskey/dns.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dns
+#open	2018-09-21-21-02-08
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
+#types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
+1537557808.534727	CHhAvVGS1DHFjwGM9	192.168.153.129	50729	192.168.153.2	53	udp	22666	0.018166	upenn.edu	1	C_INTERNET	48	DNSKEY	0	NOERROR	F	F	T	T	2	DNSKEY 5,DNSKEY 5,DNSKEY 5,RRSIG 48 upenn.edu,RRSIG 48 upenn.edu	5.000000,5.000000,5.000000,3444.000000,3444.000000	F
+#close	2018-09-21-21-02-08
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.dnskey/output b/testing/btest/Baseline/scripts.base.protocols.dns.dnskey/output
new file mode 100644
index 0000000000..af82aa170f
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.dnskey/output
@@ -0,0 +1,5 @@
+DNSKEY, [query=upenn.edu, answer_type=1, flags=256, protocol=3, algorithm=5, public_key=\x03\x01\x00\x01\xa83\xd4\x99\xe7\x9bz\x7f\xe8\xf4\x15\xeb\x80F\xc9\x1e\xfdo5\xff\x8dAd\xa8\x84\x81\xa2PB\xfc\xc6{!\x1f\xd9\xfc/\x08S_\x97\x89O;\x09\x1a*\x99\x94\x19"\x90\xf8R\xcb\xad\x10\x00\xd4\xef\x91\x02\x16\xab\x1f\xb2\xee\xe8\xde\x06\x95\xb2\x8c\x8f\x03\xe3\x8a,\x06\x99X\x11\xae\x0d\x9f\xcf\xe8\x15\xb9\xd0\xc3\x02%\xbfI\x8bC\x1e \xc3\xdb]\x9e\xda\xc4\xbf\xdf\x97\xfe\xf6.\x8cr\x00zhW\xdd\x08\xd9\x996?\x19''\xa0\x8f, is_query=0], 03010001a833d499e79b7a7fe8f415eb8046c91efd6f35ff8d4164a88481a25042fcc67b211fd9fc2f08535f97894f3b091a2a9994192290f852cbad1000d4ef910216ab1fb2eee8de0695b28c8f03e38a2c06995811ae0d9fcfe815b9d0c30225bf498b431e20c3db5d9edac4bfdf97fef62e8c72007a6857dd08d999363f192727a08f
+DNSKEY, [query=upenn.edu, answer_type=1, flags=256, protocol=3, algorithm=5, public_key=\x03\x01\x00\x01\xf7a\x0b\x04\x88\x99/\xef\xaaS\xd5\xeet\x0c< \xa3w\xb3\xfc\xcd\xad\xfc<Q\xfa\xd3\xac\xe1\xcf\xbc\xdc\xeeX\xabU\xec\x14\xa6\x16"\x8e\x90\xd3y\xe5\xf6\x9cG\xea\xdeW\x85*a\xeaC\x0e\x0es\xb2q\xa7\xbf\xc1u\xfa\xf6\xb9\x97\xde\x0b\x0b4\xcf\x06\xa5\xdaFC%\x7f\xce\xfb\x00M\xaa\xd2%\xb5\xce\xadw\x0c\xd7\xb4e6\xd5Q/\x0e\xc1]\x97|bB\x94G\x91{}=\xc9U"\xa9\xc6\xbf\x7fa+\xd9\xa2\x9b\x1e\xdb, is_query=0], 03010001f7610b0488992fefaa53d5ee740c3c20a377b3fccdadfc3c51fad3ace1cfbcdcee58ab55ec14a616228e90d379e5f69c47eade57852a61ea430e0e73b271a7bfc175faf6b997de0b0b34cf06a5da4643257fcefb004daad225b5cead770cd7b46536d5512f0ec15d977c62429447917b7d3dc95522a9c6bf7f612bd9a29b1edb
+DNSKEY, [query=upenn.edu, answer_type=1, flags=257, protocol=3, algorithm=5, public_key=\x03\x01\x00\x01\xfd6\xc1\x96L\xb5\x00\x00\x00\x05\x9f'\xfchA\xf7\xe7\xd7\xb3E%]\x18\xe6\xce\x05\xde\xd3\x1d\x92KB\xfd\xa6\xc3k\x1f\x92\x07C\x09Y\x10\x1c\xcex\xa0*\x88\xabuR\xfbe\xb5R\xd86\x11\xa1K\xc9\xbf\x8e\x15-\x1bK\x95\xb8 \xc49\xe1\xa4\xfe\x1f\x08\x9f<b\xed\xf7\xff\x91\x85g\x09\xa0\xc5\xca88\x0e\xb2\xc6\x1c\x04\x9e"/y\x0eA\xec\xb2tV\x1f\x0a\xc9\xfa\x94\xea\x86\xee\xef\x01Q\xee\x94\x95\xd5Erl\xb6_\x17y\xf5)\xbf\xba)\x15\xadj\xf7\xb9$\xb6\xe1}\x87\xd7c\x18T\xa5U\xa5m\xe2\x98\x9a\x8a\xe8;\xd4\x87\xb1\x06\xa8G{\xeb\xec\xbdz\xf0\xc1\x1e\xe1TD\xf9"\x9c\xb8\xd4d\xcc\xb0F\xe5t\x03\x9c\x89\x98j{\xfa=\xfe-a\xa3S\x19\x83\xe0\x91t\x95$\xa7\x86Q\xd9\xdc$\xecY\xf0\xda\xc0\xa8\xe9\xdc\x188\x100\xbd\xf1\x00\xb1\x96\x1dik\xa6g\x8d\xe8D\x1d\x7f\xbf\xaa\xbf[\xe6\xee\xe1\xf17R\xf42\x14\xbb\x07\x85, is_query=0], 03010001fd36c1964cb5000000059f27fc6841f7e7d7b345255d18e6ce05ded31d924b42fda6c36b1f9207430959101cce78a02a88ab7552fb65b552d83611a14bc9bf8e152d1b4b95b820c439e1a4fe1f089f3c62edf7ff91856709a0c5ca38380eb2c61c049e222f790e41ecb274561f0ac9fa94ea86eeef0151ee9495d545726cb65f1779f529bfba2915ad6af7b924b6e17d87d7631854a555a56de2989a8ae83bd487b106a8477bebecbd7af0c11ee15444f9229cb8d464ccb046e574039c89986a7bfa3dfe2d61a3531983e091749524a78651d9dc24ec59f0dac0a8e9dc18381030bdf100b1961d696ba6678de8441d7fbfaabf5be6eee1f13752f43214bb0785
+RRSIG, [query=upenn.edu, answer_type=1, type_covered=48, algorithm=5, labels=2, orig_ttl=2.0 hrs, sig_exp=1538431668.0, sig_incep=1535838004.0, key_tag=18463, signer_name=upenn.edu, signature=t\xca\xfd\xe33v\x01\xd7Hi\x9c5j\xa7\xda2.\xa7\x9fO\x7f\xad\xd8\xb4\x02:w\xa3\x93Wgy\xba\xc4S\xbe\x19O$A\xe0\x1fD\xec\x9dL\xf1\xdfz\x82\xb4\xdd\xf2\x82K\xa2+\xcc\x89\xe6\xc6m\xfb\x1a\xeb\xc4)6\x8e8\xc6\x18\x8ba\xc6\x8a\xe9X\xbdzIT\x15[h\x81hH\x89\x95\xc9\x0b\x81\x05\x93\xbe\xc0\xb3\x8d\xbe\xc0\xa4\xa0a\xea\xc2\x09\xa7\xd5\x09/\x17u\xa8R?\x9e\xd3\x9e\x172H:\x83\xb6\xc6\xb5c\x13\xb4\xfc\x1b\xa1\xfd\x94\xd0\xd7:\xa59\xe9oz;u\x15R]\xd9\x09Xq-\x06e\x93\x03#\xe5\x94\xc9\xe7B\xa4pC\x19\xda\xa9\x91\xa8\xed\xd6\xad\x0e\xee\x84\xe9/\x90\xf2\xbd\x16\x12\x0b\x03j\xcf\xb6u\x88\xb7[\x1aO\x7f\xf2CK\xccS\x88\x1d\xd0\x13\x0b\xfe\xa9XJiQ\x06\xe3"!\xc2E\xd5s\x9d?\xbf\xcdn\xf1\x87\x02$O\x9b\x0a\x9c\x06\x81\xc4V\xf3-\x07t>(k\x12)i\xdd\xc1\xf6S.a\x8b\xd3\x15, is_query=0], 74cafde3337601d748699c356aa7da322ea79f4f7fadd8b4023a77a393576779bac453be194f2441e01f44ec9d4cf1df7a82b4ddf2824ba22bcc89e6c66dfb1aebc429368e38c6188b61c68ae958bd7a4954155b688168488995c90b810593bec0b38dbec0a4a061eac209a7d5092f1775a8523f9ed39e1732483a83b6c6b56313b4fc1ba1fd94d0d73aa539e96f7a3b7515525dd90958712d0665930323e594c9e742a4704319daa991a8edd6ad0eee84e92f90f2bd16120b036acfb67588b75b1a4f7ff2434bcc53881dd0130bfea9584a695106e32221c245d5739d3fbfcd6ef18702244f9b0a9c0681c456f32d07743e286b122969ddc1f6532e618bd315
+RRSIG, [query=upenn.edu, answer_type=1, type_covered=48, algorithm=5, labels=2, orig_ttl=2.0 hrs, sig_exp=1538431668.0, sig_incep=1535838004.0, key_tag=50475, signer_name=upenn.edu, signature=S\x88\xbd\x1aP\xb4]\xc3y\xeb\xb1\xc0\xb8\x12~\x8f\xfc\x94\xf8\xa90`\xc5\x93\x8c[\xcb\xf5\xdc(J\x9e\xaf\x9854!\xd9\xca\xb1\xd5>\xab\xe2\xa2\xc7q\xb3\xf1\xcf\xf50\x7fc\x83Z\x9af\xcb\xcb\xae\x8f\xcc\xe5\xa6@}\x8cG\xdf\xe2?\xe405\xff\xdf\xf9|\xd61\xb3\xb2M+\xc9y"\x93\xd0\xc6\xee\xa0o\xbb\x87\xdaa\x92Q\xef\xfds\x9e\xf7\xcbw\x7fL\xc6\x06\xe4\x95\xd3j\xc6e\x1a-\xb6C}e\xdb3\x88m\xd0, is_query=0], 5388bd1a50b45dc379ebb1c0b8127e8ffc94f8a93060c5938c5bcbf5dc284a9eaf98353421d9cab1d53eabe2a2c771b3f1cff5307f63835a9a66cbcbae8fcce5a6407d8c47dfe23fe43035ffdff97cd631b3b24d2bc9792293d0c6eea06fbb87da619251effd739ef7cb777f4cc606e495d36ac6651a2db6437d65db33886dd0
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.ds/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.ds/dns.log
new file mode 100644
index 0000000000..d5ac66b29a
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.ds/dns.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dns
+#open	2018-09-21-21-02-51
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
+#types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
+1537557828.343603	CHhAvVGS1DHFjwGM9	192.168.153.129	50729	192.168.153.2	53	udp	39080	0.017821	upenn.edu	1	C_INTERNET	43	DS	0	NOERROR	F	F	T	T	2	DS 5 1,DS 5 2,RRSIG 43 edu	5.000000,5.000000,5.000000	F
+#close	2018-09-21-21-02-51
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.ds/output b/testing/btest/Baseline/scripts.base.protocols.dns.ds/output
new file mode 100644
index 0000000000..63ba1c8d1d
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.ds/output
@@ -0,0 +1,3 @@
+DS, [query=upenn.edu, answer_type=1, key_tag=18463, algorithm=5, digest_type=1, digest_val=\x0cE\xb3\xd0\x90\xb2!\xe0\xe3;\xbe\xb5\xa6\x19\xd8\x94\x16\xba\xf1\x97, is_query=0], 0c45b3d090b221e0e33bbeb5a619d89416baf197
+DS, [query=upenn.edu, answer_type=1, key_tag=18463, algorithm=5, digest_type=2, digest_val=`\x03\x99#&\xda\x06x\\x9e0\xb2Yu\x0f\xab\x09`\xbfW\x05K\xdd\xff\xde\xee\x11\x88\x97}\xab\xb8, is_query=0], 6003992326da06785c9e30b259750fab0960bf57054bddffdeee1188977dabb8
+RRSIG, [query=upenn.edu, answer_type=1, type_covered=43, algorithm=8, labels=2, orig_ttl=1.0 day, sig_exp=1538112220.0, sig_incep=1537503220.0, key_tag=50219, signer_name=edu, signature=\x9a\xd4`ppv\x154\x98\xe9\x9d\xf9#|\xa2\xb2v\xf6\x1dj\x1a\x07d\x8c\xd2\xea\xd8\xeeG`\x14=\xc33\xd4)\xb3C\xb9T\xe8r\xba.4\xcb\x96\xa7\xe3\x95\xf4#\xfd<"\xa8\x1c\x1b1R\x18\xd1\xac.x\xa0\xb1\xef\xf4\x163y\x85\xb4K\x0e\x84\xd2\x16\x05\x9et\xa7\xc5|\x0d9f\xd4\x8ea\xdd\x8d&\x863\x14\xd6i\xe6\xf6|%\xbf\xd8\x91\xb3\x87\xd1\x918r\x0a\xb8\x0e\x87\xdf?\xee\xf3Pyn\xdd=%\xd3p, is_query=0], 9ad460707076153498e99df9237ca2b276f61d6a1a07648cd2ead8ee4760143dc333d429b343b954e872ba2e34cb96a7e395f423fd3c22a81c1b315218d1ac2e78a0b1eff416337985b44b0e84d216059e74a7c57c0d3966d48e61dd8d26863314d669e6f67c25bfd891b387d19138720ab80e87df3feef350796edd3d25d370
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log
index 6027ed71a7..2da5060368 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log
@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dns
-#open	2016-07-13-16-16-12
+#open	2018-09-21-21-07-55
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
 #types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
-1363716396.798072	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	udp	21140	0.000214	www.cmu.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	www-cmu.andrew.cmu.edu,<unknown type=46>,www-cmu-2.andrew.cmu.edu,128.2.10.163	86400.000000,86400.000000,5.000000,21600.000000	F
-1363716396.798374	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	udp	21140	-	www.cmu.edu	-	-	-	-	0	NOERROR	T	F	F	F	0	www-cmu.andrew.cmu.edu,<unknown type=46>,www-cmu-2.andrew.cmu.edu,128.2.10.163	86400.000000,86400.000000,5.000000,21600.000000	F
-#close	2016-07-13-16-16-12
+1363716396.798072	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	udp	21140	0.000214	www.cmu.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	www-cmu.andrew.cmu.edu,RRSIG 5 cmu.edu,www-cmu-2.andrew.cmu.edu,128.2.10.163	86400.000000,86400.000000,5.000000,21600.000000	F
+1363716396.798374	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	udp	21140	-	www.cmu.edu	-	-	-	-	0	NOERROR	T	F	F	F	0	www-cmu.andrew.cmu.edu,RRSIG 5 cmu.edu,www-cmu-2.andrew.cmu.edu,128.2.10.163	86400.000000,86400.000000,5.000000,21600.000000	F
+#close	2018-09-21-21-07-55
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log
deleted file mode 100644
index e9d388f1fc..0000000000
--- a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log
+++ /dev/null
@@ -1,10 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	weird
-#open	2017-12-13-19-40-49
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1363716396.798286	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	DNS_RR_unknown_type	46	F	bro
-#close	2017-12-13-19-40-49
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.nsec/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.nsec/dns.log
new file mode 100644
index 0000000000..775f1bec02
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.nsec/dns.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dns
+#open	2018-09-21-21-04-27
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected	auth	addl
+#types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool	set[string]	set[string]
+1533310046.924340	CHhAvVGS1DHFjwGM9	35.184.172.191	57073	128.175.13.16	53	udp	130	-	dla.library.upenn.edu	1	C_INTERNET	28	AAAA	0	NOERROR	F	F	F	F	1	-	-	F	NSEC dla.library.upenn.edu dlxssvr.library.upenn.edu,assailants.net.isc.upenn.edu,RRSIG 6 upenn.edu,RRSIG 47 upenn.edu	-
+1533310049.812056	ClEkJM2Vm5giqnMf4h	35.184.172.191	50693	128.175.13.16	53	udp	51063	0.001515	www.upenn.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	www.upenn.edgekey.net,RRSIG 5 upenn.edu	300.000000,300.000000	F	-	-
+#close	2018-09-21-21-04-27
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.nsec/output b/testing/btest/Baseline/scripts.base.protocols.dns.nsec/output
new file mode 100644
index 0000000000..91670ae832
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.nsec/output
@@ -0,0 +1,5 @@
+RRSIG, [query=upenn.edu, answer_type=2, type_covered=6, algorithm=5, labels=2, orig_ttl=1.0 hr, sig_exp=1535901996.0, sig_incep=1533306396.0, key_tag=50475, signer_name=upenn.edu, signature=\xdd=,iY\xd9\x0b\xdbmi\xc9L<\xdd\x03-\xaa\xda5Z\x1b\x0aK\x94.\x97p\xd8\x96\x7f\xa8*Cc\x9c\xa4\x86\xee\xd4\xc4\x0c\x88\x03v\xdf\x14\xef\x0c"|l\xfc)\xc7E\xd1I\xa3\x0dM/^\x98\xe9\xd8P\xbbDZ\xb1|z\xd5H8\xde\xf0\xeb\x14\x19\x99gm\xbdg\xbf\xe0\xe9CU\xf5_\xf0\x01\xe5\x1a\x8f7\x0e\x7foJ\xc1`\x09\xd9%\xc0x9\xe7\x81\xfco\xad\xa5\xd8\xfa\xf5I\xb6\x9f\xca\x9b#\xd9d\xd0, is_query=0], dd3d2c6959d90bdb6d69c94c3cdd032daada355a1b0a4b942e9770d8967fa82a43639ca486eed4c40c880376df14ef0c227c6cfc29c745d149a30d4d2f5e98e9d850bb445ab17c7ad54838def0eb141999676dbd67bfe0e94355f55ff001e51a8f370e7f6f4ac16009d925c07839e781fc6fada5d8faf549b69fca9b23d964d0
+NSEC, dlxssvr.library.upenn.edu, [@\x00\x00\x00\x00\x03]
+400000000003
+RRSIG, [query=dla.library.upenn.edu, answer_type=2, type_covered=47, algorithm=5, labels=4, orig_ttl=1.0 hr, sig_exp=1534400915.0, sig_incep=1531807585.0, key_tag=50475, signer_name=upenn.edu, signature=\x9fhH\x95K7\xd5u\xa5\xbc\xf5\x17\xccM\xe3=T\xd05u\xfa\xea\xfa\xfe\x0eH-W\xbb\xa3l\xa9\xe2\x8f\xef\x05\xf0\xdc\xb1\xf2\xe8u\x8c<v\x80WsaJ\xfc\xc1\x90qr\x1e\x0b\xd0k`B\x8c\x0c\x88\xb2\xf2{D\xf9\xb2M\xd2\xd6\x85W\xb9^\xd9\xea\xc7W\x0c\xc5\x99Td\x83D\xa1\x00,8\xfaYoh\xff\xb2\x08K\x19\xe6\xcdo\x98\x1c\xaa\xe5\x89\x09G\x9c\xf1\x9f\x0bx\xdc\xf6l\xfc\x1d8\x07b\x0a\x1b\xde1, is_query=0], 9f6848954b37d575a5bcf517cc4de33d54d03575faeafafe0e482d57bba36ca9e28fef05f0dcb1f2e8758c3c76805773614afcc19071721e0bd06b60428c0c88b2f27b44f9b24dd2d68557b95ed9eac7570cc59954648344a1002c38fa596f68ffb2084b19e6cd6f981caae58909479cf19f0b78dcf66cfc1d3807620a1bde31
+RRSIG, [query=www.upenn.edu, answer_type=1, type_covered=5, algorithm=5, labels=3, orig_ttl=5.0 mins, sig_exp=1534786816.0, sig_incep=1532193166.0, key_tag=50475, signer_name=upenn.edu, signature=\xa4\xac\x18\x14\xcac\x9d\x81\xbck[5\x1c\xf53F\x10\xf0w\xec/\xb3Z{\xe5\x11\xff\xfc\xfdu\xa1\xa7o\xdd\x19\x82G2]\xcb[\xcd\xc7\?\xa7,\xc8\xfa;\xdb#=\xc4\x08\xe0WJJ\x19\x87Pp<\xc9\xa8E\xdcM\xb2.\xc1P\xa4\xb7\xe1G\xde<\xb0\xa6>d\xf72\x02\xfd;u\xde\x19\xe8\xda\xe9\x0aAVz!\xa7\xa5\xc2\x8d\xad\xa9\xe1\x87\x136\xd7\xfal\x827\xd1\xb1\xcd\x11c\x15F(\xd0=\x967\xc3\x1b, is_query=0], a4ac1814ca639d81bc6b5b351cf5334610f077ec2fb35a7be511fffcfd75a1a76fdd198247325dcb5bcdc75c3fa72cc8fa3bdb233dc408e0574a4a198750703cc9a845dc4db22ec150a4b7e147de3cb0a63e64f73202fd3b75de19e8dae90a41567a21a7a5c28dada9e1871336d7fa6c8237d1b1cd1163154628d03d9637c31b
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.nsec3/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.nsec3/dns.log
new file mode 100644
index 0000000000..cf677e370f
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.nsec3/dns.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dns
+#open	2018-09-21-21-04-55
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected	auth	addl
+#types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool	set[string]	set[string]
+1537560385.602565	CHhAvVGS1DHFjwGM9	192.168.1.102	49324	192.168.1.1	53	udp	9835	-	foobar.sshfp.net	1	C_INTERNET	1	A	3	NXDOMAIN	F	F	T	F	2	-	-	F	ns0.weberdns.de,RRSIG 6 sshfp.net,NSEC3,RRSIG 50 sshfp.net	-
+#close	2018-09-21-21-04-55
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.nsec3/output b/testing/btest/Baseline/scripts.base.protocols.dns.nsec3/output
new file mode 100644
index 0000000000..a9b81df281
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.nsec3/output
@@ -0,0 +1,5 @@
+NSEC3, [query=vlq247qi8p1tt3a8cgmd7glfndtigsdu.sshfp.net, answer_type=2, nsec_flags=0, nsec_hash_algo=1, nsec_iter=20, nsec_salt_len=16, nsec_salt=\x80c}\x8a\xf0U\xb5\xee\xca*b\x1e\xda\xaa<^, nsec_hlen=20, nsec_hash==\x8a>\xb6\x1a\x9d\xfa\x95\x1aB\xd7w\x9c\x1f\x15\x06\x85\xa0\x19G, bitmaps=[b\x01\x80\x08\x00\x02\x90], is_query=0], 80637d8af055b5eeca2a621edaaa3c5e, 3d8a3eb61a9dfa951a42d7779c1f150685a01947
+RRSIG, [query=vlq247qi8p1tt3a8cgmd7glfndtigsdu.sshfp.net, answer_type=2, type_covered=50, algorithm=10, labels=3, orig_ttl=3.0 mins, sig_exp=1538967745.0, sig_incep=1536374962.0, key_tag=31055, signer_name=sshfp.net, signature=es\xe2\x01:\x10B$|\x93\xdf\xc8\x8c\xc0\x0bk\x8e\x8f\xad\xf44y3\x81x\x11\xeb H\xef\xb5\x941^\xc4\xba\x91\x12\xb7\xcdHua"\xa6\x13o\xe1\x86\xc6z\x80\x9c\xc2\x00\x93\xe2\xaa@\x15YH\xea^0\xfd\xf0:\xbej-\xe2\xb9K\x87wN\xdc\xc3_\x0c\x0ew\x96c\xd2\x09\x0e;i\xbef\xb9\xc22\xdf#\xdfy\xa7\x9f\xc4S\x8d-\x84\xfa0\xd0\xbc\xf3|c3\x04\x9e*\xbd\x82\x9fC\x89`\x15V\x08o\xea\xd6\xd0I\xc5b\x94WpOJ\x82\x12Z\xd6A\xad\x1cV\xb5\x15sCv\xe2Tq>\xffU\x88Ji\xa7I\xd4\xc6$\xb8\xdd\xc1\x8a4_a\xd9\xb6\xdbk\xde\x80\xc7\xad\xea\x16\xe4\xf5\x09\xdd<\x8fR\xcb\x00\x04|\xbc\xc3\xae\xac\xd1+\xc0\xf7\xe3\xad\x09d\xd0!\xc4AL\xfd\xb0=p\x86\x84\x89\x18\xd8\xab\x9d\xbb\xf1\xe4\xd9\x8ak\xfc\xb8\x98a )\xffX\x0cj>D\xe9oi\xbfh\x13`\xfco%0\xc5O\xe2\xa2i\x1b, is_query=0], 6573e2013a1042247c93dfc88cc00b6b8e8fadf4347933817811eb2048efb594315ec4ba9112b7cd48756122a6136fe186c67a809cc20093e2aa40155948ea5e30fdf03abe6a2de2b94b87774edcc35f0c0e779663d2090e3b69be66b9c232df23df79a79fc4538d2d84fa30d0bcf37c6333049e2abd829f4389601556086fead6d049c5629457704f4a82125ad641ad1c56b515734376e254713eff55884a69a749d4c624b8ddc18a345f61d9b6db6bde80c7adea16e4f509dd3c8f52cb00047cbcc3aeacd12bc0f7e3ad0964d021c4414cfdb03d7086848918d8ab9dbbf1e4d98a6bfcb898612029ff580c6a3e44e96f69bf681360fc6f2530c54fe2a2691b
+NSEC3, [query=l0oop5o98lf6fb7e620sabaqf0nctco6.sshfp.net, answer_type=2, nsec_flags=0, nsec_hash_algo=1, nsec_iter=20, nsec_salt_len=16, nsec_salt=\x80c}\x8a\xf0U\xb5\xee\xca*b\x1e\xda\xaa<^, nsec_hlen=20, nsec_hash=\xe6\x0f\x07\xa33z\x0c\xd9kaT^\x12D\x96\xfa\xe35K\xc6, bitmaps=[@\x00\x00\x08\x00\x02], is_query=0], 80637d8af055b5eeca2a621edaaa3c5e, e60f07a3337a0cd96b61545e124496fae3354bc6
+RRSIG, [query=l0oop5o98lf6fb7e620sabaqf0nctco6.sshfp.net, answer_type=2, type_covered=50, algorithm=10, labels=3, orig_ttl=3.0 mins, sig_exp=1539303070.0, sig_incep=1536708214.0, key_tag=31055, signer_name=sshfp.net, signature=V\xa0\x1f\xa69\xd4H\xffWQ1"n\x89\xc5\x14_\x15ow[\xfbv9h\xd4\xcfd|\xfc\x9f\x83Y\x0ax\x81D@\xb5\x9e\x8fQEp\x99\xb6\x91ovG\\x86\xf2W5\xe9\\x99-\xa6\x91\xe7\xd8\x96\x1e\xa9f\x0e\xc82\xde\xb1"\x1bu\x80cL\x95\x06\xae\x9a\x996\xe3\x98\xd6\x10\x1awJ\x0fX\x00z@\xd9\x0b\x93\xda\xcf\xe2i\x8f1\xf5\x99\xf1\xb3S|\x8b\x13\xf3\xed/\xab\xb8\x0b\x04\xc9\xe5Y/\xe7\xcb\x84\x03\xfaB\xf4C\xa5q\xfe\xd6\xed\xc7/\xbd&\xf2;\xad\xcb\xad\xb8q\xd0[O\xdaM\xcf\x89m\x8f\x983\x163\xdb\xf3?\xd6s\xb6D\xe2\x80v\x83M\x136\xd1\xb3>:p0B\xd8\x1d\x07\x87\\x99\x12V\x96\xeb\xb6%\xef^\xebS\xf0\xbb\x1fF\\xc3\x16\xe1\x16T\xa84<c6a\xf6\xf8\x89\xc4\xce\xb4\x81P]D0\xa5:\x08\x81\xaa> \x14\xac\xe7G\x0b:E\x98\x01U\xf8`\x15\xcc(\x83\x19\xce\xba\xb8\x18\xcd\xd5L, is_query=0], 56a01fa639d448ff575131226e89c5145f156f775bfb763968d4cf647cfc9f83590a78814440b59e8f51457099b6916f76475c86f25735e95c992da691e7d8961ea9660ec832deb1221b7580634c9506ae9a9936e398d6101a774a0f58007a40d90b93dacfe2698f31f599f1b3537c8b13f3ed2fabb80b04c9e5592fe7cb8403fa42f443a571fed6edc72fbd26f23badcbadb871d05b4fda4dcf896d8f98331633dbf33fd673b644e28076834d1336d1b33e3a703042d81d07875c99125696ebb625ef5eeb53f0bb1f465cc316e11654a8343c633661f6f889c4ceb481505d4430a53a0881aa3e2014ace7470b3a45980155f86015cc288319cebab818cdd54c
+RRSIG, [query=sshfp.net, answer_type=2, type_covered=6, algorithm=10, labels=2, orig_ttl=1.0 day, sig_exp=1540066160.0, sig_incep=1537470560.0, key_tag=31055, signer_name=sshfp.net, signature=|\x9aJ\xc1\x8c\xc6\x0e\x051l1Jz<\x19\x07Xv\x06\xea\xe5\xf7n\x0b\x09\xc0K\xcf\xa1\x10\xb2\xfb\xa3\x84\xe3\xc9\xeer\xa1Z\x0a\x1a\xb6B\xb6-\x98\x8f\x97\xd4E*\x99a\x0cI\xba\xd3(\xdf\xbe\xaa\xd1\xd4\x1b\xcb\x8a\x96\xe8\xc6\x07\xf2W\xa3\xba\x15^\xf7;\xa9\x99\xeb`@\xe5F`\xcd\xc6\xb5aw\xd8\xc5bkl\xc1 \xa7\x93T\xaa\xbf\x15\x0e\xd8\xf8\x9cY\xdfe\xda\x811\x09\x9a\x10\x10S},E\x94]>\xc2\xecD9\x19\x9al\x9c[\x82\xf1'Ri\x8e\xb4\x0d*\xa4\x07D&%\xa5\xf1\xb18\xd6l\xd6\xee\xbe`\x06\x96\x8cU\xe6\x04y\x84\xf9[\x08\xb9\xb6\xe6P\xba?\x88F\x81I>\xb1\xef\xbf\x993\x0d[O}#s\x83\xa5\x14\xe7_\x98\xdd\xf5}\xf9A\xf1\x1e\xc0\x12\xed\x0b\xf3\x99\x91\x1ay\xaa;\xa4\xef&6\x86y`\xb4\xee\xf2u/\x9c\xda\xfc>\x8d\xdb\xaf\m\x8e]\xb2\xf8\xce\xd9\xa1\x8d\xe6<\xb8\xe5\xb9\x8cEd\x97\xdb\xbd, is_query=0], 7c9a4ac18cc60e05316c314a7a3c1907587606eae5f76e0b09c04bcfa110b2fba384e3c9ee72a15a0a1ab642b62d988f97d4452a99610c49bad328dfbeaad1d41bcb8a96e8c607f257a3ba155ef73ba999eb6040e54660cdc6b56177d8c5626b6cc120a79354aabf150ed8f89c59df65da8131099a1010537d2c45945d3ec2ec4439199a6c9c5b82f12752698eb40d2aa407442625a5f1b138d66cd6eebe6006968c55e6047984f95b08b9b6e650ba3f884681493eb1efbf99330d5b4f7d237383a514e75f98ddf57df941f11ec012ed0bf399911a79aa3ba4ef2636867960b4eef2752f9cdafc3e8ddbaf5c6d8e5db2f8ced9a18de63cb8e5b98c456497dbbd
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.rrsig/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.rrsig/dns.log
new file mode 100644
index 0000000000..a0b84a3685
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.rrsig/dns.log
@@ -0,0 +1,13 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dns
+#open	2018-09-21-20-48-53
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
+#types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
+1533309955.393636	ClEkJM2Vm5giqnMf4h	35.184.172.191	10267	128.175.13.16	53	udp	17129	0.003405	virgo.sas.upenn.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	128.91.234.142,RRSIG 1 upenn.edu	30.000000,30.000000	F
+1533309959.571738	C4J4Th3PJpwUYZZ6gc	35.184.172.191	50056	128.175.13.16	53	udp	26222	0.003363	virgo.sas.upenn.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	128.91.234.142,RRSIG 1 upenn.edu	30.000000,30.000000	F
+1533309959.968589	CtPZjS20MLrsMUOJi2	35.184.172.191	39975	128.175.13.16	53	udp	27118	0.003748	workfamily.sas.upenn.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	quasar.sas.upenn.edu,RRSIG 5 upenn.edu,128.91.234.145,RRSIG 1 upenn.edu	900.000000,900.000000,30.000000,30.000000	F
+1533309950.391966	CHhAvVGS1DHFjwGM9	35.184.172.191	5386	128.175.13.16	53	udp	62809	-	virgo.sas.upenn.edu	1	C_INTERNET	1	A	-	-	F	F	F	F	1	-	-	F
+#close	2018-09-21-20-48-53
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.rrsig/output b/testing/btest/Baseline/scripts.base.protocols.dns.rrsig/output
new file mode 100644
index 0000000000..ddeb34efd0
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.rrsig/output
@@ -0,0 +1,4 @@
+RRSIG, [query=virgo.sas.upenn.edu, answer_type=1, type_covered=1, algorithm=5, labels=4, orig_ttl=30.0 secs, sig_exp=1535441489.0, sig_incep=1532846032.0, key_tag=50475, signer_name=upenn.edu, signature=k:\xbd\\?)\xa4\x03\x1fw\xd4\x18#\x1d\\x9fV\xe6\xc5\x06w\xa7\x97\xb9\xc9\x7f\xa9\xe3<\xc8h\xf8\x81\xd5D\x09\Z\x19\x0a\xb7\x87`\x9d\xcbp\x9c\xcf\xcc\xf1#J\xc6\xd1P{\x11\xf5J\xcb\x02\x14n"y\x0e\xcb\x8f\x1cR\x14;B\x94]\xda\x9d~\x93\xe9\x96*U\xc7\xa7\xde\x02\xfeD\xbb\xab\xfa\xc2In\xed?\x8e\xe3D\xfb\xf1\xd3I\x9dj\xab\xcan\xa7\x16\xd4M]\xe0\xc5\xcbm\xf6\xd0\x8cAV\xaau\xa2\xd4, is_query=0], 6b3abd5c5c3f29a4031f77d418231d5c9f56e6c50677a797b9c97fa9e33cc868f881d544095c5a190ab787609dcb709ccfccf1234ac6d1507b11f54acb02146e22790ecb8f1c52143b42945dda9d7e93e9962a55c7a7de02fe44bbabfac2496eed3f8ee344fbf1d3499d6aabca6ea716d44d5de0c5cb6df6d08c4156aa75a2d4
+RRSIG, [query=virgo.sas.upenn.edu, answer_type=1, type_covered=1, algorithm=5, labels=4, orig_ttl=30.0 secs, sig_exp=1535441489.0, sig_incep=1532846032.0, key_tag=50475, signer_name=upenn.edu, signature=k:\xbd\\?)\xa4\x03\x1fw\xd4\x18#\x1d\\x9fV\xe6\xc5\x06w\xa7\x97\xb9\xc9\x7f\xa9\xe3<\xc8h\xf8\x81\xd5D\x09\Z\x19\x0a\xb7\x87`\x9d\xcbp\x9c\xcf\xcc\xf1#J\xc6\xd1P{\x11\xf5J\xcb\x02\x14n"y\x0e\xcb\x8f\x1cR\x14;B\x94]\xda\x9d~\x93\xe9\x96*U\xc7\xa7\xde\x02\xfeD\xbb\xab\xfa\xc2In\xed?\x8e\xe3D\xfb\xf1\xd3I\x9dj\xab\xcan\xa7\x16\xd4M]\xe0\xc5\xcbm\xf6\xd0\x8cAV\xaau\xa2\xd4, is_query=0], 6b3abd5c5c3f29a4031f77d418231d5c9f56e6c50677a797b9c97fa9e33cc868f881d544095c5a190ab787609dcb709ccfccf1234ac6d1507b11f54acb02146e22790ecb8f1c52143b42945dda9d7e93e9962a55c7a7de02fe44bbabfac2496eed3f8ee344fbf1d3499d6aabca6ea716d44d5de0c5cb6df6d08c4156aa75a2d4
+RRSIG, [query=workfamily.sas.upenn.edu, answer_type=1, type_covered=5, algorithm=5, labels=4, orig_ttl=15.0 mins, sig_exp=1534263016.0, sig_incep=1531669322.0, key_tag=50475, signer_name=upenn.edu, signature='I\xe2_d\xe4\xe6S\x85\xe5\x8a\xe2w\xcd\xd4\xe0\xc4j7<\xf8\x02\xf2\xc1\x07\x9d\x05\xe8\x84\x01\xe8|t\x98\x07\xdb5\xba\xf3T\xcc%\x91\x0d&\xe3\x8f\xfd@ZS\xf7\xf4\xa9\xe6\xe6\x13\x17\x99^\xd8\xa7g\xe2\xa5+\xcb\x9cyZ\xeb$4\xfd}\xa5\xe4N\xa8\xb9\xb63\x8a\xebe\x0f\xd8\x80\xd4\xa8\x13#S\xe57d\xd8\xd8\x08\xa2%\x0c\x99K\xa7!\x08\xac\x1byi!\xe0\xeb\x9cX\xfc\xd8E\xdeH\xf4\xad\xc8/#\x19a, is_query=0], 2749e25f64e4e65385e58ae277cdd4e0c46a373cf802f2c1079d05e88401e87c749807db35baf354cc25910d26e38ffd405a53f7f4a9e6e61317995ed8a767e2a52bcb9c795aeb2434fd7da5e44ea8b9b6338aeb650fd880d4a8132353e53764d8d808a2250c994ba72108ac1b796921e0eb9c58fcd845de48f4adc82f231961
+RRSIG, [query=quasar.sas.upenn.edu, answer_type=1, type_covered=1, algorithm=5, labels=4, orig_ttl=30.0 secs, sig_exp=1535438502.0, sig_incep=1532845422.0, key_tag=50475, signer_name=upenn.edu, signature=a8"\x80\xc3\x92\xa3\x83lu{H>\xd4\xc3H\x8d.\xb4\x96/E\x09\x99\x9d\x0c\x17\xdd\x10\xb8ZT&\xb1H\x10\x1ak,\x98\x0d\xaf\x8dx}\xac\xf9\x9asyf\xce\xf8L\x04\x06\xc5y\xc4A,\xf6|\xaa\xc3tG\xb6\xcc^\xae\x9e\xb2\xb6ok`V\x15b\xd6\xab\xa4\xe3\x04\xe6\x019\xaf\x9f\xb0\xf6yM {P\xb0C\xa0\x85CVR\xfd\x97@,\xe0\xad\xdc7\xa4\xfc\x12\xc4\xee2)\x12\xefIkk\xdaA11, is_query=0], 61382280c392a3836c757b483ed4c3488d2eb4962f4509999d0c17dd10b85a5426b148101a6b2c980daf8d787dacf99a737966cef84c0406c579c4412cf67caac37447b6cc5eae9eb2b66f6b60561562d6aba4e304e60139af9fb0f6794d207b50b043a085435652fd97402ce0addc37a4fc12c4ee322912ef496b6bda413131
diff --git a/testing/btest/README b/testing/btest/README
index 037fc42647..b9f5f7d338 100644
--- a/testing/btest/README
+++ b/testing/btest/README
@@ -20,17 +20,17 @@ Significant Subdirectories
 	Packet captures utilized by the various BTest tests.
 
 * scripts/
-    This hierarchy of tests emulates the hierarchy of the Bro scripts/
-    directory.
+	This hierarchy of tests emulates the hierarchy of the Bro scripts/
+	directory.
 
 * coverage/
-    This collection of tests relates to checking whether we're covering
-    everything we want to in terms of tests, documentation, and which
-    scripts get loaded in different Bro configurations.  These tests are
-    more prone to fail as new Bro scripts are developed and added to the
-    distribution -- checking the individual test's comments is the best
-    place to check for more details on what exactly the test is checking
-    and hints on how to fix it when it fails.
+	This collection of tests relates to checking whether we're covering
+	everything we want to in terms of tests, documentation, and which
+	scripts get loaded in different Bro configurations.  These tests are
+	more prone to fail as new Bro scripts are developed and added to the
+	distribution -- checking the individual test's comments is the best
+	place to check for more details on what exactly the test is checking
+	and hints on how to fix it when it fails.
 
 Running Tests
 =============
diff --git a/testing/btest/Traces/dnssec/dnskey.pcap b/testing/btest/Traces/dnssec/dnskey.pcap
new file mode 100644
index 0000000000..dba51610f6
Binary files /dev/null and b/testing/btest/Traces/dnssec/dnskey.pcap differ
diff --git a/testing/btest/Traces/dns-dnskey.trace b/testing/btest/Traces/dnssec/dnskey2.pcap
similarity index 100%
rename from testing/btest/Traces/dns-dnskey.trace
rename to testing/btest/Traces/dnssec/dnskey2.pcap
diff --git a/testing/btest/Traces/dnssec/ds.pcap b/testing/btest/Traces/dnssec/ds.pcap
new file mode 100644
index 0000000000..51a269fcf3
Binary files /dev/null and b/testing/btest/Traces/dnssec/ds.pcap differ
diff --git a/testing/btest/Traces/dnssec/nsec.pcap b/testing/btest/Traces/dnssec/nsec.pcap
new file mode 100644
index 0000000000..355b782f1d
Binary files /dev/null and b/testing/btest/Traces/dnssec/nsec.pcap differ
diff --git a/testing/btest/Traces/dnssec/nsec3.pcap b/testing/btest/Traces/dnssec/nsec3.pcap
new file mode 100644
index 0000000000..8346c1f872
Binary files /dev/null and b/testing/btest/Traces/dnssec/nsec3.pcap differ
diff --git a/testing/btest/Traces/dnssec/rrsig.pcap b/testing/btest/Traces/dnssec/rrsig.pcap
new file mode 100644
index 0000000000..e9dbf73b96
Binary files /dev/null and b/testing/btest/Traces/dnssec/rrsig.pcap differ
diff --git a/testing/btest/bifs/records_fields.bro b/testing/btest/bifs/records_fields.bro
index ccaf5a719d..88df239b57 100644
--- a/testing/btest/bifs/records_fields.bro
+++ b/testing/btest/bifs/records_fields.bro
@@ -2,19 +2,45 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out
 
+type myrec: record {
+	myfield: bool;
+};
+
+type tt: record {
+	a: bool;
+	b: string &default="Bar";
+	c: double &optional;
+	d: string &log;
+	m: myrec;
+};
+
 type r: record {
 	a: count;
 	b: string &default="Foo";
 	c: double &optional;
 	d: string &log;
+	e: any;
 };
 
+type mystring: string;
+
 event bro_init()
 {
-    local x: r = [$a=42, $d="Bar"];
+    local x: r = [$a=42, $d="Bar", $e=tt];
     print x;
     local t: record_field_table;
     t = record_fields(x);
     print t;
     print t["c"]?$value;
+
+    t = record_fields(x$e);
+    print t;
+    t = record_fields(tt);
+    print t;
+
+    x = [$a=42, $d="Bar", $e=mystring];
+    t = record_fields(x);
+    print t;
+    t = record_fields(x$e);
+    print t;
 }
diff --git a/testing/btest/core/leaks/dns-nsec3.bro b/testing/btest/core/leaks/dns-nsec3.bro
new file mode 100644
index 0000000000..16be0103e6
--- /dev/null
+++ b/testing/btest/core/leaks/dns-nsec3.bro
@@ -0,0 +1,40 @@
+# Needs perftools support.
+#
+# @TEST-GROUP: leaks
+#
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -C -m -r $TRACES/dnssec/nsec3.pcap %INPUT
+# @TEST-EXEC: btest-bg-wait 60
+
+@load policy/protocols/dns/auth-addl
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
+	{
+	print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
+	{
+	print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
+	{
+	print "NSEC", next_name, bitmaps;
+
+	for ( i in bitmaps )
+		print bytestring_to_hexstr(bitmaps[i]);
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
+	{
+	print "NSEC3", nsec3,
+	      bytestring_to_hexstr(nsec3$nsec_salt),
+	      bytestring_to_hexstr(nsec3$nsec_hash);
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
+	{
+	print "DS", ds, bytestring_to_hexstr(ds$digest_val);
+	}
diff --git a/testing/btest/plugins/file-plugin/src/Plugin.cc b/testing/btest/plugins/file-plugin/src/Plugin.cc
index 4607a0549f..5c61d28e28 100644
--- a/testing/btest/plugins/file-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/file-plugin/src/Plugin.cc
@@ -16,5 +16,6 @@ plugin::Configuration Plugin::Configure()
 	config.description = "A Foo test analyzer";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}
diff --git a/testing/btest/plugins/hooks-plugin/src/Plugin.cc b/testing/btest/plugins/hooks-plugin/src/Plugin.cc
index c5b8f4e981..52aea76bda 100644
--- a/testing/btest/plugins/hooks-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/hooks-plugin/src/Plugin.cc
@@ -29,6 +29,7 @@ plugin::Configuration Plugin::Configure()
 	config.description = "Exercises all plugin hooks";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}
 
diff --git a/testing/btest/plugins/logging-hooks-plugin/src/Plugin.cc b/testing/btest/plugins/logging-hooks-plugin/src/Plugin.cc
index 32dd2b17b3..eb06d5a27d 100644
--- a/testing/btest/plugins/logging-hooks-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/logging-hooks-plugin/src/Plugin.cc
@@ -21,6 +21,7 @@ plugin::Configuration Plugin::Configure()
 	config.description = "Exercises Log hooks";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}
 
diff --git a/testing/btest/plugins/pktdumper-plugin/src/Plugin.cc b/testing/btest/plugins/pktdumper-plugin/src/Plugin.cc
index 81ef8c79f4..f4417ff6a2 100644
--- a/testing/btest/plugins/pktdumper-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/pktdumper-plugin/src/Plugin.cc
@@ -16,5 +16,6 @@ plugin::Configuration Plugin::Configure()
 	config.description = "A Foo packet dumper";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}
diff --git a/testing/btest/plugins/pktsrc-plugin/src/Plugin.cc b/testing/btest/plugins/pktsrc-plugin/src/Plugin.cc
index ecc94866a6..088a4dd36d 100644
--- a/testing/btest/plugins/pktsrc-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/pktsrc-plugin/src/Plugin.cc
@@ -16,5 +16,6 @@ plugin::Configuration Plugin::Configure()
 	config.description = "A Foo packet source";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}
diff --git a/testing/btest/plugins/plugin-nopatchversion-plugin/.btest-ignore b/testing/btest/plugins/plugin-nopatchversion-plugin/.btest-ignore
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/testing/btest/plugins/plugin-nopatchversion-plugin/src/Plugin.cc b/testing/btest/plugins/plugin-nopatchversion-plugin/src/Plugin.cc
new file mode 100644
index 0000000000..292f2c90de
--- /dev/null
+++ b/testing/btest/plugins/plugin-nopatchversion-plugin/src/Plugin.cc
@@ -0,0 +1,16 @@
+
+#include "Plugin.h"
+
+namespace plugin { namespace Testing_NoPatchVersion { Plugin plugin; } }
+
+using namespace plugin::Testing_NoPatchVersion;
+
+plugin::Configuration Plugin::Configure()
+	{
+	plugin::Configuration config;
+	config.name = "Testing::NoPatchVersion";
+	config.description = "Testing a plugin without a specified patch version";
+	config.version.major = 0;
+	config.version.minor = 1;
+	return config;
+	}
diff --git a/testing/btest/plugins/plugin-nopatchversion.bro b/testing/btest/plugins/plugin-nopatchversion.bro
new file mode 100644
index 0000000000..2279efde6a
--- /dev/null
+++ b/testing/btest/plugins/plugin-nopatchversion.bro
@@ -0,0 +1,5 @@
+# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing NoPatchVersion
+# @TEST-EXEC: cp -r %DIR/plugin-nopatchversion-plugin/* .
+# @TEST-EXEC: ./configure --bro-dist=${DIST} && make
+# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) bro -N Testing::NoPatchVersion >> output
+# @TEST-EXEC: btest-diff output
diff --git a/testing/btest/plugins/plugin-withpatchversion-plugin/.btest-ignore b/testing/btest/plugins/plugin-withpatchversion-plugin/.btest-ignore
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/testing/btest/plugins/plugin-withpatchversion-plugin/src/Plugin.cc b/testing/btest/plugins/plugin-withpatchversion-plugin/src/Plugin.cc
new file mode 100644
index 0000000000..95221b7118
--- /dev/null
+++ b/testing/btest/plugins/plugin-withpatchversion-plugin/src/Plugin.cc
@@ -0,0 +1,17 @@
+
+#include "Plugin.h"
+
+namespace plugin { namespace Testing_WithPatchVersion { Plugin plugin; } }
+
+using namespace plugin::Testing_WithPatchVersion;
+
+plugin::Configuration Plugin::Configure()
+	{
+	plugin::Configuration config;
+	config.name = "Testing::WithPatchVersion";
+	config.description = "Testing a plugin with a specified patch version";
+	config.version.major = 0;
+	config.version.minor = 1;
+	config.version.patch = 4;
+	return config;
+	}
diff --git a/testing/btest/plugins/plugin-withpatchversion.bro b/testing/btest/plugins/plugin-withpatchversion.bro
new file mode 100644
index 0000000000..4d86f09719
--- /dev/null
+++ b/testing/btest/plugins/plugin-withpatchversion.bro
@@ -0,0 +1,5 @@
+# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing WithPatchVersion
+# @TEST-EXEC: cp -r %DIR/plugin-withpatchversion-plugin/* .
+# @TEST-EXEC: ./configure --bro-dist=${DIST} && make
+# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) bro -N Testing::WithPatchVersion >> output
+# @TEST-EXEC: btest-diff output
diff --git a/testing/btest/plugins/protocol-plugin/src/Plugin.cc b/testing/btest/plugins/protocol-plugin/src/Plugin.cc
index e6966bf538..bd2662d67c 100644
--- a/testing/btest/plugins/protocol-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/protocol-plugin/src/Plugin.cc
@@ -16,5 +16,6 @@ plugin::Configuration Plugin::Configure()
 	config.description = "A Foo test analyzer";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}
diff --git a/testing/btest/plugins/reader-plugin/src/Plugin.cc b/testing/btest/plugins/reader-plugin/src/Plugin.cc
index acc715511a..fdf16c412b 100644
--- a/testing/btest/plugins/reader-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/reader-plugin/src/Plugin.cc
@@ -15,5 +15,6 @@ plugin::Configuration Plugin::Configure()
 	config.description = "A Foo test input reader";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}
diff --git a/testing/btest/plugins/reporter-hook-plugin/src/Plugin.cc b/testing/btest/plugins/reporter-hook-plugin/src/Plugin.cc
index 9c8eee6ca8..d9c856966a 100644
--- a/testing/btest/plugins/reporter-hook-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/reporter-hook-plugin/src/Plugin.cc
@@ -19,6 +19,7 @@ plugin::Configuration Plugin::Configure()
 	config.description = "Exercise Reporter Hook";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}
 
diff --git a/testing/btest/plugins/writer-plugin/src/Plugin.cc b/testing/btest/plugins/writer-plugin/src/Plugin.cc
index e07e071204..e22a2cd645 100644
--- a/testing/btest/plugins/writer-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/writer-plugin/src/Plugin.cc
@@ -15,5 +15,6 @@ plugin::Configuration Plugin::Configure()
 	config.description = "A Foo test logging writer";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}
diff --git a/testing/btest/scripts/base/protocols/dns/dns-key.bro b/testing/btest/scripts/base/protocols/dns/dns-key.bro
index c51788c605..4880ad3530 100644
--- a/testing/btest/scripts/base/protocols/dns/dns-key.bro
+++ b/testing/btest/scripts/base/protocols/dns/dns-key.bro
@@ -1,4 +1,4 @@
 # Making sure DNSKEY gets logged as such.
 #
-# @TEST-EXEC: bro -r $TRACES/dns-dnskey.trace
+# @TEST-EXEC: bro -r $TRACES/dnssec/dnskey2.pcap
 # @TEST-EXEC: btest-diff dns.log
diff --git a/testing/btest/scripts/base/protocols/dns/dnskey.bro b/testing/btest/scripts/base/protocols/dns/dnskey.bro
new file mode 100644
index 0000000000..9297dc696a
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dns/dnskey.bro
@@ -0,0 +1,35 @@
+# @TEST-EXEC: bro -C -r $TRACES/dnssec/dnskey.pcap %INPUT > output
+# @TEST-EXEC: btest-diff dns.log
+# @TEST-EXEC: btest-diff output
+
+#@load policy/protocols/dns/auth-addl
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
+	{
+	print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
+	{
+	print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
+	{
+	print "NSEC", next_name, bitmaps;
+
+	for ( i in bitmaps )
+		print bytestring_to_hexstr(bitmaps[i]);
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
+	{
+	print "NSEC3", nsec3,
+	      bytestring_to_hexstr(nsec3$nsec_salt),
+	      bytestring_to_hexstr(nsec3$nsec_hash);
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
+	{
+	print "DS", ds, bytestring_to_hexstr(ds$digest_val);
+	}
diff --git a/testing/btest/scripts/base/protocols/dns/ds.bro b/testing/btest/scripts/base/protocols/dns/ds.bro
new file mode 100644
index 0000000000..ecb90514cd
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dns/ds.bro
@@ -0,0 +1,35 @@
+# @TEST-EXEC: bro -C -r $TRACES/dnssec/ds.pcap %INPUT > output
+# @TEST-EXEC: btest-diff dns.log
+# @TEST-EXEC: btest-diff output
+
+#@load policy/protocols/dns/auth-addl
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
+	{
+	print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
+	{
+	print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
+	{
+	print "NSEC", next_name, bitmaps;
+
+	for ( i in bitmaps )
+		print bytestring_to_hexstr(bitmaps[i]);
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
+	{
+	print "NSEC3", nsec3,
+	      bytestring_to_hexstr(nsec3$nsec_salt),
+	      bytestring_to_hexstr(nsec3$nsec_hash);
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
+	{
+	print "DS", ds, bytestring_to_hexstr(ds$digest_val);
+	}
diff --git a/testing/btest/scripts/base/protocols/dns/duplicate-reponses.bro b/testing/btest/scripts/base/protocols/dns/duplicate-reponses.bro
index a16235b9a5..e13b3b4807 100644
--- a/testing/btest/scripts/base/protocols/dns/duplicate-reponses.bro
+++ b/testing/btest/scripts/base/protocols/dns/duplicate-reponses.bro
@@ -2,4 +2,3 @@
 #
 # @TEST-EXEC: bro -r $TRACES/dns-two-responses.trace
 # @TEST-EXEC: btest-diff dns.log
-# @TEST-EXEC: btest-diff weird.log
\ No newline at end of file
diff --git a/testing/btest/scripts/base/protocols/dns/nsec.bro b/testing/btest/scripts/base/protocols/dns/nsec.bro
new file mode 100644
index 0000000000..8d9b1c91a7
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dns/nsec.bro
@@ -0,0 +1,35 @@
+# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec.pcap %INPUT > output
+# @TEST-EXEC: btest-diff dns.log
+# @TEST-EXEC: btest-diff output
+
+@load policy/protocols/dns/auth-addl
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
+	{
+	print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
+	{
+	print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
+	{
+	print "NSEC", next_name, bitmaps;
+
+	for ( i in bitmaps )
+		print bytestring_to_hexstr(bitmaps[i]);
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
+	{
+	print "NSEC3", nsec3,
+	      bytestring_to_hexstr(nsec3$nsec_salt),
+	      bytestring_to_hexstr(nsec3$nsec_hash);
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
+	{
+	print "DS", ds, bytestring_to_hexstr(ds$digest_val);
+	}
diff --git a/testing/btest/scripts/base/protocols/dns/nsec3.bro b/testing/btest/scripts/base/protocols/dns/nsec3.bro
new file mode 100644
index 0000000000..0710be8fea
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dns/nsec3.bro
@@ -0,0 +1,35 @@
+# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec3.pcap %INPUT > output
+# @TEST-EXEC: btest-diff dns.log
+# @TEST-EXEC: btest-diff output
+
+@load policy/protocols/dns/auth-addl
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
+	{
+	print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
+	{
+	print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
+	{
+	print "NSEC", next_name, bitmaps;
+
+	for ( i in bitmaps )
+		print bytestring_to_hexstr(bitmaps[i]);
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
+	{
+	print "NSEC3", nsec3,
+	      bytestring_to_hexstr(nsec3$nsec_salt),
+	      bytestring_to_hexstr(nsec3$nsec_hash);
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
+	{
+	print "DS", ds, bytestring_to_hexstr(ds$digest_val);
+	}
diff --git a/testing/btest/scripts/base/protocols/dns/rrsig.bro b/testing/btest/scripts/base/protocols/dns/rrsig.bro
new file mode 100644
index 0000000000..32b958a789
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dns/rrsig.bro
@@ -0,0 +1,35 @@
+# @TEST-EXEC: bro -C -r $TRACES/dnssec/rrsig.pcap %INPUT > output
+# @TEST-EXEC: btest-diff dns.log
+# @TEST-EXEC: btest-diff output
+
+#@load policy/protocols/dns/auth-addl
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
+	{
+	print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
+	{
+	print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
+	{
+	print "NSEC", next_name, bitmaps;
+
+	for ( i in bitmaps )
+		print bytestring_to_hexstr(bitmaps[i]);
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
+	{
+	print "NSEC3", nsec3,
+	      bytestring_to_hexstr(nsec3$nsec_salt),
+	      bytestring_to_hexstr(nsec3$nsec_hash);
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
+	{
+	print "DS", ds, bytestring_to_hexstr(ds$digest_val);
+	}