Merge remote-tracking branch 'origin/dev/2.7'

* origin/dev/2.7:
  Improve introspection of Record and TypeType values
  Bro plugins should support a patch version (x.y.z)
  GH-148: add priority to DNSSEC event handlers
  DNSSEC support in Bro

testing/btest/Baseline/bifs.records_fields/out

@@ -1,8 +1,33 @@
-[a=42, b=Foo, c=<uninitialized>, d=Bar]
+[a=42, b=Foo, c=<uninitialized>, d=Bar, e=tt]
 {
-[b] = [type_name=record, log=F, value=Foo, default_val=Foo],
-[c] = [type_name=record, log=F, value=<uninitialized>, default_val=<uninitialized>],
-[a] = [type_name=record, log=F, value=42, default_val=<uninitialized>],
-[d] = [type_name=record, log=T, value=Bar, default_val=<uninitialized>]
+[b] = [type_name=string, log=F, value=Foo, default_val=Foo],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[e] = [type_name=any, log=F, value=tt, default_val=<uninitialized>],
+[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>]
 }
 F
+{
+[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
+[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
+}
+{
+[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
+[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
+}
+{
+[b] = [type_name=string, log=F, value=Foo, default_val=Foo],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[e] = [type_name=any, log=F, value=mystring, default_val=<uninitialized>],
+[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>]
+}
+{
+
+}

testing/btest/Baseline/plugins.bifs-and-scripts-install/output

@@ -1,4 +1,4 @@
-Demo::Foo - <Insert description> (dynamic, version 0.1)
+Demo::Foo - <Insert description> (dynamic, version 0.1.0)
     [Function] hello_plugin_world
     [Event] plugin_event
 

testing/btest/Baseline/plugins.bifs-and-scripts/output

@@ -1,4 +1,4 @@
-Demo::Foo - <Insert description> (dynamic, version 0.1)
+Demo::Foo - <Insert description> (dynamic, version 0.1.0)
     [Function] hello_plugin_world
     [Event] plugin_event
 

testing/btest/Baseline/plugins.file/output

@@ -1,4 +1,4 @@
-Demo::Foo - A Foo test analyzer (dynamic, version 1.0)
+Demo::Foo - A Foo test analyzer (dynamic, version 1.0.0)
     [File Analyzer] Foo (ANALYZER_FOO)
     [Event] foo_piece
 

testing/btest/Baseline/plugins.hooks/output

@@ -228,53 +228,53 @@
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@@ -413,53 +413,53 @@
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (X509::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (mysql::LOG, default)) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@@ -1122,53 +1122,53 @@
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@@ -1307,53 +1307,53 @@
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (X509::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (mysql::LOG, default))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
@@ -2015,53 +2015,53 @@
 0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
-0.000000 | HookCallFunction Log::__create_stream(Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker])
-0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])
-0.000000 | HookCallFunction Log::__create_stream(Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])
-0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])
-0.000000 | HookCallFunction Log::__create_stream(DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])
-0.000000 | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])
-0.000000 | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])
-0.000000 | HookCallFunction Log::__create_stream(DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])
-0.000000 | HookCallFunction Log::__create_stream(DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])
-0.000000 | HookCallFunction Log::__create_stream(FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])
-0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])
-0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])
-0.000000 | HookCallFunction Log::__create_stream(IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])
-0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])
-0.000000 | HookCallFunction Log::__create_stream(KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])
-0.000000 | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])
-0.000000 | HookCallFunction Log::__create_stream(NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm])
-0.000000 | HookCallFunction Log::__create_stream(NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])
-0.000000 | HookCallFunction Log::__create_stream(NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])
-0.000000 | HookCallFunction Log::__create_stream(NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])
-0.000000 | HookCallFunction Log::__create_stream(NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])
-0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])
-0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])
-0.000000 | HookCallFunction Log::__create_stream(OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])
-0.000000 | HookCallFunction Log::__create_stream(PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])
-0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])
-0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])
-0.000000 | HookCallFunction Log::__create_stream(RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])
-0.000000 | HookCallFunction Log::__create_stream(RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb])
-0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])
-0.000000 | HookCallFunction Log::__create_stream(SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])
-0.000000 | HookCallFunction Log::__create_stream(SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files])
-0.000000 | HookCallFunction Log::__create_stream(SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping])
-0.000000 | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])
-0.000000 | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])
-0.000000 | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])
-0.000000 | HookCallFunction Log::__create_stream(SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])
-0.000000 | HookCallFunction Log::__create_stream(SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])
-0.000000 | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])
-0.000000 | HookCallFunction Log::__create_stream(Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])
-0.000000 | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])
-0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])
-0.000000 | HookCallFunction Log::__create_stream(Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])
-0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
-0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
-0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__create_stream(Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker])
+0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster])
+0.000000 | HookCallFunction Log::__create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config])
+0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn])
+0.000000 | HookCallFunction Log::__create_stream(DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc])
+0.000000 | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp])
+0.000000 | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3])
+0.000000 | HookCallFunction Log::__create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns])
+0.000000 | HookCallFunction Log::__create_stream(DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd])
+0.000000 | HookCallFunction Log::__create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp])
+0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files])
+0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http])
+0.000000 | HookCallFunction Log::__create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])
+0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])
+0.000000 | HookCallFunction Log::__create_stream(KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])
+0.000000 | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])
+0.000000 | HookCallFunction Log::__create_stream(NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm])
+0.000000 | HookCallFunction Log::__create_stream(NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])
+0.000000 | HookCallFunction Log::__create_stream(NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])
+0.000000 | HookCallFunction Log::__create_stream(NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])
+0.000000 | HookCallFunction Log::__create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])
+0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm])
+0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice])
+0.000000 | HookCallFunction Log::__create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow])
+0.000000 | HookCallFunction Log::__create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe])
+0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter])
+0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius])
+0.000000 | HookCallFunction Log::__create_stream(RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp])
+0.000000 | HookCallFunction Log::__create_stream(RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb])
+0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter])
+0.000000 | HookCallFunction Log::__create_stream(SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip])
+0.000000 | HookCallFunction Log::__create_stream(SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files])
+0.000000 | HookCallFunction Log::__create_stream(SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping])
+0.000000 | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp])
+0.000000 | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp])
+0.000000 | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks])
+0.000000 | HookCallFunction Log::__create_stream(SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh])
+0.000000 | HookCallFunction Log::__create_stream(SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl])
+0.000000 | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures])
+0.000000 | HookCallFunction Log::__create_stream(Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])
+0.000000 | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog])
+0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel])
+0.000000 | HookCallFunction Log::__create_stream(Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])
+0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
+0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
+0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@@ -2200,53 +2200,53 @@
 0.000000 | HookCallFunction Log::add_stream_filters(Weird::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(X509::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(mysql::LOG, default)
-0.000000 | HookCallFunction Log::create_stream(Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker])
-0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])
-0.000000 | HookCallFunction Log::create_stream(Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])
-0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])
-0.000000 | HookCallFunction Log::create_stream(DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])
-0.000000 | HookCallFunction Log::create_stream(DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])
-0.000000 | HookCallFunction Log::create_stream(DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])
-0.000000 | HookCallFunction Log::create_stream(DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])
-0.000000 | HookCallFunction Log::create_stream(DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])
-0.000000 | HookCallFunction Log::create_stream(FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])
-0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])
-0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])
-0.000000 | HookCallFunction Log::create_stream(IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])
-0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])
-0.000000 | HookCallFunction Log::create_stream(KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])
-0.000000 | HookCallFunction Log::create_stream(Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])
-0.000000 | HookCallFunction Log::create_stream(NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm])
-0.000000 | HookCallFunction Log::create_stream(NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])
-0.000000 | HookCallFunction Log::create_stream(NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])
-0.000000 | HookCallFunction Log::create_stream(NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])
-0.000000 | HookCallFunction Log::create_stream(NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])
-0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])
-0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])
-0.000000 | HookCallFunction Log::create_stream(OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])
-0.000000 | HookCallFunction Log::create_stream(PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])
-0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])
-0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])
-0.000000 | HookCallFunction Log::create_stream(RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])
-0.000000 | HookCallFunction Log::create_stream(RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb])
-0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])
-0.000000 | HookCallFunction Log::create_stream(SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])
-0.000000 | HookCallFunction Log::create_stream(SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files])
-0.000000 | HookCallFunction Log::create_stream(SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping])
-0.000000 | HookCallFunction Log::create_stream(SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])
-0.000000 | HookCallFunction Log::create_stream(SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])
-0.000000 | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])
-0.000000 | HookCallFunction Log::create_stream(SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])
-0.000000 | HookCallFunction Log::create_stream(SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])
-0.000000 | HookCallFunction Log::create_stream(Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])
-0.000000 | HookCallFunction Log::create_stream(Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])
-0.000000 | HookCallFunction Log::create_stream(Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])
-0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])
-0.000000 | HookCallFunction Log::create_stream(Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])
-0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
-0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
-0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::create_stream(Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker])
+0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster])
+0.000000 | HookCallFunction Log::create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config])
+0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn])
+0.000000 | HookCallFunction Log::create_stream(DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc])
+0.000000 | HookCallFunction Log::create_stream(DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp])
+0.000000 | HookCallFunction Log::create_stream(DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3])
+0.000000 | HookCallFunction Log::create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns])
+0.000000 | HookCallFunction Log::create_stream(DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd])
+0.000000 | HookCallFunction Log::create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp])
+0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files])
+0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http])
+0.000000 | HookCallFunction Log::create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])
+0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])
+0.000000 | HookCallFunction Log::create_stream(KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])
+0.000000 | HookCallFunction Log::create_stream(Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])
+0.000000 | HookCallFunction Log::create_stream(NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm])
+0.000000 | HookCallFunction Log::create_stream(NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])
+0.000000 | HookCallFunction Log::create_stream(NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])
+0.000000 | HookCallFunction Log::create_stream(NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])
+0.000000 | HookCallFunction Log::create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])
+0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm])
+0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice])
+0.000000 | HookCallFunction Log::create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow])
+0.000000 | HookCallFunction Log::create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe])
+0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter])
+0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius])
+0.000000 | HookCallFunction Log::create_stream(RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp])
+0.000000 | HookCallFunction Log::create_stream(RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb])
+0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter])
+0.000000 | HookCallFunction Log::create_stream(SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip])
+0.000000 | HookCallFunction Log::create_stream(SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files])
+0.000000 | HookCallFunction Log::create_stream(SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping])
+0.000000 | HookCallFunction Log::create_stream(SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp])
+0.000000 | HookCallFunction Log::create_stream(SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp])
+0.000000 | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks])
+0.000000 | HookCallFunction Log::create_stream(SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh])
+0.000000 | HookCallFunction Log::create_stream(SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl])
+0.000000 | HookCallFunction Log::create_stream(Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures])
+0.000000 | HookCallFunction Log::create_stream(Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])
+0.000000 | HookCallFunction Log::create_stream(Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog])
+0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel])
+0.000000 | HookCallFunction Log::create_stream(Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])
+0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
+0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
+0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction NetControl::check_plugins()
 0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()
@@ -2675,7 +2675,7 @@
 0.000000 | HookLoadFile  base<...>/x509
 0.000000 | HookLoadFile  base<...>/xmpp
 0.000000 | HookLogInit   packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
-0.000000 | HookLogWrite  packet_filter [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T]
+0.000000 | HookLogWrite  packet_filter [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T]
 0.000000 | HookQueueEvent NetControl::init()
 0.000000 | HookQueueEvent bro_init()
 0.000000 | HookQueueEvent filter_change_tracking()

testing/btest/Baseline/plugins.init-plugin/output

@@ -1,3 +1,3 @@
-Demo::Foo - <Insert description> (dynamic, version 0.1)
+Demo::Foo - <Insert description> (dynamic, version 0.1.0)
 
 ===

testing/btest/Baseline/plugins.pktdumper/output

@@ -1,4 +1,4 @@
-Demo::Foo - A Foo packet dumper (dynamic, version 1.0)
+Demo::Foo - A Foo packet dumper (dynamic, version 1.0.0)
     [Packet Dumper] FooPktDumper (dumper prefix: "foo")
 
 ===

testing/btest/Baseline/plugins.plugin-nopatchversion/output

@@ -0,0 +1 @@
+Testing::NoPatchVersion - Testing a plugin without a specified patch version (dynamic, version 0.1.0)

testing/btest/Baseline/plugins.plugin-withpatchversion/output

@@ -0,0 +1 @@
+Testing::WithPatchVersion - Testing a plugin with a specified patch version (dynamic, version 0.1.4)

testing/btest/Baseline/plugins.protocol/output

@@ -1,4 +1,4 @@
-Demo::Foo - A Foo test analyzer (dynamic, version 1.0)
+Demo::Foo - A Foo test analyzer (dynamic, version 1.0.0)
     [Analyzer] Foo (ANALYZER_FOO, enabled)
     [Event] foo_message
 

testing/btest/Baseline/plugins.reader/output

@@ -1,4 +1,4 @@
-Demo::Foo - A Foo test input reader (dynamic, version 1.0)
+Demo::Foo - A Foo test input reader (dynamic, version 1.0.0)
     [Reader] Foo (Input::READER_FOO)
 
 ===

testing/btest/Baseline/plugins.writer/output

@@ -1,4 +1,4 @@
-Demo::Foo - A Foo test logging writer (dynamic, version 1.0)
+Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
     [Writer] Foo (Log::WRITER_FOO)
 
 ===

testing/btest/Baseline/scripts.base.frameworks.input.empty-values-hashing/out

@@ -11,7 +11,7 @@ Description
 [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
 [2] = [s=<uninitialized>, ss=<uninitialized>],
 [1] = [s=<uninitialized>, ss=TEST]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -43,7 +43,7 @@ Description
 [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
 [2] = [s=<uninitialized>, ss=<uninitialized>],
 [1] = [s=<uninitialized>, ss=TEST]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -88,7 +88,7 @@ Description
 [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
 [2] = [s=TEST, ss=TEST],
 [1] = [s=TEST, ss=<uninitialized>]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -120,7 +120,7 @@ Description
 [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
 [2] = [s=TEST, ss=TEST],
 [1] = [s=TEST, ss=<uninitialized>]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;

testing/btest/Baseline/scripts.base.frameworks.input.event/out

@@ -1,4 +1,4 @@
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -10,7 +10,7 @@ print outfile, A::b;
 Input::EVENT_NEW
 1
 T
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -22,7 +22,7 @@ print outfile, A::b;
 Input::EVENT_NEW
 2
 T
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -34,7 +34,7 @@ print outfile, A::b;
 Input::EVENT_NEW
 3
 F
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -46,7 +46,7 @@ print outfile, A::b;
 Input::EVENT_NEW
 4
 F
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -58,7 +58,7 @@ print outfile, A::b;
 Input::EVENT_NEW
 5
 F
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -70,7 +70,7 @@ print outfile, A::b;
 Input::EVENT_NEW
 6
 F
-[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;

testing/btest/Baseline/scripts.base.frameworks.input.raw.basic/out

@@ -1,4 +1,4 @@
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -16,7 +16,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -34,7 +34,7 @@ terminate();
 }]
 Input::EVENT_NEW
 DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -52,7 +52,7 @@ terminate();
 }]
 Input::EVENT_NEW
 q3r3057fdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -70,7 +70,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdfs\d
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -88,7 +88,7 @@ terminate();
 }]
 Input::EVENT_NEW
 
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -106,7 +106,7 @@ terminate();
 }]
 Input::EVENT_NEW
 dfsdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -124,7 +124,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;

testing/btest/Baseline/scripts.base.frameworks.input.raw.execute/out

@@ -1,4 +1,4 @@
-[source=wc -l ../input.log |, reader=Input::READER_RAW, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
+[source=wc -l ../input.log |, reader=Input::READER_RAW, mode=Input::MANUAL, name=input, fields=Val, want_record=F, ev=line
 { 
 print outfile, description;
 print outfile, tpe;

testing/btest/Baseline/scripts.base.frameworks.input.raw.rereadraw/out

@@ -1,4 +1,4 @@
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -16,7 +16,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -34,7 +34,7 @@ terminate();
 }]
 Input::EVENT_NEW
 DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -52,7 +52,7 @@ terminate();
 }]
 Input::EVENT_NEW
 q3r3057fdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -70,7 +70,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdfs\d
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -88,7 +88,7 @@ terminate();
 }]
 Input::EVENT_NEW
 
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -106,7 +106,7 @@ terminate();
 }]
 Input::EVENT_NEW
 dfsdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -124,7 +124,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -142,7 +142,7 @@ terminate();
 }]
 Input::EVENT_NEW
 3rw43wRRERLlL#RWERERERE.
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -160,7 +160,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -178,7 +178,7 @@ terminate();
 }]
 Input::EVENT_NEW
 DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -196,7 +196,7 @@ terminate();
 }]
 Input::EVENT_NEW
 q3r3057fdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -214,7 +214,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdfs\d
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -232,7 +232,7 @@ terminate();
 }]
 Input::EVENT_NEW
 
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -250,7 +250,7 @@ terminate();
 }]
 Input::EVENT_NEW
 dfsdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;
@@ -268,7 +268,7 @@ terminate();
 }]
 Input::EVENT_NEW
 sdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
+[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
 { 
 print outfile, A::description;
 print outfile, A::tpe;

testing/btest/Baseline/scripts.base.frameworks.input.reread/out

@@ -28,7 +28,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -123,7 +123,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -230,7 +230,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -457,7 +457,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -582,7 +582,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -707,7 +707,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -832,7 +832,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -957,7 +957,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -1187,7 +1187,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -1240,7 +1240,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -1293,7 +1293,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -1346,7 +1346,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -1399,7 +1399,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;
@@ -1452,7 +1452,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
-}, idx=<no value description>, val=<no value description>, want_record=T, ev=line
+}, idx=A::Idx, val=A::Val, want_record=T, ev=line
 { 
 print A::outfile, ============EVENT============;
 print A::outfile, Description;

testing/btest/Baseline/scripts.base.protocols.dns.dns-key/dns.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dns
-#open	2016-07-13-16-16-11
+#open	2018-09-21-21-01-10
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
 #types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
-1359565680.761790	CHhAvVGS1DHFjwGM9	192.168.6.10	53209	192.168.129.36	53	udp	41477	0.075138	paypal.com	1	C_INTERNET	48	DNSKEY	0	NOERROR	F	F	T	T	1	<unknown type=48>,<unknown type=48>,<unknown type=46>,<unknown type=46>	455.000000,455.000000,455.000000,455.000000	F
-#close	2016-07-13-16-16-11
+1359565680.761790	CHhAvVGS1DHFjwGM9	192.168.6.10	53209	192.168.129.36	53	udp	41477	0.075138	paypal.com	1	C_INTERNET	48	DNSKEY	0	NOERROR	F	F	T	T	1	DNSKEY 5,DNSKEY 5,RRSIG 48 paypal.com,RRSIG 48 paypal.com	455.000000,455.000000,455.000000,455.000000	F
+#close	2018-09-21-21-01-10

testing/btest/Baseline/scripts.base.protocols.dns.dnskey/dns.log

@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dns
+#open	2018-09-21-21-02-08
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
+#types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
+1537557808.534727	CHhAvVGS1DHFjwGM9	192.168.153.129	50729	192.168.153.2	53	udp	22666	0.018166	upenn.edu	1	C_INTERNET	48	DNSKEY	0	NOERROR	F	F	T	T	2	DNSKEY 5,DNSKEY 5,DNSKEY 5,RRSIG 48 upenn.edu,RRSIG 48 upenn.edu	5.000000,5.000000,5.000000,3444.000000,3444.000000	F
+#close	2018-09-21-21-02-08

testing/btest/Baseline/scripts.base.protocols.dns.dnskey/output

@@ -0,0 +1,5 @@
+DNSKEY, [query=upenn.edu, answer_type=1, flags=256, protocol=3, algorithm=5, public_key=\x03\x01\x00\x01\xa83\xd4\x99\xe7\x9bz\x7f\xe8\xf4\x15\xeb\x80F\xc9\x1e\xfdo5\xff\x8dAd\xa8\x84\x81\xa2PB\xfc\xc6{!\x1f\xd9\xfc/\x08S_\x97\x89O;\x09\x1a*\x99\x94\x19"\x90\xf8R\xcb\xad\x10\x00\xd4\xef\x91\x02\x16\xab\x1f\xb2\xee\xe8\xde\x06\x95\xb2\x8c\x8f\x03\xe3\x8a,\x06\x99X\x11\xae\x0d\x9f\xcf\xe8\x15\xb9\xd0\xc3\x02%\xbfI\x8bC\x1e \xc3\xdb]\x9e\xda\xc4\xbf\xdf\x97\xfe\xf6.\x8cr\x00zhW\xdd\x08\xd9\x996?\x19''\xa0\x8f, is_query=0], 03010001a833d499e79b7a7fe8f415eb8046c91efd6f35ff8d4164a88481a25042fcc67b211fd9fc2f08535f97894f3b091a2a9994192290f852cbad1000d4ef910216ab1fb2eee8de0695b28c8f03e38a2c06995811ae0d9fcfe815b9d0c30225bf498b431e20c3db5d9edac4bfdf97fef62e8c72007a6857dd08d999363f192727a08f
+DNSKEY, [query=upenn.edu, answer_type=1, flags=256, protocol=3, algorithm=5, public_key=\x03\x01\x00\x01\xf7a\x0b\x04\x88\x99/\xef\xaaS\xd5\xeet\x0c< \xa3w\xb3\xfc\xcd\xad\xfc<Q\xfa\xd3\xac\xe1\xcf\xbc\xdc\xeeX\xabU\xec\x14\xa6\x16"\x8e\x90\xd3y\xe5\xf6\x9cG\xea\xdeW\x85*a\xeaC\x0e\x0es\xb2q\xa7\xbf\xc1u\xfa\xf6\xb9\x97\xde\x0b\x0b4\xcf\x06\xa5\xdaFC%\x7f\xce\xfb\x00M\xaa\xd2%\xb5\xce\xadw\x0c\xd7\xb4e6\xd5Q/\x0e\xc1]\x97|bB\x94G\x91{}=\xc9U"\xa9\xc6\xbf\x7fa+\xd9\xa2\x9b\x1e\xdb, is_query=0], 03010001f7610b0488992fefaa53d5ee740c3c20a377b3fccdadfc3c51fad3ace1cfbcdcee58ab55ec14a616228e90d379e5f69c47eade57852a61ea430e0e73b271a7bfc175faf6b997de0b0b34cf06a5da4643257fcefb004daad225b5cead770cd7b46536d5512f0ec15d977c62429447917b7d3dc95522a9c6bf7f612bd9a29b1edb
+DNSKEY, [query=upenn.edu, answer_type=1, flags=257, protocol=3, algorithm=5, public_key=\x03\x01\x00\x01\xfd6\xc1\x96L\xb5\x00\x00\x00\x05\x9f'\xfchA\xf7\xe7\xd7\xb3E%]\x18\xe6\xce\x05\xde\xd3\x1d\x92KB\xfd\xa6\xc3k\x1f\x92\x07C\x09Y\x10\x1c\xcex\xa0*\x88\xabuR\xfbe\xb5R\xd86\x11\xa1K\xc9\xbf\x8e\x15-\x1bK\x95\xb8 \xc49\xe1\xa4\xfe\x1f\x08\x9f<b\xed\xf7\xff\x91\x85g\x09\xa0\xc5\xca88\x0e\xb2\xc6\x1c\x04\x9e"/y\x0eA\xec\xb2tV\x1f\x0a\xc9\xfa\x94\xea\x86\xee\xef\x01Q\xee\x94\x95\xd5Erl\xb6_\x17y\xf5)\xbf\xba)\x15\xadj\xf7\xb9$\xb6\xe1}\x87\xd7c\x18T\xa5U\xa5m\xe2\x98\x9a\x8a\xe8;\xd4\x87\xb1\x06\xa8G{\xeb\xec\xbdz\xf0\xc1\x1e\xe1TD\xf9"\x9c\xb8\xd4d\xcc\xb0F\xe5t\x03\x9c\x89\x98j{\xfa=\xfe-a\xa3S\x19\x83\xe0\x91t\x95$\xa7\x86Q\xd9\xdc$\xecY\xf0\xda\xc0\xa8\xe9\xdc\x188\x100\xbd\xf1\x00\xb1\x96\x1dik\xa6g\x8d\xe8D\x1d\x7f\xbf\xaa\xbf[\xe6\xee\xe1\xf17R\xf42\x14\xbb\x07\x85, is_query=0], 03010001fd36c1964cb5000000059f27fc6841f7e7d7b345255d18e6ce05ded31d924b42fda6c36b1f9207430959101cce78a02a88ab7552fb65b552d83611a14bc9bf8e152d1b4b95b820c439e1a4fe1f089f3c62edf7ff91856709a0c5ca38380eb2c61c049e222f790e41ecb274561f0ac9fa94ea86eeef0151ee9495d545726cb65f1779f529bfba2915ad6af7b924b6e17d87d7631854a555a56de2989a8ae83bd487b106a8477bebecbd7af0c11ee15444f9229cb8d464ccb046e574039c89986a7bfa3dfe2d61a3531983e091749524a78651d9dc24ec59f0dac0a8e9dc18381030bdf100b1961d696ba6678de8441d7fbfaabf5be6eee1f13752f43214bb0785
+RRSIG, [query=upenn.edu, answer_type=1, type_covered=48, algorithm=5, labels=2, orig_ttl=2.0 hrs, sig_exp=1538431668.0, sig_incep=1535838004.0, key_tag=18463, signer_name=upenn.edu, signature=t\xca\xfd\xe33v\x01\xd7Hi\x9c5j\xa7\xda2.\xa7\x9fO\x7f\xad\xd8\xb4\x02:w\xa3\x93Wgy\xba\xc4S\xbe\x19O$A\xe0\x1fD\xec\x9dL\xf1\xdfz\x82\xb4\xdd\xf2\x82K\xa2+\xcc\x89\xe6\xc6m\xfb\x1a\xeb\xc4)6\x8e8\xc6\x18\x8ba\xc6\x8a\xe9X\xbdzIT\x15[h\x81hH\x89\x95\xc9\x0b\x81\x05\x93\xbe\xc0\xb3\x8d\xbe\xc0\xa4\xa0a\xea\xc2\x09\xa7\xd5\x09/\x17u\xa8R?\x9e\xd3\x9e\x172H:\x83\xb6\xc6\xb5c\x13\xb4\xfc\x1b\xa1\xfd\x94\xd0\xd7:\xa59\xe9oz;u\x15R]\xd9\x09Xq-\x06e\x93\x03#\xe5\x94\xc9\xe7B\xa4pC\x19\xda\xa9\x91\xa8\xed\xd6\xad\x0e\xee\x84\xe9/\x90\xf2\xbd\x16\x12\x0b\x03j\xcf\xb6u\x88\xb7[\x1aO\x7f\xf2CK\xccS\x88\x1d\xd0\x13\x0b\xfe\xa9XJiQ\x06\xe3"!\xc2E\xd5s\x9d?\xbf\xcdn\xf1\x87\x02$O\x9b\x0a\x9c\x06\x81\xc4V\xf3-\x07t>(k\x12)i\xdd\xc1\xf6S.a\x8b\xd3\x15, is_query=0], 74cafde3337601d748699c356aa7da322ea79f4f7fadd8b4023a77a393576779bac453be194f2441e01f44ec9d4cf1df7a82b4ddf2824ba22bcc89e6c66dfb1aebc429368e38c6188b61c68ae958bd7a4954155b688168488995c90b810593bec0b38dbec0a4a061eac209a7d5092f1775a8523f9ed39e1732483a83b6c6b56313b4fc1ba1fd94d0d73aa539e96f7a3b7515525dd90958712d0665930323e594c9e742a4704319daa991a8edd6ad0eee84e92f90f2bd16120b036acfb67588b75b1a4f7ff2434bcc53881dd0130bfea9584a695106e32221c245d5739d3fbfcd6ef18702244f9b0a9c0681c456f32d07743e286b122969ddc1f6532e618bd315
+RRSIG, [query=upenn.edu, answer_type=1, type_covered=48, algorithm=5, labels=2, orig_ttl=2.0 hrs, sig_exp=1538431668.0, sig_incep=1535838004.0, key_tag=50475, signer_name=upenn.edu, signature=S\x88\xbd\x1aP\xb4]\xc3y\xeb\xb1\xc0\xb8\x12~\x8f\xfc\x94\xf8\xa90`\xc5\x93\x8c[\xcb\xf5\xdc(J\x9e\xaf\x9854!\xd9\xca\xb1\xd5>\xab\xe2\xa2\xc7q\xb3\xf1\xcf\xf50\x7fc\x83Z\x9af\xcb\xcb\xae\x8f\xcc\xe5\xa6@}\x8cG\xdf\xe2?\xe405\xff\xdf\xf9|\xd61\xb3\xb2M+\xc9y"\x93\xd0\xc6\xee\xa0o\xbb\x87\xdaa\x92Q\xef\xfds\x9e\xf7\xcbw\x7fL\xc6\x06\xe4\x95\xd3j\xc6e\x1a-\xb6C}e\xdb3\x88m\xd0, is_query=0], 5388bd1a50b45dc379ebb1c0b8127e8ffc94f8a93060c5938c5bcbf5dc284a9eaf98353421d9cab1d53eabe2a2c771b3f1cff5307f63835a9a66cbcbae8fcce5a6407d8c47dfe23fe43035ffdff97cd631b3b24d2bc9792293d0c6eea06fbb87da619251effd739ef7cb777f4cc606e495d36ac6651a2db6437d65db33886dd0

testing/btest/Baseline/scripts.base.protocols.dns.ds/dns.log

@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dns
+#open	2018-09-21-21-02-51
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
+#types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
+1537557828.343603	CHhAvVGS1DHFjwGM9	192.168.153.129	50729	192.168.153.2	53	udp	39080	0.017821	upenn.edu	1	C_INTERNET	43	DS	0	NOERROR	F	F	T	T	2	DS 5 1,DS 5 2,RRSIG 43 edu	5.000000,5.000000,5.000000	F
+#close	2018-09-21-21-02-51

testing/btest/Baseline/scripts.base.protocols.dns.ds/output

@@ -0,0 +1,3 @@
+DS, [query=upenn.edu, answer_type=1, key_tag=18463, algorithm=5, digest_type=1, digest_val=\x0cE\xb3\xd0\x90\xb2!\xe0\xe3;\xbe\xb5\xa6\x19\xd8\x94\x16\xba\xf1\x97, is_query=0], 0c45b3d090b221e0e33bbeb5a619d89416baf197
+DS, [query=upenn.edu, answer_type=1, key_tag=18463, algorithm=5, digest_type=2, digest_val=`\x03\x99#&\xda\x06x\\x9e0\xb2Yu\x0f\xab\x09`\xbfW\x05K\xdd\xff\xde\xee\x11\x88\x97}\xab\xb8, is_query=0], 6003992326da06785c9e30b259750fab0960bf57054bddffdeee1188977dabb8
+RRSIG, [query=upenn.edu, answer_type=1, type_covered=43, algorithm=8, labels=2, orig_ttl=1.0 day, sig_exp=1538112220.0, sig_incep=1537503220.0, key_tag=50219, signer_name=edu, signature=\x9a\xd4`ppv\x154\x98\xe9\x9d\xf9#|\xa2\xb2v\xf6\x1dj\x1a\x07d\x8c\xd2\xea\xd8\xeeG`\x14=\xc33\xd4)\xb3C\xb9T\xe8r\xba.4\xcb\x96\xa7\xe3\x95\xf4#\xfd<"\xa8\x1c\x1b1R\x18\xd1\xac.x\xa0\xb1\xef\xf4\x163y\x85\xb4K\x0e\x84\xd2\x16\x05\x9et\xa7\xc5|\x0d9f\xd4\x8ea\xdd\x8d&\x863\x14\xd6i\xe6\xf6|%\xbf\xd8\x91\xb3\x87\xd1\x918r\x0a\xb8\x0e\x87\xdf?\xee\xf3Pyn\xdd=%\xd3p, is_query=0], 9ad460707076153498e99df9237ca2b276f61d6a1a07648cd2ead8ee4760143dc333d429b343b954e872ba2e34cb96a7e395f423fd3c22a81c1b315218d1ac2e78a0b1eff416337985b44b0e84d216059e74a7c57c0d3966d48e61dd8d26863314d669e6f67c25bfd891b387d19138720ab80e87df3feef350796edd3d25d370

testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dns
-#open	2016-07-13-16-16-12
+#open	2018-09-21-21-07-55
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
 #types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
-1363716396.798072	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	udp	21140	0.000214	www.cmu.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	www-cmu.andrew.cmu.edu,<unknown type=46>,www-cmu-2.andrew.cmu.edu,128.2.10.163	86400.000000,86400.000000,5.000000,21600.000000	F
-1363716396.798374	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	udp	21140	-	www.cmu.edu	-	-	-	-	0	NOERROR	T	F	F	F	0	www-cmu.andrew.cmu.edu,<unknown type=46>,www-cmu-2.andrew.cmu.edu,128.2.10.163	86400.000000,86400.000000,5.000000,21600.000000	F
-#close	2016-07-13-16-16-12
+1363716396.798072	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	udp	21140	0.000214	www.cmu.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	www-cmu.andrew.cmu.edu,RRSIG 5 cmu.edu,www-cmu-2.andrew.cmu.edu,128.2.10.163	86400.000000,86400.000000,5.000000,21600.000000	F
+1363716396.798374	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	udp	21140	-	www.cmu.edu	-	-	-	-	0	NOERROR	T	F	F	F	0	www-cmu.andrew.cmu.edu,RRSIG 5 cmu.edu,www-cmu-2.andrew.cmu.edu,128.2.10.163	86400.000000,86400.000000,5.000000,21600.000000	F
+#close	2018-09-21-21-07-55

testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log

@@ -1,10 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	weird
-#open	2017-12-13-19-40-49
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1363716396.798286	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	DNS_RR_unknown_type	46	F	bro
-#close	2017-12-13-19-40-49

testing/btest/Baseline/scripts.base.protocols.dns.nsec/dns.log

@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dns
+#open	2018-09-21-21-04-27
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected	auth	addl
+#types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool	set[string]	set[string]
+1533310046.924340	CHhAvVGS1DHFjwGM9	35.184.172.191	57073	128.175.13.16	53	udp	130	-	dla.library.upenn.edu	1	C_INTERNET	28	AAAA	0	NOERROR	F	F	F	F	1	-	-	F	NSEC dla.library.upenn.edu dlxssvr.library.upenn.edu,assailants.net.isc.upenn.edu,RRSIG 6 upenn.edu,RRSIG 47 upenn.edu	-
+1533310049.812056	ClEkJM2Vm5giqnMf4h	35.184.172.191	50693	128.175.13.16	53	udp	51063	0.001515	www.upenn.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	www.upenn.edgekey.net,RRSIG 5 upenn.edu	300.000000,300.000000	F	-	-
+#close	2018-09-21-21-04-27

testing/btest/Baseline/scripts.base.protocols.dns.nsec/output

@@ -0,0 +1,5 @@
+RRSIG, [query=upenn.edu, answer_type=2, type_covered=6, algorithm=5, labels=2, orig_ttl=1.0 hr, sig_exp=1535901996.0, sig_incep=1533306396.0, key_tag=50475, signer_name=upenn.edu, signature=\xdd=,iY\xd9\x0b\xdbmi\xc9L<\xdd\x03-\xaa\xda5Z\x1b\x0aK\x94.\x97p\xd8\x96\x7f\xa8*Cc\x9c\xa4\x86\xee\xd4\xc4\x0c\x88\x03v\xdf\x14\xef\x0c"|l\xfc)\xc7E\xd1I\xa3\x0dM/^\x98\xe9\xd8P\xbbDZ\xb1|z\xd5H8\xde\xf0\xeb\x14\x19\x99gm\xbdg\xbf\xe0\xe9CU\xf5_\xf0\x01\xe5\x1a\x8f7\x0e\x7foJ\xc1`\x09\xd9%\xc0x9\xe7\x81\xfco\xad\xa5\xd8\xfa\xf5I\xb6\x9f\xca\x9b#\xd9d\xd0, is_query=0], dd3d2c6959d90bdb6d69c94c3cdd032daada355a1b0a4b942e9770d8967fa82a43639ca486eed4c40c880376df14ef0c227c6cfc29c745d149a30d4d2f5e98e9d850bb445ab17c7ad54838def0eb141999676dbd67bfe0e94355f55ff001e51a8f370e7f6f4ac16009d925c07839e781fc6fada5d8faf549b69fca9b23d964d0
+NSEC, dlxssvr.library.upenn.edu, [@\x00\x00\x00\x00\x03]
+400000000003
+RRSIG, [query=dla.library.upenn.edu, answer_type=2, type_covered=47, algorithm=5, labels=4, orig_ttl=1.0 hr, sig_exp=1534400915.0, sig_incep=1531807585.0, key_tag=50475, signer_name=upenn.edu, signature=\x9fhH\x95K7\xd5u\xa5\xbc\xf5\x17\xccM\xe3=T\xd05u\xfa\xea\xfa\xfe\x0eH-W\xbb\xa3l\xa9\xe2\x8f\xef\x05\xf0\xdc\xb1\xf2\xe8u\x8c<v\x80WsaJ\xfc\xc1\x90qr\x1e\x0b\xd0k`B\x8c\x0c\x88\xb2\xf2{D\xf9\xb2M\xd2\xd6\x85W\xb9^\xd9\xea\xc7W\x0c\xc5\x99Td\x83D\xa1\x00,8\xfaYoh\xff\xb2\x08K\x19\xe6\xcdo\x98\x1c\xaa\xe5\x89\x09G\x9c\xf1\x9f\x0bx\xdc\xf6l\xfc\x1d8\x07b\x0a\x1b\xde1, is_query=0], 9f6848954b37d575a5bcf517cc4de33d54d03575faeafafe0e482d57bba36ca9e28fef05f0dcb1f2e8758c3c76805773614afcc19071721e0bd06b60428c0c88b2f27b44f9b24dd2d68557b95ed9eac7570cc59954648344a1002c38fa596f68ffb2084b19e6cd6f981caae58909479cf19f0b78dcf66cfc1d3807620a1bde31
+RRSIG, [query=www.upenn.edu, answer_type=1, type_covered=5, algorithm=5, labels=3, orig_ttl=5.0 mins, sig_exp=1534786816.0, sig_incep=1532193166.0, key_tag=50475, signer_name=upenn.edu, signature=\xa4\xac\x18\x14\xcac\x9d\x81\xbck[5\x1c\xf53F\x10\xf0w\xec/\xb3Z{\xe5\x11\xff\xfc\xfdu\xa1\xa7o\xdd\x19\x82G2]\xcb[\xcd\xc7\?\xa7,\xc8\xfa;\xdb#=\xc4\x08\xe0WJJ\x19\x87Pp<\xc9\xa8E\xdcM\xb2.\xc1P\xa4\xb7\xe1G\xde<\xb0\xa6>d\xf72\x02\xfd;u\xde\x19\xe8\xda\xe9\x0aAVz!\xa7\xa5\xc2\x8d\xad\xa9\xe1\x87\x136\xd7\xfal\x827\xd1\xb1\xcd\x11c\x15F(\xd0=\x967\xc3\x1b, is_query=0], a4ac1814ca639d81bc6b5b351cf5334610f077ec2fb35a7be511fffcfd75a1a76fdd198247325dcb5bcdc75c3fa72cc8fa3bdb233dc408e0574a4a198750703cc9a845dc4db22ec150a4b7e147de3cb0a63e64f73202fd3b75de19e8dae90a41567a21a7a5c28dada9e1871336d7fa6c8237d1b1cd1163154628d03d9637c31b

testing/btest/Baseline/scripts.base.protocols.dns.nsec3/dns.log

@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dns
+#open	2018-09-21-21-04-55
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected	auth	addl
+#types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool	set[string]	set[string]
+1537560385.602565	CHhAvVGS1DHFjwGM9	192.168.1.102	49324	192.168.1.1	53	udp	9835	-	foobar.sshfp.net	1	C_INTERNET	1	A	3	NXDOMAIN	F	F	T	F	2	-	-	F	ns0.weberdns.de,RRSIG 6 sshfp.net,NSEC3,RRSIG 50 sshfp.net	-
+#close	2018-09-21-21-04-55

testing/btest/Baseline/scripts.base.protocols.dns.nsec3/output

@@ -0,0 +1,5 @@
+NSEC3, [query=vlq247qi8p1tt3a8cgmd7glfndtigsdu.sshfp.net, answer_type=2, nsec_flags=0, nsec_hash_algo=1, nsec_iter=20, nsec_salt_len=16, nsec_salt=\x80c}\x8a\xf0U\xb5\xee\xca*b\x1e\xda\xaa<^, nsec_hlen=20, nsec_hash==\x8a>\xb6\x1a\x9d\xfa\x95\x1aB\xd7w\x9c\x1f\x15\x06\x85\xa0\x19G, bitmaps=[b\x01\x80\x08\x00\x02\x90], is_query=0], 80637d8af055b5eeca2a621edaaa3c5e, 3d8a3eb61a9dfa951a42d7779c1f150685a01947
+RRSIG, [query=vlq247qi8p1tt3a8cgmd7glfndtigsdu.sshfp.net, answer_type=2, type_covered=50, algorithm=10, labels=3, orig_ttl=3.0 mins, sig_exp=1538967745.0, sig_incep=1536374962.0, key_tag=31055, signer_name=sshfp.net, signature=es\xe2\x01:\x10B$|\x93\xdf\xc8\x8c\xc0\x0bk\x8e\x8f\xad\xf44y3\x81x\x11\xeb H\xef\xb5\x941^\xc4\xba\x91\x12\xb7\xcdHua"\xa6\x13o\xe1\x86\xc6z\x80\x9c\xc2\x00\x93\xe2\xaa@\x15YH\xea^0\xfd\xf0:\xbej-\xe2\xb9K\x87wN\xdc\xc3_\x0c\x0ew\x96c\xd2\x09\x0e;i\xbef\xb9\xc22\xdf#\xdfy\xa7\x9f\xc4S\x8d-\x84\xfa0\xd0\xbc\xf3|c3\x04\x9e*\xbd\x82\x9fC\x89`\x15V\x08o\xea\xd6\xd0I\xc5b\x94WpOJ\x82\x12Z\xd6A\xad\x1cV\xb5\x15sCv\xe2Tq>\xffU\x88Ji\xa7I\xd4\xc6$\xb8\xdd\xc1\x8a4_a\xd9\xb6\xdbk\xde\x80\xc7\xad\xea\x16\xe4\xf5\x09\xdd<\x8fR\xcb\x00\x04|\xbc\xc3\xae\xac\xd1+\xc0\xf7\xe3\xad\x09d\xd0!\xc4AL\xfd\xb0=p\x86\x84\x89\x18\xd8\xab\x9d\xbb\xf1\xe4\xd9\x8ak\xfc\xb8\x98a )\xffX\x0cj>D\xe9oi\xbfh\x13`\xfco%0\xc5O\xe2\xa2i\x1b, is_query=0], 6573e2013a1042247c93dfc88cc00b6b8e8fadf4347933817811eb2048efb594315ec4ba9112b7cd48756122a6136fe186c67a809cc20093e2aa40155948ea5e30fdf03abe6a2de2b94b87774edcc35f0c0e779663d2090e3b69be66b9c232df23df79a79fc4538d2d84fa30d0bcf37c6333049e2abd829f4389601556086fead6d049c5629457704f4a82125ad641ad1c56b515734376e254713eff55884a69a749d4c624b8ddc18a345f61d9b6db6bde80c7adea16e4f509dd3c8f52cb00047cbcc3aeacd12bc0f7e3ad0964d021c4414cfdb03d7086848918d8ab9dbbf1e4d98a6bfcb898612029ff580c6a3e44e96f69bf681360fc6f2530c54fe2a2691b
+NSEC3, [query=l0oop5o98lf6fb7e620sabaqf0nctco6.sshfp.net, answer_type=2, nsec_flags=0, nsec_hash_algo=1, nsec_iter=20, nsec_salt_len=16, nsec_salt=\x80c}\x8a\xf0U\xb5\xee\xca*b\x1e\xda\xaa<^, nsec_hlen=20, nsec_hash=\xe6\x0f\x07\xa33z\x0c\xd9kaT^\x12D\x96\xfa\xe35K\xc6, bitmaps=[@\x00\x00\x08\x00\x02], is_query=0], 80637d8af055b5eeca2a621edaaa3c5e, e60f07a3337a0cd96b61545e124496fae3354bc6
+RRSIG, [query=l0oop5o98lf6fb7e620sabaqf0nctco6.sshfp.net, answer_type=2, type_covered=50, algorithm=10, labels=3, orig_ttl=3.0 mins, sig_exp=1539303070.0, sig_incep=1536708214.0, key_tag=31055, signer_name=sshfp.net, signature=V\xa0\x1f\xa69\xd4H\xffWQ1"n\x89\xc5\x14_\x15ow[\xfbv9h\xd4\xcfd|\xfc\x9f\x83Y\x0ax\x81D@\xb5\x9e\x8fQEp\x99\xb6\x91ovG\\x86\xf2W5\xe9\\x99-\xa6\x91\xe7\xd8\x96\x1e\xa9f\x0e\xc82\xde\xb1"\x1bu\x80cL\x95\x06\xae\x9a\x996\xe3\x98\xd6\x10\x1awJ\x0fX\x00z@\xd9\x0b\x93\xda\xcf\xe2i\x8f1\xf5\x99\xf1\xb3S|\x8b\x13\xf3\xed/\xab\xb8\x0b\x04\xc9\xe5Y/\xe7\xcb\x84\x03\xfaB\xf4C\xa5q\xfe\xd6\xed\xc7/\xbd&\xf2;\xad\xcb\xad\xb8q\xd0[O\xdaM\xcf\x89m\x8f\x983\x163\xdb\xf3?\xd6s\xb6D\xe2\x80v\x83M\x136\xd1\xb3>:p0B\xd8\x1d\x07\x87\\x99\x12V\x96\xeb\xb6%\xef^\xebS\xf0\xbb\x1fF\\xc3\x16\xe1\x16T\xa84<c6a\xf6\xf8\x89\xc4\xce\xb4\x81P]D0\xa5:\x08\x81\xaa> \x14\xac\xe7G\x0b:E\x98\x01U\xf8`\x15\xcc(\x83\x19\xce\xba\xb8\x18\xcd\xd5L, is_query=0], 56a01fa639d448ff575131226e89c5145f156f775bfb763968d4cf647cfc9f83590a78814440b59e8f51457099b6916f76475c86f25735e95c992da691e7d8961ea9660ec832deb1221b7580634c9506ae9a9936e398d6101a774a0f58007a40d90b93dacfe2698f31f599f1b3537c8b13f3ed2fabb80b04c9e5592fe7cb8403fa42f443a571fed6edc72fbd26f23badcbadb871d05b4fda4dcf896d8f98331633dbf33fd673b644e28076834d1336d1b33e3a703042d81d07875c99125696ebb625ef5eeb53f0bb1f465cc316e11654a8343c633661f6f889c4ceb481505d4430a53a0881aa3e2014ace7470b3a45980155f86015cc288319cebab818cdd54c
+RRSIG, [query=sshfp.net, answer_type=2, type_covered=6, algorithm=10, labels=2, orig_ttl=1.0 day, sig_exp=1540066160.0, sig_incep=1537470560.0, key_tag=31055, signer_name=sshfp.net, signature=|\x9aJ\xc1\x8c\xc6\x0e\x051l1Jz<\x19\x07Xv\x06\xea\xe5\xf7n\x0b\x09\xc0K\xcf\xa1\x10\xb2\xfb\xa3\x84\xe3\xc9\xeer\xa1Z\x0a\x1a\xb6B\xb6-\x98\x8f\x97\xd4E*\x99a\x0cI\xba\xd3(\xdf\xbe\xaa\xd1\xd4\x1b\xcb\x8a\x96\xe8\xc6\x07\xf2W\xa3\xba\x15^\xf7;\xa9\x99\xeb`@\xe5F`\xcd\xc6\xb5aw\xd8\xc5bkl\xc1 \xa7\x93T\xaa\xbf\x15\x0e\xd8\xf8\x9cY\xdfe\xda\x811\x09\x9a\x10\x10S},E\x94]>\xc2\xecD9\x19\x9al\x9c[\x82\xf1'Ri\x8e\xb4\x0d*\xa4\x07D&%\xa5\xf1\xb18\xd6l\xd6\xee\xbe`\x06\x96\x8cU\xe6\x04y\x84\xf9[\x08\xb9\xb6\xe6P\xba?\x88F\x81I>\xb1\xef\xbf\x993\x0d[O}#s\x83\xa5\x14\xe7_\x98\xdd\xf5}\xf9A\xf1\x1e\xc0\x12\xed\x0b\xf3\x99\x91\x1ay\xaa;\xa4\xef&6\x86y`\xb4\xee\xf2u/\x9c\xda\xfc>\x8d\xdb\xaf\m\x8e]\xb2\xf8\xce\xd9\xa1\x8d\xe6<\xb8\xe5\xb9\x8cEd\x97\xdb\xbd, is_query=0], 7c9a4ac18cc60e05316c314a7a3c1907587606eae5f76e0b09c04bcfa110b2fba384e3c9ee72a15a0a1ab642b62d988f97d4452a99610c49bad328dfbeaad1d41bcb8a96e8c607f257a3ba155ef73ba999eb6040e54660cdc6b56177d8c5626b6cc120a79354aabf150ed8f89c59df65da8131099a1010537d2c45945d3ec2ec4439199a6c9c5b82f12752698eb40d2aa407442625a5f1b138d66cd6eebe6006968c55e6047984f95b08b9b6e650ba3f884681493eb1efbf99330d5b4f7d237383a514e75f98ddf57df941f11ec012ed0bf399911a79aa3ba4ef2636867960b4eef2752f9cdafc3e8ddbaf5c6d8e5db2f8ced9a18de63cb8e5b98c456497dbbd

testing/btest/Baseline/scripts.base.protocols.dns.rrsig/dns.log

@@ -0,0 +1,13 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dns
+#open	2018-09-21-20-48-53
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
+#types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
+1533309955.393636	ClEkJM2Vm5giqnMf4h	35.184.172.191	10267	128.175.13.16	53	udp	17129	0.003405	virgo.sas.upenn.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	128.91.234.142,RRSIG 1 upenn.edu	30.000000,30.000000	F
+1533309959.571738	C4J4Th3PJpwUYZZ6gc	35.184.172.191	50056	128.175.13.16	53	udp	26222	0.003363	virgo.sas.upenn.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	128.91.234.142,RRSIG 1 upenn.edu	30.000000,30.000000	F
+1533309959.968589	CtPZjS20MLrsMUOJi2	35.184.172.191	39975	128.175.13.16	53	udp	27118	0.003748	workfamily.sas.upenn.edu	1	C_INTERNET	1	A	0	NOERROR	T	F	F	F	1	quasar.sas.upenn.edu,RRSIG 5 upenn.edu,128.91.234.145,RRSIG 1 upenn.edu	900.000000,900.000000,30.000000,30.000000	F
+1533309950.391966	CHhAvVGS1DHFjwGM9	35.184.172.191	5386	128.175.13.16	53	udp	62809	-	virgo.sas.upenn.edu	1	C_INTERNET	1	A	-	-	F	F	F	F	1	-	-	F
+#close	2018-09-21-20-48-53

testing/btest/Baseline/scripts.base.protocols.dns.rrsig/output

@@ -0,0 +1,4 @@
+RRSIG, [query=virgo.sas.upenn.edu, answer_type=1, type_covered=1, algorithm=5, labels=4, orig_ttl=30.0 secs, sig_exp=1535441489.0, sig_incep=1532846032.0, key_tag=50475, signer_name=upenn.edu, signature=k:\xbd\\?)\xa4\x03\x1fw\xd4\x18#\x1d\\x9fV\xe6\xc5\x06w\xa7\x97\xb9\xc9\x7f\xa9\xe3<\xc8h\xf8\x81\xd5D\x09\Z\x19\x0a\xb7\x87`\x9d\xcbp\x9c\xcf\xcc\xf1#J\xc6\xd1P{\x11\xf5J\xcb\x02\x14n"y\x0e\xcb\x8f\x1cR\x14;B\x94]\xda\x9d~\x93\xe9\x96*U\xc7\xa7\xde\x02\xfeD\xbb\xab\xfa\xc2In\xed?\x8e\xe3D\xfb\xf1\xd3I\x9dj\xab\xcan\xa7\x16\xd4M]\xe0\xc5\xcbm\xf6\xd0\x8cAV\xaau\xa2\xd4, is_query=0], 6b3abd5c5c3f29a4031f77d418231d5c9f56e6c50677a797b9c97fa9e33cc868f881d544095c5a190ab787609dcb709ccfccf1234ac6d1507b11f54acb02146e22790ecb8f1c52143b42945dda9d7e93e9962a55c7a7de02fe44bbabfac2496eed3f8ee344fbf1d3499d6aabca6ea716d44d5de0c5cb6df6d08c4156aa75a2d4
+RRSIG, [query=virgo.sas.upenn.edu, answer_type=1, type_covered=1, algorithm=5, labels=4, orig_ttl=30.0 secs, sig_exp=1535441489.0, sig_incep=1532846032.0, key_tag=50475, signer_name=upenn.edu, signature=k:\xbd\\?)\xa4\x03\x1fw\xd4\x18#\x1d\\x9fV\xe6\xc5\x06w\xa7\x97\xb9\xc9\x7f\xa9\xe3<\xc8h\xf8\x81\xd5D\x09\Z\x19\x0a\xb7\x87`\x9d\xcbp\x9c\xcf\xcc\xf1#J\xc6\xd1P{\x11\xf5J\xcb\x02\x14n"y\x0e\xcb\x8f\x1cR\x14;B\x94]\xda\x9d~\x93\xe9\x96*U\xc7\xa7\xde\x02\xfeD\xbb\xab\xfa\xc2In\xed?\x8e\xe3D\xfb\xf1\xd3I\x9dj\xab\xcan\xa7\x16\xd4M]\xe0\xc5\xcbm\xf6\xd0\x8cAV\xaau\xa2\xd4, is_query=0], 6b3abd5c5c3f29a4031f77d418231d5c9f56e6c50677a797b9c97fa9e33cc868f881d544095c5a190ab787609dcb709ccfccf1234ac6d1507b11f54acb02146e22790ecb8f1c52143b42945dda9d7e93e9962a55c7a7de02fe44bbabfac2496eed3f8ee344fbf1d3499d6aabca6ea716d44d5de0c5cb6df6d08c4156aa75a2d4
+RRSIG, [query=workfamily.sas.upenn.edu, answer_type=1, type_covered=5, algorithm=5, labels=4, orig_ttl=15.0 mins, sig_exp=1534263016.0, sig_incep=1531669322.0, key_tag=50475, signer_name=upenn.edu, signature='I\xe2_d\xe4\xe6S\x85\xe5\x8a\xe2w\xcd\xd4\xe0\xc4j7<\xf8\x02\xf2\xc1\x07\x9d\x05\xe8\x84\x01\xe8|t\x98\x07\xdb5\xba\xf3T\xcc%\x91\x0d&\xe3\x8f\xfd@ZS\xf7\xf4\xa9\xe6\xe6\x13\x17\x99^\xd8\xa7g\xe2\xa5+\xcb\x9cyZ\xeb$4\xfd}\xa5\xe4N\xa8\xb9\xb63\x8a\xebe\x0f\xd8\x80\xd4\xa8\x13#S\xe57d\xd8\xd8\x08\xa2%\x0c\x99K\xa7!\x08\xac\x1byi!\xe0\xeb\x9cX\xfc\xd8E\xdeH\xf4\xad\xc8/#\x19a, is_query=0], 2749e25f64e4e65385e58ae277cdd4e0c46a373cf802f2c1079d05e88401e87c749807db35baf354cc25910d26e38ffd405a53f7f4a9e6e61317995ed8a767e2a52bcb9c795aeb2434fd7da5e44ea8b9b6338aeb650fd880d4a8132353e53764d8d808a2250c994ba72108ac1b796921e0eb9c58fcd845de48f4adc82f231961
+RRSIG, [query=quasar.sas.upenn.edu, answer_type=1, type_covered=1, algorithm=5, labels=4, orig_ttl=30.0 secs, sig_exp=1535438502.0, sig_incep=1532845422.0, key_tag=50475, signer_name=upenn.edu, signature=a8"\x80\xc3\x92\xa3\x83lu{H>\xd4\xc3H\x8d.\xb4\x96/E\x09\x99\x9d\x0c\x17\xdd\x10\xb8ZT&\xb1H\x10\x1ak,\x98\x0d\xaf\x8dx}\xac\xf9\x9asyf\xce\xf8L\x04\x06\xc5y\xc4A,\xf6|\xaa\xc3tG\xb6\xcc^\xae\x9e\xb2\xb6ok`V\x15b\xd6\xab\xa4\xe3\x04\xe6\x019\xaf\x9f\xb0\xf6yM {P\xb0C\xa0\x85CVR\xfd\x97@,\xe0\xad\xdc7\xa4\xfc\x12\xc4\xee2)\x12\xefIkk\xdaA11, is_query=0], 61382280c392a3836c757b483ed4c3488d2eb4962f4509999d0c17dd10b85a5426b148101a6b2c980daf8d787dacf99a737966cef84c0406c579c4412cf67caac37447b6cc5eae9eb2b66f6b60561562d6aba4e304e60139af9fb0f6794d207b50b043a085435652fd97402ce0addc37a4fc12c4ee322912ef496b6bda413131

testing/btest/README

@@ -20,17 +20,17 @@ Significant Subdirectories
 	Packet captures utilized by the various BTest tests.
 
 * scripts/
-    This hierarchy of tests emulates the hierarchy of the Bro scripts/
-    directory.
+	This hierarchy of tests emulates the hierarchy of the Bro scripts/
+	directory.
 
 * coverage/
-    This collection of tests relates to checking whether we're covering
-    everything we want to in terms of tests, documentation, and which
-    scripts get loaded in different Bro configurations.  These tests are
-    more prone to fail as new Bro scripts are developed and added to the
-    distribution -- checking the individual test's comments is the best
-    place to check for more details on what exactly the test is checking
-    and hints on how to fix it when it fails.
+	This collection of tests relates to checking whether we're covering
+	everything we want to in terms of tests, documentation, and which
+	scripts get loaded in different Bro configurations.  These tests are
+	more prone to fail as new Bro scripts are developed and added to the
+	distribution -- checking the individual test's comments is the best
+	place to check for more details on what exactly the test is checking
+	and hints on how to fix it when it fails.
 
 Running Tests
 =============

testing/btest/bifs/records_fields.bro

@@ -2,19 +2,45 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out
 
+type myrec: record {
+	myfield: bool;
+};
+
+type tt: record {
+	a: bool;
+	b: string &default="Bar";
+	c: double &optional;
+	d: string &log;
+	m: myrec;
+};
+
 type r: record {
 	a: count;
 	b: string &default="Foo";
 	c: double &optional;
 	d: string &log;
+	e: any;
 };
 
+type mystring: string;
+
 event bro_init()
 {
-    local x: r = [$a=42, $d="Bar"];
+    local x: r = [$a=42, $d="Bar", $e=tt];
     print x;
     local t: record_field_table;
     t = record_fields(x);
     print t;
     print t["c"]?$value;
+
+    t = record_fields(x$e);
+    print t;
+    t = record_fields(tt);
+    print t;
+
+    x = [$a=42, $d="Bar", $e=mystring];
+    t = record_fields(x);
+    print t;
+    t = record_fields(x$e);
+    print t;
 }

testing/btest/core/leaks/dns-nsec3.bro

@@ -0,0 +1,40 @@
+# Needs perftools support.
+#
+# @TEST-GROUP: leaks
+#
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -C -m -r $TRACES/dnssec/nsec3.pcap %INPUT
+# @TEST-EXEC: btest-bg-wait 60
+
+@load policy/protocols/dns/auth-addl
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
+	{
+	print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
+	{
+	print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
+	{
+	print "NSEC", next_name, bitmaps;
+
+	for ( i in bitmaps )
+		print bytestring_to_hexstr(bitmaps[i]);
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
+	{
+	print "NSEC3", nsec3,
+	      bytestring_to_hexstr(nsec3$nsec_salt),
+	      bytestring_to_hexstr(nsec3$nsec_hash);
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
+	{
+	print "DS", ds, bytestring_to_hexstr(ds$digest_val);
+	}

testing/btest/plugins/file-plugin/src/Plugin.cc

@@ -16,5 +16,6 @@ plugin::Configuration Plugin::Configure()
 	config.description = "A Foo test analyzer";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}

testing/btest/plugins/hooks-plugin/src/Plugin.cc

@@ -29,6 +29,7 @@ plugin::Configuration Plugin::Configure()
 	config.description = "Exercises all plugin hooks";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}
 

testing/btest/plugins/logging-hooks-plugin/src/Plugin.cc

@@ -21,6 +21,7 @@ plugin::Configuration Plugin::Configure()
 	config.description = "Exercises Log hooks";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}
 

testing/btest/plugins/pktdumper-plugin/src/Plugin.cc

@@ -16,5 +16,6 @@ plugin::Configuration Plugin::Configure()
 	config.description = "A Foo packet dumper";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}

testing/btest/plugins/pktsrc-plugin/src/Plugin.cc

@@ -16,5 +16,6 @@ plugin::Configuration Plugin::Configure()
 	config.description = "A Foo packet source";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}

testing/btest/plugins/plugin-nopatchversion-plugin/src/Plugin.cc

@@ -0,0 +1,16 @@
+
+#include "Plugin.h"
+
+namespace plugin { namespace Testing_NoPatchVersion { Plugin plugin; } }
+
+using namespace plugin::Testing_NoPatchVersion;
+
+plugin::Configuration Plugin::Configure()
+	{
+	plugin::Configuration config;
+	config.name = "Testing::NoPatchVersion";
+	config.description = "Testing a plugin without a specified patch version";
+	config.version.major = 0;
+	config.version.minor = 1;
+	return config;
+	}

testing/btest/plugins/plugin-nopatchversion.bro

@@ -0,0 +1,5 @@
+# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing NoPatchVersion
+# @TEST-EXEC: cp -r %DIR/plugin-nopatchversion-plugin/* .
+# @TEST-EXEC: ./configure --bro-dist=${DIST} && make
+# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) bro -N Testing::NoPatchVersion >> output
+# @TEST-EXEC: btest-diff output

testing/btest/plugins/plugin-withpatchversion-plugin/src/Plugin.cc

@@ -0,0 +1,17 @@
+
+#include "Plugin.h"
+
+namespace plugin { namespace Testing_WithPatchVersion { Plugin plugin; } }
+
+using namespace plugin::Testing_WithPatchVersion;
+
+plugin::Configuration Plugin::Configure()
+	{
+	plugin::Configuration config;
+	config.name = "Testing::WithPatchVersion";
+	config.description = "Testing a plugin with a specified patch version";
+	config.version.major = 0;
+	config.version.minor = 1;
+	config.version.patch = 4;
+	return config;
+	}

testing/btest/plugins/plugin-withpatchversion.bro

@@ -0,0 +1,5 @@
+# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing WithPatchVersion
+# @TEST-EXEC: cp -r %DIR/plugin-withpatchversion-plugin/* .
+# @TEST-EXEC: ./configure --bro-dist=${DIST} && make
+# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) bro -N Testing::WithPatchVersion >> output
+# @TEST-EXEC: btest-diff output

testing/btest/plugins/protocol-plugin/src/Plugin.cc

@@ -16,5 +16,6 @@ plugin::Configuration Plugin::Configure()
 	config.description = "A Foo test analyzer";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}

testing/btest/plugins/reader-plugin/src/Plugin.cc

@@ -15,5 +15,6 @@ plugin::Configuration Plugin::Configure()
 	config.description = "A Foo test input reader";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}

testing/btest/plugins/reporter-hook-plugin/src/Plugin.cc

@@ -19,6 +19,7 @@ plugin::Configuration Plugin::Configure()
 	config.description = "Exercise Reporter Hook";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}
 

testing/btest/plugins/writer-plugin/src/Plugin.cc

@@ -15,5 +15,6 @@ plugin::Configuration Plugin::Configure()
 	config.description = "A Foo test logging writer";
 	config.version.major = 1;
 	config.version.minor = 0;
+	config.version.patch = 0;
 	return config;
 	}

testing/btest/scripts/base/protocols/dns/dns-key.bro

@@ -1,4 +1,4 @@
 # Making sure DNSKEY gets logged as such.
 #
-# @TEST-EXEC: bro -r $TRACES/dns-dnskey.trace
+# @TEST-EXEC: bro -r $TRACES/dnssec/dnskey2.pcap
 # @TEST-EXEC: btest-diff dns.log

testing/btest/scripts/base/protocols/dns/dnskey.bro

@@ -0,0 +1,35 @@
+# @TEST-EXEC: bro -C -r $TRACES/dnssec/dnskey.pcap %INPUT > output
+# @TEST-EXEC: btest-diff dns.log
+# @TEST-EXEC: btest-diff output
+
+#@load policy/protocols/dns/auth-addl
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
+	{
+	print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
+	{
+	print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
+	{
+	print "NSEC", next_name, bitmaps;
+
+	for ( i in bitmaps )
+		print bytestring_to_hexstr(bitmaps[i]);
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
+	{
+	print "NSEC3", nsec3,
+	      bytestring_to_hexstr(nsec3$nsec_salt),
+	      bytestring_to_hexstr(nsec3$nsec_hash);
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
+	{
+	print "DS", ds, bytestring_to_hexstr(ds$digest_val);
+	}

testing/btest/scripts/base/protocols/dns/ds.bro

@@ -0,0 +1,35 @@
+# @TEST-EXEC: bro -C -r $TRACES/dnssec/ds.pcap %INPUT > output
+# @TEST-EXEC: btest-diff dns.log
+# @TEST-EXEC: btest-diff output
+
+#@load policy/protocols/dns/auth-addl
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
+	{
+	print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
+	{
+	print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
+	{
+	print "NSEC", next_name, bitmaps;
+
+	for ( i in bitmaps )
+		print bytestring_to_hexstr(bitmaps[i]);
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
+	{
+	print "NSEC3", nsec3,
+	      bytestring_to_hexstr(nsec3$nsec_salt),
+	      bytestring_to_hexstr(nsec3$nsec_hash);
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
+	{
+	print "DS", ds, bytestring_to_hexstr(ds$digest_val);
+	}

testing/btest/scripts/base/protocols/dns/duplicate-reponses.bro

@@ -2,4 +2,3 @@
 #
 # @TEST-EXEC: bro -r $TRACES/dns-two-responses.trace
 # @TEST-EXEC: btest-diff dns.log
-# @TEST-EXEC: btest-diff weird.log

testing/btest/scripts/base/protocols/dns/nsec.bro

@@ -0,0 +1,35 @@
+# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec.pcap %INPUT > output
+# @TEST-EXEC: btest-diff dns.log
+# @TEST-EXEC: btest-diff output
+
+@load policy/protocols/dns/auth-addl
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
+	{
+	print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
+	{
+	print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
+	{
+	print "NSEC", next_name, bitmaps;
+
+	for ( i in bitmaps )
+		print bytestring_to_hexstr(bitmaps[i]);
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
+	{
+	print "NSEC3", nsec3,
+	      bytestring_to_hexstr(nsec3$nsec_salt),
+	      bytestring_to_hexstr(nsec3$nsec_hash);
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
+	{
+	print "DS", ds, bytestring_to_hexstr(ds$digest_val);
+	}

testing/btest/scripts/base/protocols/dns/nsec3.bro

@@ -0,0 +1,35 @@
+# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec3.pcap %INPUT > output
+# @TEST-EXEC: btest-diff dns.log
+# @TEST-EXEC: btest-diff output
+
+@load policy/protocols/dns/auth-addl
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
+	{
+	print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
+	{
+	print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
+	{
+	print "NSEC", next_name, bitmaps;
+
+	for ( i in bitmaps )
+		print bytestring_to_hexstr(bitmaps[i]);
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
+	{
+	print "NSEC3", nsec3,
+	      bytestring_to_hexstr(nsec3$nsec_salt),
+	      bytestring_to_hexstr(nsec3$nsec_hash);
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
+	{
+	print "DS", ds, bytestring_to_hexstr(ds$digest_val);
+	}

testing/btest/scripts/base/protocols/dns/rrsig.bro

@@ -0,0 +1,35 @@
+# @TEST-EXEC: bro -C -r $TRACES/dnssec/rrsig.pcap %INPUT > output
+# @TEST-EXEC: btest-diff dns.log
+# @TEST-EXEC: btest-diff output
+
+#@load policy/protocols/dns/auth-addl
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
+	{
+	print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
+	{
+	print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
+	{
+	print "NSEC", next_name, bitmaps;
+
+	for ( i in bitmaps )
+		print bytestring_to_hexstr(bitmaps[i]);
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
+	{
+	print "NSEC3", nsec3,
+	      bytestring_to_hexstr(nsec3$nsec_salt),
+	      bytestring_to_hexstr(nsec3$nsec_hash);
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
+	{
+	print "DS", ds, bytestring_to_hexstr(ds$digest_val);
+	}