Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

continue finetuning of interface + adjust tests.

Browse source 
streaming + re-reading do not seem to work completely correctly + there are still some strange random crashes.
This commit is contained in:
Bernhard Amann 2012-03-16 23:43:13 -07:00
parent e59aed6ce3
commit 29f56b4986
15 changed files with 251 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

49
testing/btest/Baseline/scripts.base.frameworks.input.event/out
View file

@ -1,21 +1,70 @@
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW Input::EVENT_NEW
1 1
T T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW Input::EVENT_NEW
2 2
T T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW Input::EVENT_NEW
3 3
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW Input::EVENT_NEW
4 4
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW Input::EVENT_NEW
5 5
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW Input::EVENT_NEW
6 6
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW Input::EVENT_NEW
7 7
T T

56
testing/btest/Baseline/scripts.base.frameworks.input.raw/out
View file

@ -1,8 +1,64 @@
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
q3r3057fdf q3r3057fdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
sdfs\d sdfs\d
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
dfsdf dfsdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
sdf sdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
3rw43wRRERLlL#RWERERERE. 3rw43wRRERLlL#RWERERERE.

105
testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out
View file

@ -1,21 +1,126 @@
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW Input::EVENT_NEW
[i=1] [i=1]
T T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW Input::EVENT_NEW
[i=2] [i=2]
T T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW Input::EVENT_NEW
[i=3] [i=3]
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW Input::EVENT_NEW
[i=4] [i=4]
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW Input::EVENT_NEW
[i=5] [i=5]
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW Input::EVENT_NEW
[i=6] [i=6]
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW Input::EVENT_NEW
[i=7] [i=7]
T T

2
testing/btest/scripts/base/frameworks/input/basic.bro
View file

@ -45,6 +45,6 @@ event bro_init()
Input::remove("ssh"); Input::remove("ssh");
} }
event Input::update_finished(id: string) { event Input::update_finished(name: string, source:string) {
print servers; print servers;
} }

13
testing/btest/scripts/base/frameworks/input/event.bro
View file

@ -1,5 +1,5 @@
# #
# @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -19,16 +19,13 @@
module A; module A;
export {
redef enum Input::ID += { INPUT };
}
type Val: record { type Val: record {
i: int; i: int;
b: bool; b: bool;
}; };
event line(tpe: Input::Event, i: int, b: bool) { event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: bool) {
print description;
print tpe; print tpe;
print i; print i;
print b; print b;
@ -36,6 +33,6 @@ event line(tpe: Input::Event, i: int, b: bool) {
event bro_init() event bro_init()
{ {
Input::create_stream(A::INPUT, [$source="input.log"]); Input::add_event([$source="input.log", $name="input", $fields=Val, $ev=line]);
Input::add_eventfilter(A::INPUT, [$name="input", $fields=Val, $ev=line]); Input::remove("input");
} }

13
testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro
View file

@ -1,5 +1,5 @@
# #
# @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -14,10 +14,6 @@ redef InputAscii::empty_field = "EMPTY";
module A; module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record { type Idx: record {
i: int; i: int;
}; };
@ -30,12 +26,11 @@ global servers: table[int] of Val = table();
event bro_init() event bro_init()
{ {
# first read in the old stuff into the table... Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]);
Input::create_stream(A::INPUT, [$source="input.log"]); Input::remove("input");
Input::add_tablefilter(A::INPUT, [$name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]);
} }
event Input::update_finished(id: Input::ID) { event Input::update_finished(name: string, source: string) {
print servers; print servers;
} }

11
testing/btest/scripts/base/frameworks/input/onecolumn-record.bro
View file

@ -14,10 +14,6 @@ redef InputAscii::empty_field = "EMPTY";
module A; module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record { type Idx: record {
i: int; i: int;
}; };
@ -30,12 +26,11 @@ global servers: table[int] of Val = table();
event bro_init() event bro_init()
{ {
# first read in the old stuff into the table... Input::add_table([$name="input", $source="input.log", $idx=Idx, $val=Val, $destination=servers]);
Input::create_stream(A::INPUT, [$source="input.log"]); Input::remove("input");
Input::add_tablefilter(A::INPUT, [$name="input", $idx=Idx, $val=Val, $destination=servers]);
} }
event Input::update_finished(id: Input::ID) { event Input::update_finished(name: string, source: string) {
print servers; print servers;
} }

15
testing/btest/scripts/base/frameworks/input/port.bro
View file

@ -1,5 +1,5 @@
# #
# @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -13,10 +13,6 @@ redef InputAscii::empty_field = "EMPTY";
module A; module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record { type Idx: record {
i: addr; i: addr;
}; };
@ -29,17 +25,14 @@ global servers: table[addr] of Val = table();
event bro_init() event bro_init()
{ {
# first read in the old stuff into the table... Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]);
Input::create_stream(A::INPUT, [$source="input.log"]);
Input::add_tablefilter(A::INPUT, [$name="input", $idx=Idx, $val=Val, $destination=servers]);
print servers[1.2.3.4]; print servers[1.2.3.4];
print servers[1.2.3.5]; print servers[1.2.3.5];
print servers[1.2.3.6]; print servers[1.2.3.6];
Input::remove_tablefilter(A::INPUT, "input"); Input::remove("input");
Input::remove_stream(A::INPUT);
} }
event Input::update_finished(id: Input::ID) { event Input::update_finished(name: string, source: string) {
print servers[1.2.3.4]; print servers[1.2.3.4];
print servers[1.2.3.5]; print servers[1.2.3.5];
print servers[1.2.3.6]; print servers[1.2.3.6];

11
testing/btest/scripts/base/frameworks/input/predicate-stream.bro
View file

@ -23,10 +23,6 @@ redef InputAscii::empty_field = "EMPTY";
module A; module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record { type Idx: record {
i: int; i: int;
}; };
@ -38,7 +34,7 @@ type Val: record {
global servers: table[int] of Val = table(); global servers: table[int] of Val = table();
global ct: int; global ct: int;
event line(tpe: Input::Event, left: Idx, right: bool) { event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) {
ct = ct + 1; ct = ct + 1;
if ( ct < 3 ) { if ( ct < 3 ) {
return; return;
@ -75,9 +71,10 @@ event bro_init()
{ {
ct = 0; ct = 0;
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::create_stream(A::INPUT, [$source="input.log", $mode=Input::STREAM]); Input::add_table([$source="input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line,
Input::add_tablefilter(A::INPUT, [$name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line,
$pred(typ: Input::Event, left: Idx, right: bool) = { return right; } $pred(typ: Input::Event, left: Idx, right: bool) = { return right; }
]); ]);
Input::remove("input");
} }

12
testing/btest/scripts/base/frameworks/input/predicate.bro
View file

@ -1,5 +1,5 @@
# #
# @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -20,10 +20,6 @@ redef InputAscii::empty_field = "EMPTY";
module A; module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record { type Idx: record {
i: int; i: int;
}; };
@ -37,13 +33,13 @@ global servers: table[int] of Val = table();
event bro_init() event bro_init()
{ {
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::create_stream(A::INPUT, [$source="input.log"]); Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F,
Input::add_tablefilter(A::INPUT, [$name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F,
$pred(typ: Input::Event, left: Idx, right: bool) = { return right; } $pred(typ: Input::Event, left: Idx, right: bool) = { return right; }
]); ]);
Input::remove("input");
} }
event Input::update_finished(id: Input::ID) { event Input::update_finished(name: string, source: string) {
if ( 1 in servers ) { if ( 1 in servers ) {
print "VALID"; print "VALID";
} }

2
testing/btest/scripts/base/frameworks/input/raw.bro
View file

@ -22,10 +22,12 @@ type Val: record {
event line(description: Input::EventDescription, tpe: Input::Event, s: string) { event line(description: Input::EventDescription, tpe: Input::Event, s: string) {
print description; print description;
print tpe;
print s; print s;
} }
event bro_init() event bro_init()
{ {
Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]); Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
Input::remove("input");
} }

15
testing/btest/scripts/base/frameworks/input/reread.bro
View file

@ -62,10 +62,6 @@ redef InputAscii::empty_field = "EMPTY";
module A; module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record { type Idx: record {
i: int; i: int;
}; };
@ -94,8 +90,9 @@ global outfile: file;
global try: count; global try: count;
event line(tpe: Input::Event, left: Idx, right: Val) { event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) {
print outfile, "============EVENT============"; print outfile, "============EVENT============";
#print outfile, description;
print outfile, tpe; print outfile, tpe;
print outfile, left; print outfile, left;
print outfile, right; print outfile, right;
@ -106,8 +103,7 @@ event bro_init()
outfile = open ("../out"); outfile = open ("../out");
try = 0; try = 0;
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::create_stream(A::INPUT, [$source="../input.log", $mode=Input::REREAD]); Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line,
Input::add_tablefilter(A::INPUT, [$name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line,
$pred(typ: Input::Event, left: Idx, right: Val) = { $pred(typ: Input::Event, left: Idx, right: Val) = {
print outfile, "============PREDICATE============"; print outfile, "============PREDICATE============";
print outfile, typ; print outfile, typ;
@ -119,7 +115,7 @@ event bro_init()
} }
event Input::update_finished(id: Input::ID) { event Input::update_finished(name: string, source: string) {
print outfile, "==========SERVERS============"; print outfile, "==========SERVERS============";
print outfile, servers; print outfile, servers;
@ -127,7 +123,6 @@ event Input::update_finished(id: Input::ID) {
if ( try == 5 ) { if ( try == 5 ) {
print outfile, "done"; print outfile, "done";
close(outfile); close(outfile);
Input::remove_tablefilter(A::INPUT, "ssh"); Input::remove("input");
Input::remove_stream(A::INPUT);
} }
} }

12
testing/btest/scripts/base/frameworks/input/stream.bro
View file

@ -28,10 +28,6 @@ redef InputAscii::empty_field = "EMPTY";
module A; module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record { type Idx: record {
i: int; i: int;
}; };
@ -60,7 +56,7 @@ global outfile: file;
global try: count; global try: count;
event line(tpe: Input::Event, left: Idx, right: Val) { event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) {
print outfile, "============EVENT============"; print outfile, "============EVENT============";
print outfile, tpe; print outfile, tpe;
print outfile, left; print outfile, left;
@ -73,8 +69,7 @@ event line(tpe: Input::Event, left: Idx, right: Val) {
if ( try == 3 ) { if ( try == 3 ) {
print outfile, "done"; print outfile, "done";
close(outfile); close(outfile);
Input::remove_tablefilter(A::INPUT, "ssh"); Input::remove("input");
Input::remove_stream(A::INPUT);
} }
} }
@ -83,7 +78,6 @@ event bro_init()
outfile = open ("../out"); outfile = open ("../out");
try = 0; try = 0;
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::create_stream(A::INPUT, [$source="../input.log", $mode=Input::STREAM]); Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line]);
Input::add_tablefilter(A::INPUT, [$name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line]);
} }

15
testing/btest/scripts/base/frameworks/input/tableevent.bro
View file

@ -1,5 +1,5 @@
# #
# @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -18,12 +18,6 @@
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
module A;
export {
redef enum Log::ID += { LOG };
}
type Idx: record { type Idx: record {
i: int; i: int;
}; };
@ -34,7 +28,8 @@ type Val: record {
global destination: table[int] of Val = table(); global destination: table[int] of Val = table();
event line(tpe: Input::Event, left: Idx, right: bool) { event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) {
print description;
print tpe; print tpe;
print left; print left;
print right; print right;
@ -42,6 +37,6 @@ event line(tpe: Input::Event, left: Idx, right: bool) {
event bro_init() event bro_init()
{ {
Input::create_stream(A::LOG, [$source="input.log"]); Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]);
Input::add_tablefilter(A::LOG, [$name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]); Input::remove("input");
} }

6
testing/btest/scripts/base/frameworks/input/twofilters.bro
View file

@ -20,10 +20,6 @@ redef InputAscii::empty_field = "EMPTY";
module A; module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record { type Idx: record {
i: int; i: int;
}; };
@ -49,7 +45,7 @@ event bro_init()
Input::force_update(A::INPUT); Input::force_update(A::INPUT);
} }
event Input::update_finished(id: Input::ID) { event Input::update_finished(name: string, source: string) {
if ( done == T ) { if ( done == T ) {
return; return;
} }