Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

continue finetuning of interface + adjust tests.

Browse source 
streaming + re-reading do not seem to work completely correctly + there are still some strange random crashes.
This commit is contained in:
Bernhard Amann 2012-03-16 23:43:13 -07:00
parent e59aed6ce3
commit 29f56b4986
15 changed files with 251 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

49
testing/btest/Baseline/scripts.base.frameworks.input.event/out
View file

@ -1,21 +1,70 @@
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW
1
T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW
2
T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW
3
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW
4
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW
5
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW
6
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
}]
Input::EVENT_NEW
7
T

56
testing/btest/Baseline/scripts.base.frameworks.input.raw/out
View file

@ -1,8 +1,64 @@
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
q3r3057fdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
sdfs\d
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
dfsdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
sdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
}]
Input::EVENT_NEW
3rw43wRRERLlL#RWERERERE.

105
testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out
View file

@ -1,21 +1,126 @@
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW
[i=1]
T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW
[i=2]
T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW
[i=3]
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW
[i=4]
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW
[i=5]
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW
[i=6]
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
[7] = T,
[1] = T,
[5] = F,
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
}, pred=<uninitialized>]
Input::EVENT_NEW
[i=7]
T

2
testing/btest/scripts/base/frameworks/input/basic.bro
View file

@ -45,6 +45,6 @@ event bro_init()
Input::remove("ssh");
}
event Input::update_finished(id: string) {
event Input::update_finished(name: string, source:string) {
print servers;
}

13
testing/btest/scripts/base/frameworks/input/event.bro
View file

@ -1,5 +1,5 @@
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -19,16 +19,13 @@
module A;
export {
redef enum Input::ID += { INPUT };
}
type Val: record {
i: int;
b: bool;
};
event line(tpe: Input::Event, i: int, b: bool) {
event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: bool) {
print description;
print tpe;
print i;
print b;
@ -36,6 +33,6 @@ event line(tpe: Input::Event, i: int, b: bool) {
event bro_init()
{
Input::create_stream(A::INPUT, [$source="input.log"]);
Input::add_eventfilter(A::INPUT, [$name="input", $fields=Val, $ev=line]);
Input::add_event([$source="input.log", $name="input", $fields=Val, $ev=line]);
Input::remove("input");
}

13
testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro
View file

@ -1,5 +1,5 @@
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -14,10 +14,6 @@ redef InputAscii::empty_field = "EMPTY";
module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record {
i: int;
};
@ -30,12 +26,11 @@ global servers: table[int] of Val = table();
event bro_init()
{
# first read in the old stuff into the table...
Input::create_stream(A::INPUT, [$source="input.log"]);
Input::add_tablefilter(A::INPUT, [$name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]);
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]);
Input::remove("input");
}
event Input::update_finished(id: Input::ID) {
event Input::update_finished(name: string, source: string) {
print servers;
}

11
testing/btest/scripts/base/frameworks/input/onecolumn-record.bro
View file

@ -14,10 +14,6 @@ redef InputAscii::empty_field = "EMPTY";
module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record {
i: int;
};
@ -30,12 +26,11 @@ global servers: table[int] of Val = table();
event bro_init()
{
# first read in the old stuff into the table...
Input::create_stream(A::INPUT, [$source="input.log"]);
Input::add_tablefilter(A::INPUT, [$name="input", $idx=Idx, $val=Val, $destination=servers]);
Input::add_table([$name="input", $source="input.log", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("input");
}
event Input::update_finished(id: Input::ID) {
event Input::update_finished(name: string, source: string) {
print servers;
}

15
testing/btest/scripts/base/frameworks/input/port.bro
View file

@ -1,5 +1,5 @@
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -13,10 +13,6 @@ redef InputAscii::empty_field = "EMPTY";
module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record {
i: addr;
};
@ -29,17 +25,14 @@ global servers: table[addr] of Val = table();
event bro_init()
{
# first read in the old stuff into the table...
Input::create_stream(A::INPUT, [$source="input.log"]);
Input::add_tablefilter(A::INPUT, [$name="input", $idx=Idx, $val=Val, $destination=servers]);
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]);
print servers[1.2.3.4];
print servers[1.2.3.5];
print servers[1.2.3.6];
Input::remove_tablefilter(A::INPUT, "input");
Input::remove_stream(A::INPUT);
Input::remove("input");
}
event Input::update_finished(id: Input::ID) {
event Input::update_finished(name: string, source: string) {
print servers[1.2.3.4];
print servers[1.2.3.5];
print servers[1.2.3.6];

11
testing/btest/scripts/base/frameworks/input/predicate-stream.bro
View file

@ -23,10 +23,6 @@ redef InputAscii::empty_field = "EMPTY";
module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record {
i: int;
};
@ -38,7 +34,7 @@ type Val: record {
global servers: table[int] of Val = table();
global ct: int;
event line(tpe: Input::Event, left: Idx, right: bool) {
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) {
ct = ct + 1;
if ( ct < 3 ) {
return;
@ -75,9 +71,10 @@ event bro_init()
{
ct = 0;
# first read in the old stuff into the table...
Input::create_stream(A::INPUT, [$source="input.log", $mode=Input::STREAM]);
Input::add_tablefilter(A::INPUT, [$name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line,
Input::add_table([$source="input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line,
$pred(typ: Input::Event, left: Idx, right: bool) = { return right; }
]);
Input::remove("input");
}

12
testing/btest/scripts/base/frameworks/input/predicate.bro
View file

@ -1,5 +1,5 @@
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -20,10 +20,6 @@ redef InputAscii::empty_field = "EMPTY";
module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record {
i: int;
};
@ -37,13 +33,13 @@ global servers: table[int] of Val = table();
event bro_init()
{
# first read in the old stuff into the table...
Input::create_stream(A::INPUT, [$source="input.log"]);
Input::add_tablefilter(A::INPUT, [$name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F,
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F,
$pred(typ: Input::Event, left: Idx, right: bool) = { return right; }
]);
Input::remove("input");
}
event Input::update_finished(id: Input::ID) {
event Input::update_finished(name: string, source: string) {
if ( 1 in servers ) {
print "VALID";
}

2
testing/btest/scripts/base/frameworks/input/raw.bro
View file

@ -22,10 +22,12 @@ type Val: record {
event line(description: Input::EventDescription, tpe: Input::Event, s: string) {
print description;
print tpe;
print s;
}
event bro_init()
{
Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
Input::remove("input");
}

15
testing/btest/scripts/base/frameworks/input/reread.bro
View file

@ -62,10 +62,6 @@ redef InputAscii::empty_field = "EMPTY";
module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record {
i: int;
};
@ -94,8 +90,9 @@ global outfile: file;
global try: count;
event line(tpe: Input::Event, left: Idx, right: Val) {
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) {
print outfile, "============EVENT============";
#print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
@ -106,8 +103,7 @@ event bro_init()
outfile = open ("../out");
try = 0;
# first read in the old stuff into the table...
Input::create_stream(A::INPUT, [$source="../input.log", $mode=Input::REREAD]);
Input::add_tablefilter(A::INPUT, [$name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line,
Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line,
$pred(typ: Input::Event, left: Idx, right: Val) = {
print outfile, "============PREDICATE============";
print outfile, typ;
@ -119,7 +115,7 @@ event bro_init()
}
event Input::update_finished(id: Input::ID) {
event Input::update_finished(name: string, source: string) {
print outfile, "==========SERVERS============";
print outfile, servers;
@ -127,7 +123,6 @@ event Input::update_finished(id: Input::ID) {
if ( try == 5 ) {
print outfile, "done";
close(outfile);
Input::remove_tablefilter(A::INPUT, "ssh");
Input::remove_stream(A::INPUT);
Input::remove("input");
}
}

12
testing/btest/scripts/base/frameworks/input/stream.bro
View file

@ -28,10 +28,6 @@ redef InputAscii::empty_field = "EMPTY";
module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record {
i: int;
};
@ -60,7 +56,7 @@ global outfile: file;
global try: count;
event line(tpe: Input::Event, left: Idx, right: Val) {
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) {
print outfile, "============EVENT============";
print outfile, tpe;
print outfile, left;
@ -73,8 +69,7 @@ event line(tpe: Input::Event, left: Idx, right: Val) {
if ( try == 3 ) {
print outfile, "done";
close(outfile);
Input::remove_tablefilter(A::INPUT, "ssh");
Input::remove_stream(A::INPUT);
Input::remove("input");
}
}
@ -83,7 +78,6 @@ event bro_init()
outfile = open ("../out");
try = 0;
# first read in the old stuff into the table...
Input::create_stream(A::INPUT, [$source="../input.log", $mode=Input::STREAM]);
Input::add_tablefilter(A::INPUT, [$name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line]);
Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line]);
}

15
testing/btest/scripts/base/frameworks/input/tableevent.bro
View file

@ -1,5 +1,5 @@
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -18,12 +18,6 @@
redef InputAscii::empty_field = "EMPTY";
module A;
export {
redef enum Log::ID += { LOG };
}
type Idx: record {
i: int;
};
@ -34,7 +28,8 @@ type Val: record {
global destination: table[int] of Val = table();
event line(tpe: Input::Event, left: Idx, right: bool) {
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) {
print description;
print tpe;
print left;
print right;
@ -42,6 +37,6 @@ event line(tpe: Input::Event, left: Idx, right: bool) {
event bro_init()
{
Input::create_stream(A::LOG, [$source="input.log"]);
Input::add_tablefilter(A::LOG, [$name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]);
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]);
Input::remove("input");
}

6
testing/btest/scripts/base/frameworks/input/twofilters.bro
View file

@ -20,10 +20,6 @@ redef InputAscii::empty_field = "EMPTY";
module A;
export {
redef enum Input::ID += { INPUT };
}
type Idx: record {
i: int;
};
@ -49,7 +45,7 @@ event bro_init()
Input::force_update(A::INPUT);
}
event Input::update_finished(id: Input::ID) {
event Input::update_finished(name: string, source: string) {
if ( done == T ) {
return;
}