Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/topic/awelzel/analyzer-log'

Browse source 
* origin/topic/awelzel/analyzer-log:
  btest/net-control: Use different expiration times for rules
  analyzer: Add analyzer.log for logging violations/confirmations
This commit is contained in:
Arne Welzel 2023-01-10 10:22:58 +01:00
commit 2d852209b0
17 changed files with 378 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

11
testing/btest/scripts/base/frameworks/analyzer/logging.zeek Normal file
View file

@ -0,0 +1,11 @@
# @TEST-EXEC: zeek -b -r ${TRACES}/wikipedia.trace %INPUT
# @TEST-EXEC: mv analyzer.log analyzer.log-no-confirmations
# @TEST-EXEC: btest-diff analyzer.log-no-confirmations
# @TEST-EXEC: zeek -b -r ${TRACES}/wikipedia.trace %INPUT Analyzer::Logging::include_confirmations=T
# @TEST-EXEC: mv analyzer.log analyzer.log-include-confirmations
# @TEST-EXEC: btest-diff analyzer.log-include-confirmations
@load base/protocols/conn
@load base/protocols/dns
@load base/protocols/http

2
testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek
View file

@ -47,7 +47,7 @@ event NetControl::init()
event connection_established(c: connection)
{
local id = c$id;
NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 1sec);
NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 0.5sec);
NetControl::drop_address(id$orig_h, 1sec);
}