diff --git a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log index 16df5fc065..d69841ebfc 100644 --- a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log +++ b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log @@ -1,2 +1,5 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes +#separator \x09 +#path conn +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes +#types time string addr port addr port enum string interval count count string bool count string count count count count 1128727435.450898 UWkUyAuUGXf 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 710 10 9945 diff --git a/testing/btest/Baseline/core.print-bpf-filters-ipv4/output b/testing/btest/Baseline/core.print-bpf-filters-ipv4/output index 3d47080a75..24639f8b51 100644 --- a/testing/btest/Baseline/core.print-bpf-filters-ipv4/output +++ b/testing/btest/Baseline/core.print-bpf-filters-ipv4/output @@ -1,8 +1,20 @@ -# ts node filter init success -1314806543.946651 - not ip6 F T -# ts node filter init success -1314806544.072311 - (((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (udp and port 5353)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port smtp or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666)) and (not ip6) F T -# ts node filter init success -1314806544.198061 - port 42 F T -# ts node filter init success -1314806544.329618 - port 56730 T T +#separator \x09 +#path packet_filter +#fields ts node filter init success +#types time string string bool bool +1315167051.418730 - not ip6 F T +#separator \x09 +#path packet_filter +#fields ts node filter init success +#types time string string bool bool +1315167051.652097 - (((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (udp and port 5353)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port smtp or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666)) and (not ip6) F T +#separator \x09 +#path packet_filter +#fields ts node filter init success +#types time string string bool bool +1315167051.885416 - port 42 F T +#separator \x09 +#path packet_filter +#fields ts node filter init success +#types time string string bool bool +1315167052.120658 - port 56730 T T diff --git a/testing/btest/Baseline/core.vlan-mpls/conn.log b/testing/btest/Baseline/core.vlan-mpls/conn.log index 6660d065aa..9c65be0b34 100644 --- a/testing/btest/Baseline/core.vlan-mpls/conn.log +++ b/testing/btest/Baseline/core.vlan-mpls/conn.log @@ -1,4 +1,7 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes +#separator \x09 +#path conn +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes +#types time string addr port addr port enum string interval count count string bool count string count count count count 952109346.874907 UWkUyAuUGXf 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 25 0 SH - 0 - 11 280 0 0 1128727435.450898 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 710 10 9945 1278600802.069419 50da4BEzauh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 361 7 3801 diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log index 2e56522dae..3e53efd7f2 100644 --- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log +++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log @@ -1,2 +1,5 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1310750785.32134 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +#separator \x09 +#path http +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +#types time string addr port addr port string string string string string count count count string string table string string table string string file +1315167107.671488 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log index 2e56522dae..3e53efd7f2 100644 --- a/testing/btest/Baseline/istate.events-ssl/sender.http.log +++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log @@ -1,2 +1,5 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1310750785.32134 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +#separator \x09 +#path http +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +#types time string addr port addr port string string string string string count count count string string table string string table string string file +1315167107.671488 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log index 38ba563dc7..85d74c943c 100644 --- a/testing/btest/Baseline/istate.events/receiver.http.log +++ b/testing/btest/Baseline/istate.events/receiver.http.log @@ -1,2 +1,5 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1310750770.8185 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +#separator \x09 +#path http +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +#types time string addr port addr port string string string string string count count count string string table string string table string string file +1315167116.842377 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log index 38ba563dc7..85d74c943c 100644 --- a/testing/btest/Baseline/istate.events/sender.http.log +++ b/testing/btest/Baseline/istate.events/sender.http.log @@ -1,2 +1,5 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file -1310750770.8185 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - +#separator \x09 +#path http +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +#types time string addr port addr port string string string string string count count count string string table string string table string string file +1315167116.842377 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log b/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log index ee274bb0fa..fc2c133dc6 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log @@ -1,3 +1,6 @@ -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1313212563.234939 1.2.3.4 1234 2.3.4.5 80 success unknown -1313212563.234939 1.2.3.4 1234 2.3.4.5 80 failure US +#separator \x09 +#path ssh-new-default +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167052.603186 1.2.3.4 1234 2.3.4.5 80 success unknown +1315167052.603186 1.2.3.4 1234 2.3.4.5 80 failure US diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log index 84a2cc609e..fb68b42aef 100644 Binary files a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log and b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log differ diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log index d377ca15d7..e1ba48cf8e 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log @@ -1,6 +1,9 @@ -PREFIX<>t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b -1299718506.56593|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET -1299718506.56593|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET -1299718506.56593|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET -1299718506.56593|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET -1299718506.56593|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T +PREFIX<>separator \x7c +PREFIX<>path|ssh +PREFIX<>fields|t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b +PREFIX<>types|time|addr|port|addr|port|string|string|bool +1315167052.828457|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET +1315167052.828457|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET +1315167052.828457|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET +1315167052.828457|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET +1315167052.828457|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log index aa08625281..f9bbfce3bd 100644 Binary files a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log and b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log differ diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log index fb7ae6d486..7f512c15d9 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log @@ -1,4 +1,7 @@ -# data +#separator \x09 +#path test +#fields data +#types time 1234567890.000000 1234567890.000000 1234567890.010000 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log index d543af3a43..c2c32c5c6a 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log @@ -1,2 +1,5 @@ -# status country a1 b1 b2 +#separator \x09 +#path ssh +#fields status country a1 b1 b2 +#types string string count count count success unknown 1 3 4 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log index c4355d2fd5..18e4d5cbad 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log @@ -1,4 +1,7 @@ -# status country +#separator \x09 +#path ssh +#fields status country +#types string string success unknown failure US failure UK diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log index 7f21430ea7..49272bfd53 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log @@ -1,6 +1,9 @@ -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1299809561.67372 1.2.3.4 1234 2.3.4.5 80 success unknown -1299809561.67372 1.2.3.4 1234 2.3.4.5 80 failure US -1299809561.67372 1.2.3.4 1234 2.3.4.5 80 failure UK -1299809561.67372 1.2.3.4 1234 2.3.4.5 80 success BR -1299809561.67372 1.2.3.4 1234 2.3.4.5 80 failure MX +#separator \x09 +#path ssh +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167053.369918 1.2.3.4 1234 2.3.4.5 80 success unknown +1315167053.369918 1.2.3.4 1234 2.3.4.5 80 failure US +1315167053.369918 1.2.3.4 1234 2.3.4.5 80 failure UK +1315167053.369918 1.2.3.4 1234 2.3.4.5 80 success BR +1315167053.369918 1.2.3.4 1234 2.3.4.5 80 failure MX diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log index 4defa5ced1..b078b4746a 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log @@ -1,4 +1,7 @@ -# id.orig_p id.resp_h id.resp_p status country +#separator \x09 +#path ssh +#fields id.orig_p id.resp_h id.resp_p status country +#types port addr port string string 1234 2.3.4.5 80 success unknown 1234 2.3.4.5 80 failure US 1234 2.3.4.5 80 failure UK diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log index 49115ab1df..0a988ff9b9 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log @@ -1,2 +1,5 @@ -# t f -1303098703.62603 Foo.log +#separator \x09 +#path ssh +#fields t f +#types time file +1315167053.585834 Foo.log diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log index 881704257e..5675ef6632 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log @@ -1,6 +1,9 @@ -# t id.orig_h -1303064007.48299 1.2.3.4 -1303064007.48299 1.2.3.4 -1303064007.48299 1.2.3.4 -1303064007.48299 1.2.3.4 -1303064007.48299 1.2.3.4 +#separator \x09 +#path ssh +#fields t id.orig_h +#types time addr +1315167053.694473 1.2.3.4 +1315167053.694473 1.2.3.4 +1315167053.694473 1.2.3.4 +1315167053.694473 1.2.3.4 +1315167053.694473 1.2.3.4 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output index 7e8acf5106..2c196340cc 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output @@ -5,17 +5,38 @@ static-prefix-1-MX.log static-prefix-1-US.log static-prefix-2-MX2.log static-prefix-2-UK.log -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1313212701.542245 1.2.3.4 1234 2.3.4.5 80 success BR -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1313212701.542245 1.2.3.4 1234 2.3.4.5 80 failure MX3 -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1313212701.542245 1.2.3.4 1234 2.3.4.5 80 success unknown -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1313212701.542245 1.2.3.4 1234 2.3.4.5 80 failure MX -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1313212701.542245 1.2.3.4 1234 2.3.4.5 80 failure US -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1313212701.542245 1.2.3.4 1234 2.3.4.5 80 failure MX2 -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1313212701.542245 1.2.3.4 1234 2.3.4.5 80 failure UK +#separator \x09 +#path static-prefix-0-BR +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167053.803346 1.2.3.4 1234 2.3.4.5 80 success BR +#separator \x09 +#path static-prefix-0-MX3 +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167053.803346 1.2.3.4 1234 2.3.4.5 80 failure MX3 +#separator \x09 +#path static-prefix-0-unknown +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167053.803346 1.2.3.4 1234 2.3.4.5 80 success unknown +#separator \x09 +#path static-prefix-1-MX +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167053.803346 1.2.3.4 1234 2.3.4.5 80 failure MX +#separator \x09 +#path static-prefix-1-US +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167053.803346 1.2.3.4 1234 2.3.4.5 80 failure US +#separator \x09 +#path static-prefix-2-MX2 +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167053.803346 1.2.3.4 1234 2.3.4.5 80 failure MX2 +#separator \x09 +#path static-prefix-2-UK +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167053.803346 1.2.3.4 1234 2.3.4.5 80 failure UK diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.failure.log index c46990dc65..ba688d7843 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.failure.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.failure.log @@ -1,2 +1,5 @@ -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1299718503.16177 1.2.3.4 1234 2.3.4.5 80 failure US +#separator \x09 +#path test.failure +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167053.923545 1.2.3.4 1234 2.3.4.5 80 failure US diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log index c6adcd86aa..7a91b1a2d9 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log @@ -1,2 +1,5 @@ -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1299718503.16177 1.2.3.4 1234 2.3.4.5 80 success - +#separator \x09 +#path test.success +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167053.923545 1.2.3.4 1234 2.3.4.5 80 success - diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log index 45bfa6198d..c00e7765d5 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log @@ -1,2 +1,5 @@ -# b i e c p sn a d t iv s sc ss se vc ve -T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315156148.570783 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY +#separator \x09 +#path test +#fields b i e c p sn a d t iv s sc ss se vc ve +#types bool int enum count port subnet addr double time interval string table table table vector vector +T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315167054.320958 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log index 87f5fb3bcb..aba9fdddd9 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log @@ -1,4 +1,7 @@ -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1312565744.470171 1.2.3.4 1234 2.3.4.5 80 failure US -1312565744.470171 1.2.3.4 1234 2.3.4.5 80 failure UK -1312565744.470171 1.2.3.4 1234 2.3.4.5 80 failure MX +#separator \x09 +#path test.failure +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167059.502670 1.2.3.4 1234 2.3.4.5 80 failure US +1315167059.502670 1.2.3.4 1234 2.3.4.5 80 failure UK +1315167059.502670 1.2.3.4 1234 2.3.4.5 80 failure MX diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log index 8d0fedd1b5..b928c37685 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log @@ -1,6 +1,9 @@ -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1312565744.470171 1.2.3.4 1234 2.3.4.5 80 success - -1312565744.470171 1.2.3.4 1234 2.3.4.5 80 failure US -1312565744.470171 1.2.3.4 1234 2.3.4.5 80 failure UK -1312565744.470171 1.2.3.4 1234 2.3.4.5 80 success BR -1312565744.470171 1.2.3.4 1234 2.3.4.5 80 failure MX +#separator \x09 +#path test +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167059.502670 1.2.3.4 1234 2.3.4.5 80 success - +1315167059.502670 1.2.3.4 1234 2.3.4.5 80 failure US +1315167059.502670 1.2.3.4 1234 2.3.4.5 80 failure UK +1315167059.502670 1.2.3.4 1234 2.3.4.5 80 success BR +1315167059.502670 1.2.3.4 1234 2.3.4.5 80 failure MX diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log index 4b8f54e7ce..a951c6ed1a 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log @@ -1,3 +1,6 @@ -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1312565744.470171 1.2.3.4 1234 2.3.4.5 80 success - -1312565744.470171 1.2.3.4 1234 2.3.4.5 80 success BR +#separator \x09 +#path test.success +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167059.502670 1.2.3.4 1234 2.3.4.5 80 success - +1315167059.502670 1.2.3.4 1234 2.3.4.5 80 success BR diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log index ddbacda28e..6185e86028 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log @@ -1,3 +1,6 @@ -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1299718503.28253 1.2.3.4 1234 2.3.4.5 80 failure US -1299718503.28253 1.2.3.4 1234 2.3.4.5 80 failure UK +#separator \x09 +#path ssh.failure +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167066.575996 1.2.3.4 1234 2.3.4.5 80 failure US +1315167066.575996 1.2.3.4 1234 2.3.4.5 80 failure UK diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log index 123e8e3a87..a4ec2dc7de 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log @@ -1,4 +1,7 @@ -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1299718503.28253 1.2.3.4 1234 2.3.4.5 80 failure US -1299718503.28253 1.2.3.4 1234 2.3.4.5 80 failure UK -1299718503.28253 1.2.3.4 1234 2.3.4.5 80 failure BR +#separator \x09 +#path ssh +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167066.575996 1.2.3.4 1234 2.3.4.5 80 failure US +1315167066.575996 1.2.3.4 1234 2.3.4.5 80 failure UK +1315167066.575996 1.2.3.4 1234 2.3.4.5 80 failure BR diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out index 2fec343b92..f63cb788e8 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out @@ -28,7 +28,11 @@ custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_11.00.05.log, pat custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_11.59.55.log, path=test2, open=1299499195.0, close=1299499205.0, terminating=F] custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.00.05.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F] custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.59.55.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T] -# t id.orig_h id.orig_p id.resp_h id.resp_p +#fields t id.orig_h id.orig_p id.resp_h id.resp_p +#path test +#path test2 +#separator \x09 +#types time addr port addr port 1299466805.000000 10.0.0.1 20 10.0.0.2 1024 1299470395.000000 10.0.0.2 20 10.0.0.3 0 1299470405.000000 10.0.0.1 20 10.0.0.2 1025 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out index b153c5b7fa..74ce45023a 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out @@ -9,42 +9,72 @@ test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0 test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0 test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1 > test.2011-03-07-03-00-05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p +#separator \x09 +#path test +#fields t id.orig_h id.orig_p id.resp_h id.resp_p +#types time addr port addr port 1299466805.000000 10.0.0.1 20 10.0.0.2 1024 1299470395.000000 10.0.0.2 20 10.0.0.3 0 > test.2011-03-07-04-00-05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p +#separator \x09 +#path test +#fields t id.orig_h id.orig_p id.resp_h id.resp_p +#types time addr port addr port 1299470405.000000 10.0.0.1 20 10.0.0.2 1025 1299473995.000000 10.0.0.2 20 10.0.0.3 1 > test.2011-03-07-05-00-05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p +#separator \x09 +#path test +#fields t id.orig_h id.orig_p id.resp_h id.resp_p +#types time addr port addr port 1299474005.000000 10.0.0.1 20 10.0.0.2 1026 1299477595.000000 10.0.0.2 20 10.0.0.3 2 > test.2011-03-07-06-00-05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p +#separator \x09 +#path test +#fields t id.orig_h id.orig_p id.resp_h id.resp_p +#types time addr port addr port 1299477605.000000 10.0.0.1 20 10.0.0.2 1027 1299481195.000000 10.0.0.2 20 10.0.0.3 3 > test.2011-03-07-07-00-05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p +#separator \x09 +#path test +#fields t id.orig_h id.orig_p id.resp_h id.resp_p +#types time addr port addr port 1299481205.000000 10.0.0.1 20 10.0.0.2 1028 1299484795.000000 10.0.0.2 20 10.0.0.3 4 > test.2011-03-07-08-00-05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p +#separator \x09 +#path test +#fields t id.orig_h id.orig_p id.resp_h id.resp_p +#types time addr port addr port 1299484805.000000 10.0.0.1 20 10.0.0.2 1029 1299488395.000000 10.0.0.2 20 10.0.0.3 5 > test.2011-03-07-09-00-05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p +#separator \x09 +#path test +#fields t id.orig_h id.orig_p id.resp_h id.resp_p +#types time addr port addr port 1299488405.000000 10.0.0.1 20 10.0.0.2 1030 1299491995.000000 10.0.0.2 20 10.0.0.3 6 > test.2011-03-07-10-00-05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p +#separator \x09 +#path test +#fields t id.orig_h id.orig_p id.resp_h id.resp_p +#types time addr port addr port 1299492005.000000 10.0.0.1 20 10.0.0.2 1031 1299495595.000000 10.0.0.2 20 10.0.0.3 7 > test.2011-03-07-11-00-05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p +#separator \x09 +#path test +#fields t id.orig_h id.orig_p id.resp_h id.resp_p +#types time addr port addr port 1299495605.000000 10.0.0.1 20 10.0.0.2 1032 1299499195.000000 10.0.0.2 20 10.0.0.3 8 > test.2011-03-07-12-00-05.log -# t id.orig_h id.orig_p id.resp_h id.resp_p +#separator \x09 +#path test +#fields t id.orig_h id.orig_p id.resp_h id.resp_p +#types time addr port addr port 1299499205.000000 10.0.0.1 20 10.0.0.2 1033 1299502795.000000 10.0.0.2 20 10.0.0.3 9 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output b/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output index 4c73aed8e4..84521cb645 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output @@ -1,6 +1,9 @@ -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1299718506.28824 1.2.3.4 1234 2.3.4.5 80 success unknown -1299718506.28824 1.2.3.4 1234 2.3.4.5 80 failure US -1299718506.28824 1.2.3.4 1234 2.3.4.5 80 failure UK -1299718506.28824 1.2.3.4 1234 2.3.4.5 80 success BR -1299718506.28824 1.2.3.4 1234 2.3.4.5 80 failure MX +#separator \x09 +#path /dev/stdout +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167067.393739 1.2.3.4 1234 2.3.4.5 80 success unknown +1315167067.393739 1.2.3.4 1234 2.3.4.5 80 failure US +1315167067.393739 1.2.3.4 1234 2.3.4.5 80 failure UK +1315167067.393739 1.2.3.4 1234 2.3.4.5 80 success BR +1315167067.393739 1.2.3.4 1234 2.3.4.5 80 failure MX diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log index 82523b7c13..5b93b6e23b 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log @@ -1,6 +1,9 @@ -# t id.orig_h id.orig_p id.resp_h id.resp_p status country -1299718506.1313 1.2.3.4 1234 2.3.4.5 80 success unknown -1299718506.1313 1.2.3.4 1234 2.3.4.5 80 failure US -1299718506.1313 1.2.3.4 1234 2.3.4.5 80 failure UK -1299718506.1313 1.2.3.4 1234 2.3.4.5 80 success BR -1299718506.1313 1.2.3.4 1234 2.3.4.5 80 failure MX +#separator \x09 +#path ssh +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1315167067.507542 1.2.3.4 1234 2.3.4.5 80 success unknown +1315167067.507542 1.2.3.4 1234 2.3.4.5 80 failure US +1315167067.507542 1.2.3.4 1234 2.3.4.5 80 failure UK +1315167067.507542 1.2.3.4 1234 2.3.4.5 80 success BR +1315167067.507542 1.2.3.4 1234 2.3.4.5 80 failure MX diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log index c0e6a64c04..d1e6086fc4 100644 Binary files a/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log and b/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log differ diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log b/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log index 34f20a588b..12bb1d1704 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log @@ -1,3 +1,6 @@ -# a.val1 a.val2 b +#separator \x09 +#path testing +#fields a.val1 a.val2 b +#types count count count - - 6 1 2 3 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log index 1602f7d1c0..b9a54404ed 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log @@ -1,2 +1,5 @@ -# vec +#separator \x09 +#path ssh +#fields vec +#types vector -,2,-,-,5 diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log index ff692027b2..3db5aac7d3 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log +++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log @@ -1,4 +1,7 @@ -# ts metric_id filter_name index.host index.str index.network value -1313429477.091485 TEST_METRIC foo-bar 6.5.4.3 - - 4 -1313429477.091485 TEST_METRIC foo-bar 1.2.3.4 - - 6 -1313429477.091485 TEST_METRIC foo-bar 7.2.1.5 - - 2 +#separator \x09 +#path metrics +#fields ts metric_id filter_name index.host index.str index.network value +#types time enum string addr string subnet count +1315167074.181810 TEST_METRIC foo-bar 6.5.4.3 - - 4 +1315167074.181810 TEST_METRIC foo-bar 1.2.3.4 - - 6 +1315167074.181810 TEST_METRIC foo-bar 7.2.1.5 - - 2 diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log index fb4a2c4528..45334cf3d7 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log +++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log @@ -1,4 +1,7 @@ -# ts metric_id filter_name index.host index.str index.network value -1313430544.678529 TEST_METRIC foo-bar 6.5.4.3 - - 2 -1313430544.678529 TEST_METRIC foo-bar 1.2.3.4 - - 3 -1313430544.678529 TEST_METRIC foo-bar 7.2.1.5 - - 1 +#separator \x09 +#path metrics +#fields ts metric_id filter_name index.host index.str index.network value +#types time enum string addr string subnet count +1315167083.455574 TEST_METRIC foo-bar 6.5.4.3 - - 2 +1315167083.455574 TEST_METRIC foo-bar 1.2.3.4 - - 3 +1315167083.455574 TEST_METRIC foo-bar 7.2.1.5 - - 1 diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log index 48c74fe7c4..e14a0922a3 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log +++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log @@ -1,2 +1,5 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network -1313897486.017657 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 100/100 - 1.2.3.4 - - 100 manager-1 Notice::ACTION_LOG 4 - - - - - - 1.2.3.4 - - +#separator \x09 +#path notice +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network +#types time string addr port addr port enum string string addr addr port count string table table bool string string string double double addr string subnet +1315167088.906913 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 100/100 - 1.2.3.4 - - 100 manager-1 Notice::ACTION_LOG 4 - - - - - - 1.2.3.4 - - diff --git a/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log index 1e0e6a572b..a2e7251d95 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log +++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log @@ -1,3 +1,6 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network -1313685819.326521 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 3/2 - 1.2.3.4 - - 3 bro Notice::ACTION_LOG 4 - - - - - - 1.2.3.4 - - -1313685819.326521 - - - - - Test_Notice Threshold crossed by metric_index(host=6.5.4.3) 2/2 - 6.5.4.3 - - 2 bro Notice::ACTION_LOG 4 - - - - - - 6.5.4.3 - - +#separator \x09 +#path notice +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network +#types time string addr port addr port enum string string addr addr port count string table table bool string string string double double addr string subnet +1315167098.061022 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 3/2 - 1.2.3.4 - - 3 bro Notice::ACTION_LOG 4 - - - - - - 1.2.3.4 - - +1315167098.061022 - - - - - Test_Notice Threshold crossed by metric_index(host=6.5.4.3) 2/2 - 6.5.4.3 - - 2 bro Notice::ACTION_LOG 4 - - - - - - 6.5.4.3 - - diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log index 1c9e7eb7d6..e746701cc4 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log @@ -1,4 +1,7 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied md5 extraction_file +#separator \x09 +#path http +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied md5 extraction_file +#types time string addr port addr port string string string string string count count count string string table string string table string file 1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - - - 1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - - - 1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - - - diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log b/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log index bea67dcf5b..d224556632 100644 --- a/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log +++ b/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log @@ -1,4 +1,7 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size extraction_file +#separator \x09 +#path irc +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size extraction_file +#types time string addr port addr port string string table string string string table string count file 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - 1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log index ea638d1892..817207108c 100644 --- a/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log @@ -1,2 +1,5 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent +#separator \x09 +#path smtp +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p mid helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent +#types time string addr port addr port string string string table string string table string string string string addr string string string vector string 1254722768.219663 56gKBmhBBB6 10.10.1.4 1470 74.53.140.153 25 @50da4BEzauh GP Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log index 8eae4b3163..cde5156594 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log @@ -1,5 +1,8 @@ -# ts host -1300475168.78384 141.142.220.118 -1300475168.78384 208.80.152.118 -1300475168.91594 208.80.152.3 -1300475168.96263 208.80.152.2 +#separator \x09 +#path known_hosts +#fields ts host +#types time addr +1300475168.783842 141.142.220.118 +1300475168.783842 208.80.152.118 +1300475168.915940 208.80.152.3 +1300475168.962628 208.80.152.2 diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log index 91e952dc96..008eb364ed 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log @@ -1,2 +1,5 @@ -# ts host -1300475168.78384 141.142.220.118 +#separator \x09 +#path known_hosts +#fields ts host +#types time addr +1300475168.783842 141.142.220.118 diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log index 7224058b56..43b28ded8a 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log @@ -1,4 +1,7 @@ -# ts host -1300475168.78384 208.80.152.118 -1300475168.91594 208.80.152.3 -1300475168.96263 208.80.152.2 +#separator \x09 +#path known_hosts +#fields ts host +#types time addr +1300475168.783842 208.80.152.118 +1300475168.915940 208.80.152.3 +1300475168.962628 208.80.152.2 diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log index 9e427cbffe..c3e59c94e7 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log @@ -1,6 +1,9 @@ -# ts host port_num port_proto service -1308930691.03504 172.16.238.131 22 tcp SSH -1308930694.54896 172.16.238.131 80 tcp HTTP -1308930716.45795 74.125.225.81 80 tcp HTTP -1308930703.06815 172.16.238.131 21 tcp FTP -1308930726.86415 141.142.192.39 22 tcp SSH +#separator \x09 +#path known_services +#fields ts host port_num port_proto service +#types time addr port enum table +1308930691.035044 172.16.238.131 22 tcp SSH +1308930694.548964 172.16.238.131 80 tcp HTTP +1308930716.457950 74.125.225.81 80 tcp HTTP +1308930703.068148 172.16.238.131 21 tcp FTP +1308930726.864150 141.142.192.39 22 tcp SSH diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log index 9ff7eb3198..b30aeccf03 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log @@ -1,4 +1,7 @@ -# ts host port_num port_proto service -1308930691.03504 172.16.238.131 22 tcp SSH -1308930694.54896 172.16.238.131 80 tcp HTTP -1308930703.06815 172.16.238.131 21 tcp FTP +#separator \x09 +#path known_services +#fields ts host port_num port_proto service +#types time addr port enum table +1308930691.035044 172.16.238.131 22 tcp SSH +1308930694.548964 172.16.238.131 80 tcp HTTP +1308930703.068148 172.16.238.131 21 tcp FTP diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log index 1adb50ed94..6b75c996c1 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log +++ b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log @@ -1,3 +1,6 @@ -# ts host port_num port_proto service -1308930716.45795 74.125.225.81 80 tcp HTTP -1308930726.86415 141.142.192.39 22 tcp SSH +#separator \x09 +#path known_services +#fields ts host port_num port_proto service +#types time addr port enum table +1308930716.457950 74.125.225.81 80 tcp HTTP +1308930726.864150 141.142.192.39 22 tcp SSH diff --git a/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log b/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log index a18c7a4a9c..945960e03e 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log +++ b/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log @@ -1,2 +1,5 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name QR AA TC RD RA Z TTL answers auth addl +#separator \x09 +#path dns +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name QR AA TC RD RA Z TTL answers auth addl +#types time string addr port addr port enum count string count string count string count string bool bool bool bool bool count interval table table table 930613226.529070 UWkUyAuUGXf 212.180.42.100 25000 131.243.64.3 53 tcp 34798 - - - - - 0 NOERROR F F F F T 0 31337.000000 4.3.2.1 - -