mirror of
https://github.com/zeek/zeek.git
synced 2025-10-14 04:28:20 +00:00
Updating Sphinx tests for manual.
This commit is contained in:
parent
1bdfa3dff2
commit
364cdb8604
108 changed files with 447 additions and 389 deletions
|
@ -1,11 +1,13 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro -b -r dns-session.trace connection_record_01.bro
|
||||
[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=930613226.067666, uid=CXWv6p3arKYeMETxOg, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=<uninitialized>, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={
|
||||
# bro -b -r dns-session.trace connection_record_01.bro
|
||||
[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={
|
||||
|
||||
}], extract_orig=F, extract_resp=F]
|
||||
}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=930613226.067666, uid=CXWv6p3arKYeMETxOg, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=<uninitialized>, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={
|
||||
|
||||
}], extract_orig=F, extract_resp=F]
|
||||
|
||||
|
|
|
@ -1,17 +1,19 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro -b -r dns-session.trace connection_record_02.bro
|
||||
[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=930613226.067666, uid=CXWv6p3arKYeMETxOg, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=<uninitialized>, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={
|
||||
# bro -b -r dns-session.trace connection_record_02.bro
|
||||
[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={
|
||||
|
||||
}], extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=[pending={
|
||||
[34798] = [initialized=T, vals={
|
||||
}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=930613226.067666, uid=CXWv6p3arKYeMETxOg, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=<uninitialized>, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={
|
||||
|
||||
}, settings=[max_len=<uninitialized>], top=1, bottom=1, size=0]
|
||||
}, finished_answers={
|
||||
}], extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=[pending={
|
||||
[34798] = [initialized=T, vals={
|
||||
|
||||
}]]
|
||||
}, settings=[max_len=<uninitialized>], top=1, bottom=1, size=0]
|
||||
}, finished_answers={
|
||||
|
||||
}]]
|
||||
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro data_struct_record_01.bro
|
||||
Service: dns(RFC1035)
|
||||
port: 53/tcp
|
||||
port: 53/udp
|
||||
Service: http(RFC2616)
|
||||
port: 80/tcp
|
||||
port: 8080/tcp
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_struct_record_01.bro
|
||||
Service: dns(RFC1035)
|
||||
port: 53/tcp
|
||||
port: 53/udp
|
||||
Service: http(RFC2616)
|
||||
port: 80/tcp
|
||||
port: 8080/tcp
|
||||
|
||||
|
|
|
@ -1,13 +1,15 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro data_struct_record_02.bro
|
||||
System: morlock
|
||||
Service: dns(RFC1035)
|
||||
port: 53/tcp
|
||||
port: 53/udp
|
||||
Service: http(RFC2616)
|
||||
port: 80/tcp
|
||||
port: 8080/tcp
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_struct_record_02.bro
|
||||
System: morlock
|
||||
Service: dns(RFC1035)
|
||||
port: 53/tcp
|
||||
port: 53/udp
|
||||
Service: http(RFC2616)
|
||||
port: 80/tcp
|
||||
port: 8080/tcp
|
||||
|
||||
|
|
|
@ -1,14 +1,16 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro data_struct_set_declaration.bro
|
||||
SSL Port: 993/tcp
|
||||
SSL Port: 22/tcp
|
||||
SSL Port: 587/tcp
|
||||
SSL Port: 443/tcp
|
||||
Non-SSL Port: 143/tcp
|
||||
Non-SSL Port: 25/tcp
|
||||
Non-SSL Port: 80/tcp
|
||||
Non-SSL Port: 23/tcp
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_struct_set_declaration.bro
|
||||
SSL Port: 993/tcp
|
||||
SSL Port: 22/tcp
|
||||
SSL Port: 587/tcp
|
||||
SSL Port: 443/tcp
|
||||
Non-SSL Port: 143/tcp
|
||||
Non-SSL Port: 25/tcp
|
||||
Non-SSL Port: 80/tcp
|
||||
Non-SSL Port: 23/tcp
|
||||
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro -b data_struct_table_complex.bro
|
||||
Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai
|
||||
Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai
|
||||
Harakiri was released in 1962 by Shochiku Eiga studios, directed by Masaki Kobayashi and starring Tatsuya Nakadai
|
||||
Tasogare Seibei was released in 2002 by Eisei Gekijo studios, directed by Yoji Yamada and starring Hiroyuki Sanada
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro -b data_struct_table_complex.bro
|
||||
Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai
|
||||
Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai
|
||||
Harakiri was released in 1962 by Shochiku Eiga studios, directed by Masaki Kobayashi and starring Tatsuya Nakadai
|
||||
Tasogare Seibei was released in 2002 by Eisei Gekijo studios, directed by Yoji Yamada and starring Hiroyuki Sanada
|
||||
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro data_struct_table_declaration.bro
|
||||
Service Name: IMAPS - Common Port: 993/tcp
|
||||
Service Name: HTTPS - Common Port: 443/tcp
|
||||
Service Name: SSH - Common Port: 22/tcp
|
||||
Service Name: SMTPS - Common Port: 587/tcp
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_struct_table_declaration.bro
|
||||
Service Name: IMAPS - Common Port: 993/tcp
|
||||
Service Name: HTTPS - Common Port: 443/tcp
|
||||
Service Name: SSH - Common Port: 22/tcp
|
||||
Service Name: SMTPS - Common Port: 587/tcp
|
||||
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro data_struct_vector_declaration.bro
|
||||
contents of v1: [1, 2, 3, 4]
|
||||
length of v1: 4
|
||||
contents of v1: [1, 2, 3, 4]
|
||||
length of v2: 4
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_struct_vector_declaration.bro
|
||||
contents of v1: [1, 2, 3, 4]
|
||||
length of v1: 4
|
||||
contents of v1: [1, 2, 3, 4]
|
||||
length of v2: 4
|
||||
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro -b data_struct_vector_iter.bro
|
||||
1.2.0.0/18
|
||||
2.3.0.0/18
|
||||
3.4.0.0/18
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro -b data_struct_vector_iter.bro
|
||||
1.2.0.0/18
|
||||
2.3.0.0/18
|
||||
3.4.0.0/18
|
||||
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro -b data_type_const.bro
|
||||
{
|
||||
[6666/tcp] = IRC,
|
||||
[80/tcp] = WWW
|
||||
}
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro -b data_type_const.bro
|
||||
{
|
||||
[6666/tcp] = IRC,
|
||||
[80/tcp] = WWW
|
||||
}
|
||||
|
||||
|
|
|
@ -1,23 +1,25 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro -r wikipedia.trace data_type_interval.bro
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 132.0 msecs 97.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 177.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 2.0 msecs 177.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 33.0 msecs 898.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 35.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 2.0 msecs 532.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2
|
||||
Time since last connection: 7.0 msecs 866.0 usecs
|
||||
2011/06/18 19:03:09: New connection established from 141.142.220.235 to 173.192.163.128
|
||||
Time since last connection: 817.0 msecs 703.0 usecs
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro -r wikipedia.trace data_type_interval.bro
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 132.0 msecs 97.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 177.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 2.0 msecs 177.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 33.0 msecs 898.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 35.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 2.0 msecs 532.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2
|
||||
Time since last connection: 7.0 msecs 866.0 usecs
|
||||
2011/06/18 19:03:09: New connection established from 141.142.220.235 to 173.192.163.128
|
||||
Time since last connection: 817.0 msecs 703.0 usecs
|
||||
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro data_type_pattern_01.bro
|
||||
The
|
||||
brown fox jumped over the
|
||||
dog.
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_type_pattern_01.bro
|
||||
The
|
||||
brown fox jumped over the
|
||||
dog.
|
||||
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro data_type_pattern_02.bro
|
||||
equality and /^?(equal)$?/ are not equal
|
||||
equality and /^?(equality)$?/ are equal
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_type_pattern_02.bro
|
||||
equality and /^?(equal)$?/ are not equal
|
||||
equality and /^?(equality)$?/ are equal
|
||||
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro data_type_subnets.bro
|
||||
172.16.4.56 belongs to subnet 172.16.0.0/20
|
||||
172.16.47.254 belongs to subnet 172.16.32.0/20
|
||||
172.16.22.45 belongs to subnet 172.16.16.0/20
|
||||
172.16.1.1 belongs to subnet 172.16.0.0/20
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_type_subnets.bro
|
||||
172.16.4.56 belongs to subnet 172.16.0.0/20
|
||||
172.16.47.254 belongs to subnet 172.16.32.0/20
|
||||
172.16.22.45 belongs to subnet 172.16.16.0/20
|
||||
172.16.1.1 belongs to subnet 172.16.0.0/20
|
||||
|
||||
|
|
|
@ -1,15 +1,17 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro -r wikipedia.trace data_type_time.bro
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2^J
|
||||
2011/06/18 19:03:09: New connection established from 141.142.220.235 to 173.192.163.128^J
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro -r wikipedia.trace data_type_time.bro
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2^J
|
||||
2011/06/18 19:03:09: New connection established from 141.142.220.235 to 173.192.163.128^J
|
||||
|
||||
|
|
|
@ -1,29 +1,33 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro framework_logging_factorial_02.bro
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
.. code-block:: guess
|
||||
:linenos:
|
||||
# bro framework_logging_factorial_02.bro
|
||||
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path factor
|
||||
#open 2013-09-01-01-08-18
|
||||
#fields num factorial_num
|
||||
#types count count
|
||||
1 1
|
||||
2 2
|
||||
3 6
|
||||
4 24
|
||||
5 120
|
||||
6 720
|
||||
7 5040
|
||||
8 40320
|
||||
9 362880
|
||||
10 3628800
|
||||
#close 2013-09-01-01-08-18
|
||||
.. rst-class:: btest-include
|
||||
|
||||
.. code-block:: guess
|
||||
:linenos:
|
||||
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path factor
|
||||
#open 2013-10-07-23-48-11
|
||||
#fields num factorial_num
|
||||
#types count count
|
||||
1 1
|
||||
2 2
|
||||
3 6
|
||||
4 24
|
||||
5 120
|
||||
6 720
|
||||
7 5040
|
||||
8 40320
|
||||
9 362880
|
||||
10 3628800
|
||||
#close 2013-10-07-23-48-11
|
||||
|
||||
|
|
|
@ -1,25 +1,29 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro framework_logging_factorial_03.bro
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
.. code-block:: guess
|
||||
:linenos:
|
||||
# bro framework_logging_factorial_03.bro
|
||||
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path factor-mod5
|
||||
#open 2013-09-01-01-08-18
|
||||
#fields num factorial_num
|
||||
#types count count
|
||||
5 120
|
||||
6 720
|
||||
7 5040
|
||||
8 40320
|
||||
9 362880
|
||||
10 3628800
|
||||
#close 2013-09-01-01-08-18
|
||||
.. rst-class:: btest-include
|
||||
|
||||
.. code-block:: guess
|
||||
:linenos:
|
||||
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path factor-mod5
|
||||
#open 2013-10-07-23-48-12
|
||||
#fields num factorial_num
|
||||
#types count count
|
||||
5 120
|
||||
6 720
|
||||
7 5040
|
||||
8 40320
|
||||
9 362880
|
||||
10 3628800
|
||||
#close 2013-10-07-23-48-12
|
||||
|
||||
|
|
|
@ -1,16 +1,18 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro framework_logging_factorial_01.bro
|
||||
1
|
||||
2
|
||||
6
|
||||
24
|
||||
120
|
||||
720
|
||||
5040
|
||||
40320
|
||||
362880
|
||||
3628800
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro framework_logging_factorial_01.bro
|
||||
1
|
||||
2
|
||||
6
|
||||
24
|
||||
120
|
||||
720
|
||||
5040
|
||||
40320
|
||||
362880
|
||||
3628800
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- connection_record_02.bro
|
||||
connection_record_02.bro
|
||||
|
||||
@load base/protocols/conn
|
||||
@load base/protocols/dns
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- connection_record_02.bro
|
||||
connection_record_02.bro
|
||||
|
||||
@load base/protocols/conn
|
||||
@load base/protocols/dns
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_record_01.bro
|
||||
data_struct_record_01.bro
|
||||
|
||||
type Service: record {
|
||||
name: string;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_record_02.bro
|
||||
data_struct_record_02.bro
|
||||
|
||||
type Service: record {
|
||||
name: string;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
data_struct_set_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
data_struct_set_declaration.bro
|
||||
|
||||
for ( i in ssl_ports )
|
||||
print fmt("SSL Port: %s", i);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
data_struct_set_declaration.bro
|
||||
|
||||
# Check for SMTPS
|
||||
if ( 587/tcp !in ssl_ports )
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
data_struct_set_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_table_complex.bro
|
||||
data_struct_table_complex.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_table_declaration.bro
|
||||
data_struct_table_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_vector_declaration.bro
|
||||
data_struct_vector_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_vector_iter.bro
|
||||
data_struct_vector_iter.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_const.bro
|
||||
data_type_const.bro
|
||||
|
||||
const port_list: table[port] of string &redef;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_const_simple.bro
|
||||
data_type_const_simple.bro
|
||||
|
||||
@load base/protocols/http
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_declaration.bro
|
||||
data_type_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_interval.bro
|
||||
data_type_interval.bro
|
||||
|
||||
# Store the time the previous connection was established.
|
||||
global last_connection_time: time;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_local.bro
|
||||
data_type_local.bro
|
||||
|
||||
function add_two(i: count): count
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_pattern_01.bro
|
||||
data_type_pattern_01.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_pattern_02.bro
|
||||
data_type_pattern_02.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_subnets.bro
|
||||
data_type_subnets.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_time.bro
|
||||
data_type_time.bro
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_logging_factorial_01.bro
|
||||
framework_logging_factorial_01.bro
|
||||
|
||||
module Factor;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_logging_factorial_02.bro
|
||||
framework_logging_factorial_02.bro
|
||||
|
||||
module Factor;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_logging_factorial_03.bro
|
||||
framework_logging_factorial_03.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_logging_factorial_04.bro
|
||||
framework_logging_factorial_04.bro
|
||||
|
||||
module Factor;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_notice_hook_01.bro
|
||||
framework_notice_hook_01.bro
|
||||
|
||||
@load policy/protocols/ssh/interesting-hostnames.bro
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_notice_hook_suppression_01.bro
|
||||
framework_notice_hook_suppression_01.bro
|
||||
|
||||
@load policy/protocols/ssl/expiring-certs.bro
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_notice_shortcuts_01.bro
|
||||
framework_notice_shortcuts_01.bro
|
||||
|
||||
@load policy/protocols/ssh/interesting-hostnames.bro
|
||||
@load base/protocols/ssh/
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_notice_shortcuts_02.bro
|
||||
framework_notice_shortcuts_02.bro
|
||||
|
||||
@load policy/protocols/ssh/interesting-hostnames.bro
|
||||
@load base/protocols/ssh/
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- event.bif.bro
|
||||
event.bif.bro
|
||||
|
||||
## Generated for every new connection. This event is raised with the first
|
||||
## packet of a previously unknown connection. Bro uses a flow-based definition
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- Bro_DNS.events.bif.bro
|
||||
Bro_DNS.events.bif.bro
|
||||
|
||||
## Generated for DNS requests. For requests with multiple queries, this event
|
||||
## is raised once for each.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- init-bare.bro
|
||||
init-bare.bro
|
||||
|
||||
type string_array: table[count] of string;
|
||||
type string_set: set[string];
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- main.bro
|
||||
main.bro
|
||||
|
||||
module Conn;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- main.bro
|
||||
main.bro
|
||||
|
||||
module HTTP;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- detect-MHR.bro
|
||||
detect-MHR.bro
|
||||
|
||||
##! Detect file downloads that have hash values matching files in Team
|
||||
##! Cymru's Malware Hash Registry (http://www.team-cymru.org/Services/MHR/).
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- detect-MHR.bro
|
||||
detect-MHR.bro
|
||||
|
||||
@load base/frameworks/files
|
||||
@load base/frameworks/notice
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- detect-MHR.bro
|
||||
detect-MHR.bro
|
||||
|
||||
export {
|
||||
redef enum Notice::Type += {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- detect-MHR.bro
|
||||
detect-MHR.bro
|
||||
|
||||
event file_hash(f: fa_file, kind: string, hash: string)
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- known-hosts.bro
|
||||
known-hosts.bro
|
||||
|
||||
module Known;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- interesting-hostnames.bro
|
||||
interesting-hostnames.bro
|
||||
|
||||
##! This script will generate a notice if an apparent SSH login originates
|
||||
##! or heads to a host with a reverse hostname that looks suspicious. By
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- expiring-certs.bro
|
||||
expiring-certs.bro
|
||||
|
||||
NOTICE([$note=Certificate_Expires_Soon,
|
||||
$msg=fmt("Certificate %s is going to expire at %T", cert$subject, cert$not_valid_after),
|
||||
|
|
|
@ -1,26 +1,30 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro -r wikipedia.trace
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
.. code-block:: guess
|
||||
:linenos:
|
||||
# bro -r wikipedia.trace
|
||||
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-09-01-01-08-21
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty)
|
||||
1300475167.097012 CjhGID4nQcgTWjvg4c fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - 0 D 1 199 0 0 (empty)
|
||||
1300475167.099816 CCvvfg3TEfuqmmG4bh 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - 0 D 1 179 0 0 (empty)
|
||||
1300475168.853899 CPbrpk1qSsw6ESzHV4 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.854378 C6pKV8GSxOnSLghOa 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.854837 CIPOse170MGiRM1Qf4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.857956 CMXxB5GvmoxJFXdTa 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 (empty)
|
||||
[...]
|
||||
.. rst-class:: btest-include
|
||||
|
||||
.. code-block:: guess
|
||||
:linenos:
|
||||
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-10-07-23-48-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty)
|
||||
1300475167.097012 CjhGID4nQcgTWjvg4c fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - 0 D 1 199 0 0 (empty)
|
||||
1300475167.099816 CCvvfg3TEfuqmmG4bh 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - 0 D 1 179 0 0 (empty)
|
||||
1300475168.853899 CPbrpk1qSsw6ESzHV4 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.854378 C6pKV8GSxOnSLghOa 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.854837 CIPOse170MGiRM1Qf4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.857956 CMXxB5GvmoxJFXdTa 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 (empty)
|
||||
[...]
|
||||
|
||||
|
|
|
@ -1,17 +1,19 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# cat conn.log | bro-cut id.orig_h id.orig_p id.resp_h duration
|
||||
141.142.220.202 5353 224.0.0.251 -
|
||||
fe80::217:f2ff:fed7:cf65 5353 ff02::fb -
|
||||
141.142.220.50 5353 224.0.0.251 -
|
||||
141.142.220.118 43927 141.142.2.2 0.000435
|
||||
141.142.220.118 37676 141.142.2.2 0.000420
|
||||
141.142.220.118 40526 141.142.2.2 0.000392
|
||||
141.142.220.118 32902 141.142.2.2 0.000317
|
||||
141.142.220.118 59816 141.142.2.2 0.000343
|
||||
141.142.220.118 59714 141.142.2.2 0.000375
|
||||
141.142.220.118 58206 141.142.2.2 0.000339
|
||||
[...]
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# cat conn.log | bro-cut id.orig_h id.orig_p id.resp_h duration
|
||||
141.142.220.202 5353 224.0.0.251 -
|
||||
fe80::217:f2ff:fed7:cf65 5353 ff02::fb -
|
||||
141.142.220.50 5353 224.0.0.251 -
|
||||
141.142.220.118 43927 141.142.2.2 0.000435
|
||||
141.142.220.118 37676 141.142.2.2 0.000420
|
||||
141.142.220.118 40526 141.142.2.2 0.000392
|
||||
141.142.220.118 32902 141.142.2.2 0.000317
|
||||
141.142.220.118 59816 141.142.2.2 0.000343
|
||||
141.142.220.118 59714 141.142.2.2 0.000375
|
||||
141.142.220.118 58206 141.142.2.2 0.000339
|
||||
[...]
|
||||
|
||||
|
|
|
@ -1,17 +1,19 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# awk '/^[^#]/ {print $3, $4, $5, $6, $9}' conn.log
|
||||
141.142.220.202 5353 224.0.0.251 5353 -
|
||||
fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 -
|
||||
141.142.220.50 5353 224.0.0.251 5353 -
|
||||
141.142.220.118 43927 141.142.2.2 53 0.000435
|
||||
141.142.220.118 37676 141.142.2.2 53 0.000420
|
||||
141.142.220.118 40526 141.142.2.2 53 0.000392
|
||||
141.142.220.118 32902 141.142.2.2 53 0.000317
|
||||
141.142.220.118 59816 141.142.2.2 53 0.000343
|
||||
141.142.220.118 59714 141.142.2.2 53 0.000375
|
||||
141.142.220.118 58206 141.142.2.2 53 0.000339
|
||||
[...]
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# awk '/^[^#]/ {print $3, $4, $5, $6, $9}' conn.log
|
||||
141.142.220.202 5353 224.0.0.251 5353 -
|
||||
fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 -
|
||||
141.142.220.50 5353 224.0.0.251 5353 -
|
||||
141.142.220.118 43927 141.142.2.2 53 0.000435
|
||||
141.142.220.118 37676 141.142.2.2 53 0.000420
|
||||
141.142.220.118 40526 141.142.2.2 53 0.000392
|
||||
141.142.220.118 32902 141.142.2.2 53 0.000317
|
||||
141.142.220.118 59816 141.142.2.2 53 0.000343
|
||||
141.142.220.118 59714 141.142.2.2 53 0.000375
|
||||
141.142.220.118 58206 141.142.2.2 53 0.000339
|
||||
[...]
|
||||
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro-cut -d ts uid host uri < http.log
|
||||
2011-03-18T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css
|
||||
2011-03-18T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png
|
||||
2011-03-18T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png
|
||||
2011-03-18T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png
|
||||
2011-03-18T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png
|
||||
[...]
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro-cut -d ts uid host uri < http.log
|
||||
2011-03-18T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css
|
||||
2011-03-18T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png
|
||||
2011-03-18T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png
|
||||
2011-03-18T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png
|
||||
2011-03-18T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png
|
||||
[...]
|
||||
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro-cut -u ts uid host uri < http.log
|
||||
2011-03-18T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css
|
||||
2011-03-18T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png
|
||||
2011-03-18T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png
|
||||
2011-03-18T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png
|
||||
2011-03-18T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png
|
||||
[...]
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro-cut -u ts uid host uri < http.log
|
||||
2011-03-18T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css
|
||||
2011-03-18T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png
|
||||
2011-03-18T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png
|
||||
2011-03-18T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png
|
||||
2011-03-18T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png
|
||||
[...]
|
||||
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# bro-cut -D %d-%m-%YT%H:%M:%S%z ts uid host uri < http.log
|
||||
18-03-2011T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css
|
||||
18-03-2011T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png
|
||||
18-03-2011T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png
|
||||
18-03-2011T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png
|
||||
18-03-2011T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png
|
||||
[...]
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro-cut -D %d-%m-%YT%H:%M:%S%z ts uid host uri < http.log
|
||||
18-03-2011T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css
|
||||
18-03-2011T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png
|
||||
18-03-2011T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png
|
||||
18-03-2011T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png
|
||||
18-03-2011T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png
|
||||
[...]
|
||||
|
||||
|
|
|
@ -1,11 +1,13 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# cat conn.log | bro-cut uid resp_bytes | sort -nrk2 | head -5
|
||||
CyAhVIzHqb7t7kv28 734
|
||||
CkDsfG2YIeWJmXWNWj 734
|
||||
CJ3xTn1c4Zw9TmAE05 734
|
||||
C3SfNE4BWaU4aSuwkc 734
|
||||
CzA03V1VcgagLjnO92 733
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# cat conn.log | bro-cut uid resp_bytes | sort -nrk2 | head -5
|
||||
CyAhVIzHqb7t7kv28 734
|
||||
CkDsfG2YIeWJmXWNWj 734
|
||||
CJ3xTn1c4Zw9TmAE05 734
|
||||
C3SfNE4BWaU4aSuwkc 734
|
||||
CzA03V1VcgagLjnO92 733
|
||||
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
.. rst-class:: btest-cmd
|
||||
|
||||
# cat http.log | bro-cut uid id.resp_h method status_code host uri | grep VW0XPVINV8a
|
||||
CRJuHdVW0XPVINV8a 208.80.152.118 GET 304 bits.wikimedia.org /skins-1.5/monobook/main.css
|
||||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# cat http.log | bro-cut uid id.resp_h method status_code host uri | grep VW0XPVINV8a
|
||||
CRJuHdVW0XPVINV8a 208.80.152.118 GET 304 bits.wikimedia.org /skins-1.5/monobook/main.css
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- connection_record_02.bro
|
||||
connection_record_02.bro
|
||||
|
||||
@load base/protocols/conn
|
||||
@load base/protocols/dns
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- connection_record_02.bro
|
||||
connection_record_02.bro
|
||||
|
||||
@load base/protocols/conn
|
||||
@load base/protocols/dns
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_record_01.bro
|
||||
data_struct_record_01.bro
|
||||
|
||||
type Service: record {
|
||||
name: string;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_record_02.bro
|
||||
data_struct_record_02.bro
|
||||
|
||||
type Service: record {
|
||||
name: string;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
data_struct_set_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
data_struct_set_declaration.bro
|
||||
|
||||
for ( i in ssl_ports )
|
||||
print fmt("SSL Port: %s", i);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
data_struct_set_declaration.bro
|
||||
|
||||
# Check for SMTPS
|
||||
if ( 587/tcp !in ssl_ports )
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
data_struct_set_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_table_complex.bro
|
||||
data_struct_table_complex.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_table_declaration.bro
|
||||
data_struct_table_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_vector_declaration.bro
|
||||
data_struct_vector_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_struct_vector_iter.bro
|
||||
data_struct_vector_iter.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_const.bro
|
||||
data_type_const.bro
|
||||
|
||||
const port_list: table[port] of string &redef;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_const_simple.bro
|
||||
data_type_const_simple.bro
|
||||
|
||||
@load base/protocols/http
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_declaration.bro
|
||||
data_type_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_interval.bro
|
||||
data_type_interval.bro
|
||||
|
||||
# Store the time the previous connection was established.
|
||||
global last_connection_time: time;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_local.bro
|
||||
data_type_local.bro
|
||||
|
||||
function add_two(i: count): count
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_pattern_01.bro
|
||||
data_type_pattern_01.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_pattern_02.bro
|
||||
data_type_pattern_02.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_subnets.bro
|
||||
data_type_subnets.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- data_type_time.bro
|
||||
data_type_time.bro
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_logging_factorial_01.bro
|
||||
framework_logging_factorial_01.bro
|
||||
|
||||
module Factor;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_logging_factorial_02.bro
|
||||
framework_logging_factorial_02.bro
|
||||
|
||||
module Factor;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_logging_factorial_03.bro
|
||||
framework_logging_factorial_03.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_logging_factorial_04.bro
|
||||
framework_logging_factorial_04.bro
|
||||
|
||||
module Factor;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_notice_hook_01.bro
|
||||
framework_notice_hook_01.bro
|
||||
|
||||
@load policy/protocols/ssh/interesting-hostnames.bro
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_notice_hook_suppression_01.bro
|
||||
framework_notice_hook_suppression_01.bro
|
||||
|
||||
@load policy/protocols/ssl/expiring-certs.bro
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_notice_shortcuts_01.bro
|
||||
framework_notice_shortcuts_01.bro
|
||||
|
||||
@load policy/protocols/ssh/interesting-hostnames.bro
|
||||
@load base/protocols/ssh/
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- framework_notice_shortcuts_02.bro
|
||||
framework_notice_shortcuts_02.bro
|
||||
|
||||
@load policy/protocols/ssh/interesting-hostnames.bro
|
||||
@load base/protocols/ssh/
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- event.bif.bro
|
||||
event.bif.bro
|
||||
|
||||
## Generated for every new connection. This event is raised with the first
|
||||
## packet of a previously unknown connection. Bro uses a flow-based definition
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- Bro_DNS.events.bif.bro
|
||||
Bro_DNS.events.bif.bro
|
||||
|
||||
## Generated for DNS requests. For requests with multiple queries, this event
|
||||
## is raised once for each.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- init-bare.bro
|
||||
init-bare.bro
|
||||
|
||||
type string_array: table[count] of string;
|
||||
type string_set: set[string];
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cat %INPUT >output && btest-diff output
|
||||
|
||||
-- main.bro
|
||||
main.bro
|
||||
|
||||
module Conn;
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue