diff --git a/scripts/base/frameworks/analyzer/logging.zeek b/scripts/base/frameworks/analyzer/logging.zeek
index dd3195ef0f..60e2a196b2 100644
--- a/scripts/base/frameworks/analyzer/logging.zeek
+++ b/scripts/base/frameworks/analyzer/logging.zeek
@@ -1,4 +1,4 @@
-##! Logging analyzer violations into analyzer_failed.log
+##! Logging analyzer violations into analyzer.log
@load base/frameworks/logging
@load ./main
@@ -9,7 +9,7 @@ export {
## Add the analyzer logging stream identifier.
redef enum Log::ID += { LOG };
- ## The record type defining the columns to log in the analyzer-failed logging stream.
+ ## The record type defining the columns to log in the analyzer logging stream.
type Info: record {
## Timestamp of the violation.
ts: time &log;
@@ -38,7 +38,7 @@ export {
## An event that can be handled to access the :zeek:type:`Analyzer::Logging::Info`
## record as it is sent on to the logging framework.
- global log_analyzer_failed: event(rec: Info);
+ global log_analyzer: event(rec: Info);
## A default logging policy hook for the stream.
global log_policy: Log::PolicyHook;
@@ -46,7 +46,7 @@ export {
event zeek_init() &priority=5
{
- Log::create_stream(LOG, [$columns=Info, $path="analyzer_failed", $ev=log_analyzer_failed, $policy=log_policy]);
+ Log::create_stream(LOG, [$columns=Info, $path="analyzer", $ev=log_analyzer, $policy=log_policy]);
}
function log_analyzer_failure(ts: time, atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo)
diff --git a/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/analyzer_failed.log b/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/analyzer.log
similarity index 96%
rename from testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/analyzer_failed.log
rename to testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/analyzer.log
index 2612d8476f..e246a5a9a7 100644
--- a/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/analyzer_failed.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/analyzer.log
@@ -3,7 +3,7 @@
#set_separator ,
#empty_field (empty)
#unset_field -
-#path analyzer_failed
+#path analyzer
#open XXXX-XX-XX-XX-XX-XX
#fields ts analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
#types time string string string string addr port addr port string string
diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out
index de9700017a..4db669de5d 100644
--- a/testing/btest/Baseline/coverage.find-bro-logs/out
+++ b/testing/btest/Baseline/coverage.find-bro-logs/out
@@ -1,6 +1,6 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+analyzer
analyzer_debug
-analyzer_failed
broker
capture_loss
cluster
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index c1ad038255..1fda8ec01d 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -27,7 +27,7 @@
0.000000 MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F])) ->
0.000000 MetaHookPost CallFunction(Config::config_option_changed, , (Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24}, )) ->
0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle: function(c:connection, is_orig:bool) : string{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file: function(f:fa_file) : string{ if (HTTP::f$source != HTTP) return ()for ([HTTP::_], HTTP::c in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=analyzer_failed, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) ->
+0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=analyzer, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) ->
@@ -38,7 +38,7 @@
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer_failed: event(rec:Analyzer::Logging::Info), path=analyzer_failed, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])) ->
+0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer: event(rec:Analyzer::Logging::Info), path=analyzer, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config: event(rec:Config::Info), path=config, policy=Config::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])) ->
@@ -82,7 +82,7 @@
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Notice::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Tunnel::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Weird::LOG, default)) ->
-0.000000 MetaHookPost CallFunction(Log::create_stream, , (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer_failed: event(rec:Analyzer::Logging::Info), path=analyzer_failed, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])) ->
+0.000000 MetaHookPost CallFunction(Log::create_stream, , (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer: event(rec:Analyzer::Logging::Info), path=analyzer, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config: event(rec:Config::Info), path=config, policy=Config::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])) ->
@@ -966,7 +966,7 @@
0.000000 MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F]))
0.000000 MetaHookPre CallFunction(Config::config_option_changed, , (Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24}, ))
0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle: function(c:connection, is_orig:bool) : string{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file: function(f:fa_file) : string{ if (HTTP::f$source != HTTP) return ()for ([HTTP::_], HTTP::c in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}]))
-0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=analyzer_failed, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]))
+0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=analyzer, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]))
@@ -977,7 +977,7 @@
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]))
-0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer_failed: event(rec:Analyzer::Logging::Info), path=analyzer_failed, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000]))
+0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer: event(rec:Analyzer::Logging::Info), path=analyzer, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config: event(rec:Config::Info), path=config, policy=Config::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000]))
@@ -1021,7 +1021,7 @@
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Notice::LOG, default))
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Tunnel::LOG, default))
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Weird::LOG, default))
-0.000000 MetaHookPre CallFunction(Log::create_stream, , (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer_failed: event(rec:Analyzer::Logging::Info), path=analyzer_failed, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000]))
+0.000000 MetaHookPre CallFunction(Log::create_stream, , (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer: event(rec:Analyzer::Logging::Info), path=analyzer, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000]))
0.000000 MetaHookPre CallFunction(Log::create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000]))
0.000000 MetaHookPre CallFunction(Log::create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000]))
0.000000 MetaHookPre CallFunction(Log::create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config: event(rec:Config::Info), path=config, policy=Config::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000]))
@@ -1904,7 +1904,7 @@
0.000000 | HookCallFunction Cluster::register_pool([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F])
0.000000 | HookCallFunction Config::config_option_changed(Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24}, )
0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle: function(c:connection, is_orig:bool) : string{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file: function(f:fa_file) : string{ if (HTTP::f$source != HTTP) return ()for ([HTTP::_], HTTP::c in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}])
-0.000000 | HookCallFunction Log::__add_filter(Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=analyzer_failed, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])
+0.000000 | HookCallFunction Log::__add_filter(Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=analyzer, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])
0.000000 | HookCallFunction Log::__add_filter(Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])
0.000000 | HookCallFunction Log::__add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])
0.000000 | HookCallFunction Log::__add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])
@@ -1915,7 +1915,7 @@
0.000000 | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])
0.000000 | HookCallFunction Log::__add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])
0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])
-0.000000 | HookCallFunction Log::__create_stream(Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer_failed: event(rec:Analyzer::Logging::Info), path=analyzer_failed, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])
+0.000000 | HookCallFunction Log::__create_stream(Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer: event(rec:Analyzer::Logging::Info), path=analyzer, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])
0.000000 | HookCallFunction Log::__create_stream(Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])
0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])
0.000000 | HookCallFunction Log::__create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config: event(rec:Config::Info), path=config, policy=Config::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])
@@ -1959,7 +1959,7 @@
0.000000 | HookCallFunction Log::add_stream_filters(Notice::LOG, default)
0.000000 | HookCallFunction Log::add_stream_filters(Tunnel::LOG, default)
0.000000 | HookCallFunction Log::add_stream_filters(Weird::LOG, default)
-0.000000 | HookCallFunction Log::create_stream(Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer_failed: event(rec:Analyzer::Logging::Info), path=analyzer_failed, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])
+0.000000 | HookCallFunction Log::create_stream(Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer: event(rec:Analyzer::Logging::Info), path=analyzer, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])
0.000000 | HookCallFunction Log::create_stream(Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])
0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])
0.000000 | HookCallFunction Log::create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config: event(rec:Config::Info), path=config, policy=Config::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000])
diff --git a/testing/btest/Baseline/scripts.base.protocols.dce-rpc.ntlm-empty-av-pair-seq/analyzer_failed.log b/testing/btest/Baseline/scripts.base.protocols.dce-rpc.ntlm-empty-av-pair-seq/analyzer.log
similarity index 96%
rename from testing/btest/Baseline/scripts.base.protocols.dce-rpc.ntlm-empty-av-pair-seq/analyzer_failed.log
rename to testing/btest/Baseline/scripts.base.protocols.dce-rpc.ntlm-empty-av-pair-seq/analyzer.log
index d19e8b57a5..bd4f3053a5 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dce-rpc.ntlm-empty-av-pair-seq/analyzer_failed.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dce-rpc.ntlm-empty-av-pair-seq/analyzer.log
@@ -3,7 +3,7 @@
#set_separator ,
#empty_field (empty)
#unset_field -
-#path analyzer_failed
+#path analyzer
#open XXXX-XX-XX-XX-XX-XX
#fields ts analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
#types time string string string string addr port addr port string string
diff --git a/testing/btest/Baseline/scripts.base.protocols.dce-rpc.ntlm-unterminated-av-pair-seq/analyzer_failed.log b/testing/btest/Baseline/scripts.base.protocols.dce-rpc.ntlm-unterminated-av-pair-seq/analyzer.log
similarity index 96%
rename from testing/btest/Baseline/scripts.base.protocols.dce-rpc.ntlm-unterminated-av-pair-seq/analyzer_failed.log
rename to testing/btest/Baseline/scripts.base.protocols.dce-rpc.ntlm-unterminated-av-pair-seq/analyzer.log
index d19e8b57a5..bd4f3053a5 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dce-rpc.ntlm-unterminated-av-pair-seq/analyzer_failed.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dce-rpc.ntlm-unterminated-av-pair-seq/analyzer.log
@@ -3,7 +3,7 @@
#set_separator ,
#empty_field (empty)
#unset_field -
-#path analyzer_failed
+#path analyzer
#open XXXX-XX-XX-XX-XX-XX
#fields ts analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
#types time string string string string addr port addr port string string
diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-invalid-reply-code/analyzer_failed.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-invalid-reply-code/analyzer.log
similarity index 96%
rename from testing/btest/Baseline/scripts.base.protocols.ftp.ftp-invalid-reply-code/analyzer_failed.log
rename to testing/btest/Baseline/scripts.base.protocols.ftp.ftp-invalid-reply-code/analyzer.log
index 17300b98ca..5580d6bee8 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-invalid-reply-code/analyzer_failed.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-invalid-reply-code/analyzer.log
@@ -3,7 +3,7 @@
#set_separator ,
#empty_field (empty)
#unset_field -
-#path analyzer_failed
+#path analyzer
#open XXXX-XX-XX-XX-XX-XX
#fields ts analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
#types time string string string string addr port addr port string string
diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-max-command-length/analyzer_failed.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-max-command-length/analyzer.log
similarity index 100%
rename from testing/btest/Baseline/scripts.base.protocols.ftp.ftp-max-command-length/analyzer_failed.log
rename to testing/btest/Baseline/scripts.base.protocols.ftp.ftp-max-command-length/analyzer.log
diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-reply-code/analyzer_failed.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-reply-code/analyzer.log
similarity index 96%
rename from testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-reply-code/analyzer_failed.log
rename to testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-reply-code/analyzer.log
index f3714a83fe..d798bd340f 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-reply-code/analyzer_failed.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-reply-code/analyzer.log
@@ -3,7 +3,7 @@
#set_separator ,
#empty_field (empty)
#unset_field -
-#path analyzer_failed
+#path analyzer
#open XXXX-XX-XX-XX-XX-XX
#fields ts analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
#types time string string string string addr port addr port string string
diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-space-after-reply-code/analyzer_failed.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-space-after-reply-code/analyzer.log
similarity index 96%
rename from testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-space-after-reply-code/analyzer_failed.log
rename to testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-space-after-reply-code/analyzer.log
index 0ba9b90aa0..5cc8cbbb69 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-space-after-reply-code/analyzer_failed.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-missing-space-after-reply-code/analyzer.log
@@ -3,7 +3,7 @@
#set_separator ,
#empty_field (empty)
#unset_field -
-#path analyzer_failed
+#path analyzer
#open XXXX-XX-XX-XX-XX-XX
#fields ts analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
#types time string string string string addr port addr port string string
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-11-request-then-cruft/analyzer_failed.log b/testing/btest/Baseline/scripts.base.protocols.http.http-11-request-then-cruft/analyzer.log
similarity index 96%
rename from testing/btest/Baseline/scripts.base.protocols.http.http-11-request-then-cruft/analyzer_failed.log
rename to testing/btest/Baseline/scripts.base.protocols.http.http-11-request-then-cruft/analyzer.log
index 5d42684074..b9e08e7109 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.http-11-request-then-cruft/analyzer_failed.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.http-11-request-then-cruft/analyzer.log
@@ -3,7 +3,7 @@
#set_separator ,
#empty_field (empty)
#unset_field -
-#path analyzer_failed
+#path analyzer
#open XXXX-XX-XX-XX-XX-XX
#fields ts analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
#types time string string string string addr port addr port string string
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/analyzer_debuglog b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/analyzer_debuglog
index e78a1f520f..8cc5fb1a5f 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/analyzer_debuglog
+++ b/testing/btest/Baseline/scripts.base.protocols.ssh.half-duplex-server/analyzer_debuglog
@@ -3,7 +3,7 @@
#set_separator ,
#empty_field (empty)
#unset_field -
-#path analyzer_failed
+#path analyzer
#open XXXX-XX-XX-XX-XX-XX
#fields ts analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
#types time string string string string addr port addr port string string
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.dtls-stun-dpd/analyzer_failed.log b/testing/btest/Baseline/scripts.base.protocols.ssl.dtls-stun-dpd/analyzer.log
similarity index 100%
rename from testing/btest/Baseline/scripts.base.protocols.ssl.dtls-stun-dpd/analyzer_failed.log
rename to testing/btest/Baseline/scripts.base.protocols.ssl.dtls-stun-dpd/analyzer.log
diff --git a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.packet-segment-logging/analyzer_failed.log b/testing/btest/Baseline/scripts.policy.frameworks.analyzer.packet-segment-logging/analyzer.log
similarity index 97%
rename from testing/btest/Baseline/scripts.policy.frameworks.analyzer.packet-segment-logging/analyzer_failed.log
rename to testing/btest/Baseline/scripts.policy.frameworks.analyzer.packet-segment-logging/analyzer.log
index 88e0117837..95635816cd 100644
--- a/testing/btest/Baseline/scripts.policy.frameworks.analyzer.packet-segment-logging/analyzer_failed.log
+++ b/testing/btest/Baseline/scripts.policy.frameworks.analyzer.packet-segment-logging/analyzer.log
@@ -3,7 +3,7 @@
#set_separator ,
#empty_field (empty)
#unset_field -
-#path analyzer_failed
+#path analyzer
#open XXXX-XX-XX-XX-XX-XX
#fields ts analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data packet_segment
#types time string string string string addr port addr port string string string
diff --git a/testing/btest/Baseline/spicy.parse-error/analyzer_failed.log b/testing/btest/Baseline/spicy.parse-error/analyzer.log
similarity index 96%
rename from testing/btest/Baseline/spicy.parse-error/analyzer_failed.log
rename to testing/btest/Baseline/spicy.parse-error/analyzer.log
index c2eaf04d8c..5686afd30b 100644
--- a/testing/btest/Baseline/spicy.parse-error/analyzer_failed.log
+++ b/testing/btest/Baseline/spicy.parse-error/analyzer.log
@@ -3,7 +3,7 @@
#set_separator ,
#empty_field (empty)
#unset_field -
-#path analyzer_failed
+#path analyzer
#open XXXX-XX-XX-XX-XX-XX
#fields ts analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
#types time string string string string addr port addr port string string
diff --git a/testing/btest/core/tunnels/gtp/unknown_or_too_short.test b/testing/btest/core/tunnels/gtp/unknown_or_too_short.test
index 1291e67ac2..6a188f2177 100644
--- a/testing/btest/core/tunnels/gtp/unknown_or_too_short.test
+++ b/testing/btest/core/tunnels/gtp/unknown_or_too_short.test
@@ -1,5 +1,5 @@
# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp9_unknown_or_too_short_payload.pcap %INPUT
-# @TEST-EXEC: btest-diff analyzer_failed.log
+# @TEST-EXEC: btest-diff analyzer.log
# @TEST-EXEC: btest-diff tunnel.log
# Packet 11, epoch time 1333458853.075889 is malformed. Only 222 byte are
diff --git a/testing/btest/core/tunnels/vxlan-unknown-internal-packet.zeek b/testing/btest/core/tunnels/vxlan-unknown-internal-packet.zeek
index 7553d90572..af80d894b9 100644
--- a/testing/btest/core/tunnels/vxlan-unknown-internal-packet.zeek
+++ b/testing/btest/core/tunnels/vxlan-unknown-internal-packet.zeek
@@ -4,7 +4,7 @@
# @TEST-EXEC: zeek -r $TRACES/tunnels/vxlan-encapsulated-igmp-v2.pcap %INPUT
# @TEST-EXEC: btest-diff conn.log
-# @TEST-EXEC: ! test -f analyzer_failed.log
+# @TEST-EXEC: ! test -f analyzer.log
@load base/frameworks/tunnels
@load base/protocols/conn
diff --git a/testing/btest/scripts/base/protocols/dce-rpc/ntlm-empty-av-pair-seq.zeek b/testing/btest/scripts/base/protocols/dce-rpc/ntlm-empty-av-pair-seq.zeek
index 57acc0a686..ecc2b3f464 100644
--- a/testing/btest/scripts/base/protocols/dce-rpc/ntlm-empty-av-pair-seq.zeek
+++ b/testing/btest/scripts/base/protocols/dce-rpc/ntlm-empty-av-pair-seq.zeek
@@ -2,7 +2,7 @@
# @TEST-EXEC: zeek -b -r $TRACES/dce-rpc/ntlm-empty-av-sequence.pcap %INPUT
# @TEST-EXEC: btest-diff ntlm.log
-# @TEST-EXEC: btest-diff analyzer_failed.log
+# @TEST-EXEC: btest-diff analyzer.log
@load frameworks/analyzer/debug-logging.zeek
@load base/protocols/dce-rpc
diff --git a/testing/btest/scripts/base/protocols/dce-rpc/ntlm-unterminated-av-pair-seq.zeek b/testing/btest/scripts/base/protocols/dce-rpc/ntlm-unterminated-av-pair-seq.zeek
index 4c9a70972d..758f93c16b 100644
--- a/testing/btest/scripts/base/protocols/dce-rpc/ntlm-unterminated-av-pair-seq.zeek
+++ b/testing/btest/scripts/base/protocols/dce-rpc/ntlm-unterminated-av-pair-seq.zeek
@@ -2,7 +2,7 @@
# @TEST-EXEC: zeek -b -r $TRACES/dce-rpc/ntlm-unterminated-av-sequence.pcap %INPUT
# @TEST-EXEC: btest-diff ntlm.log
-# @TEST-EXEC: btest-diff analyzer_failed.log
+# @TEST-EXEC: btest-diff analyzer.log
@load base/protocols/dce-rpc
@load base/protocols/ntlm
diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-invalid-reply-code.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-invalid-reply-code.zeek
index 8433feb0f0..22187a081f 100644
--- a/testing/btest/scripts/base/protocols/ftp/ftp-invalid-reply-code.zeek
+++ b/testing/btest/scripts/base/protocols/ftp/ftp-invalid-reply-code.zeek
@@ -2,7 +2,7 @@
# @TEST-EXEC: zeek -b -r $TRACES/ftp/ftp-invalid-reply-code.pcap %INPUT
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ftp.log
-# @TEST-EXEC: btest-diff analyzer_failed.log
+# @TEST-EXEC: btest-diff analyzer.log
# @TEST-EXEC: test ! -f reporter.log
@load base/protocols/conn
diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-missing-reply-code.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-missing-reply-code.zeek
index 8ff4701b8f..694b02ec26 100644
--- a/testing/btest/scripts/base/protocols/ftp/ftp-missing-reply-code.zeek
+++ b/testing/btest/scripts/base/protocols/ftp/ftp-missing-reply-code.zeek
@@ -2,7 +2,7 @@
# @TEST-EXEC: zeek -b -r $TRACES/ftp/ftp-missing-reply-code.pcap %INPUT
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ftp.log
-# @TEST-EXEC: btest-diff analyzer_failed.log
+# @TEST-EXEC: btest-diff analyzer.log
# @TEST-EXEC: test ! -f reporter.log
@load base/protocols/conn
diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-missing-space-after-reply-code.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-missing-space-after-reply-code.zeek
index c04219b89d..4d7f3a2d85 100644
--- a/testing/btest/scripts/base/protocols/ftp/ftp-missing-space-after-reply-code.zeek
+++ b/testing/btest/scripts/base/protocols/ftp/ftp-missing-space-after-reply-code.zeek
@@ -2,7 +2,7 @@
# @TEST-EXEC: zeek -b -r $TRACES/ftp/ftp-missing-space-after-reply-code.pcap %INPUT
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ftp.log
-# @TEST-EXEC: btest-diff analyzer_failed.log
+# @TEST-EXEC: btest-diff analyzer.log
# @TEST-EXEC: test ! -f reporter.log
@load base/protocols/conn
diff --git a/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek b/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek
index 9c9f5586b8..80b4f56966 100644
--- a/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek
+++ b/testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek
@@ -5,7 +5,7 @@
#
# @TEST-EXEC: zeek -r $TRACES/http/websocket.pcap %INPUT
# @TEST-EXEC: test ! -f weird.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: btest-diff http.log
# @TEST-EXEC: btest-diff websocket.log
# @TEST-EXEC: btest-diff .stdout
@@ -25,7 +25,7 @@ hook WebSocket::configure_analyzer(c: connection, aid: count, config: WebSocket:
# The originator's WebSocket frames match HTTP, so DPD would
# enable HTTP for the frame's payload, but the responder's frames
# contain some ack/status junk just before HTTP response that
- # trigger a violation. Disable DPD for to prevent a analyzer_failed.log
+ # trigger a violation. Disable DPD for to prevent a analyzer.log
# entry.
config$use_dpd = F;
}
diff --git a/testing/btest/scripts/base/protocols/http/http-11-request-then-cruft.pcap b/testing/btest/scripts/base/protocols/http/http-11-request-then-cruft.pcap
index a49ee3e8f9..5f80338e2c 100644
--- a/testing/btest/scripts/base/protocols/http/http-11-request-then-cruft.pcap
+++ b/testing/btest/scripts/base/protocols/http/http-11-request-then-cruft.pcap
@@ -1,7 +1,7 @@
# @TEST-EXEC: zeek -b -r $TRACES/http/http-11-request-then-cruft.pcap %INPUT > output
# @TEST-EXEC: btest-diff http.log
# @TEST-EXEC: btest-diff weird.log
-# @TEST-EXEC: btest-diff analyzer_failed.log
+# @TEST-EXEC: btest-diff analyzer.log
@load base/protocols/http
@load base/frameworks/notice/weird
diff --git a/testing/btest/scripts/base/protocols/ldap/add.zeek b/testing/btest/scripts/base/protocols/ldap/add.zeek
index 7252813ed6..f1b05c6ed5 100644
--- a/testing/btest/scripts/base/protocols/ldap/add.zeek
+++ b/testing/btest/scripts/base/protocols/ldap/add.zeek
@@ -5,6 +5,6 @@
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
-# @TEST-EXEC: ! test -f analyzer_failed.log
+# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: The addRequest/addResponse operation is not implemented, yet we process it.
diff --git a/testing/btest/scripts/base/protocols/ldap/sasl-encrypted.zeek b/testing/btest/scripts/base/protocols/ldap/sasl-encrypted.zeek
index ea9109355a..034a0b7b72 100644
--- a/testing/btest/scripts/base/protocols/ldap/sasl-encrypted.zeek
+++ b/testing/btest/scripts/base/protocols/ldap/sasl-encrypted.zeek
@@ -7,6 +7,6 @@
# @TEST-EXEC: btest-diff ldap.log
# @TEST-EXEC: btest-diff ldap_search.log
# @TEST-EXEC: ! test -f weird.log
-# @TEST-EXEC: ! test -f analyzer_failed.log
+# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: Test LDAP analyzer with SASL encrypted payloads.
diff --git a/testing/btest/scripts/base/protocols/ldap/sasl-ntlm.zeek b/testing/btest/scripts/base/protocols/ldap/sasl-ntlm.zeek
index bf0474145f..b80c8738ae 100644
--- a/testing/btest/scripts/base/protocols/ldap/sasl-ntlm.zeek
+++ b/testing/btest/scripts/base/protocols/ldap/sasl-ntlm.zeek
@@ -6,6 +6,6 @@
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
# @TEST-EXEC: btest-diff ldap_search.log
-# @TEST-EXEC: ! test -f analyzer_failed.log
+# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: This broke after #3826 got merged
diff --git a/testing/btest/scripts/base/protocols/ldap/sasl-scram-sha-512.zeek b/testing/btest/scripts/base/protocols/ldap/sasl-scram-sha-512.zeek
index 9003003bd0..3df3d12317 100644
--- a/testing/btest/scripts/base/protocols/ldap/sasl-scram-sha-512.zeek
+++ b/testing/btest/scripts/base/protocols/ldap/sasl-scram-sha-512.zeek
@@ -6,6 +6,6 @@
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
# @TEST-EXEC: btest-diff ldap_search.log
-# @TEST-EXEC: ! test -f analyzer_failed.log
+# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: This broke after #3826 got merged
diff --git a/testing/btest/scripts/base/protocols/ldap/sasl-signed-clear-2.zeek b/testing/btest/scripts/base/protocols/ldap/sasl-signed-clear-2.zeek
index ca2bab1251..7e734963c3 100644
--- a/testing/btest/scripts/base/protocols/ldap/sasl-signed-clear-2.zeek
+++ b/testing/btest/scripts/base/protocols/ldap/sasl-signed-clear-2.zeek
@@ -6,6 +6,6 @@
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
# @TEST-EXEC: btest-diff ldap_search.log
-# @TEST-EXEC: ! test -f analyzer_failed.log
+# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: Test LDAP analyzer with GSS-API integrity traffic where we can still peak into LDAP wrapped into WRAP tokens.
diff --git a/testing/btest/scripts/base/protocols/ldap/sasl-signed-clear.zeek b/testing/btest/scripts/base/protocols/ldap/sasl-signed-clear.zeek
index 732706a0e2..01890c9c37 100644
--- a/testing/btest/scripts/base/protocols/ldap/sasl-signed-clear.zeek
+++ b/testing/btest/scripts/base/protocols/ldap/sasl-signed-clear.zeek
@@ -6,6 +6,6 @@
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
# @TEST-EXEC: btest-diff ldap_search.log
-# @TEST-EXEC: ! test -f analyzer_failed.log
+# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: Test LDAP analyzer with GSS-API integrity traffic where we can still peak into LDAP wrapped into WRAP tokens.
diff --git a/testing/btest/scripts/base/protocols/ldap/sasl-srp-who-am-i.zeek b/testing/btest/scripts/base/protocols/ldap/sasl-srp-who-am-i.zeek
index c7ff937409..687f8f99dd 100644
--- a/testing/btest/scripts/base/protocols/ldap/sasl-srp-who-am-i.zeek
+++ b/testing/btest/scripts/base/protocols/ldap/sasl-srp-who-am-i.zeek
@@ -5,6 +5,6 @@
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
-# @TEST-EXEC: ! test -f analyzer_failed.log
+# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: SASL authentication using SRP (Secure Remote Password)
diff --git a/testing/btest/scripts/base/protocols/ldap/spnego-ntlmssp.zeek b/testing/btest/scripts/base/protocols/ldap/spnego-ntlmssp.zeek
index 8dbd51ae55..0fc75b0c2c 100644
--- a/testing/btest/scripts/base/protocols/ldap/spnego-ntlmssp.zeek
+++ b/testing/btest/scripts/base/protocols/ldap/spnego-ntlmssp.zeek
@@ -9,6 +9,6 @@
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
-# @TEST-EXEC: ! test -f analyzer_failed.log
+# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: SASL bindRequest with SPNEGO NTLMSSP.
diff --git a/testing/btest/scripts/base/protocols/ldap/starttls.zeek b/testing/btest/scripts/base/protocols/ldap/starttls.zeek
index e684d0d826..5ef4c425a9 100644
--- a/testing/btest/scripts/base/protocols/ldap/starttls.zeek
+++ b/testing/btest/scripts/base/protocols/ldap/starttls.zeek
@@ -7,7 +7,7 @@
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
# @TEST-EXEC: btest-diff ssl.log
-# @TEST-EXEC: ! test -f analyzer_failed.log
+# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: LDAP supports StartTLS through extendedRequest 1.3.6.1.4.1.1466.20037
diff --git a/testing/btest/scripts/base/protocols/ldap/who-am-i.zeek b/testing/btest/scripts/base/protocols/ldap/who-am-i.zeek
index 260c412c4b..4fba909496 100644
--- a/testing/btest/scripts/base/protocols/ldap/who-am-i.zeek
+++ b/testing/btest/scripts/base/protocols/ldap/who-am-i.zeek
@@ -6,7 +6,7 @@
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
-# @TEST-EXEC: ! test -f analyzer_failed.log
+# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: Testing OpenLDAP's ldapwhoami utility with simple authentication.
diff --git a/testing/btest/scripts/base/protocols/pop3/basic.zeek b/testing/btest/scripts/base/protocols/pop3/basic.zeek
index 825bf82ed7..d9094622d8 100644
--- a/testing/btest/scripts/base/protocols/pop3/basic.zeek
+++ b/testing/btest/scripts/base/protocols/pop3/basic.zeek
@@ -3,7 +3,7 @@
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: test ! -f weird.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
@load base/frameworks/notice/weird
@load base/protocols/conn
diff --git a/testing/btest/scripts/base/protocols/postgresql/bad-backend-message.zeek b/testing/btest/scripts/base/protocols/postgresql/bad-backend-message.zeek
index 208b318dfa..574025bbe9 100644
--- a/testing/btest/scripts/base/protocols/postgresql/bad-backend-message.zeek
+++ b/testing/btest/scripts/base/protocols/postgresql/bad-backend-message.zeek
@@ -3,7 +3,7 @@
# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/bad-backend-message-1.pcap %INPUT
# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p service < conn.log > conn.cut
-# @TEST-EXEC: zeek-cut -m < analyzer_failed.log > analyzer.cut
+# @TEST-EXEC: zeek-cut -m < analyzer.log > analyzer.cut
#
# @TEST-EXEC: btest-diff conn.cut
# @TEST-EXEC: TEST_DIFF_CANONIFIER="sed -r 's,(.*) \(/[^\)]+\),\1 (...),'" btest-diff analyzer.cut
diff --git a/testing/btest/scripts/base/protocols/quic/interop/quic-go_quic-go/handshake.zeek b/testing/btest/scripts/base/protocols/quic/interop/quic-go_quic-go/handshake.zeek
index 265f74537b..0def3cf306 100644
--- a/testing/btest/scripts/base/protocols/quic/interop/quic-go_quic-go/handshake.zeek
+++ b/testing/btest/scripts/base/protocols/quic/interop/quic-go_quic-go/handshake.zeek
@@ -7,4 +7,4 @@
# @TEST-EXEC: btest-diff ssl.log
# @TEST-EXEC: btest-diff quic.log
# @TEST-EXEC: btest-diff .stderr
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
diff --git a/testing/btest/scripts/base/protocols/quic/interop/quic-go_quic-go/retry.zeek b/testing/btest/scripts/base/protocols/quic/interop/quic-go_quic-go/retry.zeek
index 0ec5fe6de1..2fa6e34017 100644
--- a/testing/btest/scripts/base/protocols/quic/interop/quic-go_quic-go/retry.zeek
+++ b/testing/btest/scripts/base/protocols/quic/interop/quic-go_quic-go/retry.zeek
@@ -7,4 +7,4 @@
# @TEST-EXEC: btest-diff ssl.log
# @TEST-EXEC: btest-diff quic.log
# @TEST-EXEC: btest-diff .stderr
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
diff --git a/testing/btest/scripts/base/protocols/quic/interop/quic-go_quic-go/zerortt.zeek b/testing/btest/scripts/base/protocols/quic/interop/quic-go_quic-go/zerortt.zeek
index 24bd738e66..e1d5c698a2 100644
--- a/testing/btest/scripts/base/protocols/quic/interop/quic-go_quic-go/zerortt.zeek
+++ b/testing/btest/scripts/base/protocols/quic/interop/quic-go_quic-go/zerortt.zeek
@@ -7,4 +7,4 @@
# @TEST-EXEC: btest-diff ssl.log
# @TEST-EXEC: btest-diff quic.log
# @TEST-EXEC: btest-diff .stderr
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-invalid-length.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-invalid-length.zeek
index d35c9ffddc..665ff5b00a 100644
--- a/testing/btest/scripts/base/protocols/rdp/rdp-invalid-length.zeek
+++ b/testing/btest/scripts/base/protocols/rdp/rdp-invalid-length.zeek
@@ -1,6 +1,6 @@
# Tests a pcap that has a known-invalid length in a RDP_Negotiation_Response
# header, ensuring that it throws a binpac exception and reports a notice to
-# analyzer_failed.log. The pcap used is a snippet of a pcap from OSS-Fuzz #57109.
+# analyzer.log. The pcap used is a snippet of a pcap from OSS-Fuzz #57109.
# @TEST-EXEC: zeek -C -b -r $TRACES/rdp/rdp-invalid-length.pcap %INPUT
# @TEST-EXEC: btest-diff analyzer_debug.log
diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-no-cookie-msthash.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-no-cookie-msthash.zeek
index 664dd85c38..5d05cd8257 100644
--- a/testing/btest/scripts/base/protocols/rdp/rdp-no-cookie-msthash.zeek
+++ b/testing/btest/scripts/base/protocols/rdp/rdp-no-cookie-msthash.zeek
@@ -3,7 +3,7 @@
# @TEST-EXEC: zeek -b -r $TRACES/rdp/rdp-no-cookie-mstshash.pcap %INPUT
# @TEST-EXEC: btest-diff rdp.log
# @TEST-EXEC: btest-diff ssl.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
@load base/protocols/rdp
@load base/protocols/ssl
diff --git a/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek b/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek
index 001a1125f2..1b9bce4960 100644
--- a/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek
+++ b/testing/btest/scripts/base/protocols/smb/smb2-read-write.zeek
@@ -1,7 +1,7 @@
# @TEST-EXEC: zeek -C -r $TRACES/smb/smb2readwrite.pcap %INPUT
# @TEST-EXEC: btest-diff smb_files.log
# @TEST-EXEC: btest-diff files.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
@load base/protocols/smb
diff --git a/testing/btest/scripts/base/protocols/smb/smb2-zero-byte-error-ioctl.test b/testing/btest/scripts/base/protocols/smb/smb2-zero-byte-error-ioctl.test
index 32330162f7..058d17c29e 100644
--- a/testing/btest/scripts/base/protocols/smb/smb2-zero-byte-error-ioctl.test
+++ b/testing/btest/scripts/base/protocols/smb/smb2-zero-byte-error-ioctl.test
@@ -1,6 +1,6 @@
# @TEST-DOC: Tests handling of PDUs containing error ioctls with byte lengths of zero
# @TEST-EXEC: zeek -b -r $TRACES/smb/smb2-zero-byte-error-ioctl.pcap %INPUT 2>&1 >out
-# @TEST-EXEC: ! test -f analyzer_failed.log
+# @TEST-EXEC: ! test -f analyzer.log
# @TEST-EXEC: btest-diff out
@load base/protocols/smb
diff --git a/testing/btest/scripts/base/protocols/smb/smb2.test b/testing/btest/scripts/base/protocols/smb/smb2.test
index f8883168f2..715b8bf4cd 100644
--- a/testing/btest/scripts/base/protocols/smb/smb2.test
+++ b/testing/btest/scripts/base/protocols/smb/smb2.test
@@ -2,7 +2,7 @@
# @TEST-EXEC: btest-diff smb_files.log
# @TEST-EXEC: btest-diff smb_mapping.log
# @TEST-EXEC: btest-diff files.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
# @TEST-EXEC: btest-diff .stdout
diff --git a/testing/btest/scripts/base/protocols/smb/smb3-multichannel.test b/testing/btest/scripts/base/protocols/smb/smb3-multichannel.test
index eff520e17f..82de18ec9b 100644
--- a/testing/btest/scripts/base/protocols/smb/smb3-multichannel.test
+++ b/testing/btest/scripts/base/protocols/smb/smb3-multichannel.test
@@ -1,6 +1,6 @@
# @TEST-EXEC: zeek -b -r $TRACES/smb/smb3_multichannel.pcap %INPUT
# @TEST-EXEC: btest-diff smb_files.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
@load base/protocols/smb
diff --git a/testing/btest/scripts/base/protocols/smb/smb3.test b/testing/btest/scripts/base/protocols/smb/smb3.test
index dcb9ef21c3..82a1cd9212 100644
--- a/testing/btest/scripts/base/protocols/smb/smb3.test
+++ b/testing/btest/scripts/base/protocols/smb/smb3.test
@@ -1,6 +1,6 @@
# @TEST-EXEC: zeek -r $TRACES/smb/smb3.pcap %INPUT
# @TEST-EXEC: btest-diff smb_mapping.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
# @TEST-EXEC: btest-diff .stdout
diff --git a/testing/btest/scripts/base/protocols/smb/smb311.test b/testing/btest/scripts/base/protocols/smb/smb311.test
index 9870e4c0d8..c5baca83ef 100644
--- a/testing/btest/scripts/base/protocols/smb/smb311.test
+++ b/testing/btest/scripts/base/protocols/smb/smb311.test
@@ -1,5 +1,5 @@
# @TEST-EXEC: zeek -b -C -r $TRACES/smb/smb311.pcap %INPUT
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
# @TEST-EXEC: btest-diff .stdout
diff --git a/testing/btest/scripts/base/protocols/ssh/half-duplex-client.zeek b/testing/btest/scripts/base/protocols/ssh/half-duplex-client.zeek
index a5c1da4da9..027275c36d 100644
--- a/testing/btest/scripts/base/protocols/ssh/half-duplex-client.zeek
+++ b/testing/btest/scripts/base/protocols/ssh/half-duplex-client.zeek
@@ -1,5 +1,5 @@
# Tests processing of half-duplex client-side connections, including no
-# analyzer_failed.log output.
+# analyzer.log output.
# @TEST-EXEC: zeek -r $TRACES/ssh/ssh.client-side-half-duplex.pcap %INPUT
# @TEST-EXEC: btest-diff analyzer_debug.log
diff --git a/testing/btest/scripts/base/protocols/ssh/half-duplex-server.zeek b/testing/btest/scripts/base/protocols/ssh/half-duplex-server.zeek
index c6bbfd5337..1dbb8cb275 100644
--- a/testing/btest/scripts/base/protocols/ssh/half-duplex-server.zeek
+++ b/testing/btest/scripts/base/protocols/ssh/half-duplex-server.zeek
@@ -1,5 +1,5 @@
# Tests processing of half-duplex server-side connections, including no
-# analyzer_failed.log output.
+# analyzer.log output.
# @TEST-EXEC: zeek -r $TRACES/ssh/ssh.server-side-half-duplex.pcap %INPUT
# @TEST-EXEC: btest-diff analyzer_debug.log
diff --git a/testing/btest/scripts/base/protocols/ssl/basic.test b/testing/btest/scripts/base/protocols/ssl/basic.test
index 868e654611..69a81f9ff0 100644
--- a/testing/btest/scripts/base/protocols/ssl/basic.test
+++ b/testing/btest/scripts/base/protocols/ssl/basic.test
@@ -3,5 +3,5 @@
# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
# @TEST-EXEC: btest-diff ssl.log
# @TEST-EXEC: btest-diff x509.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f files.log
diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-13.test b/testing/btest/scripts/base/protocols/ssl/dtls-13.test
index 170821d7c7..b885c0cc63 100644
--- a/testing/btest/scripts/base/protocols/ssl/dtls-13.test
+++ b/testing/btest/scripts/base/protocols/ssl/dtls-13.test
@@ -8,7 +8,7 @@
# @TEST-EXEC: cat ssl.log >> ssl-all.log
# @TEST-EXEC: btest-diff ssl-all.log
# @TEST-EXEC: btest-diff .stdout
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
{
diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test
index f56fa2ea2e..b41b4f4112 100644
--- a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test
+++ b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test
@@ -1,8 +1,8 @@
# @TEST-REQUIRES: ! have-spicy-ssl # DTLS is not supported in Spicy SSL yet
# @TEST-EXEC: zeek -b -r $TRACES/tls/webrtc-stun.pcap %INPUT
# @TEST-EXEC: btest-diff ssl.log
-# @TEST-EXEC: touch analyzer_failed.log
-# @TEST-EXEC: btest-diff analyzer_failed.log
+# @TEST-EXEC: touch analyzer.log
+# @TEST-EXEC: btest-diff analyzer.log
# @TEST-EXEC: btest-diff .stdout
@load base/protocols/ssl
diff --git a/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test b/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test
index 8d2b5a8834..37de61e6f3 100644
--- a/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test
+++ b/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test
@@ -9,7 +9,7 @@
#
# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp_tls1_0.pcap %INPUT
# @TEST-EXEC: btest-diff .stdout
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
redef SSL::ct_logs += {
["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = SSL::CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"),
diff --git a/testing/btest/scripts/base/protocols/ssl/tls-protocol-violation.test b/testing/btest/scripts/base/protocols/ssl/tls-protocol-violation.test
index 3588289ef6..198f1a975c 100644
--- a/testing/btest/scripts/base/protocols/ssl/tls-protocol-violation.test
+++ b/testing/btest/scripts/base/protocols/ssl/tls-protocol-violation.test
@@ -1,5 +1,5 @@
# This tests that no error messages are output when a protocol violation occurs
# @TEST-EXEC: zeek -C -r $TRACES/tls/tls1.2-protocol-violation.pcap %INPUT
-# @TEST-EXEC: test -f analyzer_failed.log
+# @TEST-EXEC: test -f analyzer.log
# @TEST-EXEC: btest-diff .stderr
diff --git a/testing/btest/scripts/base/protocols/ssl/tls1_1.test b/testing/btest/scripts/base/protocols/ssl/tls1_1.test
index 6ebae8fc6d..da1089ab50 100644
--- a/testing/btest/scripts/base/protocols/ssl/tls1_1.test
+++ b/testing/btest/scripts/base/protocols/ssl/tls1_1.test
@@ -3,7 +3,7 @@
# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1_1.pcap %INPUT
# @TEST-EXEC: btest-diff ssl.log
# @TEST-EXEC: btest-diff x509.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
@load base/protocols/ssl
@load base/files/x509
diff --git a/testing/btest/scripts/base/protocols/websocket/broker-websocket.zeek b/testing/btest/scripts/base/protocols/websocket/broker-websocket.zeek
index 40134dce17..bd66b7ce7e 100644
--- a/testing/btest/scripts/base/protocols/websocket/broker-websocket.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/broker-websocket.zeek
@@ -6,7 +6,7 @@
# @TEST-EXEC: btest-diff conn.log.cut
# @TEST-EXEC: btest-diff websocket.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
@load base/protocols/conn
diff --git a/testing/btest/scripts/base/protocols/websocket/coalesced-reply-ping.zeek b/testing/btest/scripts/base/protocols/websocket/coalesced-reply-ping.zeek
index 18392719d5..509a44624e 100644
--- a/testing/btest/scripts/base/protocols/websocket/coalesced-reply-ping.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/coalesced-reply-ping.zeek
@@ -8,7 +8,7 @@
# @TEST-EXEC: btest-diff out-coalesced
# @TEST-EXEC: btest-diff weird.log
# @TEST-EXEC: diff out-separate out-coalesced
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
@load base/protocols/websocket
diff --git a/testing/btest/scripts/base/protocols/websocket/events-spicy.zeek b/testing/btest/scripts/base/protocols/websocket/events-spicy.zeek
index 3edf8d62b5..87c27dbd73 100644
--- a/testing/btest/scripts/base/protocols/websocket/events-spicy.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/events-spicy.zeek
@@ -12,7 +12,7 @@
# @TEST-EXEC: echo "message-too-big-status.pcap" >>out.spicy
# @TEST-EXEC: zeek -b -r $TRACES//websocket/message-too-big-status.pcap %INPUT WebSocket::use_spicy_analyzer=T >>out.spicy
# @TEST-EXEC: diff -u out.spicy out >&2
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
@load base/protocols/websocket
diff --git a/testing/btest/scripts/base/protocols/websocket/events.zeek b/testing/btest/scripts/base/protocols/websocket/events.zeek
index a0bbe2c414..5c4c1fd2cf 100644
--- a/testing/btest/scripts/base/protocols/websocket/events.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/events.zeek
@@ -11,7 +11,7 @@
# @TEST-EXEC: echo "two-binary-fragments.pcap" >>out
# @TEST-EXEC: zeek -b -r $TRACES//websocket/two-binary-fragments.pcap %INPUT >>out
# @TEST-EXEC: btest-diff out
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
@load base/protocols/websocket
diff --git a/testing/btest/scripts/base/protocols/websocket/jupyter-websocket.zeek b/testing/btest/scripts/base/protocols/websocket/jupyter-websocket.zeek
index f721f7b4a8..d7a62476ae 100644
--- a/testing/btest/scripts/base/protocols/websocket/jupyter-websocket.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/jupyter-websocket.zeek
@@ -6,7 +6,7 @@
#
# @TEST-EXEC: btest-diff conn.log.cut
# @TEST-EXEC: btest-diff websocket.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
@load base/protocols/conn
diff --git a/testing/btest/scripts/base/protocols/websocket/wstunnel-http.zeek b/testing/btest/scripts/base/protocols/websocket/wstunnel-http.zeek
index 9e49afcb97..5d676868a0 100644
--- a/testing/btest/scripts/base/protocols/websocket/wstunnel-http.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/wstunnel-http.zeek
@@ -8,7 +8,7 @@
# @TEST-EXEC: btest-diff conn.log.cut
# @TEST-EXEC: btest-diff http.log.cut
# @TEST-EXEC: btest-diff websocket.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
@load base/protocols/conn
diff --git a/testing/btest/scripts/base/protocols/websocket/wstunnel-https.zeek b/testing/btest/scripts/base/protocols/websocket/wstunnel-https.zeek
index 1b00ba77d2..3212023b87 100644
--- a/testing/btest/scripts/base/protocols/websocket/wstunnel-https.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/wstunnel-https.zeek
@@ -8,7 +8,7 @@
# @TEST-EXEC: btest-diff conn.log.cut
# @TEST-EXEC: btest-diff ssl.log.cut
# @TEST-EXEC: btest-diff websocket.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
@load base/protocols/conn
diff --git a/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-configure-break.zeek b/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-configure-break.zeek
index 0a02e69e62..9a9354f01d 100644
--- a/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-configure-break.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-configure-break.zeek
@@ -8,7 +8,7 @@
# @TEST-EXEC: btest-diff conn.log.cut
# @TEST-EXEC: btest-diff websocket.log
# @TEST-EXEC: test ! -f ssh.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
@load base/protocols/conn
@load base/protocols/http
diff --git a/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-configure-wrong.zeek b/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-configure-wrong.zeek
index 3b182ec3e2..bbcba7683a 100644
--- a/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-configure-wrong.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-configure-wrong.zeek
@@ -7,7 +7,7 @@
# @TEST-EXEC: btest-diff conn.log.cut
# @TEST-EXEC: btest-diff websocket.log
# @TEST-EXEC: test ! -f ssh.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
@load base/protocols/conn
@load base/protocols/http
diff --git a/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-configure.zeek b/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-configure.zeek
index ff4f2e196e..560e9694a8 100644
--- a/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-configure.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-configure.zeek
@@ -8,7 +8,7 @@
# @TEST-EXEC: btest-diff conn.log.cut
# @TEST-EXEC: btest-diff ssh.log.cut
# @TEST-EXEC: btest-diff websocket.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
@load base/protocols/conn
diff --git a/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-disabled.zeek b/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-disabled.zeek
index 6b97798fa6..73759666bf 100644
--- a/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-disabled.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-disabled.zeek
@@ -7,7 +7,7 @@
# @TEST-EXEC: btest-diff conn.log.cut
# @TEST-EXEC: test ! -f websocket.log
# @TEST-EXEC: test ! -f ssh.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
@load base/protocols/conn
diff --git a/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-spicy.zeek b/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-spicy.zeek
index a57d1a8dfd..c4d7a659be 100644
--- a/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-spicy.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh-spicy.zeek
@@ -14,7 +14,7 @@
# @TEST-EXEC: diff -u ssh.log.cut.spicy ssh.log.cut >&2
# @TEST-EXEC: btest-diff conn.log.cut.spicy
# @TEST-EXEC: btest-diff ssh.log.cut.spicy
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
@load base/protocols/conn
diff --git a/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh.zeek b/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh.zeek
index 48ed6538cd..02f445ed6c 100644
--- a/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh.zeek
+++ b/testing/btest/scripts/base/protocols/websocket/wstunnel-ssh.zeek
@@ -8,7 +8,7 @@
# @TEST-EXEC: btest-diff conn.log.cut
# @TEST-EXEC: btest-diff ssh.log.cut
# @TEST-EXEC: btest-diff websocket.log
-# @TEST-EXEC: test ! -f analyzer_failed.log
+# @TEST-EXEC: test ! -f analyzer.log
# @TEST-EXEC: test ! -f weird.log
@load base/protocols/conn
diff --git a/testing/btest/scripts/policy/frameworks/analyzer/packet-segment-logging.zeek b/testing/btest/scripts/policy/frameworks/analyzer/packet-segment-logging.zeek
index 397077763c..e0736af96a 100644
--- a/testing/btest/scripts/policy/frameworks/analyzer/packet-segment-logging.zeek
+++ b/testing/btest/scripts/policy/frameworks/analyzer/packet-segment-logging.zeek
@@ -1,6 +1,6 @@
-# @TEST-DOC: IPv6 connection from external ipv6.pcap triggering FTP analyzer violation. Check analyzer_failed.log contains the right packet_segment
+# @TEST-DOC: IPv6 connection from external ipv6.pcap triggering FTP analyzer violation. Check analyzer.log contains the right packet_segment
# @TEST-EXEC: zeek -r $TRACES/ftp/ipv6-violation.trace %INPUT
-# @TEST-EXEC: btest-diff analyzer_failed.log
+# @TEST-EXEC: btest-diff analyzer.log
@load frameworks/analyzer/packet-segment-logging
diff --git a/testing/btest/spicy/parse-error.zeek b/testing/btest/spicy/parse-error.zeek
index d615cc6b0e..9a5a0ab080 100644
--- a/testing/btest/spicy/parse-error.zeek
+++ b/testing/btest/spicy/parse-error.zeek
@@ -2,11 +2,11 @@
#
# @TEST-EXEC: spicyz -d -o test.hlto test.evt test.spicy
# @TEST-EXEC: HILTI_DEBUG=zeek zeek -r ${TRACES}/ssh/single-conn.trace misc/dump-events test.hlto %INPUT
-# Zeek versions differ in their quoting of the newline character in analyzer_failed.log (two slashes vs one).
-# @TEST-EXEC: cat analyzer_failed.log | sed 's#\\\\#\\#g' >analyzer_failed.log.tmp && mv analyzer_failed.log.tmp analyzer_failed.log.log
-# @TEST-EXEC: TEST_DIFF_CANONIFIER=diff-canonifier-spicy btest-diff analyzer_failed.log
+# Zeek versions differ in their quoting of the newline character in analyzer.log (two slashes vs one).
+# @TEST-EXEC: cat analyzer.log | sed 's#\\\\#\\#g' >analyzer.log.tmp && mv analyzer.log.tmp analyzer.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=diff-canonifier-spicy btest-diff analyzer.log
#
-# @TEST-DOC: Trigger parse error after confirmation, should be recorded in analyzer_failed.log
+# @TEST-DOC: Trigger parse error after confirmation, should be recorded in analyzer.log
event zeek_init() {
Analyzer::register_for_port(Analyzer::ANALYZER_SPICY_SSH, 22/tcp);
diff --git a/testing/external/commit-hash.zeek-testing b/testing/external/commit-hash.zeek-testing
index d7317dd5f2..d980110663 100644
--- a/testing/external/commit-hash.zeek-testing
+++ b/testing/external/commit-hash.zeek-testing
@@ -1 +1 @@
-b7089cf5abe4fa7aca548e6c8616ccbed7fbcfaa
+d1b0dc34612cdd0a2f6608039ad842eaf8934478
diff --git a/testing/external/commit-hash.zeek-testing-private b/testing/external/commit-hash.zeek-testing-private
index 0f19980352..3788451d4c 100644
--- a/testing/external/commit-hash.zeek-testing-private
+++ b/testing/external/commit-hash.zeek-testing-private
@@ -1 +1 @@
-c85d69fb00e1c032579282455e2d7ed39b7dab14
+d4f52f1ab6eb26d4a88315a43d25e8481665ad3a
diff --git a/testing/scripts/diff-canonifier-external b/testing/scripts/diff-canonifier-external
index 2e4bc56b62..b945403581 100755
--- a/testing/scripts/diff-canonifier-external
+++ b/testing/scripts/diff-canonifier-external
@@ -23,7 +23,7 @@ if [ "$filename" == "analyzer_debug.log" ]; then
addl="$(dirname $0)/diff-remove-abspath"
fi
-if [ "$filename" == "analyzer_failed.log" ]; then
+if [ "$filename" == "analyzer.log" ]; then
addl="$(dirname $0)/diff-remove-abspath"
fi