From c391bdba5dcad1c6039f01a7bba72bf3f2781e80 Mon Sep 17 00:00:00 2001
From: "peter.cullen" <peter.cullen@corelight.com>
Date: Thu, 19 Oct 2023 12:52:49 -0400
Subject: [PATCH 1/5] Fix mmdb pointer destruction

The mmdb references needs to use reset() instead of release()
so that the destructor gets called and the stale DB is actually
cleaned up. Otherwise, the pointer is leaked and the stale DB
remains in memory.
---
 src/zeek.bif | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/zeek.bif b/src/zeek.bif
index 4c115ca4f3..c027842c2b 100644
--- a/src/zeek.bif
+++ b/src/zeek.bif
@@ -4011,7 +4011,7 @@ static void report_mmdb_msg(const char* format, ...)
 
 	va_list al;
 	va_start(al, format);
-	std::string msg = zeek::util::fmt(format, al);
+	std::string msg = zeek::util::vfmt(format, al);
 	va_end(al);
 
 	zeek::reporter->Info("%s", msg.data());
@@ -4159,7 +4159,7 @@ static void mmdb_check_loc()
 		{
 		report_mmdb_msg("Closing stale MaxMind DB [%s]", mmdb_loc->Filename());
 		did_mmdb_loc_db_error = false;
-		mmdb_loc.release();
+		mmdb_loc.reset();
 		}
 	}
 
@@ -4169,7 +4169,7 @@ static void mmdb_check_asn()
 		{
 		report_mmdb_msg("Closing stale MaxMind DB [%s]", mmdb_asn->Filename());
 		did_mmdb_asn_db_error = false;
-		mmdb_asn.release();
+		mmdb_asn.reset();
 		}
 	}
 

From 688d68cbf6ee2889def0870c050cb4f1b28b33a4 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Mon, 23 Oct 2023 19:15:30 +0200
Subject: [PATCH 2/5] zeek.bif: Switch mmdb stale check to network_time

Makes testing easier and aligns better with log rotation and timer
expiration. Should not have an effect in practice. Also, log detail
about whether inode or modification time changed, too.
---
 scripts/base/init-bare.zeek |  5 +++++
 src/zeek.bif                | 23 +++++++++++++----------
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek
index c71faa7979..df7b56ebb8 100644
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@@ -1107,6 +1107,11 @@ type geo_autonomous_system: record {
 ## The directory containing MaxMind DB (.mmdb) files to use for GeoIP support.
 const mmdb_dir: string = "" &redef;
 
+## Sets the interval for MaxMind DB file staleness checks. When Zeek detects a
+## change in inode or modification time, the database is re-opened. Setting
+## a negative interval disables staleness checks.
+const mmdb_stale_check_interval: interval = 5min &redef;
+
 ## Computed entropy values. The record captures a number of measures that are
 ## computed in parallel. See `A Pseudorandom Number Sequence Test Program
 ## <http://www.fourmilab.ch/random>`_ for more information, Zeek uses the same
diff --git a/src/zeek.bif b/src/zeek.bif
index c027842c2b..e4d59690ff 100644
--- a/src/zeek.bif
+++ b/src/zeek.bif
@@ -4031,12 +4031,12 @@ private:
 	MMDB_s mmdb;
 	struct stat file_info;
 	bool lookup_error;
-	std::chrono::time_point<std::chrono::steady_clock> last_check;
+	double last_check;
 };
 
 MMDB::MMDB(const char* filename, struct stat info)
 	: file_info(info), lookup_error{false},
-	  last_check{std::chrono::steady_clock::now()}
+	  last_check{zeek::run_state::network_time}
 	{
 	int status = MMDB_open(filename, MMDB_MODE_MMAP, &mmdb);
 
@@ -4071,26 +4071,29 @@ MMDB_lookup_result_s MMDB::Lookup(const struct sockaddr* const sa)
 bool MMDB::StaleDB()
 	{
 	struct stat buf;
-	using Clock = std::chrono::steady_clock;
-	std::chrono::time_point<Clock> now = Clock::now();
 
 	if ( lookup_error )
 		return true;
 
-	// Only perform stat once per 5 minutes.
-	using Min = std::chrono::minutes;
-	if ( std::chrono::duration_cast<Min>(now - last_check).count() < 5 )
+
+	static double mmdb_stale_check_interval = zeek::id::find_val("mmdb_stale_check_interval")->AsInterval();
+
+	if ( mmdb_stale_check_interval < 0.0 )
 		return false;
 
-	last_check = now;
+	if ( zeek::run_state::network_time - last_check < mmdb_stale_check_interval )
+		return false;
+
+	last_check = zeek::run_state::network_time;
 
 	if ( 0 != stat(mmdb.filename, &buf) )
 		return true;
 
 	if ( buf.st_ino != file_info.st_ino || buf.st_mtime != file_info.st_mtime )
 		{
-		report_mmdb_msg("Inode change detected for MaxMind DB [%s]",
-		                mmdb.filename);
+		report_mmdb_msg("%s change detected for MaxMind DB [%s]",
+				buf.st_ino != file_info.st_ino ? "Inode" : "Modification time",
+				mmdb.filename);
 		return true;
 		}
 

From 05922132b3687b41a55f9ec691859b70b87a9af4 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Mon, 23 Oct 2023 23:19:09 +0200
Subject: [PATCH 3/5] btest/files: Add mmdb testing databases and generator
 code

---
 testing/btest/Files/mmdb/.gitignore         |   1 +
 testing/btest/Files/mmdb/GeoLite2-ASN.mmdb  | Bin 0 -> 2908 bytes
 testing/btest/Files/mmdb/GeoLite2-City.mmdb | Bin 0 -> 2923 bytes
 testing/btest/Files/mmdb/README             |  13 ++++
 testing/btest/Files/mmdb/go.mod             |  11 +++
 testing/btest/Files/mmdb/go.sum             |  16 +++++
 testing/btest/Files/mmdb/main.go            |  71 ++++++++++++++++++++
 7 files changed, 112 insertions(+)
 create mode 100644 testing/btest/Files/mmdb/.gitignore
 create mode 100644 testing/btest/Files/mmdb/GeoLite2-ASN.mmdb
 create mode 100644 testing/btest/Files/mmdb/GeoLite2-City.mmdb
 create mode 100644 testing/btest/Files/mmdb/README
 create mode 100644 testing/btest/Files/mmdb/go.mod
 create mode 100644 testing/btest/Files/mmdb/go.sum
 create mode 100644 testing/btest/Files/mmdb/main.go

diff --git a/testing/btest/Files/mmdb/.gitignore b/testing/btest/Files/mmdb/.gitignore
new file mode 100644
index 0000000000..b4daca1937
--- /dev/null
+++ b/testing/btest/Files/mmdb/.gitignore
@@ -0,0 +1 @@
+testmmdb
diff --git a/testing/btest/Files/mmdb/GeoLite2-ASN.mmdb b/testing/btest/Files/mmdb/GeoLite2-ASN.mmdb
new file mode 100644
index 0000000000000000000000000000000000000000..65ade5917effcd34fe314d8bafa61ce7a0993d64
GIT binary patch
literal 2908
zcmZYA1#}cw6oBD7A%sAY;1(dbCU|g38YGGY352kj-JK+xWM`JyU0_oe>h4BM>MeEm
z7V1LXm8MFKy4#!ilO0Z*bM}1a-uv!-@9oT<h-e~OqezM(F49hMut+LVdq{&0kghmL
zq$5!$Pzk5KGjxHj&<!%6JM@5_&<lD)ALtAHpg#<NfshG<U@#1UEEo#IU^t9`kuVBI
z!x$I~<6t~YfNaQti7*K!!xWeb(_lK}!VH)RvtTyNfw?db=EDM52zihX>e)HZp#T=a
zVpsx8p%99o7)qcN%3v8RhZQ37r^rg8a##hcVGXQ>3Rnm0p%OMg6>J0_RD-Ve+alsu
zG>8O92EkCtI*}TpS{LW~&L@<Nq~1-aq>~r*vWFE>5z|{@iA3nz1a`94))%9_b;{<p
znX*+4yIdrpI9;TP_Cw%MI84=!6FHpd2sjdsf}`OWIM&5I?lv|8Ii5qD04KspaI(lL
zw4ds=pXS!IZ6arQ$umXHQb)Q(<ZLf_4pYvB^Wc2A04{`!;9?i&klWezQn(CuK(mXp
z%K2OYSHe~55c@=~R=gr|4asZaI+c7*<a)(JB0EXm05`%-a5LNjx5903JKO<x!d-B;
z8vUTiJw*4yeQ-ZK;L>{dwmUqWOv)pC6T3uq)9@%f29LWqeewh=pA>nD+SBlix8&L6
z_qoSQJ}>fu7riL*5`8ZxlWM%X!>b~%QF|TUfH&3d@3Q1Ak+(^{<I;K~xBWel_o;o5
ztjS*bJ``#3k{^-$SmYBLKJ{v!iF}@noVi~lBl(iPuSCA4?;F?;-@<qBJ^TPa!cQ*l
zaerpmFYv3#Z!Gy8{z$G=tKEjb;BWZHMPsq15v4#oNQL&01|1+BIzlHGsTQp>+jfDj
z&<!%6JM@5_&<lD)ALtAHpg#<NfshG<U@#1UEEo#IU^t9`kuVBI!x$I~<6t~YfNaQt
zi7*K!!xWeb(_lK}!VH)RvtTyNfw?db=EDM52zihX>Wy<AcmXVe#jpgHLLn4EF_b_l
zl)*AZ15bLnXe&srgmPE~s}<Fvtsz<q6|fH0LnUm0D%c1<7xg;1S8;Bni{|&D0A~q`
zW_ZaOlC@ALT8LV`w?s`kU}l(=CRh-GO<;=__1gLW=l+)Dz`vFXJsz`6D{RH1zGxyE
zGr~SI9`+mdu8b<}|2505)y+_o9t&A!ReFiO#Wu`<k(F=Q4MwAp$SQLydSh0J?ze0`
zX4#3Id-j*=TT4S`FehMz_f`5srfw&EHI^OLW4^FnZ`r=hh8<NCn^XQ<4VhkbN3lO1
zY7F{}h!v<yO)+v?wwDI=nC{o3hA)<g7=@*Y?7Z@_?1KE_pb-t&p@?(Ly+xr&a)Y$O
mM%}E9>$OHyQj1J0X!rtF+>Gtk;>ETRu<W2O8fr3{GyetueYku8

literal 0
HcmV?d00001

diff --git a/testing/btest/Files/mmdb/GeoLite2-City.mmdb b/testing/btest/Files/mmdb/GeoLite2-City.mmdb
new file mode 100644
index 0000000000000000000000000000000000000000..2f375e3bd619d0b35a705eae07f18b302982e8c7
GIT binary patch
literal 2923
zcmZA22Xquw6oBD7A%r4?-dpH3q4yS+0GouRh0p>llif)&usaiWC&*&KhP`)16jW^3
zdlwPA*n1_xh7G&eeKUWu!!hUV`OdxX-uvF$nLQEFM6{SlhN4EKkz%GuCQ)O^f+o;Z
zag<0iqUN9yZhH%83E9vJT0<LX3+<pibbyY~2|7a;=nCDSJM@5_&<k>)H}rwN&=2~<
z02l~^U@#1Up)d?`ArFSb2p9>YU^I+@u`mwC!vvTJlVCDTfvGSJrb9l=fB>jx=RSu5
zm<6+84g{ePil7+gLI~!;d{_VrMdUA$MMNdA7)oIYEQMvT99BRXtb|pt8p5y!bhY2n
zBISy8A`y~NFjTTiq=Kl@!@a)yG1HN(^%5%S=0&~iaYa(Z@=I)yYWmhgBE8no=g?k1
zWkbVE*{FtHE0R*2C$fq5W8hdgPOY6Pay-#yH~~(Cli*}H#lt)97B&JojYFIcXTX_o
zmdM$(pX0Zm>#b>9M9%k<7l>S_j&zmCMSk*Prd$G-!ewwdTme_YRuA`(+t~JMxCXYv
z4iC4={agpv!%lUGgCaL5-VnKw<V|q1O1>m=i{f#ST_kUX+u(M%1MY;o;BL4F?uGl{
zet1BQeoW*+qKDvNcmy8xs6Twe9iB)hWjEi%lOlU)cnbEy(;jZ0JVWKPBG0k*JiOqS
zyqNwz_xZ_}MPBivS4Cc<@AY(2jrVqVQ{*ky-iCMJUA6m%l)NYMKFJR}>Tl$=e<boT
zYoDaoWIuhiB6WW90Lf29KBM7tf9(sAFVm4b_p5XyU(@%E$hY);2Z!K$_yK-|pWtWs
z#lt)9uMGPQ4vYLw$sh1%x>8kp4S&Nw@UMqPv8EAaKqJV6#*hU~peZzi<{q*}v=(gJ
z60)Hcw1zg&7TQ63=l~s|6Lf|y&=tBtcjy5<p%>&pZ|DPkp&#^z0Wc5-!C)8yLtz-?
zLLLl<5ik-)!Dtu*V__VOhY2tdCc$Kw0#jicOox1!0Rd2Nocq8FU>3}VIS_<GD1u^`
z3n7>X^A+oO(hEdeNOBRBz+xy>tPyPq(Nb6j%V7nS!Ae*Kt0C;6UMKG=?u~TO%Ka$9
zS)!sDezJmOB~*!KvbNSQQIn3C8K=?$8>(SFBt%R4?fn1qeoJ!X-+_XN>7;6BS$f<^
z)&>kK7%&p+jF^#{6R~S7Cy}ZPnn^nxv7<(yv?QlVZBBNm)G{3-np5KFj*$$;?1=7|
zwpAC5DV>_AQI#LqpR;%C&I5%p+o~kBdzqsWC5LzII~3A4hD<A(7qR09%gRklPo%;X
zb|S7j;kdrmPJ}lYiKH61Bjf+8rsc10FD|b!W6`itZAYpyGmLR{+d@&@(aZIu5q475
zMo}o0J5yaQw;)g)HIk8pS?wNkf00?8-XW_nrdyRYdZm$+%pyx&Qr%QtdyiIAoG>DG
NA{tJbn~WXZ{{zLA!eRgb

literal 0
HcmV?d00001

diff --git a/testing/btest/Files/mmdb/README b/testing/btest/Files/mmdb/README
new file mode 100644
index 0000000000..269a36c045
--- /dev/null
+++ b/testing/btest/Files/mmdb/README
@@ -0,0 +1,13 @@
+These .mmdb databases were created with the mmdbwriter from MaxMind [1] for
+testing purposes. See the main.go file. They only contain information about
+LBL's network ranges:
+
+    128.3.0.0/16
+    131.243.0.0/16
+
+Rebuild with:
+
+    go build
+    ./testmmdb
+
+[1] https://github.com/maxmind/mmdbwriter
diff --git a/testing/btest/Files/mmdb/go.mod b/testing/btest/Files/mmdb/go.mod
new file mode 100644
index 0000000000..5aa1c9679c
--- /dev/null
+++ b/testing/btest/Files/mmdb/go.mod
@@ -0,0 +1,11 @@
+module testmmdb
+
+go 1.21.0
+
+require github.com/maxmind/mmdbwriter v1.0.0
+
+require (
+	github.com/oschwald/maxminddb-golang v1.12.0 // indirect
+	go4.org/netipx v0.0.0-20220812043211-3cc044ffd68d // indirect
+	golang.org/x/sys v0.10.0 // indirect
+)
diff --git a/testing/btest/Files/mmdb/go.sum b/testing/btest/Files/mmdb/go.sum
new file mode 100644
index 0000000000..a7e4aa9667
--- /dev/null
+++ b/testing/btest/Files/mmdb/go.sum
@@ -0,0 +1,16 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/maxmind/mmdbwriter v1.0.0 h1:bieL4P6yaYaHvbtLSwnKtEvScUKKD6jcKaLiTM3WSMw=
+github.com/maxmind/mmdbwriter v1.0.0/go.mod h1:noBMCUtyN5PUQ4H8ikkOvGSHhzhLok51fON2hcrpKj8=
+github.com/oschwald/maxminddb-golang v1.12.0 h1:9FnTOD0YOhP7DGxGsq4glzpGy5+w7pq50AS6wALUMYs=
+github.com/oschwald/maxminddb-golang v1.12.0/go.mod h1:q0Nob5lTCqyQ8WT6FYgS1L7PXKVVbgiymefNwIjPzgY=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+go4.org/netipx v0.0.0-20220812043211-3cc044ffd68d h1:ggxwEf5eu0l8v+87VhX1czFh8zJul3hK16Gmruxn7hw=
+go4.org/netipx v0.0.0-20220812043211-3cc044ffd68d/go.mod h1:tgPU4N2u9RByaTN3NC2p9xOzyFpte4jYwsIIRF7XlSc=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/testing/btest/Files/mmdb/main.go b/testing/btest/Files/mmdb/main.go
new file mode 100644
index 0000000000..ecad3ea8db
--- /dev/null
+++ b/testing/btest/Files/mmdb/main.go
@@ -0,0 +1,71 @@
+// Create test MaxMind DB database files containing information about
+// just LBL's IPv4 ranges for testing.
+package main
+
+import (
+	"log"
+	"net"
+	"os"
+
+	"github.com/maxmind/mmdbwriter"
+	"github.com/maxmind/mmdbwriter/mmdbtype"
+)
+
+func writeDb(fname, name string, record mmdbtype.Map, nets ...*net.IPNet) {
+	writer, err := mmdbwriter.New(
+		mmdbwriter.Options{
+			DatabaseType: name,
+		},
+	)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, n := range nets {
+		if err = writer.Insert(n, record); err != nil {
+			log.Fatal(err)
+		}
+	}
+
+	fh, err := os.Create(fname)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer fh.Close()
+
+	_, err = writer.WriteTo(fh)
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func main() {
+	_, net1, _ := net.ParseCIDR("128.3.0.0/16")
+	_, net2, _ := net.ParseCIDR("131.243.0.0/16")
+
+	// The ASN record.
+	asn_record := mmdbtype.Map{}
+	asn_record["autonomous_system_number"] = mmdbtype.Uint32(16)
+	asn_record["autonomous_system_organization"] = mmdbtype.String("Lawrence Berkeley National Laboratory")
+	writeDb("GeoLite2-ASN.mmdb", "My-ASN-DB", asn_record, net1, net2)
+
+	// The Location record.
+	loc_record := mmdbtype.Map{
+		"country": mmdbtype.Map{
+			"iso_code": mmdbtype.String("US"),
+			"names": mmdbtype.Map{
+				"en": mmdbtype.String("United States"),
+			},
+		},
+		"location": mmdbtype.Map{
+			"latitude":  mmdbtype.Float64(37.75100),
+			"longitude": mmdbtype.Float64(-97.822000),
+		},
+		"city": mmdbtype.Map{
+			"names": mmdbtype.Map{
+				"en": mmdbtype.String("Berkeley"),
+			},
+		},
+	}
+	writeDb("GeoLite2-City.mmdb", "My-City-DB", loc_record, net1, net2)
+}

From baf30288caf7968ba67a897abea59c394d4a9287 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Tue, 24 Oct 2023 00:29:21 +0200
Subject: [PATCH 4/5] btest/core/mmdb: Basic lookup_autonomous_system /
 lookup_location tests

---
 testing/btest/Baseline/core.mmdb.reopen/out   | 17 ++++
 .../Baseline/core.mmdb.reopen/reporter.log    | 11 +++
 .../Baseline/core.mmdb.temporary-error/out    | 20 +++++
 .../core.mmdb.temporary-error/reporter.log    | 19 +++++
 testing/btest/core/mmdb/reopen.zeek           | 37 ++++++++
 testing/btest/core/mmdb/temporary-error.zeek  | 85 +++++++++++++++++++
 6 files changed, 189 insertions(+)
 create mode 100644 testing/btest/Baseline/core.mmdb.reopen/out
 create mode 100644 testing/btest/Baseline/core.mmdb.reopen/reporter.log
 create mode 100644 testing/btest/Baseline/core.mmdb.temporary-error/out
 create mode 100644 testing/btest/Baseline/core.mmdb.temporary-error/reporter.log
 create mode 100644 testing/btest/core/mmdb/reopen.zeek
 create mode 100644 testing/btest/core/mmdb/temporary-error.zeek

diff --git a/testing/btest/Baseline/core.mmdb.reopen/out b/testing/btest/Baseline/core.mmdb.reopen/out
new file mode 100644
index 0000000000..5641085ef3
--- /dev/null
+++ b/testing/btest/Baseline/core.mmdb.reopen/out
@@ -0,0 +1,17 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+1299466805.0, 1, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299466805.0, 1, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299466805.0, 1, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299466805.0, 1, 131.243.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299470395.0, 2, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470395.0, 2, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299470395.0, 2, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470395.0, 2, 131.243.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299470405.0, 3, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470405.0, 3, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299470405.0, 3, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470405.0, 3, 131.243.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299473995.0, 4, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299473995.0, 4, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299473995.0, 4, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299473995.0, 4, 131.243.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
diff --git a/testing/btest/Baseline/core.mmdb.reopen/reporter.log b/testing/btest/Baseline/core.mmdb.reopen/reporter.log
new file mode 100644
index 0000000000..91b9edb7f8
--- /dev/null
+++ b/testing/btest/Baseline/core.mmdb.reopen/reporter.log
@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	level	message	location
+1299470395.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	(empty)
+1299470395.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	(empty)
+1299470395.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb]	(empty)
+1299470395.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	received termination signal	(empty)
diff --git a/testing/btest/Baseline/core.mmdb.temporary-error/out b/testing/btest/Baseline/core.mmdb.temporary-error/out
new file mode 100644
index 0000000000..7359472613
--- /dev/null
+++ b/testing/btest/Baseline/core.mmdb.temporary-error/out
@@ -0,0 +1,20 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+start
+1299466805.0, 1, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299466805.0, 1, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+corrupting db
+1299470395.0, 2, 128.3.0.1, asn, [number=<uninitialized>, organization=<uninitialized>]
+1299470395.0, 2, 128.3.0.1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
+restoring backup db
+1299470405.0, 3, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470405.0, 3, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+unlinking
+1299473995.0, 4, 128.3.0.1, asn, [number=<uninitialized>, organization=<uninitialized>]
+1299473995.0, 4, 128.3.0.1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
+restoring backup db
+1299474005.0, 5, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299474005.0, 5, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+unlinking and restoring
+1299477595.0, 6, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299477595.0, 6, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+done
diff --git a/testing/btest/Baseline/core.mmdb.temporary-error/reporter.log b/testing/btest/Baseline/core.mmdb.temporary-error/reporter.log
new file mode 100644
index 0000000000..5ec6a3e3ec
--- /dev/null
+++ b/testing/btest/Baseline/core.mmdb.temporary-error/reporter.log
@@ -0,0 +1,19 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	level	message	location
+1299470395.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299470395.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299470395.000000	Reporter::INFO	Failed to open MaxMind DB: .<...>/GeoLite2-ASN.mmdb [The MaxMind DB file contains invalid metadata]	<params>, line 1
+1299470395.000000	Reporter::ERROR	Failed to open GeoIP ASN database (lookup_autonomous_system(128.3.0.1))	<...>/temporary-error.zeek, line 83
+1299470395.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299470395.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299470395.000000	Reporter::INFO	Failed to open MaxMind DB: .<...>/GeoLite2-City.mmdb [The MaxMind DB file contains invalid metadata]	<params>, line 1
+1299470395.000000	Reporter::ERROR	Failed to open GeoIP location database (lookup_location(128.3.0.1))	<...>/temporary-error.zeek, line 84
+1299473995.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299473995.000000	Reporter::ERROR	Failed to open GeoIP ASN database (lookup_autonomous_system(128.3.0.1))	<...>/temporary-error.zeek, line 83
+1299473995.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299473995.000000	Reporter::ERROR	Failed to open GeoIP location database (lookup_location(128.3.0.1))	<...>/temporary-error.zeek, line 84
+1299477595.000000	Reporter::INFO	Inode change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299477595.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299477595.000000	Reporter::INFO	Inode change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299477595.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299477605.000000	Reporter::INFO	received termination signal	<params>, line 1
diff --git a/testing/btest/core/mmdb/reopen.zeek b/testing/btest/core/mmdb/reopen.zeek
new file mode 100644
index 0000000000..d9c120c8dc
--- /dev/null
+++ b/testing/btest/core/mmdb/reopen.zeek
@@ -0,0 +1,37 @@
+# @TEST-DOC: Change the modification time of the mmdb database on every packet. This triggers reopening of the MMDB database.
+#
+# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h
+#
+# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
+# @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
+# @TEST-EXEC: zeek-cut -m < reporter.log > reporter.log.tmp && mv reporter.log.tmp reporter.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff reporter.log
+
+@load base/frameworks/reporter
+
+redef mmdb_dir = "./mmdb";
+
+global pkt = 0;
+
+event new_packet(c: connection, p: pkt_hdr)
+	{
+	++pkt;
+	# Set MMDB's modification time to current network time.
+	local asn_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-ASN.mmdb");
+	local city_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-City.mmdb");
+
+	if ( ! piped_exec(fmt("touch -d @%s %s", network_time(), asn_fn), "") )
+		exit(1);
+
+	if ( ! piped_exec(fmt("touch -d @%s %s", network_time(), city_fn), "") )
+		exit(1);
+
+	print network_time(), pkt, 128.3.0.1, "asn", lookup_autonomous_system(128.3.0.1);
+	print network_time(), pkt, 128.3.0.1, "location", lookup_location(128.3.0.1);
+	print network_time(), pkt, 131.243.0.1, "asn", lookup_autonomous_system(131.243.0.1);
+	print network_time(), pkt, 131.243.0.1, "location", lookup_location(131.243.0.1);
+
+	if ( pkt == 4 )
+		terminate();
+	}
diff --git a/testing/btest/core/mmdb/temporary-error.zeek b/testing/btest/core/mmdb/temporary-error.zeek
new file mode 100644
index 0000000000..0a5102535c
--- /dev/null
+++ b/testing/btest/core/mmdb/temporary-error.zeek
@@ -0,0 +1,85 @@
+# @TEST-DOC: Test a few error and recovery cases (corrupted, removed and restored MMDB databases).
+#
+# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h
+#
+# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
+# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb-backup
+# @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT mmdb_dir=./mmdb >out
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
+# @TEST-EXEC: zeek-cut -m < reporter.log > reporter.log.tmp && mv reporter.log.tmp reporter.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff reporter.log
+
+@load base/frameworks/reporter
+
+redef mmdb_dir = "./mmdb";
+
+global pkt = 0;
+
+event new_packet(c: connection, p: pkt_hdr)
+	{
+	++pkt;
+
+	local asn_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-ASN.mmdb");
+	local city_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-City.mmdb");
+
+	local asn_fn_backup = safe_shell_quote(mmdb_dir + "-backup/GeoLite2-ASN.mmdb");
+	local city_fn_backup = safe_shell_quote(mmdb_dir + "-backup/GeoLite2-City.mmdb");
+
+	if ( pkt == 1 )
+		{
+		print "start";
+		}
+	if ( pkt == 2 )
+		{
+		print "corrupting db";
+		if ( ! piped_exec(fmt("truncate --size=8 %s", asn_fn), "") )
+			exit(1);
+
+		if ( ! piped_exec(fmt("truncate --size=8 %s", city_fn), "") )
+			exit(1);
+		}
+	else if ( pkt == 4 )
+		{
+		print "unlinking";
+		if ( ! piped_exec(fmt("rm %s", asn_fn), "") )
+			exit(1);
+
+		if ( ! piped_exec(fmt("rm %s", city_fn), "") )
+			exit(1);
+		}
+	else if ( pkt == 6 )
+		{
+		# This should provoke an inode change.
+		print "unlinking and restoring";
+		if ( ! piped_exec(fmt("mv %s %s.tmp; cp %s.tmp %s", asn_fn, asn_fn, asn_fn, asn_fn), "") )
+			exit(1);
+
+		if ( ! piped_exec(fmt("mv %s %s.tmp; cp %s.tmp %s", city_fn, city_fn, city_fn, city_fn), "") )
+			exit(1);
+		}
+	else if ( pkt == 7 )
+		{
+		print "done";
+		terminate();
+		return;
+		}
+	else if ( pkt == 3 || pkt == 5 )
+		{
+		print "restoring backup db";
+		if ( ! piped_exec(fmt("cp %s %s", asn_fn_backup, asn_fn), "") )
+			exit(1);
+
+		if ( ! piped_exec(fmt("cp %s %s", city_fn_backup, city_fn), "") )
+			exit(1);
+		}
+
+	# Set MMDB's modification time to current network time for predictability.
+	if ( ! piped_exec(fmt("test -f %s && touch -d @%s %s", asn_fn, network_time(), asn_fn), "") )
+		exit(1);
+
+	if ( ! piped_exec(fmt("test -f %s && touch -d @%s %s", city_fn, network_time(), city_fn), "") )
+		exit(1);
+
+	print network_time(), pkt, 128.3.0.1, "asn", lookup_autonomous_system(128.3.0.1);
+	print network_time(), pkt, 128.3.0.1, "location", lookup_location(128.3.0.1);
+	}

From 54a08a74da03c6ce86baaeed4c1019346862acfd Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Tue, 24 Oct 2023 10:09:59 +0200
Subject: [PATCH 5/5] base/frameworks/spicy: Do not load base/misc/version

Unsure what it's used for today and also results in the situation that on
some platforms we generate a reporter.log in bare mode, while on others
where spicy is disabled, we do not.

If we want base/frameworks/version loaded by default, should put it into
init-bare.zeek and possibly remove the loading of the reporter framework
from it - Reporter::error() would still work and be visible on stderr,
just not create a reporter.log.
---
 .../base/frameworks/spicy/init-framework.zeek |  2 -
 .../broker.remote_event/recv.recv.out         |  2 +-
 .../broker.remote_event_any/recv.recv.out     |  2 +-
 .../recv.recv.out                             |  2 +-
 .../canonified_loaded_scripts.log             |  4 --
 .../canonified_loaded_scripts.log             |  8 ++--
 testing/btest/Baseline/plugins.hooks/output   | 48 -------------------
 .../.stderr                                   |  1 -
 .../logging/field-extension-invalid.zeek      |  1 -
 9 files changed, 7 insertions(+), 63 deletions(-)

diff --git a/scripts/base/frameworks/spicy/init-framework.zeek b/scripts/base/frameworks/spicy/init-framework.zeek
index 886b0f4170..ae3a3b8e65 100644
--- a/scripts/base/frameworks/spicy/init-framework.zeek
+++ b/scripts/base/frameworks/spicy/init-framework.zeek
@@ -1,5 +1,3 @@
-@load base/misc/version
-
 # doc-common-start
 module Spicy;
 
diff --git a/testing/btest/Baseline/broker.remote_event/recv.recv.out b/testing/btest/Baseline/broker.remote_event/recv.recv.out
index dacc55938b..c13ab4ea41 100644
--- a/testing/btest/Baseline/broker.remote_event/recv.recv.out
+++ b/testing/btest/Baseline/broker.remote_event/recv.recv.out
@@ -10,4 +10,4 @@ is_remote should be T, and is, T
 receiver got ping: my-message, 4
 is_remote should be T, and is, T
 receiver got ping: my-message, 5
-[num_peers=1, num_stores=0, num_pending_queries=0, num_events_incoming=5, num_events_outgoing=4, num_logs_incoming=0, num_logs_outgoing=2, num_ids_incoming=0, num_ids_outgoing=0]
+[num_peers=1, num_stores=0, num_pending_queries=0, num_events_incoming=5, num_events_outgoing=4, num_logs_incoming=0, num_logs_outgoing=1, num_ids_incoming=0, num_ids_outgoing=0]
diff --git a/testing/btest/Baseline/broker.remote_event_any/recv.recv.out b/testing/btest/Baseline/broker.remote_event_any/recv.recv.out
index dacc55938b..c13ab4ea41 100644
--- a/testing/btest/Baseline/broker.remote_event_any/recv.recv.out
+++ b/testing/btest/Baseline/broker.remote_event_any/recv.recv.out
@@ -10,4 +10,4 @@ is_remote should be T, and is, T
 receiver got ping: my-message, 4
 is_remote should be T, and is, T
 receiver got ping: my-message, 5
-[num_peers=1, num_stores=0, num_pending_queries=0, num_events_incoming=5, num_events_outgoing=4, num_logs_incoming=0, num_logs_outgoing=2, num_ids_incoming=0, num_ids_outgoing=0]
+[num_peers=1, num_stores=0, num_pending_queries=0, num_events_incoming=5, num_events_outgoing=4, num_logs_incoming=0, num_logs_outgoing=1, num_ids_incoming=0, num_ids_outgoing=0]
diff --git a/testing/btest/Baseline/broker.remote_event_ssl_auth/recv.recv.out b/testing/btest/Baseline/broker.remote_event_ssl_auth/recv.recv.out
index b25425641f..7a0dc495f2 100644
--- a/testing/btest/Baseline/broker.remote_event_ssl_auth/recv.recv.out
+++ b/testing/btest/Baseline/broker.remote_event_ssl_auth/recv.recv.out
@@ -5,4 +5,4 @@ receiver got ping: my-message, 2
 receiver got ping: my-message, 3
 receiver got ping: my-message, 4
 receiver got ping: my-message, 5
-[num_peers=1, num_stores=0, num_pending_queries=0, num_events_incoming=5, num_events_outgoing=4, num_logs_incoming=0, num_logs_outgoing=2, num_ids_incoming=0, num_ids_outgoing=0]
+[num_peers=1, num_stores=0, num_pending_queries=0, num_events_incoming=5, num_events_outgoing=4, num_logs_incoming=0, num_logs_outgoing=1, num_ids_incoming=0, num_ids_outgoing=0]
diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
index 5e034ad760..f7ca106dc0 100644
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@@ -268,10 +268,6 @@ scripts/base/init-frameworks-and-bifs.zeek
     build/scripts/base/bif/plugins/Zeek_NoneWriter.none.bif.zeek
     build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
   scripts/base/frameworks/spicy/init-framework.zeek
-    scripts/base/misc/version.zeek
-      scripts/base/frameworks/reporter/__load__.zeek
-        scripts/base/frameworks/reporter/main.zeek
-      scripts/base/utils/strings.zeek
 build/scripts/builtin-plugins/__load__.zeek
 scripts/policy/misc/loaded-scripts.zeek
   scripts/base/utils/paths.zeek
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index 6fe637462b..ce766b6a49 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -268,10 +268,6 @@ scripts/base/init-frameworks-and-bifs.zeek
     build/scripts/base/bif/plugins/Zeek_NoneWriter.none.bif.zeek
     build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
   scripts/base/frameworks/spicy/init-framework.zeek
-    scripts/base/misc/version.zeek
-      scripts/base/frameworks/reporter/__load__.zeek
-        scripts/base/frameworks/reporter/main.zeek
-      scripts/base/utils/strings.zeek
 scripts/base/init-default.zeek
   scripts/base/utils/active-http.zeek
     scripts/base/utils/exec.zeek
@@ -279,6 +275,8 @@ scripts/base/init-default.zeek
   scripts/base/utils/backtrace.zeek
   scripts/base/utils/conn-ids.zeek
   scripts/base/utils/dir.zeek
+    scripts/base/frameworks/reporter/__load__.zeek
+      scripts/base/frameworks/reporter/main.zeek
     scripts/base/utils/paths.zeek
   scripts/base/utils/directions-and-hosts.zeek
   scripts/base/utils/email.zeek
@@ -286,6 +284,7 @@ scripts/base/init-default.zeek
   scripts/base/utils/geoip-distance.zeek
   scripts/base/utils/numbers.zeek
   scripts/base/utils/queue.zeek
+  scripts/base/utils/strings.zeek
   scripts/base/utils/thresholds.zeek
   scripts/base/utils/time.zeek
   scripts/base/utils/urls.zeek
@@ -349,6 +348,7 @@ scripts/base/init-default.zeek
     scripts/base/frameworks/netcontrol/non-cluster.zeek
   scripts/base/frameworks/telemetry/__load__.zeek
     scripts/base/frameworks/telemetry/main.zeek
+      scripts/base/misc/version.zeek
   scripts/base/frameworks/spicy/__load__.zeek
     scripts/base/frameworks/spicy/main.zeek
   scripts/base/protocols/conn/__load__.zeek
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index 81579a72dd..899c0b9f53 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -47,7 +47,6 @@
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=http, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, path=reporter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=tunnel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}])) -> <no result>
@@ -60,7 +59,6 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy, event_groups={}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter, policy=Reporter::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel, policy=Tunnel::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__enable_stream, <frame>, (Analyzer::Logging::LOG)) -> <no result>
@@ -74,7 +72,6 @@
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (HTTP::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Notice::ALARM_LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Notice::LOG)) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Reporter::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Tunnel::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Weird::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
@@ -87,7 +84,6 @@
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Analyzer::Logging::LOG, default)) -> <no result>
@@ -100,7 +96,6 @@
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (HTTP::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Notice::ALARM_LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Notice::LOG, default)) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Reporter::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Tunnel::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}])) -> <no result>
@@ -113,7 +108,6 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy, event_groups={}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter, policy=Reporter::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel, policy=Tunnel::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::enable_stream, <frame>, (Analyzer::Logging::LOG)) -> <no result>
@@ -325,7 +319,6 @@
 0.000000   MetaHookPost  CallFunction(Site::update_private_address_space, <frame>, (Site::private_address_space, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,2002:cb00:7100::<...>/4,2002:c633:6400::/40,2002:a00::/24,100::<...>/8,2001:2::/48,2002:c000:200::<...>/12,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::/32,2002:c612::<...>/16,2002::/24,fe80::/10,2001:db8::<...>/24,2002:c0a8::<...>/24})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Supervisor::__is_supervisor, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Supervisor::is_supervisor, <frame>, ()) -> <no result>
-0.000000   MetaHookPost  CallFunction(Version::parse, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(__init_primary_bifs, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(__init_secondary_bifs, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(disable_event_group, <frame>, (Analyzer::Logging::include_confirmations)) -> <no result>
@@ -333,7 +326,6 @@
 0.000000   MetaHookPost  CallFunction(getenv, <null>, (CLUSTER_NODE)) -> <no result>
 0.000000   MetaHookPost  CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS)) -> <no result>
 0.000000   MetaHookPost  CallFunction(global_options, <frame>, ()) -> <no result>
-0.000000   MetaHookPost  CallFunction(gsub, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(has_event_group, <frame>, (Analyzer::Logging)) -> <no result>
 0.000000   MetaHookPost  CallFunction(has_module_events, <frame>, (Analyzer::Logging)) -> <no result>
 0.000000   MetaHookPost  CallFunction(have_spicy, <null>, ()) -> <no result>
@@ -341,7 +333,6 @@
 0.000000   MetaHookPost  CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
 0.000000   MetaHookPost  CallFunction(lambda_<15261139872714441626>, <frame>, (Analyzer::Logging::include_confirmations, F)) -> <no result>
 0.000000   MetaHookPost  CallFunction(lambda_<2645182068207650863>, <frame>, (Analyzer::Logging::enable, T)) -> <no result>
-0.000000   MetaHookPost  CallFunction(lstrip, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(port_to_count, <frame>, (2123/udp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(port_to_count, <frame>, (2152/udp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(port_to_count, <frame>, (3544/udp)) -> <no result>
@@ -351,12 +342,9 @@
 0.000000   MetaHookPost  CallFunction(port_to_count, <frame>, (6081/udp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(reading_traces, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(set_to_regex, <frame>, ({}, (^\.?|\.)(~~)$)) -> <no result>
-0.000000   MetaHookPost  CallFunction(split_string1, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(string_to_pattern, <frame>, ((^\.?|\.)()$, F)) -> <no result>
 0.000000   MetaHookPost  CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, )) -> <no result>
-0.000000   MetaHookPost  CallFunction(to_count, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(zeek_init, <null>, ()) -> <no result>
-0.000000   MetaHookPost  CallFunction(zeek_version, <null>, ()) -> <no result>
 0.000000   MetaHookPost  DrainEvents() -> <void>
 0.000000   MetaHookPost  LoadFile(0, ./CPP-load.bif.zeek, <...>/CPP-load.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./Zeek_ARP.events.bif.zeek, <...>/Zeek_ARP.events.bif.zeek) -> -1
@@ -605,7 +593,6 @@
 0.000000   MetaHookPost  LoadFile(0, base<...>/ppp_serial, <...>/ppp_serial) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/pppoe, <...>/pppoe) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/removal-hooks, <...>/removal-hooks.zeek) -> -1
-0.000000   MetaHookPost  LoadFile(0, base<...>/reporter, <...>/reporter) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/reporter.bif, <...>/reporter.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/root, <...>/root) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/site, <...>/site.zeek) -> -1
@@ -623,7 +610,6 @@
 0.000000   MetaHookPost  LoadFile(0, base<...>/types.bif, <...>/types.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/udp, <...>/udp) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/utils, <...>/utils.zeek) -> -1
-0.000000   MetaHookPost  LoadFile(0, base<...>/version, <...>/version.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/vlan, <...>/vlan) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/vntag, <...>/vntag) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/vxlan, <...>/vxlan) -> -1
@@ -892,7 +878,6 @@
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/ppp_serial, <...>/ppp_serial) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/pppoe, <...>/pppoe) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/removal-hooks, <...>/removal-hooks.zeek) -> (-1, <no content>)
-0.000000   MetaHookPost  LoadFileExtended(0, base<...>/reporter, <...>/reporter) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/reporter.bif, <...>/reporter.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/root, <...>/root) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/site, <...>/site.zeek) -> (-1, <no content>)
@@ -910,7 +895,6 @@
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/types.bif, <...>/types.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/udp, <...>/udp) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/utils, <...>/utils.zeek) -> (-1, <no content>)
-0.000000   MetaHookPost  LoadFileExtended(0, base<...>/version, <...>/version.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/vlan, <...>/vlan) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/vntag, <...>/vntag) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/vxlan, <...>/vxlan) -> (-1, <no content>)
@@ -981,7 +965,6 @@
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=http, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, path=reporter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=tunnel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}]))
@@ -994,7 +977,6 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy, event_groups={}]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter, policy=Reporter::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel, policy=Tunnel::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__enable_stream, <frame>, (Analyzer::Logging::LOG))
@@ -1008,7 +990,6 @@
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (HTTP::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Notice::ALARM_LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Notice::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Reporter::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Tunnel::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Weird::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
@@ -1021,7 +1002,6 @@
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Analyzer::Logging::LOG, default))
@@ -1034,7 +1014,6 @@
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (HTTP::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Notice::ALARM_LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Notice::LOG, default))
-0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Reporter::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Tunnel::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}]))
@@ -1047,7 +1026,6 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy, event_groups={}]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter, policy=Reporter::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel, policy=Tunnel::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::enable_stream, <frame>, (Analyzer::Logging::LOG))
@@ -1259,7 +1237,6 @@
 0.000000   MetaHookPre   CallFunction(Site::update_private_address_space, <frame>, (Site::private_address_space, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,2002:cb00:7100::<...>/4,2002:c633:6400::/40,2002:a00::/24,100::<...>/8,2001:2::/48,2002:c000:200::<...>/12,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::/32,2002:c612::<...>/16,2002::/24,fe80::/10,2001:db8::<...>/24,2002:c0a8::<...>/24}))
 0.000000   MetaHookPre   CallFunction(Supervisor::__is_supervisor, <frame>, ())
 0.000000   MetaHookPre   CallFunction(Supervisor::is_supervisor, <frame>, ())
-0.000000   MetaHookPre   CallFunction(Version::parse, ..., ...)
 0.000000   MetaHookPre   CallFunction(__init_primary_bifs, <null>, ())
 0.000000   MetaHookPre   CallFunction(__init_secondary_bifs, <null>, ())
 0.000000   MetaHookPre   CallFunction(disable_event_group, <frame>, (Analyzer::Logging::include_confirmations))
@@ -1267,7 +1244,6 @@
 0.000000   MetaHookPre   CallFunction(getenv, <null>, (CLUSTER_NODE))
 0.000000   MetaHookPre   CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS))
 0.000000   MetaHookPre   CallFunction(global_options, <frame>, ())
-0.000000   MetaHookPre   CallFunction(gsub, ..., ...)
 0.000000   MetaHookPre   CallFunction(has_event_group, <frame>, (Analyzer::Logging))
 0.000000   MetaHookPre   CallFunction(has_module_events, <frame>, (Analyzer::Logging))
 0.000000   MetaHookPre   CallFunction(have_spicy, <null>, ())
@@ -1275,7 +1251,6 @@
 0.000000   MetaHookPre   CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
 0.000000   MetaHookPre   CallFunction(lambda_<15261139872714441626>, <frame>, (Analyzer::Logging::include_confirmations, F))
 0.000000   MetaHookPre   CallFunction(lambda_<2645182068207650863>, <frame>, (Analyzer::Logging::enable, T))
-0.000000   MetaHookPre   CallFunction(lstrip, ..., ...)
 0.000000   MetaHookPre   CallFunction(port_to_count, <frame>, (2123/udp))
 0.000000   MetaHookPre   CallFunction(port_to_count, <frame>, (2152/udp))
 0.000000   MetaHookPre   CallFunction(port_to_count, <frame>, (3544/udp))
@@ -1285,12 +1260,9 @@
 0.000000   MetaHookPre   CallFunction(port_to_count, <frame>, (6081/udp))
 0.000000   MetaHookPre   CallFunction(reading_traces, <frame>, ())
 0.000000   MetaHookPre   CallFunction(set_to_regex, <frame>, ({}, (^\.?|\.)(~~)$))
-0.000000   MetaHookPre   CallFunction(split_string1, ..., ...)
 0.000000   MetaHookPre   CallFunction(string_to_pattern, <frame>, ((^\.?|\.)()$, F))
 0.000000   MetaHookPre   CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, ))
-0.000000   MetaHookPre   CallFunction(to_count, ..., ...)
 0.000000   MetaHookPre   CallFunction(zeek_init, <null>, ())
-0.000000   MetaHookPre   CallFunction(zeek_version, <null>, ())
 0.000000   MetaHookPre   DrainEvents()
 0.000000   MetaHookPre   LoadFile(0, ./CPP-load.bif.zeek, <...>/CPP-load.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./Zeek_ARP.events.bif.zeek, <...>/Zeek_ARP.events.bif.zeek)
@@ -1539,7 +1511,6 @@
 0.000000   MetaHookPre   LoadFile(0, base<...>/ppp_serial, <...>/ppp_serial)
 0.000000   MetaHookPre   LoadFile(0, base<...>/pppoe, <...>/pppoe)
 0.000000   MetaHookPre   LoadFile(0, base<...>/removal-hooks, <...>/removal-hooks.zeek)
-0.000000   MetaHookPre   LoadFile(0, base<...>/reporter, <...>/reporter)
 0.000000   MetaHookPre   LoadFile(0, base<...>/reporter.bif, <...>/reporter.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, base<...>/root, <...>/root)
 0.000000   MetaHookPre   LoadFile(0, base<...>/site, <...>/site.zeek)
@@ -1557,7 +1528,6 @@
 0.000000   MetaHookPre   LoadFile(0, base<...>/types.bif, <...>/types.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, base<...>/udp, <...>/udp)
 0.000000   MetaHookPre   LoadFile(0, base<...>/utils, <...>/utils.zeek)
-0.000000   MetaHookPre   LoadFile(0, base<...>/version, <...>/version.zeek)
 0.000000   MetaHookPre   LoadFile(0, base<...>/vlan, <...>/vlan)
 0.000000   MetaHookPre   LoadFile(0, base<...>/vntag, <...>/vntag)
 0.000000   MetaHookPre   LoadFile(0, base<...>/vxlan, <...>/vxlan)
@@ -1826,7 +1796,6 @@
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/ppp_serial, <...>/ppp_serial)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/pppoe, <...>/pppoe)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/removal-hooks, <...>/removal-hooks.zeek)
-0.000000   MetaHookPre   LoadFileExtended(0, base<...>/reporter, <...>/reporter)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/reporter.bif, <...>/reporter.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/root, <...>/root)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/site, <...>/site.zeek)
@@ -1844,7 +1813,6 @@
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/types.bif, <...>/types.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/udp, <...>/udp)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/utils, <...>/utils.zeek)
-0.000000   MetaHookPre   LoadFileExtended(0, base<...>/version, <...>/version.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/vlan, <...>/vlan)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/vntag, <...>/vntag)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/vxlan, <...>/vxlan)
@@ -1914,7 +1882,6 @@
 0.000000 | HookCallFunction Log::__add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=http, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
-0.000000 | HookCallFunction Log::__add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, path=reporter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=tunnel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__create_stream(Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}])
@@ -1927,7 +1894,6 @@
 0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm, event_groups={}])
 0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy, event_groups={}])
-0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter, policy=Reporter::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel, policy=Tunnel::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::__enable_stream(Analyzer::Logging::LOG)
@@ -1941,7 +1907,6 @@
 0.000000 | HookCallFunction Log::add_default_filter(HTTP::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Notice::ALARM_LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Notice::LOG)
-0.000000 | HookCallFunction Log::add_default_filter(Reporter::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Tunnel::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Weird::LOG)
 0.000000 | HookCallFunction Log::add_filter(Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
@@ -1954,7 +1919,6 @@
 0.000000 | HookCallFunction Log::add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
-0.000000 | HookCallFunction Log::add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_stream_filters(Analyzer::Logging::LOG, default)
@@ -1967,7 +1931,6 @@
 0.000000 | HookCallFunction Log::add_stream_filters(HTTP::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Notice::ALARM_LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Notice::LOG, default)
-0.000000 | HookCallFunction Log::add_stream_filters(Reporter::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Tunnel::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Weird::LOG, default)
 0.000000 | HookCallFunction Log::create_stream(Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}])
@@ -1980,7 +1943,6 @@
 0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm, event_groups={}])
 0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy, event_groups={}])
-0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter, policy=Reporter::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel, policy=Tunnel::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::enable_stream(Analyzer::Logging::LOG)
@@ -2192,7 +2154,6 @@
 0.000000 | HookCallFunction Site::update_private_address_space(Site::private_address_space, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,2002:cb00:7100::<...>/4,2002:c633:6400::/40,2002:a00::/24,100::<...>/8,2001:2::/48,2002:c000:200::<...>/12,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::/32,2002:c612::<...>/16,2002::/24,fe80::/10,2001:db8::<...>/24,2002:c0a8::<...>/24})
 0.000000 | HookCallFunction Supervisor::__is_supervisor()
 0.000000 | HookCallFunction Supervisor::is_supervisor()
-0.000000 | HookCallFunction Version::parse(...)
 0.000000 | HookCallFunction __init_primary_bifs()
 0.000000 | HookCallFunction __init_secondary_bifs()
 0.000000 | HookCallFunction disable_event_group(Analyzer::Logging::include_confirmations)
@@ -2200,7 +2161,6 @@
 0.000000 | HookCallFunction getenv(CLUSTER_NODE)
 0.000000 | HookCallFunction getenv(ZEEK_DEFAULT_LISTEN_ADDRESS)
 0.000000 | HookCallFunction global_options()
-0.000000 | HookCallFunction gsub(...)
 0.000000 | HookCallFunction has_event_group(Analyzer::Logging)
 0.000000 | HookCallFunction has_module_events(Analyzer::Logging)
 0.000000 | HookCallFunction have_spicy()
@@ -2208,7 +2168,6 @@
 0.000000 | HookCallFunction is_packet_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
 0.000000 | HookCallFunction lambda_<15261139872714441626>(Analyzer::Logging::include_confirmations, F)
 0.000000 | HookCallFunction lambda_<2645182068207650863>(Analyzer::Logging::enable, T)
-0.000000 | HookCallFunction lstrip(...)
 0.000000 | HookCallFunction port_to_count(2123/udp)
 0.000000 | HookCallFunction port_to_count(2152/udp)
 0.000000 | HookCallFunction port_to_count(3544/udp)
@@ -2218,12 +2177,9 @@
 0.000000 | HookCallFunction port_to_count(6081/udp)
 0.000000 | HookCallFunction reading_traces()
 0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$)
-0.000000 | HookCallFunction split_string1(...)
 0.000000 | HookCallFunction string_to_pattern((^\.?|\.)()$, F)
 0.000000 | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, )
-0.000000 | HookCallFunction to_count(...)
 0.000000 | HookCallFunction zeek_init()
-0.000000 | HookCallFunction zeek_version()
 0.000000 | HookDrainEvents
 0.000000 | HookLoadFile  ./CPP-load.bif.zeek <...>/CPP-load.bif.zeek
 0.000000 | HookLoadFile  ./Zeek_ARP.events.bif.zeek <...>/Zeek_ARP.events.bif.zeek
@@ -2484,7 +2440,6 @@
 0.000000 | HookLoadFile  base<...>/ppp_serial <...>/ppp_serial
 0.000000 | HookLoadFile  base<...>/pppoe <...>/pppoe
 0.000000 | HookLoadFile  base<...>/removal-hooks <...>/removal-hooks.zeek
-0.000000 | HookLoadFile  base<...>/reporter <...>/reporter
 0.000000 | HookLoadFile  base<...>/reporter.bif <...>/reporter.bif.zeek
 0.000000 | HookLoadFile  base<...>/root <...>/root
 0.000000 | HookLoadFile  base<...>/site <...>/site.zeek
@@ -2502,7 +2457,6 @@
 0.000000 | HookLoadFile  base<...>/types.bif <...>/types.bif.zeek
 0.000000 | HookLoadFile  base<...>/udp <...>/udp
 0.000000 | HookLoadFile  base<...>/utils <...>/utils.zeek
-0.000000 | HookLoadFile  base<...>/version <...>/version.zeek
 0.000000 | HookLoadFile  base<...>/vlan <...>/vlan
 0.000000 | HookLoadFile  base<...>/vntag <...>/vntag
 0.000000 | HookLoadFile  base<...>/vxlan <...>/vxlan
@@ -2771,7 +2725,6 @@
 0.000000 | HookLoadFileExtended base<...>/ppp_serial <...>/ppp_serial
 0.000000 | HookLoadFileExtended base<...>/pppoe <...>/pppoe
 0.000000 | HookLoadFileExtended base<...>/removal-hooks <...>/removal-hooks.zeek
-0.000000 | HookLoadFileExtended base<...>/reporter <...>/reporter
 0.000000 | HookLoadFileExtended base<...>/reporter.bif <...>/reporter.bif.zeek
 0.000000 | HookLoadFileExtended base<...>/root <...>/root
 0.000000 | HookLoadFileExtended base<...>/site <...>/site.zeek
@@ -2789,7 +2742,6 @@
 0.000000 | HookLoadFileExtended base<...>/types.bif <...>/types.bif.zeek
 0.000000 | HookLoadFileExtended base<...>/udp <...>/udp
 0.000000 | HookLoadFileExtended base<...>/utils <...>/utils.zeek
-0.000000 | HookLoadFileExtended base<...>/version <...>/version.zeek
 0.000000 | HookLoadFileExtended base<...>/vlan <...>/vlan
 0.000000 | HookLoadFileExtended base<...>/vntag <...>/vntag
 0.000000 | HookLoadFileExtended base<...>/vxlan <...>/vxlan
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-invalid/.stderr b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-invalid/.stderr
index 9422ad94ac..e97cb1bad7 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-invalid/.stderr
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-invalid/.stderr
@@ -1,3 +1,2 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 XXXXXXXXXX.XXXXXX warning: non-void function returning without a value: add_extension
-XXXXXXXXXX.XXXXXX warning: non-void function returning without a value: add_extension
diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek
index e547833052..87a2caecbc 100644
--- a/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek
@@ -1,4 +1,3 @@
-# @TEST-REQUIRES: $SCRIPTS/have-spicy
 # @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff .stderr