Merge remote-tracking branch 'origin/topic/awelzel/mmdb-fix-and-tests'

* origin/topic/awelzel/mmdb-fix-and-tests:
  base/frameworks/spicy: Do not load base/misc/version
  btest/core/mmdb: Basic lookup_autonomous_system / lookup_location tests
  btest/files: Add mmdb testing databases and generator code
  zeek.bif: Switch mmdb stale check to network_time
  Fix mmdb pointer destruction

CHANGES

@@ -1,3 +1,35 @@
+6.2.0-dev.38 | 2023-10-24 13:57:03 +0200
+
+  * base/frameworks/spicy: Do not load base/misc/version (Arne Welzel, Corelight)
+
+    Unsure what it's used for today and also results in the situation that on
+    some platforms we generate a reporter.log in bare mode, while on others
+    where spicy is disabled, we do not.
+
+    If we want base/frameworks/version loaded by default, should put it into
+    init-bare.zeek and possibly remove the loading of the reporter framework
+    from it - Reporter::error() would still work and be visible on stderr,
+    just not create a reporter.log.
+
+  * btest/core/mmdb: Basic lookup_autonomous_system / lookup_location tests (Arne Welzel, Corelight)
+
+  * btest/files: Add mmdb testing databases and generator code (Arne Welzel, Corelight)
+
+  * zeek.bif: Switch mmdb stale check to network_time (Arne Welzel, Corelight)
+
+    Makes testing easier and aligns better with log rotation and timer
+    expiration. Should not have an effect in practice. Also, log detail
+    about whether inode or modification time changed, too.
+
+  * Fix mmdb pointer destruction (peter.cullen, Corelight)
+
+    The mmdb references needs to use reset() instead of release()
+    so that the destructor gets called and the stale DB is actually
+    cleaned up. Otherwise, the pointer is leaked and the stale DB
+    remains in memory.
+
+  * Bump auxil/spicy to latest development snapshot (Benjamin Bannier, Corelight)
+
 6.2.0-dev.29 | 2023-10-23 11:25:15 +0200
 
   * GH-3370: Spicy: Avoid creating Zeek types multiple times. (Robin Sommer, Corelight)

VERSION

@@ -1 +1 @@
-6.2.0-dev.29
+6.2.0-dev.38

scripts/base/frameworks/spicy/init-framework.zeek

@@ -1,5 +1,3 @@
-@load base/misc/version
-
 # doc-common-start
 module Spicy;
 

scripts/base/init-bare.zeek

@@ -1107,6 +1107,11 @@ type geo_autonomous_system: record {
 ## The directory containing MaxMind DB (.mmdb) files to use for GeoIP support.
 const mmdb_dir: string = "" &redef;
 
+## Sets the interval for MaxMind DB file staleness checks. When Zeek detects a
+## change in inode or modification time, the database is re-opened. Setting
+## a negative interval disables staleness checks.
+const mmdb_stale_check_interval: interval = 5min &redef;
+
 ## Computed entropy values. The record captures a number of measures that are
 ## computed in parallel. See `A Pseudorandom Number Sequence Test Program
 ## <http://www.fourmilab.ch/random>`_ for more information, Zeek uses the same

src/zeek.bif

@@ -4011,7 +4011,7 @@ static void report_mmdb_msg(const char* format, ...)
 
 	va_list al;
 	va_start(al, format);
-	std::string msg = zeek::util::fmt(format, al);
+	std::string msg = zeek::util::vfmt(format, al);
 	va_end(al);
 
 	zeek::reporter->Info("%s", msg.data());
@@ -4031,12 +4031,12 @@ private:
 	MMDB_s mmdb;
 	struct stat file_info;
 	bool lookup_error;
-	std::chrono::time_point<std::chrono::steady_clock> last_check;
+	double last_check;
 };
 
 MMDB::MMDB(const char* filename, struct stat info)
 	: file_info(info), lookup_error{false},
-	  last_check{std::chrono::steady_clock::now()}
+	  last_check{zeek::run_state::network_time}
 	{
 	int status = MMDB_open(filename, MMDB_MODE_MMAP, &mmdb);
 
@@ -4071,26 +4071,29 @@ MMDB_lookup_result_s MMDB::Lookup(const struct sockaddr* const sa)
 bool MMDB::StaleDB()
 	{
 	struct stat buf;
-	using Clock = std::chrono::steady_clock;
-	std::chrono::time_point<Clock> now = Clock::now();
 
 	if ( lookup_error )
 		return true;
 
-	// Only perform stat once per 5 minutes.
+
-	using Min = std::chrono::minutes;
+	static double mmdb_stale_check_interval = zeek::id::find_val("mmdb_stale_check_interval")->AsInterval();
-	if ( std::chrono::duration_cast<Min>(now - last_check).count() < 5 )
+
+	if ( mmdb_stale_check_interval < 0.0 )
 		return false;
 
-	last_check = now;
+	if ( zeek::run_state::network_time - last_check < mmdb_stale_check_interval )
+		return false;
+
+	last_check = zeek::run_state::network_time;
 
 	if ( 0 != stat(mmdb.filename, &buf) )
 		return true;
 
 	if ( buf.st_ino != file_info.st_ino || buf.st_mtime != file_info.st_mtime )
 		{
-		report_mmdb_msg("Inode change detected for MaxMind DB [%s]",
+		report_mmdb_msg("%s change detected for MaxMind DB [%s]",
-		                mmdb.filename);
+				buf.st_ino != file_info.st_ino ? "Inode" : "Modification time",
+				mmdb.filename);
 		return true;
 		}
 
@@ -4159,7 +4162,7 @@ static void mmdb_check_loc()
 		{
 		report_mmdb_msg("Closing stale MaxMind DB [%s]", mmdb_loc->Filename());
 		did_mmdb_loc_db_error = false;
-		mmdb_loc.release();
+		mmdb_loc.reset();
 		}
 	}
 
@@ -4169,7 +4172,7 @@ static void mmdb_check_asn()
 		{
 		report_mmdb_msg("Closing stale MaxMind DB [%s]", mmdb_asn->Filename());
 		did_mmdb_asn_db_error = false;
-		mmdb_asn.release();
+		mmdb_asn.reset();
 		}
 	}
 

testing/btest/Baseline/broker.remote_event/recv.recv.out

@@ -10,4 +10,4 @@ is_remote should be T, and is, T
 receiver got ping: my-message, 4
 is_remote should be T, and is, T
 receiver got ping: my-message, 5
-[num_peers=1, num_stores=0, num_pending_queries=0, num_events_incoming=5, num_events_outgoing=4, num_logs_incoming=0, num_logs_outgoing=2, num_ids_incoming=0, num_ids_outgoing=0]
+[num_peers=1, num_stores=0, num_pending_queries=0, num_events_incoming=5, num_events_outgoing=4, num_logs_incoming=0, num_logs_outgoing=1, num_ids_incoming=0, num_ids_outgoing=0]

testing/btest/Baseline/broker.remote_event_any/recv.recv.out

@@ -10,4 +10,4 @@ is_remote should be T, and is, T
 receiver got ping: my-message, 4
 is_remote should be T, and is, T
 receiver got ping: my-message, 5
-[num_peers=1, num_stores=0, num_pending_queries=0, num_events_incoming=5, num_events_outgoing=4, num_logs_incoming=0, num_logs_outgoing=2, num_ids_incoming=0, num_ids_outgoing=0]
+[num_peers=1, num_stores=0, num_pending_queries=0, num_events_incoming=5, num_events_outgoing=4, num_logs_incoming=0, num_logs_outgoing=1, num_ids_incoming=0, num_ids_outgoing=0]

testing/btest/Baseline/broker.remote_event_ssl_auth/recv.recv.out

@@ -5,4 +5,4 @@ receiver got ping: my-message, 2
 receiver got ping: my-message, 3
 receiver got ping: my-message, 4
 receiver got ping: my-message, 5
-[num_peers=1, num_stores=0, num_pending_queries=0, num_events_incoming=5, num_events_outgoing=4, num_logs_incoming=0, num_logs_outgoing=2, num_ids_incoming=0, num_ids_outgoing=0]
+[num_peers=1, num_stores=0, num_pending_queries=0, num_events_incoming=5, num_events_outgoing=4, num_logs_incoming=0, num_logs_outgoing=1, num_ids_incoming=0, num_ids_outgoing=0]

testing/btest/Baseline/core.mmdb.reopen/out

@@ -0,0 +1,17 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+1299466805.0, 1, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299466805.0, 1, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299466805.0, 1, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299466805.0, 1, 131.243.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299470395.0, 2, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470395.0, 2, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299470395.0, 2, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470395.0, 2, 131.243.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299470405.0, 3, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470405.0, 3, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299470405.0, 3, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470405.0, 3, 131.243.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299473995.0, 4, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299473995.0, 4, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299473995.0, 4, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299473995.0, 4, 131.243.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]

testing/btest/Baseline/core.mmdb.reopen/reporter.log

@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	level	message	location
+1299470395.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	(empty)
+1299470395.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	(empty)
+1299470395.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb]	(empty)
+1299470395.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	received termination signal	(empty)

testing/btest/Baseline/core.mmdb.temporary-error/out

@@ -0,0 +1,20 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+start
+1299466805.0, 1, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299466805.0, 1, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+corrupting db
+1299470395.0, 2, 128.3.0.1, asn, [number=<uninitialized>, organization=<uninitialized>]
+1299470395.0, 2, 128.3.0.1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
+restoring backup db
+1299470405.0, 3, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470405.0, 3, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+unlinking
+1299473995.0, 4, 128.3.0.1, asn, [number=<uninitialized>, organization=<uninitialized>]
+1299473995.0, 4, 128.3.0.1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
+restoring backup db
+1299474005.0, 5, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299474005.0, 5, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+unlinking and restoring
+1299477595.0, 6, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299477595.0, 6, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+done

testing/btest/Baseline/core.mmdb.temporary-error/reporter.log

@@ -0,0 +1,19 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	level	message	location
+1299470395.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299470395.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299470395.000000	Reporter::INFO	Failed to open MaxMind DB: .<...>/GeoLite2-ASN.mmdb [The MaxMind DB file contains invalid metadata]	<params>, line 1
+1299470395.000000	Reporter::ERROR	Failed to open GeoIP ASN database (lookup_autonomous_system(128.3.0.1))	<...>/temporary-error.zeek, line 83
+1299470395.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299470395.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299470395.000000	Reporter::INFO	Failed to open MaxMind DB: .<...>/GeoLite2-City.mmdb [The MaxMind DB file contains invalid metadata]	<params>, line 1
+1299470395.000000	Reporter::ERROR	Failed to open GeoIP location database (lookup_location(128.3.0.1))	<...>/temporary-error.zeek, line 84
+1299473995.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299473995.000000	Reporter::ERROR	Failed to open GeoIP ASN database (lookup_autonomous_system(128.3.0.1))	<...>/temporary-error.zeek, line 83
+1299473995.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299473995.000000	Reporter::ERROR	Failed to open GeoIP location database (lookup_location(128.3.0.1))	<...>/temporary-error.zeek, line 84
+1299477595.000000	Reporter::INFO	Inode change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299477595.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299477595.000000	Reporter::INFO	Inode change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299477595.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299477605.000000	Reporter::INFO	received termination signal	<params>, line 1

testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log

@@ -268,10 +268,6 @@ scripts/base/init-frameworks-and-bifs.zeek
     build/scripts/base/bif/plugins/Zeek_NoneWriter.none.bif.zeek
     build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
   scripts/base/frameworks/spicy/init-framework.zeek
-    scripts/base/misc/version.zeek
-      scripts/base/frameworks/reporter/__load__.zeek
-        scripts/base/frameworks/reporter/main.zeek
-      scripts/base/utils/strings.zeek
 build/scripts/builtin-plugins/__load__.zeek
 scripts/policy/misc/loaded-scripts.zeek
   scripts/base/utils/paths.zeek

testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log

@@ -268,10 +268,6 @@ scripts/base/init-frameworks-and-bifs.zeek
     build/scripts/base/bif/plugins/Zeek_NoneWriter.none.bif.zeek
     build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
   scripts/base/frameworks/spicy/init-framework.zeek
-    scripts/base/misc/version.zeek
-      scripts/base/frameworks/reporter/__load__.zeek
-        scripts/base/frameworks/reporter/main.zeek
-      scripts/base/utils/strings.zeek
 scripts/base/init-default.zeek
   scripts/base/utils/active-http.zeek
     scripts/base/utils/exec.zeek
@@ -279,6 +275,8 @@ scripts/base/init-default.zeek
   scripts/base/utils/backtrace.zeek
   scripts/base/utils/conn-ids.zeek
   scripts/base/utils/dir.zeek
+    scripts/base/frameworks/reporter/__load__.zeek
+      scripts/base/frameworks/reporter/main.zeek
     scripts/base/utils/paths.zeek
   scripts/base/utils/directions-and-hosts.zeek
   scripts/base/utils/email.zeek
@@ -286,6 +284,7 @@ scripts/base/init-default.zeek
   scripts/base/utils/geoip-distance.zeek
   scripts/base/utils/numbers.zeek
   scripts/base/utils/queue.zeek
+  scripts/base/utils/strings.zeek
   scripts/base/utils/thresholds.zeek
   scripts/base/utils/time.zeek
   scripts/base/utils/urls.zeek
@@ -349,6 +348,7 @@ scripts/base/init-default.zeek
     scripts/base/frameworks/netcontrol/non-cluster.zeek
   scripts/base/frameworks/telemetry/__load__.zeek
     scripts/base/frameworks/telemetry/main.zeek
+      scripts/base/misc/version.zeek
   scripts/base/frameworks/spicy/__load__.zeek
     scripts/base/frameworks/spicy/main.zeek
   scripts/base/protocols/conn/__load__.zeek

testing/btest/Baseline/plugins.hooks/output

@@ -47,7 +47,6 @@
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=http, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, path=reporter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=tunnel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}])) -> <no result>
@@ -60,7 +59,6 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy, event_groups={}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter, policy=Reporter::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel, policy=Tunnel::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__enable_stream, <frame>, (Analyzer::Logging::LOG)) -> <no result>
@@ -74,7 +72,6 @@
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (HTTP::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Notice::ALARM_LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Notice::LOG)) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Reporter::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Tunnel::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Weird::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
@@ -87,7 +84,6 @@
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Analyzer::Logging::LOG, default)) -> <no result>
@@ -100,7 +96,6 @@
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (HTTP::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Notice::ALARM_LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Notice::LOG, default)) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Reporter::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Tunnel::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}])) -> <no result>
@@ -113,7 +108,6 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy, event_groups={}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter, policy=Reporter::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel, policy=Tunnel::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::enable_stream, <frame>, (Analyzer::Logging::LOG)) -> <no result>
@@ -325,7 +319,6 @@
 0.000000   MetaHookPost  CallFunction(Site::update_private_address_space, <frame>, (Site::private_address_space, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,2002:cb00:7100::<...>/4,2002:c633:6400::/40,2002:a00::/24,100::<...>/8,2001:2::/48,2002:c000:200::<...>/12,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::/32,2002:c612::<...>/16,2002::/24,fe80::/10,2001:db8::<...>/24,2002:c0a8::<...>/24})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Supervisor::__is_supervisor, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Supervisor::is_supervisor, <frame>, ()) -> <no result>
-0.000000   MetaHookPost  CallFunction(Version::parse, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(__init_primary_bifs, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(__init_secondary_bifs, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(disable_event_group, <frame>, (Analyzer::Logging::include_confirmations)) -> <no result>
@@ -333,7 +326,6 @@
 0.000000   MetaHookPost  CallFunction(getenv, <null>, (CLUSTER_NODE)) -> <no result>
 0.000000   MetaHookPost  CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS)) -> <no result>
 0.000000   MetaHookPost  CallFunction(global_options, <frame>, ()) -> <no result>
-0.000000   MetaHookPost  CallFunction(gsub, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(has_event_group, <frame>, (Analyzer::Logging)) -> <no result>
 0.000000   MetaHookPost  CallFunction(has_module_events, <frame>, (Analyzer::Logging)) -> <no result>
 0.000000   MetaHookPost  CallFunction(have_spicy, <null>, ()) -> <no result>
@@ -341,7 +333,6 @@
 0.000000   MetaHookPost  CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
 0.000000   MetaHookPost  CallFunction(lambda_<15261139872714441626>, <frame>, (Analyzer::Logging::include_confirmations, F)) -> <no result>
 0.000000   MetaHookPost  CallFunction(lambda_<2645182068207650863>, <frame>, (Analyzer::Logging::enable, T)) -> <no result>
-0.000000   MetaHookPost  CallFunction(lstrip, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(port_to_count, <frame>, (2123/udp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(port_to_count, <frame>, (2152/udp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(port_to_count, <frame>, (3544/udp)) -> <no result>
@@ -351,12 +342,9 @@
 0.000000   MetaHookPost  CallFunction(port_to_count, <frame>, (6081/udp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(reading_traces, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(set_to_regex, <frame>, ({}, (^\.?|\.)(~~)$)) -> <no result>
-0.000000   MetaHookPost  CallFunction(split_string1, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(string_to_pattern, <frame>, ((^\.?|\.)()$, F)) -> <no result>
 0.000000   MetaHookPost  CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, )) -> <no result>
-0.000000   MetaHookPost  CallFunction(to_count, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(zeek_init, <null>, ()) -> <no result>
-0.000000   MetaHookPost  CallFunction(zeek_version, <null>, ()) -> <no result>
 0.000000   MetaHookPost  DrainEvents() -> <void>
 0.000000   MetaHookPost  LoadFile(0, ./CPP-load.bif.zeek, <...>/CPP-load.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./Zeek_ARP.events.bif.zeek, <...>/Zeek_ARP.events.bif.zeek) -> -1
@@ -605,7 +593,6 @@
 0.000000   MetaHookPost  LoadFile(0, base<...>/ppp_serial, <...>/ppp_serial) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/pppoe, <...>/pppoe) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/removal-hooks, <...>/removal-hooks.zeek) -> -1
-0.000000   MetaHookPost  LoadFile(0, base<...>/reporter, <...>/reporter) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/reporter.bif, <...>/reporter.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/root, <...>/root) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/site, <...>/site.zeek) -> -1
@@ -623,7 +610,6 @@
 0.000000   MetaHookPost  LoadFile(0, base<...>/types.bif, <...>/types.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/udp, <...>/udp) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/utils, <...>/utils.zeek) -> -1
-0.000000   MetaHookPost  LoadFile(0, base<...>/version, <...>/version.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/vlan, <...>/vlan) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/vntag, <...>/vntag) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/vxlan, <...>/vxlan) -> -1
@@ -892,7 +878,6 @@
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/ppp_serial, <...>/ppp_serial) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/pppoe, <...>/pppoe) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/removal-hooks, <...>/removal-hooks.zeek) -> (-1, <no content>)
-0.000000   MetaHookPost  LoadFileExtended(0, base<...>/reporter, <...>/reporter) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/reporter.bif, <...>/reporter.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/root, <...>/root) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/site, <...>/site.zeek) -> (-1, <no content>)
@@ -910,7 +895,6 @@
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/types.bif, <...>/types.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/udp, <...>/udp) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/utils, <...>/utils.zeek) -> (-1, <no content>)
-0.000000   MetaHookPost  LoadFileExtended(0, base<...>/version, <...>/version.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/vlan, <...>/vlan) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/vntag, <...>/vntag) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, base<...>/vxlan, <...>/vxlan) -> (-1, <no content>)
@@ -981,7 +965,6 @@
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=http, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, path=reporter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=tunnel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}]))
@@ -994,7 +977,6 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy, event_groups={}]))
-0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter, policy=Reporter::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel, policy=Tunnel::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__enable_stream, <frame>, (Analyzer::Logging::LOG))
@@ -1008,7 +990,6 @@
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (HTTP::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Notice::ALARM_LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Notice::LOG))
-0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Reporter::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Tunnel::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Weird::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
@@ -1021,7 +1002,6 @@
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
-0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Analyzer::Logging::LOG, default))
@@ -1034,7 +1014,6 @@
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (HTTP::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Notice::ALARM_LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Notice::LOG, default))
-0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Reporter::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Tunnel::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}]))
@@ -1047,7 +1026,6 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy, event_groups={}]))
-0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter, policy=Reporter::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel, policy=Tunnel::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::enable_stream, <frame>, (Analyzer::Logging::LOG))
@@ -1259,7 +1237,6 @@
 0.000000   MetaHookPre   CallFunction(Site::update_private_address_space, <frame>, (Site::private_address_space, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,2002:cb00:7100::<...>/4,2002:c633:6400::/40,2002:a00::/24,100::<...>/8,2001:2::/48,2002:c000:200::<...>/12,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::/32,2002:c612::<...>/16,2002::/24,fe80::/10,2001:db8::<...>/24,2002:c0a8::<...>/24}))
 0.000000   MetaHookPre   CallFunction(Supervisor::__is_supervisor, <frame>, ())
 0.000000   MetaHookPre   CallFunction(Supervisor::is_supervisor, <frame>, ())
-0.000000   MetaHookPre   CallFunction(Version::parse, ..., ...)
 0.000000   MetaHookPre   CallFunction(__init_primary_bifs, <null>, ())
 0.000000   MetaHookPre   CallFunction(__init_secondary_bifs, <null>, ())
 0.000000   MetaHookPre   CallFunction(disable_event_group, <frame>, (Analyzer::Logging::include_confirmations))
@@ -1267,7 +1244,6 @@
 0.000000   MetaHookPre   CallFunction(getenv, <null>, (CLUSTER_NODE))
 0.000000   MetaHookPre   CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS))
 0.000000   MetaHookPre   CallFunction(global_options, <frame>, ())
-0.000000   MetaHookPre   CallFunction(gsub, ..., ...)
 0.000000   MetaHookPre   CallFunction(has_event_group, <frame>, (Analyzer::Logging))
 0.000000   MetaHookPre   CallFunction(has_module_events, <frame>, (Analyzer::Logging))
 0.000000   MetaHookPre   CallFunction(have_spicy, <null>, ())
@@ -1275,7 +1251,6 @@
 0.000000   MetaHookPre   CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
 0.000000   MetaHookPre   CallFunction(lambda_<15261139872714441626>, <frame>, (Analyzer::Logging::include_confirmations, F))
 0.000000   MetaHookPre   CallFunction(lambda_<2645182068207650863>, <frame>, (Analyzer::Logging::enable, T))
-0.000000   MetaHookPre   CallFunction(lstrip, ..., ...)
 0.000000   MetaHookPre   CallFunction(port_to_count, <frame>, (2123/udp))
 0.000000   MetaHookPre   CallFunction(port_to_count, <frame>, (2152/udp))
 0.000000   MetaHookPre   CallFunction(port_to_count, <frame>, (3544/udp))
@@ -1285,12 +1260,9 @@
 0.000000   MetaHookPre   CallFunction(port_to_count, <frame>, (6081/udp))
 0.000000   MetaHookPre   CallFunction(reading_traces, <frame>, ())
 0.000000   MetaHookPre   CallFunction(set_to_regex, <frame>, ({}, (^\.?|\.)(~~)$))
-0.000000   MetaHookPre   CallFunction(split_string1, ..., ...)
 0.000000   MetaHookPre   CallFunction(string_to_pattern, <frame>, ((^\.?|\.)()$, F))
 0.000000   MetaHookPre   CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, ))
-0.000000   MetaHookPre   CallFunction(to_count, ..., ...)
 0.000000   MetaHookPre   CallFunction(zeek_init, <null>, ())
-0.000000   MetaHookPre   CallFunction(zeek_version, <null>, ())
 0.000000   MetaHookPre   DrainEvents()
 0.000000   MetaHookPre   LoadFile(0, ./CPP-load.bif.zeek, <...>/CPP-load.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./Zeek_ARP.events.bif.zeek, <...>/Zeek_ARP.events.bif.zeek)
@@ -1539,7 +1511,6 @@
 0.000000   MetaHookPre   LoadFile(0, base<...>/ppp_serial, <...>/ppp_serial)
 0.000000   MetaHookPre   LoadFile(0, base<...>/pppoe, <...>/pppoe)
 0.000000   MetaHookPre   LoadFile(0, base<...>/removal-hooks, <...>/removal-hooks.zeek)
-0.000000   MetaHookPre   LoadFile(0, base<...>/reporter, <...>/reporter)
 0.000000   MetaHookPre   LoadFile(0, base<...>/reporter.bif, <...>/reporter.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, base<...>/root, <...>/root)
 0.000000   MetaHookPre   LoadFile(0, base<...>/site, <...>/site.zeek)
@@ -1557,7 +1528,6 @@
 0.000000   MetaHookPre   LoadFile(0, base<...>/types.bif, <...>/types.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, base<...>/udp, <...>/udp)
 0.000000   MetaHookPre   LoadFile(0, base<...>/utils, <...>/utils.zeek)
-0.000000   MetaHookPre   LoadFile(0, base<...>/version, <...>/version.zeek)
 0.000000   MetaHookPre   LoadFile(0, base<...>/vlan, <...>/vlan)
 0.000000   MetaHookPre   LoadFile(0, base<...>/vntag, <...>/vntag)
 0.000000   MetaHookPre   LoadFile(0, base<...>/vxlan, <...>/vxlan)
@@ -1826,7 +1796,6 @@
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/ppp_serial, <...>/ppp_serial)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/pppoe, <...>/pppoe)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/removal-hooks, <...>/removal-hooks.zeek)
-0.000000   MetaHookPre   LoadFileExtended(0, base<...>/reporter, <...>/reporter)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/reporter.bif, <...>/reporter.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/root, <...>/root)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/site, <...>/site.zeek)
@@ -1844,7 +1813,6 @@
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/types.bif, <...>/types.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/udp, <...>/udp)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/utils, <...>/utils.zeek)
-0.000000   MetaHookPre   LoadFileExtended(0, base<...>/version, <...>/version.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/vlan, <...>/vlan)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/vntag, <...>/vntag)
 0.000000   MetaHookPre   LoadFileExtended(0, base<...>/vxlan, <...>/vxlan)
@@ -1914,7 +1882,6 @@
 0.000000 | HookCallFunction Log::__add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=http, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
-0.000000 | HookCallFunction Log::__add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, path=reporter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=tunnel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__create_stream(Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}])
@@ -1927,7 +1894,6 @@
 0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm, event_groups={}])
 0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy, event_groups={}])
-0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter, policy=Reporter::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel, policy=Tunnel::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::__enable_stream(Analyzer::Logging::LOG)
@@ -1941,7 +1907,6 @@
 0.000000 | HookCallFunction Log::add_default_filter(HTTP::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Notice::ALARM_LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Notice::LOG)
-0.000000 | HookCallFunction Log::add_default_filter(Reporter::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Tunnel::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Weird::LOG)
 0.000000 | HookCallFunction Log::add_filter(Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
@@ -1954,7 +1919,6 @@
 0.000000 | HookCallFunction Log::add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
-0.000000 | HookCallFunction Log::add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_stream_filters(Analyzer::Logging::LOG, default)
@@ -1967,7 +1931,6 @@
 0.000000 | HookCallFunction Log::add_stream_filters(HTTP::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Notice::ALARM_LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Notice::LOG, default)
-0.000000 | HookCallFunction Log::add_stream_filters(Reporter::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Tunnel::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Weird::LOG, default)
 0.000000 | HookCallFunction Log::create_stream(Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}])
@@ -1980,7 +1943,6 @@
 0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm, policy=Notice::log_policy_alarm, event_groups={}])
 0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy, event_groups={}])
-0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter, policy=Reporter::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel, policy=Tunnel::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::enable_stream(Analyzer::Logging::LOG)
@@ -2192,7 +2154,6 @@
 0.000000 | HookCallFunction Site::update_private_address_space(Site::private_address_space, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,2002:cb00:7100::<...>/4,2002:c633:6400::/40,2002:a00::/24,100::<...>/8,2001:2::/48,2002:c000:200::<...>/12,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::/32,2002:c612::<...>/16,2002::/24,fe80::/10,2001:db8::<...>/24,2002:c0a8::<...>/24})
 0.000000 | HookCallFunction Supervisor::__is_supervisor()
 0.000000 | HookCallFunction Supervisor::is_supervisor()
-0.000000 | HookCallFunction Version::parse(...)
 0.000000 | HookCallFunction __init_primary_bifs()
 0.000000 | HookCallFunction __init_secondary_bifs()
 0.000000 | HookCallFunction disable_event_group(Analyzer::Logging::include_confirmations)
@@ -2200,7 +2161,6 @@
 0.000000 | HookCallFunction getenv(CLUSTER_NODE)
 0.000000 | HookCallFunction getenv(ZEEK_DEFAULT_LISTEN_ADDRESS)
 0.000000 | HookCallFunction global_options()
-0.000000 | HookCallFunction gsub(...)
 0.000000 | HookCallFunction has_event_group(Analyzer::Logging)
 0.000000 | HookCallFunction has_module_events(Analyzer::Logging)
 0.000000 | HookCallFunction have_spicy()
@@ -2208,7 +2168,6 @@
 0.000000 | HookCallFunction is_packet_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
 0.000000 | HookCallFunction lambda_<15261139872714441626>(Analyzer::Logging::include_confirmations, F)
 0.000000 | HookCallFunction lambda_<2645182068207650863>(Analyzer::Logging::enable, T)
-0.000000 | HookCallFunction lstrip(...)
 0.000000 | HookCallFunction port_to_count(2123/udp)
 0.000000 | HookCallFunction port_to_count(2152/udp)
 0.000000 | HookCallFunction port_to_count(3544/udp)
@@ -2218,12 +2177,9 @@
 0.000000 | HookCallFunction port_to_count(6081/udp)
 0.000000 | HookCallFunction reading_traces()
 0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$)
-0.000000 | HookCallFunction split_string1(...)
 0.000000 | HookCallFunction string_to_pattern((^\.?|\.)()$, F)
 0.000000 | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, )
-0.000000 | HookCallFunction to_count(...)
 0.000000 | HookCallFunction zeek_init()
-0.000000 | HookCallFunction zeek_version()
 0.000000 | HookDrainEvents
 0.000000 | HookLoadFile  ./CPP-load.bif.zeek <...>/CPP-load.bif.zeek
 0.000000 | HookLoadFile  ./Zeek_ARP.events.bif.zeek <...>/Zeek_ARP.events.bif.zeek
@@ -2484,7 +2440,6 @@
 0.000000 | HookLoadFile  base<...>/ppp_serial <...>/ppp_serial
 0.000000 | HookLoadFile  base<...>/pppoe <...>/pppoe
 0.000000 | HookLoadFile  base<...>/removal-hooks <...>/removal-hooks.zeek
-0.000000 | HookLoadFile  base<...>/reporter <...>/reporter
 0.000000 | HookLoadFile  base<...>/reporter.bif <...>/reporter.bif.zeek
 0.000000 | HookLoadFile  base<...>/root <...>/root
 0.000000 | HookLoadFile  base<...>/site <...>/site.zeek
@@ -2502,7 +2457,6 @@
 0.000000 | HookLoadFile  base<...>/types.bif <...>/types.bif.zeek
 0.000000 | HookLoadFile  base<...>/udp <...>/udp
 0.000000 | HookLoadFile  base<...>/utils <...>/utils.zeek
-0.000000 | HookLoadFile  base<...>/version <...>/version.zeek
 0.000000 | HookLoadFile  base<...>/vlan <...>/vlan
 0.000000 | HookLoadFile  base<...>/vntag <...>/vntag
 0.000000 | HookLoadFile  base<...>/vxlan <...>/vxlan
@@ -2771,7 +2725,6 @@
 0.000000 | HookLoadFileExtended base<...>/ppp_serial <...>/ppp_serial
 0.000000 | HookLoadFileExtended base<...>/pppoe <...>/pppoe
 0.000000 | HookLoadFileExtended base<...>/removal-hooks <...>/removal-hooks.zeek
-0.000000 | HookLoadFileExtended base<...>/reporter <...>/reporter
 0.000000 | HookLoadFileExtended base<...>/reporter.bif <...>/reporter.bif.zeek
 0.000000 | HookLoadFileExtended base<...>/root <...>/root
 0.000000 | HookLoadFileExtended base<...>/site <...>/site.zeek
@@ -2789,7 +2742,6 @@
 0.000000 | HookLoadFileExtended base<...>/types.bif <...>/types.bif.zeek
 0.000000 | HookLoadFileExtended base<...>/udp <...>/udp
 0.000000 | HookLoadFileExtended base<...>/utils <...>/utils.zeek
-0.000000 | HookLoadFileExtended base<...>/version <...>/version.zeek
 0.000000 | HookLoadFileExtended base<...>/vlan <...>/vlan
 0.000000 | HookLoadFileExtended base<...>/vntag <...>/vntag
 0.000000 | HookLoadFileExtended base<...>/vxlan <...>/vxlan

testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-invalid/.stderr

@@ -1,3 +1,2 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 XXXXXXXXXX.XXXXXX warning: non-void function returning without a value: add_extension
-XXXXXXXXXX.XXXXXX warning: non-void function returning without a value: add_extension

testing/btest/Files/mmdb/.gitignore

@@ -0,0 +1 @@
+testmmdb

testing/btest/Files/mmdb/README

@@ -0,0 +1,13 @@
+These .mmdb databases were created with the mmdbwriter from MaxMind [1] for
+testing purposes. See the main.go file. They only contain information about
+LBL's network ranges:
+
+    128.3.0.0/16
+    131.243.0.0/16
+
+Rebuild with:
+
+    go build
+    ./testmmdb
+
+[1] https://github.com/maxmind/mmdbwriter

testing/btest/Files/mmdb/go.mod

@@ -0,0 +1,11 @@
+module testmmdb
+
+go 1.21.0
+
+require github.com/maxmind/mmdbwriter v1.0.0
+
+require (
+	github.com/oschwald/maxminddb-golang v1.12.0 // indirect
+	go4.org/netipx v0.0.0-20220812043211-3cc044ffd68d // indirect
+	golang.org/x/sys v0.10.0 // indirect
+)

testing/btest/Files/mmdb/go.sum

@@ -0,0 +1,16 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/maxmind/mmdbwriter v1.0.0 h1:bieL4P6yaYaHvbtLSwnKtEvScUKKD6jcKaLiTM3WSMw=
+github.com/maxmind/mmdbwriter v1.0.0/go.mod h1:noBMCUtyN5PUQ4H8ikkOvGSHhzhLok51fON2hcrpKj8=
+github.com/oschwald/maxminddb-golang v1.12.0 h1:9FnTOD0YOhP7DGxGsq4glzpGy5+w7pq50AS6wALUMYs=
+github.com/oschwald/maxminddb-golang v1.12.0/go.mod h1:q0Nob5lTCqyQ8WT6FYgS1L7PXKVVbgiymefNwIjPzgY=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+go4.org/netipx v0.0.0-20220812043211-3cc044ffd68d h1:ggxwEf5eu0l8v+87VhX1czFh8zJul3hK16Gmruxn7hw=
+go4.org/netipx v0.0.0-20220812043211-3cc044ffd68d/go.mod h1:tgPU4N2u9RByaTN3NC2p9xOzyFpte4jYwsIIRF7XlSc=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

testing/btest/Files/mmdb/main.go

@@ -0,0 +1,71 @@
+// Create test MaxMind DB database files containing information about
+// just LBL's IPv4 ranges for testing.
+package main
+
+import (
+	"log"
+	"net"
+	"os"
+
+	"github.com/maxmind/mmdbwriter"
+	"github.com/maxmind/mmdbwriter/mmdbtype"
+)
+
+func writeDb(fname, name string, record mmdbtype.Map, nets ...*net.IPNet) {
+	writer, err := mmdbwriter.New(
+		mmdbwriter.Options{
+			DatabaseType: name,
+		},
+	)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, n := range nets {
+		if err = writer.Insert(n, record); err != nil {
+			log.Fatal(err)
+		}
+	}
+
+	fh, err := os.Create(fname)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer fh.Close()
+
+	_, err = writer.WriteTo(fh)
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func main() {
+	_, net1, _ := net.ParseCIDR("128.3.0.0/16")
+	_, net2, _ := net.ParseCIDR("131.243.0.0/16")
+
+	// The ASN record.
+	asn_record := mmdbtype.Map{}
+	asn_record["autonomous_system_number"] = mmdbtype.Uint32(16)
+	asn_record["autonomous_system_organization"] = mmdbtype.String("Lawrence Berkeley National Laboratory")
+	writeDb("GeoLite2-ASN.mmdb", "My-ASN-DB", asn_record, net1, net2)
+
+	// The Location record.
+	loc_record := mmdbtype.Map{
+		"country": mmdbtype.Map{
+			"iso_code": mmdbtype.String("US"),
+			"names": mmdbtype.Map{
+				"en": mmdbtype.String("United States"),
+			},
+		},
+		"location": mmdbtype.Map{
+			"latitude":  mmdbtype.Float64(37.75100),
+			"longitude": mmdbtype.Float64(-97.822000),
+		},
+		"city": mmdbtype.Map{
+			"names": mmdbtype.Map{
+				"en": mmdbtype.String("Berkeley"),
+			},
+		},
+	}
+	writeDb("GeoLite2-City.mmdb", "My-City-DB", loc_record, net1, net2)
+}

testing/btest/core/mmdb/reopen.zeek

@@ -0,0 +1,37 @@
+# @TEST-DOC: Change the modification time of the mmdb database on every packet. This triggers reopening of the MMDB database.
+#
+# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h
+#
+# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
+# @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
+# @TEST-EXEC: zeek-cut -m < reporter.log > reporter.log.tmp && mv reporter.log.tmp reporter.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff reporter.log
+
+@load base/frameworks/reporter
+
+redef mmdb_dir = "./mmdb";
+
+global pkt = 0;
+
+event new_packet(c: connection, p: pkt_hdr)
+	{
+	++pkt;
+	# Set MMDB's modification time to current network time.
+	local asn_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-ASN.mmdb");
+	local city_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-City.mmdb");
+
+	if ( ! piped_exec(fmt("touch -d @%s %s", network_time(), asn_fn), "") )
+		exit(1);
+
+	if ( ! piped_exec(fmt("touch -d @%s %s", network_time(), city_fn), "") )
+		exit(1);
+
+	print network_time(), pkt, 128.3.0.1, "asn", lookup_autonomous_system(128.3.0.1);
+	print network_time(), pkt, 128.3.0.1, "location", lookup_location(128.3.0.1);
+	print network_time(), pkt, 131.243.0.1, "asn", lookup_autonomous_system(131.243.0.1);
+	print network_time(), pkt, 131.243.0.1, "location", lookup_location(131.243.0.1);
+
+	if ( pkt == 4 )
+		terminate();
+	}

testing/btest/core/mmdb/temporary-error.zeek

@@ -0,0 +1,85 @@
+# @TEST-DOC: Test a few error and recovery cases (corrupted, removed and restored MMDB databases).
+#
+# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h
+#
+# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
+# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb-backup
+# @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT mmdb_dir=./mmdb >out
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
+# @TEST-EXEC: zeek-cut -m < reporter.log > reporter.log.tmp && mv reporter.log.tmp reporter.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff reporter.log
+
+@load base/frameworks/reporter
+
+redef mmdb_dir = "./mmdb";
+
+global pkt = 0;
+
+event new_packet(c: connection, p: pkt_hdr)
+	{
+	++pkt;
+
+	local asn_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-ASN.mmdb");
+	local city_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-City.mmdb");
+
+	local asn_fn_backup = safe_shell_quote(mmdb_dir + "-backup/GeoLite2-ASN.mmdb");
+	local city_fn_backup = safe_shell_quote(mmdb_dir + "-backup/GeoLite2-City.mmdb");
+
+	if ( pkt == 1 )
+		{
+		print "start";
+		}
+	if ( pkt == 2 )
+		{
+		print "corrupting db";
+		if ( ! piped_exec(fmt("truncate --size=8 %s", asn_fn), "") )
+			exit(1);
+
+		if ( ! piped_exec(fmt("truncate --size=8 %s", city_fn), "") )
+			exit(1);
+		}
+	else if ( pkt == 4 )
+		{
+		print "unlinking";
+		if ( ! piped_exec(fmt("rm %s", asn_fn), "") )
+			exit(1);
+
+		if ( ! piped_exec(fmt("rm %s", city_fn), "") )
+			exit(1);
+		}
+	else if ( pkt == 6 )
+		{
+		# This should provoke an inode change.
+		print "unlinking and restoring";
+		if ( ! piped_exec(fmt("mv %s %s.tmp; cp %s.tmp %s", asn_fn, asn_fn, asn_fn, asn_fn), "") )
+			exit(1);
+
+		if ( ! piped_exec(fmt("mv %s %s.tmp; cp %s.tmp %s", city_fn, city_fn, city_fn, city_fn), "") )
+			exit(1);
+		}
+	else if ( pkt == 7 )
+		{
+		print "done";
+		terminate();
+		return;
+		}
+	else if ( pkt == 3 || pkt == 5 )
+		{
+		print "restoring backup db";
+		if ( ! piped_exec(fmt("cp %s %s", asn_fn_backup, asn_fn), "") )
+			exit(1);
+
+		if ( ! piped_exec(fmt("cp %s %s", city_fn_backup, city_fn), "") )
+			exit(1);
+		}
+
+	# Set MMDB's modification time to current network time for predictability.
+	if ( ! piped_exec(fmt("test -f %s && touch -d @%s %s", asn_fn, network_time(), asn_fn), "") )
+		exit(1);
+
+	if ( ! piped_exec(fmt("test -f %s && touch -d @%s %s", city_fn, network_time(), city_fn), "") )
+		exit(1);
+
+	print network_time(), pkt, 128.3.0.1, "asn", lookup_autonomous_system(128.3.0.1);
+	print network_time(), pkt, 128.3.0.1, "location", lookup_location(128.3.0.1);
+	}

testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek

@@ -1,4 +1,3 @@
-# @TEST-REQUIRES: $SCRIPTS/have-spicy
 # @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff .stderr