diff --git a/CHANGES b/CHANGES index b59a5f8b52..8ca429af4c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,22 @@ +2.6-223 | 2019-04-16 11:56:00 -0700 + + * Update tests and baselines due to renaming all scripts (Daniel Thayer) + + * Rename all scripts to have ".zeek" file extension (Daniel Thayer) + + * Add test cases to verify new file extension is recognized (Daniel Thayer) + + * Fix the core/load-duplicates.bro test (Daniel Thayer) + + * Update script search logic for new .zeek file extension (Daniel Thayer) + + When searching for script files, look for both the new and old file + extensions. If a file with ".zeek" can't be found, then search for + a file with ".bro" as a fallback. + + * Remove unnecessary ".bro" from @load directives (Daniel Thayer) + 2.6-212 | 2019-04-12 10:12:31 -0700 * smb2_write_response event added (Mauro Palumbo) diff --git a/NEWS b/NEWS index bde87d6f55..36b9556b3e 100644 --- a/NEWS +++ b/NEWS @@ -71,6 +71,21 @@ New Functionality Changed Functionality --------------------- +- ``$prefix/share/bro/site/local.bro`` has been renamed to + ``local.zeek``. If you have made customizations to that file, it + will no longer be loaded by default by BroControl (ZeekControl), + but you can simply copy it to ``local.zeek`. You may also want to + remove old ``local.bro`` files to avoid potential confusion. + +- All scripts ending in ``.bro`` that ship with the Zeek source tree have + been renamed to ``.zeek``. + +- The search logic for the ``@load`` script directive now prefers files + ending in ``.zeek``, but will fallback to loading a ``.bro`` file if it + exists. E.g. ``@load foo`` will check for ``foo.zeek`` and then ``foo.bro``. + Note that ``@load foo.bro`` will not automatically check for + ``@load foo.zeek``. + - The for-loop index variable for vectors has been changed from 'int' to 'count' type. It's unlikely this would alter/break any script behavior unless they were explicitly inspecting the variable's diff --git a/VERSION b/VERSION index 01ebf78655..439c8eab2d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-212 +2.6-223 diff --git a/aux/bifcl b/aux/bifcl index 44622332fb..d787c301ce 160000 --- a/aux/bifcl +++ b/aux/bifcl @@ -1 +1 @@ -Subproject commit 44622332fb1361383799be33e365704caacce199 +Subproject commit d787c301ce1183765773a0a7fd29bf142dc11f0d diff --git a/aux/binpac b/aux/binpac index 2c8d31a439..9ee2eab599 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 2c8d31a439a3712af3a7a0342a955a78784521a5 +Subproject commit 9ee2eab59925f3b846be6531a0569df3c8580591 diff --git a/aux/broccoli b/aux/broccoli index 41841d8f64..5d568e69a2 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 41841d8f64bdb062860309f7b36513212e81befa +Subproject commit 5d568e69a2f59edf6b026c2e4d591a6c415f51d0 diff --git a/aux/broctl b/aux/broctl index a49144d3dd..2844f70062 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit a49144d3dd26d906ad906ace97db3d093c510142 +Subproject commit 2844f70062c778094c6baf3864177161843517ac diff --git a/aux/broker b/aux/broker index de0c8e0ece..d1d0a8bb5c 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit de0c8e0ecea39dd556a16f4ecc0d482e936c38ac +Subproject commit d1d0a8bb5c7999d81ad0de8b4474fc36ba6431dc diff --git a/aux/zeek-aux b/aux/zeek-aux index 96c787cb39..b232d84996 160000 --- a/aux/zeek-aux +++ b/aux/zeek-aux @@ -1 +1 @@ -Subproject commit 96c787cb396a5aad2d3ea3b2087f2a1fcd6b7216 +Subproject commit b232d84996b3da69e1ca08dfc7777b5d24c369e9 diff --git a/cmake b/cmake index 0c1ee634a8..1c527236d0 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 0c1ee634a8f915e738da72c797a17aad9cb618dd +Subproject commit 1c527236d083af129cf130b205d61b336c475ae8 diff --git a/doc b/doc index e9f6728f13..5af14fffad 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit e9f6728f13165148ca8ffe0b373148ff78b10c6a +Subproject commit 5af14fffad53d2c43541a0169494c8fb9b5b2e46 diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index 96c682871a..189c9b9df8 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -2,8 +2,8 @@ include(InstallPackageConfigFile) install(DIRECTORY ./ DESTINATION ${BRO_SCRIPT_INSTALL_PATH} FILES_MATCHING PATTERN "site/local*" EXCLUDE - PATTERN "test-all-policy.bro" EXCLUDE - PATTERN "*.bro" + PATTERN "test-all-policy.zeek" EXCLUDE + PATTERN "*.zeek" PATTERN "*.sig" PATTERN "*.fp" ) @@ -11,6 +11,6 @@ install(DIRECTORY ./ DESTINATION ${BRO_SCRIPT_INSTALL_PATH} FILES_MATCHING # Install all local* scripts as config files since they are meant to be # user modify-able. InstallPackageConfigFile( - ${CMAKE_CURRENT_SOURCE_DIR}/site/local.bro + ${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek ${BRO_SCRIPT_INSTALL_PATH}/site - local.bro) + local.zeek) diff --git a/scripts/base/files/extract/__load__.bro b/scripts/base/files/extract/__load__.zeek similarity index 100% rename from scripts/base/files/extract/__load__.bro rename to scripts/base/files/extract/__load__.zeek diff --git a/scripts/base/files/extract/main.bro b/scripts/base/files/extract/main.zeek similarity index 100% rename from scripts/base/files/extract/main.bro rename to scripts/base/files/extract/main.zeek diff --git a/scripts/base/files/hash/__load__.bro b/scripts/base/files/hash/__load__.zeek similarity index 100% rename from scripts/base/files/hash/__load__.bro rename to scripts/base/files/hash/__load__.zeek diff --git a/scripts/base/files/hash/main.bro b/scripts/base/files/hash/main.zeek similarity index 100% rename from scripts/base/files/hash/main.bro rename to scripts/base/files/hash/main.zeek diff --git a/scripts/base/files/pe/__load__.bro b/scripts/base/files/pe/__load__.zeek similarity index 100% rename from scripts/base/files/pe/__load__.bro rename to scripts/base/files/pe/__load__.zeek diff --git a/scripts/base/files/pe/consts.bro b/scripts/base/files/pe/consts.zeek similarity index 100% rename from scripts/base/files/pe/consts.bro rename to scripts/base/files/pe/consts.zeek diff --git a/scripts/base/files/pe/main.bro b/scripts/base/files/pe/main.zeek similarity index 99% rename from scripts/base/files/pe/main.bro rename to scripts/base/files/pe/main.zeek index 972e8a31c8..9ef859d2fb 100644 --- a/scripts/base/files/pe/main.bro +++ b/scripts/base/files/pe/main.zeek @@ -1,6 +1,6 @@ module PE; -@load ./consts.bro +@load ./consts export { redef enum Log::ID += { LOG }; diff --git a/scripts/base/files/unified2/__load__.bro b/scripts/base/files/unified2/__load__.zeek similarity index 100% rename from scripts/base/files/unified2/__load__.bro rename to scripts/base/files/unified2/__load__.zeek diff --git a/scripts/base/files/unified2/main.bro b/scripts/base/files/unified2/main.zeek similarity index 100% rename from scripts/base/files/unified2/main.bro rename to scripts/base/files/unified2/main.zeek diff --git a/scripts/base/files/x509/__load__.bro b/scripts/base/files/x509/__load__.zeek similarity index 100% rename from scripts/base/files/x509/__load__.bro rename to scripts/base/files/x509/__load__.zeek diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.zeek similarity index 100% rename from scripts/base/files/x509/main.bro rename to scripts/base/files/x509/main.zeek diff --git a/scripts/base/frameworks/analyzer/__load__.bro b/scripts/base/frameworks/analyzer/__load__.zeek similarity index 100% rename from scripts/base/frameworks/analyzer/__load__.bro rename to scripts/base/frameworks/analyzer/__load__.zeek diff --git a/scripts/base/frameworks/analyzer/main.bro b/scripts/base/frameworks/analyzer/main.zeek similarity index 100% rename from scripts/base/frameworks/analyzer/main.bro rename to scripts/base/frameworks/analyzer/main.zeek diff --git a/scripts/base/frameworks/broker/__load__.bro b/scripts/base/frameworks/broker/__load__.zeek similarity index 100% rename from scripts/base/frameworks/broker/__load__.bro rename to scripts/base/frameworks/broker/__load__.zeek diff --git a/scripts/base/frameworks/broker/log.bro b/scripts/base/frameworks/broker/log.zeek similarity index 100% rename from scripts/base/frameworks/broker/log.bro rename to scripts/base/frameworks/broker/log.zeek diff --git a/scripts/base/frameworks/broker/main.bro b/scripts/base/frameworks/broker/main.zeek similarity index 100% rename from scripts/base/frameworks/broker/main.bro rename to scripts/base/frameworks/broker/main.zeek diff --git a/scripts/base/frameworks/broker/store.bro b/scripts/base/frameworks/broker/store.zeek similarity index 100% rename from scripts/base/frameworks/broker/store.bro rename to scripts/base/frameworks/broker/store.zeek diff --git a/scripts/base/frameworks/cluster/__load__.bro b/scripts/base/frameworks/cluster/__load__.zeek similarity index 100% rename from scripts/base/frameworks/cluster/__load__.bro rename to scripts/base/frameworks/cluster/__load__.zeek diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.zeek similarity index 98% rename from scripts/base/frameworks/cluster/main.bro rename to scripts/base/frameworks/cluster/main.zeek index 2d492454d4..2cb0401eea 100644 --- a/scripts/base/frameworks/cluster/main.bro +++ b/scripts/base/frameworks/cluster/main.zeek @@ -1,6 +1,6 @@ ##! A framework for establishing and controlling a cluster of Bro instances. ##! In order to use the cluster framework, a script named -##! ``cluster-layout.bro`` must exist somewhere in Bro's script search path +##! ``cluster-layout.zeek`` must exist somewhere in Bro's script search path ##! which has a cluster definition of the :bro:id:`Cluster::nodes` variable. ##! The ``CLUSTER_NODE`` environment variable or :bro:id:`Cluster::node` ##! must also be sent and the cluster framework loaded as a package like @@ -192,7 +192,7 @@ export { global worker_count: count = 0; ## The cluster layout definition. This should be placed into a filter - ## named cluster-layout.bro somewhere in the BROPATH. It will be + ## named cluster-layout.zeek somewhere in the BROPATH. It will be ## automatically loaded if the CLUSTER_NODE environment variable is set. ## Note that BroControl handles all of this automatically. ## The table is typically indexed by node names/labels (e.g. "manager" @@ -200,7 +200,7 @@ export { const nodes: table[string] of Node = {} &redef; ## Indicates whether or not the manager will act as the logger and receive - ## logs. This value should be set in the cluster-layout.bro script (the + ## logs. This value should be set in the cluster-layout.zeek script (the ## value should be true only if no logger is specified in Cluster::nodes). ## Note that BroControl handles this automatically. const manager_is_logger = T &redef; diff --git a/scripts/base/frameworks/cluster/nodes/logger.bro b/scripts/base/frameworks/cluster/nodes/logger.zeek similarity index 100% rename from scripts/base/frameworks/cluster/nodes/logger.bro rename to scripts/base/frameworks/cluster/nodes/logger.zeek diff --git a/scripts/base/frameworks/cluster/nodes/manager.bro b/scripts/base/frameworks/cluster/nodes/manager.zeek similarity index 100% rename from scripts/base/frameworks/cluster/nodes/manager.bro rename to scripts/base/frameworks/cluster/nodes/manager.zeek diff --git a/scripts/base/frameworks/cluster/nodes/proxy.bro b/scripts/base/frameworks/cluster/nodes/proxy.zeek similarity index 100% rename from scripts/base/frameworks/cluster/nodes/proxy.bro rename to scripts/base/frameworks/cluster/nodes/proxy.zeek diff --git a/scripts/base/frameworks/cluster/nodes/worker.bro b/scripts/base/frameworks/cluster/nodes/worker.zeek similarity index 100% rename from scripts/base/frameworks/cluster/nodes/worker.bro rename to scripts/base/frameworks/cluster/nodes/worker.zeek diff --git a/scripts/base/frameworks/cluster/pools.bro b/scripts/base/frameworks/cluster/pools.zeek similarity index 100% rename from scripts/base/frameworks/cluster/pools.bro rename to scripts/base/frameworks/cluster/pools.zeek diff --git a/scripts/base/frameworks/cluster/setup-connections.bro b/scripts/base/frameworks/cluster/setup-connections.zeek similarity index 100% rename from scripts/base/frameworks/cluster/setup-connections.bro rename to scripts/base/frameworks/cluster/setup-connections.zeek diff --git a/scripts/base/frameworks/config/__load__.bro b/scripts/base/frameworks/config/__load__.zeek similarity index 100% rename from scripts/base/frameworks/config/__load__.bro rename to scripts/base/frameworks/config/__load__.zeek diff --git a/scripts/base/frameworks/config/input.bro b/scripts/base/frameworks/config/input.zeek similarity index 100% rename from scripts/base/frameworks/config/input.bro rename to scripts/base/frameworks/config/input.zeek diff --git a/scripts/base/frameworks/config/main.bro b/scripts/base/frameworks/config/main.zeek similarity index 100% rename from scripts/base/frameworks/config/main.bro rename to scripts/base/frameworks/config/main.zeek diff --git a/scripts/base/frameworks/config/weird.bro b/scripts/base/frameworks/config/weird.zeek similarity index 100% rename from scripts/base/frameworks/config/weird.bro rename to scripts/base/frameworks/config/weird.zeek diff --git a/scripts/base/frameworks/control/__load__.bro b/scripts/base/frameworks/control/__load__.zeek similarity index 100% rename from scripts/base/frameworks/control/__load__.bro rename to scripts/base/frameworks/control/__load__.zeek diff --git a/scripts/base/frameworks/control/main.bro b/scripts/base/frameworks/control/main.zeek similarity index 100% rename from scripts/base/frameworks/control/main.bro rename to scripts/base/frameworks/control/main.zeek diff --git a/scripts/base/frameworks/dpd/__load__.bro b/scripts/base/frameworks/dpd/__load__.zeek similarity index 100% rename from scripts/base/frameworks/dpd/__load__.bro rename to scripts/base/frameworks/dpd/__load__.zeek diff --git a/scripts/base/frameworks/dpd/main.bro b/scripts/base/frameworks/dpd/main.zeek similarity index 100% rename from scripts/base/frameworks/dpd/main.bro rename to scripts/base/frameworks/dpd/main.zeek diff --git a/scripts/base/frameworks/files/__load__.bro b/scripts/base/frameworks/files/__load__.bro deleted file mode 100644 index 2177d81e25..0000000000 --- a/scripts/base/frameworks/files/__load__.bro +++ /dev/null @@ -1,2 +0,0 @@ -@load ./main.bro -@load ./magic diff --git a/scripts/base/frameworks/files/__load__.zeek b/scripts/base/frameworks/files/__load__.zeek new file mode 100644 index 0000000000..2da9cffc66 --- /dev/null +++ b/scripts/base/frameworks/files/__load__.zeek @@ -0,0 +1,2 @@ +@load ./main +@load ./magic diff --git a/scripts/base/frameworks/files/magic/__load__.bro b/scripts/base/frameworks/files/magic/__load__.zeek similarity index 100% rename from scripts/base/frameworks/files/magic/__load__.bro rename to scripts/base/frameworks/files/magic/__load__.zeek diff --git a/scripts/base/frameworks/files/main.bro b/scripts/base/frameworks/files/main.zeek similarity index 100% rename from scripts/base/frameworks/files/main.bro rename to scripts/base/frameworks/files/main.zeek diff --git a/scripts/base/frameworks/input/__load__.bro b/scripts/base/frameworks/input/__load__.zeek similarity index 100% rename from scripts/base/frameworks/input/__load__.bro rename to scripts/base/frameworks/input/__load__.zeek diff --git a/scripts/base/frameworks/input/main.bro b/scripts/base/frameworks/input/main.zeek similarity index 100% rename from scripts/base/frameworks/input/main.bro rename to scripts/base/frameworks/input/main.zeek diff --git a/scripts/base/frameworks/input/readers/ascii.bro b/scripts/base/frameworks/input/readers/ascii.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/ascii.bro rename to scripts/base/frameworks/input/readers/ascii.zeek diff --git a/scripts/base/frameworks/input/readers/benchmark.bro b/scripts/base/frameworks/input/readers/benchmark.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/benchmark.bro rename to scripts/base/frameworks/input/readers/benchmark.zeek diff --git a/scripts/base/frameworks/input/readers/binary.bro b/scripts/base/frameworks/input/readers/binary.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/binary.bro rename to scripts/base/frameworks/input/readers/binary.zeek diff --git a/scripts/base/frameworks/input/readers/config.bro b/scripts/base/frameworks/input/readers/config.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/config.bro rename to scripts/base/frameworks/input/readers/config.zeek diff --git a/scripts/base/frameworks/input/readers/raw.bro b/scripts/base/frameworks/input/readers/raw.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/raw.bro rename to scripts/base/frameworks/input/readers/raw.zeek diff --git a/scripts/base/frameworks/input/readers/sqlite.bro b/scripts/base/frameworks/input/readers/sqlite.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/sqlite.bro rename to scripts/base/frameworks/input/readers/sqlite.zeek diff --git a/scripts/base/frameworks/intel/__load__.bro b/scripts/base/frameworks/intel/__load__.zeek similarity index 100% rename from scripts/base/frameworks/intel/__load__.bro rename to scripts/base/frameworks/intel/__load__.zeek diff --git a/scripts/base/frameworks/intel/cluster.bro b/scripts/base/frameworks/intel/cluster.zeek similarity index 100% rename from scripts/base/frameworks/intel/cluster.bro rename to scripts/base/frameworks/intel/cluster.zeek diff --git a/scripts/base/frameworks/intel/files.bro b/scripts/base/frameworks/intel/files.zeek similarity index 100% rename from scripts/base/frameworks/intel/files.bro rename to scripts/base/frameworks/intel/files.zeek diff --git a/scripts/base/frameworks/intel/input.bro b/scripts/base/frameworks/intel/input.zeek similarity index 100% rename from scripts/base/frameworks/intel/input.bro rename to scripts/base/frameworks/intel/input.zeek diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.zeek similarity index 100% rename from scripts/base/frameworks/intel/main.bro rename to scripts/base/frameworks/intel/main.zeek diff --git a/scripts/base/frameworks/logging/__load__.bro b/scripts/base/frameworks/logging/__load__.zeek similarity index 100% rename from scripts/base/frameworks/logging/__load__.bro rename to scripts/base/frameworks/logging/__load__.zeek diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.zeek similarity index 100% rename from scripts/base/frameworks/logging/main.bro rename to scripts/base/frameworks/logging/main.zeek diff --git a/scripts/base/frameworks/logging/postprocessors/__load__.bro b/scripts/base/frameworks/logging/postprocessors/__load__.zeek similarity index 100% rename from scripts/base/frameworks/logging/postprocessors/__load__.bro rename to scripts/base/frameworks/logging/postprocessors/__load__.zeek diff --git a/scripts/base/frameworks/logging/postprocessors/scp.bro b/scripts/base/frameworks/logging/postprocessors/scp.zeek similarity index 100% rename from scripts/base/frameworks/logging/postprocessors/scp.bro rename to scripts/base/frameworks/logging/postprocessors/scp.zeek diff --git a/scripts/base/frameworks/logging/postprocessors/sftp.bro b/scripts/base/frameworks/logging/postprocessors/sftp.zeek similarity index 100% rename from scripts/base/frameworks/logging/postprocessors/sftp.bro rename to scripts/base/frameworks/logging/postprocessors/sftp.zeek diff --git a/scripts/base/frameworks/logging/writers/ascii.bro b/scripts/base/frameworks/logging/writers/ascii.zeek similarity index 100% rename from scripts/base/frameworks/logging/writers/ascii.bro rename to scripts/base/frameworks/logging/writers/ascii.zeek diff --git a/scripts/base/frameworks/logging/writers/none.bro b/scripts/base/frameworks/logging/writers/none.zeek similarity index 100% rename from scripts/base/frameworks/logging/writers/none.bro rename to scripts/base/frameworks/logging/writers/none.zeek diff --git a/scripts/base/frameworks/logging/writers/sqlite.bro b/scripts/base/frameworks/logging/writers/sqlite.zeek similarity index 100% rename from scripts/base/frameworks/logging/writers/sqlite.bro rename to scripts/base/frameworks/logging/writers/sqlite.zeek diff --git a/scripts/base/frameworks/netcontrol/__load__.bro b/scripts/base/frameworks/netcontrol/__load__.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/__load__.bro rename to scripts/base/frameworks/netcontrol/__load__.zeek diff --git a/scripts/base/frameworks/netcontrol/catch-and-release.bro b/scripts/base/frameworks/netcontrol/catch-and-release.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/catch-and-release.bro rename to scripts/base/frameworks/netcontrol/catch-and-release.zeek diff --git a/scripts/base/frameworks/netcontrol/cluster.bro b/scripts/base/frameworks/netcontrol/cluster.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/cluster.bro rename to scripts/base/frameworks/netcontrol/cluster.zeek diff --git a/scripts/base/frameworks/netcontrol/drop.bro b/scripts/base/frameworks/netcontrol/drop.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/drop.bro rename to scripts/base/frameworks/netcontrol/drop.zeek diff --git a/scripts/base/frameworks/netcontrol/main.bro b/scripts/base/frameworks/netcontrol/main.zeek similarity index 99% rename from scripts/base/frameworks/netcontrol/main.bro rename to scripts/base/frameworks/netcontrol/main.zeek index a9418508af..110a0488dd 100644 --- a/scripts/base/frameworks/netcontrol/main.bro +++ b/scripts/base/frameworks/netcontrol/main.zeek @@ -43,8 +43,8 @@ export { # ### High-level API. # ### - # ### Note - other high level primitives are in catch-and-release.bro, shunt.bro and - # ### drop.bro + # ### Note - other high level primitives are in catch-and-release.zeek, + # ### shunt.zeek and drop.zeek ## Allows all traffic involving a specific IP address to be forwarded. ## diff --git a/scripts/base/frameworks/netcontrol/non-cluster.bro b/scripts/base/frameworks/netcontrol/non-cluster.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/non-cluster.bro rename to scripts/base/frameworks/netcontrol/non-cluster.zeek diff --git a/scripts/base/frameworks/netcontrol/plugin.bro b/scripts/base/frameworks/netcontrol/plugin.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugin.bro rename to scripts/base/frameworks/netcontrol/plugin.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/__load__.bro b/scripts/base/frameworks/netcontrol/plugins/__load__.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/__load__.bro rename to scripts/base/frameworks/netcontrol/plugins/__load__.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/acld.bro b/scripts/base/frameworks/netcontrol/plugins/acld.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/acld.bro rename to scripts/base/frameworks/netcontrol/plugins/acld.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/broker.bro b/scripts/base/frameworks/netcontrol/plugins/broker.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/broker.bro rename to scripts/base/frameworks/netcontrol/plugins/broker.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/debug.bro b/scripts/base/frameworks/netcontrol/plugins/debug.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/debug.bro rename to scripts/base/frameworks/netcontrol/plugins/debug.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/openflow.bro b/scripts/base/frameworks/netcontrol/plugins/openflow.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/openflow.bro rename to scripts/base/frameworks/netcontrol/plugins/openflow.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/packetfilter.bro b/scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/packetfilter.bro rename to scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek diff --git a/scripts/base/frameworks/netcontrol/shunt.bro b/scripts/base/frameworks/netcontrol/shunt.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/shunt.bro rename to scripts/base/frameworks/netcontrol/shunt.zeek diff --git a/scripts/base/frameworks/netcontrol/types.bro b/scripts/base/frameworks/netcontrol/types.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/types.bro rename to scripts/base/frameworks/netcontrol/types.zeek diff --git a/scripts/base/frameworks/notice/__load__.bro b/scripts/base/frameworks/notice/__load__.zeek similarity index 100% rename from scripts/base/frameworks/notice/__load__.bro rename to scripts/base/frameworks/notice/__load__.zeek diff --git a/scripts/base/frameworks/notice/actions/add-geodata.bro b/scripts/base/frameworks/notice/actions/add-geodata.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/add-geodata.bro rename to scripts/base/frameworks/notice/actions/add-geodata.zeek diff --git a/scripts/base/frameworks/notice/actions/drop.bro b/scripts/base/frameworks/notice/actions/drop.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/drop.bro rename to scripts/base/frameworks/notice/actions/drop.zeek diff --git a/scripts/base/frameworks/notice/actions/email_admin.bro b/scripts/base/frameworks/notice/actions/email_admin.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/email_admin.bro rename to scripts/base/frameworks/notice/actions/email_admin.zeek diff --git a/scripts/base/frameworks/notice/actions/page.bro b/scripts/base/frameworks/notice/actions/page.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/page.bro rename to scripts/base/frameworks/notice/actions/page.zeek diff --git a/scripts/base/frameworks/notice/actions/pp-alarms.bro b/scripts/base/frameworks/notice/actions/pp-alarms.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/pp-alarms.bro rename to scripts/base/frameworks/notice/actions/pp-alarms.zeek diff --git a/scripts/base/frameworks/notice/main.bro b/scripts/base/frameworks/notice/main.zeek similarity index 100% rename from scripts/base/frameworks/notice/main.bro rename to scripts/base/frameworks/notice/main.zeek diff --git a/scripts/base/frameworks/notice/weird.bro b/scripts/base/frameworks/notice/weird.zeek similarity index 100% rename from scripts/base/frameworks/notice/weird.bro rename to scripts/base/frameworks/notice/weird.zeek diff --git a/scripts/base/frameworks/openflow/__load__.bro b/scripts/base/frameworks/openflow/__load__.zeek similarity index 100% rename from scripts/base/frameworks/openflow/__load__.bro rename to scripts/base/frameworks/openflow/__load__.zeek diff --git a/scripts/base/frameworks/openflow/cluster.bro b/scripts/base/frameworks/openflow/cluster.zeek similarity index 100% rename from scripts/base/frameworks/openflow/cluster.bro rename to scripts/base/frameworks/openflow/cluster.zeek diff --git a/scripts/base/frameworks/openflow/consts.bro b/scripts/base/frameworks/openflow/consts.zeek similarity index 100% rename from scripts/base/frameworks/openflow/consts.bro rename to scripts/base/frameworks/openflow/consts.zeek diff --git a/scripts/base/frameworks/openflow/main.bro b/scripts/base/frameworks/openflow/main.zeek similarity index 99% rename from scripts/base/frameworks/openflow/main.bro rename to scripts/base/frameworks/openflow/main.zeek index 5740e90056..ecddea7cb3 100644 --- a/scripts/base/frameworks/openflow/main.bro +++ b/scripts/base/frameworks/openflow/main.zeek @@ -251,7 +251,7 @@ function controller_init_done(controller: Controller) event OpenFlow::controller_activated(controller$state$_name, controller); } -# Functions that are called from cluster.bro and non-cluster.bro +# Functions that are called from cluster.zeek and non-cluster.zeek function register_controller_impl(tpe: OpenFlow::Plugin, name: string, controller: Controller) { diff --git a/scripts/base/frameworks/openflow/non-cluster.bro b/scripts/base/frameworks/openflow/non-cluster.zeek similarity index 100% rename from scripts/base/frameworks/openflow/non-cluster.bro rename to scripts/base/frameworks/openflow/non-cluster.zeek diff --git a/scripts/base/frameworks/openflow/plugins/__load__.bro b/scripts/base/frameworks/openflow/plugins/__load__.zeek similarity index 100% rename from scripts/base/frameworks/openflow/plugins/__load__.bro rename to scripts/base/frameworks/openflow/plugins/__load__.zeek diff --git a/scripts/base/frameworks/openflow/plugins/broker.bro b/scripts/base/frameworks/openflow/plugins/broker.zeek similarity index 100% rename from scripts/base/frameworks/openflow/plugins/broker.bro rename to scripts/base/frameworks/openflow/plugins/broker.zeek diff --git a/scripts/base/frameworks/openflow/plugins/log.bro b/scripts/base/frameworks/openflow/plugins/log.zeek similarity index 100% rename from scripts/base/frameworks/openflow/plugins/log.bro rename to scripts/base/frameworks/openflow/plugins/log.zeek diff --git a/scripts/base/frameworks/openflow/plugins/ryu.bro b/scripts/base/frameworks/openflow/plugins/ryu.zeek similarity index 100% rename from scripts/base/frameworks/openflow/plugins/ryu.bro rename to scripts/base/frameworks/openflow/plugins/ryu.zeek diff --git a/scripts/base/frameworks/openflow/types.bro b/scripts/base/frameworks/openflow/types.zeek similarity index 100% rename from scripts/base/frameworks/openflow/types.bro rename to scripts/base/frameworks/openflow/types.zeek diff --git a/scripts/base/frameworks/packet-filter/__load__.bro b/scripts/base/frameworks/packet-filter/__load__.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/__load__.bro rename to scripts/base/frameworks/packet-filter/__load__.zeek diff --git a/scripts/base/frameworks/packet-filter/cluster.bro b/scripts/base/frameworks/packet-filter/cluster.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/cluster.bro rename to scripts/base/frameworks/packet-filter/cluster.zeek diff --git a/scripts/base/frameworks/packet-filter/main.bro b/scripts/base/frameworks/packet-filter/main.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/main.bro rename to scripts/base/frameworks/packet-filter/main.zeek diff --git a/scripts/base/frameworks/packet-filter/netstats.bro b/scripts/base/frameworks/packet-filter/netstats.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/netstats.bro rename to scripts/base/frameworks/packet-filter/netstats.zeek diff --git a/scripts/base/frameworks/packet-filter/utils.bro b/scripts/base/frameworks/packet-filter/utils.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/utils.bro rename to scripts/base/frameworks/packet-filter/utils.zeek diff --git a/scripts/base/frameworks/reporter/__load__.bro b/scripts/base/frameworks/reporter/__load__.zeek similarity index 100% rename from scripts/base/frameworks/reporter/__load__.bro rename to scripts/base/frameworks/reporter/__load__.zeek diff --git a/scripts/base/frameworks/reporter/main.bro b/scripts/base/frameworks/reporter/main.zeek similarity index 99% rename from scripts/base/frameworks/reporter/main.bro rename to scripts/base/frameworks/reporter/main.zeek index 8cba29bdc2..ea97048049 100644 --- a/scripts/base/frameworks/reporter/main.bro +++ b/scripts/base/frameworks/reporter/main.zeek @@ -9,7 +9,7 @@ ##! Note that this framework deals with the handling of internally generated ##! reporter messages, for the interface ##! into actually creating reporter messages from the scripting layer, use -##! the built-in functions in :doc:`/scripts/base/bif/reporter.bif.bro`. +##! the built-in functions in :doc:`/scripts/base/bif/reporter.bif.zeek`. module Reporter; diff --git a/scripts/base/frameworks/signatures/__load__.bro b/scripts/base/frameworks/signatures/__load__.zeek similarity index 100% rename from scripts/base/frameworks/signatures/__load__.bro rename to scripts/base/frameworks/signatures/__load__.zeek diff --git a/scripts/base/frameworks/signatures/main.bro b/scripts/base/frameworks/signatures/main.zeek similarity index 100% rename from scripts/base/frameworks/signatures/main.bro rename to scripts/base/frameworks/signatures/main.zeek diff --git a/scripts/base/frameworks/software/__load__.bro b/scripts/base/frameworks/software/__load__.zeek similarity index 100% rename from scripts/base/frameworks/software/__load__.bro rename to scripts/base/frameworks/software/__load__.zeek diff --git a/scripts/base/frameworks/software/main.bro b/scripts/base/frameworks/software/main.zeek similarity index 100% rename from scripts/base/frameworks/software/main.bro rename to scripts/base/frameworks/software/main.zeek diff --git a/scripts/base/frameworks/sumstats/__load__.bro b/scripts/base/frameworks/sumstats/__load__.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/__load__.bro rename to scripts/base/frameworks/sumstats/__load__.zeek diff --git a/scripts/base/frameworks/sumstats/cluster.bro b/scripts/base/frameworks/sumstats/cluster.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/cluster.bro rename to scripts/base/frameworks/sumstats/cluster.zeek diff --git a/scripts/base/frameworks/sumstats/main.bro b/scripts/base/frameworks/sumstats/main.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/main.bro rename to scripts/base/frameworks/sumstats/main.zeek diff --git a/scripts/base/frameworks/sumstats/non-cluster.bro b/scripts/base/frameworks/sumstats/non-cluster.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/non-cluster.bro rename to scripts/base/frameworks/sumstats/non-cluster.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/__load__.bro b/scripts/base/frameworks/sumstats/plugins/__load__.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/__load__.bro rename to scripts/base/frameworks/sumstats/plugins/__load__.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/average.bro b/scripts/base/frameworks/sumstats/plugins/average.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/average.bro rename to scripts/base/frameworks/sumstats/plugins/average.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/hll_unique.bro b/scripts/base/frameworks/sumstats/plugins/hll_unique.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/hll_unique.bro rename to scripts/base/frameworks/sumstats/plugins/hll_unique.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/last.bro b/scripts/base/frameworks/sumstats/plugins/last.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/last.bro rename to scripts/base/frameworks/sumstats/plugins/last.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/max.bro b/scripts/base/frameworks/sumstats/plugins/max.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/max.bro rename to scripts/base/frameworks/sumstats/plugins/max.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/min.bro b/scripts/base/frameworks/sumstats/plugins/min.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/min.bro rename to scripts/base/frameworks/sumstats/plugins/min.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/sample.bro b/scripts/base/frameworks/sumstats/plugins/sample.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/sample.bro rename to scripts/base/frameworks/sumstats/plugins/sample.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/std-dev.bro b/scripts/base/frameworks/sumstats/plugins/std-dev.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/std-dev.bro rename to scripts/base/frameworks/sumstats/plugins/std-dev.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/sum.bro b/scripts/base/frameworks/sumstats/plugins/sum.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/sum.bro rename to scripts/base/frameworks/sumstats/plugins/sum.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/topk.bro b/scripts/base/frameworks/sumstats/plugins/topk.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/topk.bro rename to scripts/base/frameworks/sumstats/plugins/topk.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/unique.bro b/scripts/base/frameworks/sumstats/plugins/unique.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/unique.bro rename to scripts/base/frameworks/sumstats/plugins/unique.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/variance.bro b/scripts/base/frameworks/sumstats/plugins/variance.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/variance.bro rename to scripts/base/frameworks/sumstats/plugins/variance.zeek diff --git a/scripts/base/frameworks/tunnels/__load__.bro b/scripts/base/frameworks/tunnels/__load__.zeek similarity index 100% rename from scripts/base/frameworks/tunnels/__load__.bro rename to scripts/base/frameworks/tunnels/__load__.zeek diff --git a/scripts/base/frameworks/tunnels/main.bro b/scripts/base/frameworks/tunnels/main.zeek similarity index 100% rename from scripts/base/frameworks/tunnels/main.bro rename to scripts/base/frameworks/tunnels/main.zeek diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.zeek similarity index 99% rename from scripts/base/init-bare.bro rename to scripts/base/init-bare.zeek index 3b6962f509..4575b3a694 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.zeek @@ -480,7 +480,7 @@ type NetStats: record { pkts_dropped: count &default=0; ##< Packets reported dropped by the system. ## Packets seen on the link. Note that this may differ ## from *pkts_recvd* because of a potential capture_filter. See - ## :doc:`/scripts/base/frameworks/packet-filter/main.bro`. Depending on the + ## :doc:`/scripts/base/frameworks/packet-filter/main.zeek`. Depending on the ## packet capture system, this value may not be available and will then ## be always set to zero. pkts_link: count &default=0; @@ -3395,7 +3395,7 @@ export { ## ## For more information, see MS-SMB2:2.2.41 ## - ## .. bro:see:: smb2_header smb2_message smb2_close_request smb2_close_response + ## .. bro:see:: smb2_transform_header smb2_message smb2_close_request smb2_close_response ## smb2_create_request smb2_create_response smb2_negotiate_request ## smb2_negotiate_response smb2_read_request ## smb2_session_setup_request smb2_session_setup_response @@ -4640,13 +4640,13 @@ const log_max_size = 0.0 &redef; const log_encryption_key = "" &redef; ## Write profiling info into this file in regular intervals. The easiest way to -## activate profiling is loading :doc:`/scripts/policy/misc/profiling.bro`. +## activate profiling is loading :doc:`/scripts/policy/misc/profiling.zeek`. ## ## .. bro:see:: profiling_interval expensive_profiling_multiple segment_profiling global profiling_file: file &redef; ## Update interval for profiling (0 disables). The easiest way to activate -## profiling is loading :doc:`/scripts/policy/misc/profiling.bro`. +## profiling is loading :doc:`/scripts/policy/misc/profiling.zeek`. ## ## .. bro:see:: profiling_file expensive_profiling_multiple segment_profiling const profiling_interval = 0 secs &redef; diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.zeek similarity index 98% rename from scripts/base/init-default.bro rename to scripts/base/init-default.zeek index 463f5c2942..6982b0b2f4 100644 --- a/scripts/base/init-default.bro +++ b/scripts/base/init-default.zeek @@ -25,7 +25,7 @@ @load base/utils/urls # This has some deep interplay between types and BiFs so it's -# loaded in base/init-bare.bro +# loaded in base/init-bare.zeek #@load base/frameworks/logging @load base/frameworks/notice @load base/frameworks/analyzer diff --git a/scripts/base/init-frameworks-and-bifs.bro b/scripts/base/init-frameworks-and-bifs.zeek similarity index 86% rename from scripts/base/init-frameworks-and-bifs.bro rename to scripts/base/init-frameworks-and-bifs.zeek index f772e2d223..19897e7ffb 100644 --- a/scripts/base/init-frameworks-and-bifs.bro +++ b/scripts/base/init-frameworks-and-bifs.zeek @@ -1,7 +1,7 @@ # Load these frameworks here because they use fairly deep integration with # BiFs and script-land defined types. They are also more likely to # make use of calling BIFs for variable initializations, and that -# can't be done until init-bare.bro has been loaded completely (hence +# can't be done until init-bare.zeek has been loaded completely (hence # the separate file). @load base/frameworks/logging @load base/frameworks/broker diff --git a/scripts/base/misc/find-checksum-offloading.bro b/scripts/base/misc/find-checksum-offloading.zeek similarity index 100% rename from scripts/base/misc/find-checksum-offloading.bro rename to scripts/base/misc/find-checksum-offloading.zeek diff --git a/scripts/base/misc/find-filtered-trace.bro b/scripts/base/misc/find-filtered-trace.zeek similarity index 100% rename from scripts/base/misc/find-filtered-trace.bro rename to scripts/base/misc/find-filtered-trace.zeek diff --git a/scripts/base/misc/version.bro b/scripts/base/misc/version.zeek similarity index 100% rename from scripts/base/misc/version.bro rename to scripts/base/misc/version.zeek diff --git a/scripts/base/protocols/conn/__load__.bro b/scripts/base/protocols/conn/__load__.zeek similarity index 100% rename from scripts/base/protocols/conn/__load__.bro rename to scripts/base/protocols/conn/__load__.zeek diff --git a/scripts/base/protocols/conn/contents.bro b/scripts/base/protocols/conn/contents.zeek similarity index 100% rename from scripts/base/protocols/conn/contents.bro rename to scripts/base/protocols/conn/contents.zeek diff --git a/scripts/base/protocols/conn/inactivity.bro b/scripts/base/protocols/conn/inactivity.zeek similarity index 100% rename from scripts/base/protocols/conn/inactivity.bro rename to scripts/base/protocols/conn/inactivity.zeek diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.zeek similarity index 100% rename from scripts/base/protocols/conn/main.bro rename to scripts/base/protocols/conn/main.zeek diff --git a/scripts/base/protocols/conn/polling.bro b/scripts/base/protocols/conn/polling.zeek similarity index 100% rename from scripts/base/protocols/conn/polling.bro rename to scripts/base/protocols/conn/polling.zeek diff --git a/scripts/base/protocols/conn/thresholds.bro b/scripts/base/protocols/conn/thresholds.zeek similarity index 100% rename from scripts/base/protocols/conn/thresholds.bro rename to scripts/base/protocols/conn/thresholds.zeek diff --git a/scripts/base/protocols/dce-rpc/__load__.bro b/scripts/base/protocols/dce-rpc/__load__.zeek similarity index 100% rename from scripts/base/protocols/dce-rpc/__load__.bro rename to scripts/base/protocols/dce-rpc/__load__.zeek diff --git a/scripts/base/protocols/dce-rpc/consts.bro b/scripts/base/protocols/dce-rpc/consts.zeek similarity index 100% rename from scripts/base/protocols/dce-rpc/consts.bro rename to scripts/base/protocols/dce-rpc/consts.zeek diff --git a/scripts/base/protocols/dce-rpc/main.bro b/scripts/base/protocols/dce-rpc/main.zeek similarity index 100% rename from scripts/base/protocols/dce-rpc/main.bro rename to scripts/base/protocols/dce-rpc/main.zeek diff --git a/scripts/base/protocols/dhcp/__load__.bro b/scripts/base/protocols/dhcp/__load__.zeek similarity index 100% rename from scripts/base/protocols/dhcp/__load__.bro rename to scripts/base/protocols/dhcp/__load__.zeek diff --git a/scripts/base/protocols/dhcp/consts.bro b/scripts/base/protocols/dhcp/consts.zeek similarity index 100% rename from scripts/base/protocols/dhcp/consts.bro rename to scripts/base/protocols/dhcp/consts.zeek diff --git a/scripts/base/protocols/dhcp/main.bro b/scripts/base/protocols/dhcp/main.zeek similarity index 100% rename from scripts/base/protocols/dhcp/main.bro rename to scripts/base/protocols/dhcp/main.zeek diff --git a/scripts/base/protocols/dnp3/__load__.bro b/scripts/base/protocols/dnp3/__load__.zeek similarity index 100% rename from scripts/base/protocols/dnp3/__load__.bro rename to scripts/base/protocols/dnp3/__load__.zeek diff --git a/scripts/base/protocols/dnp3/consts.bro b/scripts/base/protocols/dnp3/consts.zeek similarity index 100% rename from scripts/base/protocols/dnp3/consts.bro rename to scripts/base/protocols/dnp3/consts.zeek diff --git a/scripts/base/protocols/dnp3/main.bro b/scripts/base/protocols/dnp3/main.zeek similarity index 100% rename from scripts/base/protocols/dnp3/main.bro rename to scripts/base/protocols/dnp3/main.zeek diff --git a/scripts/base/protocols/dns/__load__.bro b/scripts/base/protocols/dns/__load__.zeek similarity index 100% rename from scripts/base/protocols/dns/__load__.bro rename to scripts/base/protocols/dns/__load__.zeek diff --git a/scripts/base/protocols/dns/consts.bro b/scripts/base/protocols/dns/consts.zeek similarity index 100% rename from scripts/base/protocols/dns/consts.bro rename to scripts/base/protocols/dns/consts.zeek diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.zeek similarity index 100% rename from scripts/base/protocols/dns/main.bro rename to scripts/base/protocols/dns/main.zeek diff --git a/scripts/base/protocols/ftp/__load__.bro b/scripts/base/protocols/ftp/__load__.zeek similarity index 100% rename from scripts/base/protocols/ftp/__load__.bro rename to scripts/base/protocols/ftp/__load__.zeek diff --git a/scripts/base/protocols/ftp/files.bro b/scripts/base/protocols/ftp/files.zeek similarity index 100% rename from scripts/base/protocols/ftp/files.bro rename to scripts/base/protocols/ftp/files.zeek diff --git a/scripts/base/protocols/ftp/gridftp.bro b/scripts/base/protocols/ftp/gridftp.zeek similarity index 100% rename from scripts/base/protocols/ftp/gridftp.bro rename to scripts/base/protocols/ftp/gridftp.zeek diff --git a/scripts/base/protocols/ftp/info.bro b/scripts/base/protocols/ftp/info.zeek similarity index 100% rename from scripts/base/protocols/ftp/info.bro rename to scripts/base/protocols/ftp/info.zeek diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.zeek similarity index 100% rename from scripts/base/protocols/ftp/main.bro rename to scripts/base/protocols/ftp/main.zeek diff --git a/scripts/base/protocols/ftp/utils-commands.bro b/scripts/base/protocols/ftp/utils-commands.zeek similarity index 100% rename from scripts/base/protocols/ftp/utils-commands.bro rename to scripts/base/protocols/ftp/utils-commands.zeek diff --git a/scripts/base/protocols/ftp/utils.bro b/scripts/base/protocols/ftp/utils.zeek similarity index 100% rename from scripts/base/protocols/ftp/utils.bro rename to scripts/base/protocols/ftp/utils.zeek diff --git a/scripts/base/protocols/http/__load__.bro b/scripts/base/protocols/http/__load__.zeek similarity index 100% rename from scripts/base/protocols/http/__load__.bro rename to scripts/base/protocols/http/__load__.zeek diff --git a/scripts/base/protocols/http/entities.bro b/scripts/base/protocols/http/entities.zeek similarity index 100% rename from scripts/base/protocols/http/entities.bro rename to scripts/base/protocols/http/entities.zeek diff --git a/scripts/base/protocols/http/files.bro b/scripts/base/protocols/http/files.zeek similarity index 100% rename from scripts/base/protocols/http/files.bro rename to scripts/base/protocols/http/files.zeek diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.zeek similarity index 100% rename from scripts/base/protocols/http/main.bro rename to scripts/base/protocols/http/main.zeek diff --git a/scripts/base/protocols/http/utils.bro b/scripts/base/protocols/http/utils.zeek similarity index 100% rename from scripts/base/protocols/http/utils.bro rename to scripts/base/protocols/http/utils.zeek diff --git a/scripts/base/protocols/imap/__load__.bro b/scripts/base/protocols/imap/__load__.zeek similarity index 100% rename from scripts/base/protocols/imap/__load__.bro rename to scripts/base/protocols/imap/__load__.zeek diff --git a/scripts/base/protocols/imap/main.bro b/scripts/base/protocols/imap/main.zeek similarity index 100% rename from scripts/base/protocols/imap/main.bro rename to scripts/base/protocols/imap/main.zeek diff --git a/scripts/base/protocols/irc/__load__.bro b/scripts/base/protocols/irc/__load__.zeek similarity index 100% rename from scripts/base/protocols/irc/__load__.bro rename to scripts/base/protocols/irc/__load__.zeek diff --git a/scripts/base/protocols/irc/dcc-send.bro b/scripts/base/protocols/irc/dcc-send.zeek similarity index 100% rename from scripts/base/protocols/irc/dcc-send.bro rename to scripts/base/protocols/irc/dcc-send.zeek diff --git a/scripts/base/protocols/irc/files.bro b/scripts/base/protocols/irc/files.zeek similarity index 100% rename from scripts/base/protocols/irc/files.bro rename to scripts/base/protocols/irc/files.zeek diff --git a/scripts/base/protocols/irc/main.bro b/scripts/base/protocols/irc/main.zeek similarity index 100% rename from scripts/base/protocols/irc/main.bro rename to scripts/base/protocols/irc/main.zeek diff --git a/scripts/base/protocols/krb/__load__.bro b/scripts/base/protocols/krb/__load__.zeek similarity index 100% rename from scripts/base/protocols/krb/__load__.bro rename to scripts/base/protocols/krb/__load__.zeek diff --git a/scripts/base/protocols/krb/consts.bro b/scripts/base/protocols/krb/consts.zeek similarity index 100% rename from scripts/base/protocols/krb/consts.bro rename to scripts/base/protocols/krb/consts.zeek diff --git a/scripts/base/protocols/krb/files.bro b/scripts/base/protocols/krb/files.zeek similarity index 100% rename from scripts/base/protocols/krb/files.bro rename to scripts/base/protocols/krb/files.zeek diff --git a/scripts/base/protocols/krb/main.bro b/scripts/base/protocols/krb/main.zeek similarity index 100% rename from scripts/base/protocols/krb/main.bro rename to scripts/base/protocols/krb/main.zeek diff --git a/scripts/base/protocols/modbus/__load__.bro b/scripts/base/protocols/modbus/__load__.zeek similarity index 100% rename from scripts/base/protocols/modbus/__load__.bro rename to scripts/base/protocols/modbus/__load__.zeek diff --git a/scripts/base/protocols/modbus/consts.bro b/scripts/base/protocols/modbus/consts.zeek similarity index 100% rename from scripts/base/protocols/modbus/consts.bro rename to scripts/base/protocols/modbus/consts.zeek diff --git a/scripts/base/protocols/modbus/main.bro b/scripts/base/protocols/modbus/main.zeek similarity index 100% rename from scripts/base/protocols/modbus/main.bro rename to scripts/base/protocols/modbus/main.zeek diff --git a/scripts/base/protocols/mysql/__load__.bro b/scripts/base/protocols/mysql/__load__.zeek similarity index 100% rename from scripts/base/protocols/mysql/__load__.bro rename to scripts/base/protocols/mysql/__load__.zeek diff --git a/scripts/base/protocols/mysql/consts.bro b/scripts/base/protocols/mysql/consts.zeek similarity index 100% rename from scripts/base/protocols/mysql/consts.bro rename to scripts/base/protocols/mysql/consts.zeek diff --git a/scripts/base/protocols/mysql/main.bro b/scripts/base/protocols/mysql/main.zeek similarity index 100% rename from scripts/base/protocols/mysql/main.bro rename to scripts/base/protocols/mysql/main.zeek diff --git a/scripts/base/protocols/ntlm/__load__.bro b/scripts/base/protocols/ntlm/__load__.zeek similarity index 100% rename from scripts/base/protocols/ntlm/__load__.bro rename to scripts/base/protocols/ntlm/__load__.zeek diff --git a/scripts/base/protocols/ntlm/main.bro b/scripts/base/protocols/ntlm/main.zeek similarity index 100% rename from scripts/base/protocols/ntlm/main.bro rename to scripts/base/protocols/ntlm/main.zeek diff --git a/scripts/base/protocols/pop3/__load__.bro b/scripts/base/protocols/pop3/__load__.zeek similarity index 100% rename from scripts/base/protocols/pop3/__load__.bro rename to scripts/base/protocols/pop3/__load__.zeek diff --git a/scripts/base/protocols/radius/__load__.bro b/scripts/base/protocols/radius/__load__.zeek similarity index 100% rename from scripts/base/protocols/radius/__load__.bro rename to scripts/base/protocols/radius/__load__.zeek diff --git a/scripts/base/protocols/radius/consts.bro b/scripts/base/protocols/radius/consts.zeek similarity index 100% rename from scripts/base/protocols/radius/consts.bro rename to scripts/base/protocols/radius/consts.zeek diff --git a/scripts/base/protocols/radius/main.bro b/scripts/base/protocols/radius/main.zeek similarity index 99% rename from scripts/base/protocols/radius/main.bro rename to scripts/base/protocols/radius/main.zeek index ea30b27911..7c4e721ed6 100644 --- a/scripts/base/protocols/radius/main.bro +++ b/scripts/base/protocols/radius/main.zeek @@ -2,7 +2,7 @@ module RADIUS; -@load ./consts.bro +@load ./consts @load base/utils/addrs export { diff --git a/scripts/base/protocols/rdp/__load__.bro b/scripts/base/protocols/rdp/__load__.zeek similarity index 100% rename from scripts/base/protocols/rdp/__load__.bro rename to scripts/base/protocols/rdp/__load__.zeek diff --git a/scripts/base/protocols/rdp/consts.bro b/scripts/base/protocols/rdp/consts.zeek similarity index 100% rename from scripts/base/protocols/rdp/consts.bro rename to scripts/base/protocols/rdp/consts.zeek diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.zeek similarity index 100% rename from scripts/base/protocols/rdp/main.bro rename to scripts/base/protocols/rdp/main.zeek diff --git a/scripts/base/protocols/rfb/__load__.bro b/scripts/base/protocols/rfb/__load__.zeek similarity index 100% rename from scripts/base/protocols/rfb/__load__.bro rename to scripts/base/protocols/rfb/__load__.zeek diff --git a/scripts/base/protocols/rfb/main.bro b/scripts/base/protocols/rfb/main.zeek similarity index 100% rename from scripts/base/protocols/rfb/main.bro rename to scripts/base/protocols/rfb/main.zeek diff --git a/scripts/base/protocols/sip/__load__.bro b/scripts/base/protocols/sip/__load__.zeek similarity index 100% rename from scripts/base/protocols/sip/__load__.bro rename to scripts/base/protocols/sip/__load__.zeek diff --git a/scripts/base/protocols/sip/main.bro b/scripts/base/protocols/sip/main.zeek similarity index 100% rename from scripts/base/protocols/sip/main.bro rename to scripts/base/protocols/sip/main.zeek diff --git a/scripts/base/protocols/smb/__load__.bro b/scripts/base/protocols/smb/__load__.zeek similarity index 100% rename from scripts/base/protocols/smb/__load__.bro rename to scripts/base/protocols/smb/__load__.zeek diff --git a/scripts/base/protocols/smb/const-dos-error.bro b/scripts/base/protocols/smb/const-dos-error.zeek similarity index 100% rename from scripts/base/protocols/smb/const-dos-error.bro rename to scripts/base/protocols/smb/const-dos-error.zeek diff --git a/scripts/base/protocols/smb/const-nt-status.bro b/scripts/base/protocols/smb/const-nt-status.zeek similarity index 100% rename from scripts/base/protocols/smb/const-nt-status.bro rename to scripts/base/protocols/smb/const-nt-status.zeek diff --git a/scripts/base/protocols/smb/consts.bro b/scripts/base/protocols/smb/consts.zeek similarity index 99% rename from scripts/base/protocols/smb/consts.bro rename to scripts/base/protocols/smb/consts.zeek index f36d029be9..32a03dd17d 100644 --- a/scripts/base/protocols/smb/consts.bro +++ b/scripts/base/protocols/smb/consts.zeek @@ -12,7 +12,7 @@ export { ## Heuristic detection of named pipes when the pipe ## mapping isn't seen. This variable is defined in - ## init-bare.bro. + ## init-bare.zeek. redef SMB::pipe_filenames = { "spoolss", "winreg", diff --git a/scripts/base/protocols/smb/files.bro b/scripts/base/protocols/smb/files.zeek similarity index 100% rename from scripts/base/protocols/smb/files.bro rename to scripts/base/protocols/smb/files.zeek diff --git a/scripts/base/protocols/smb/main.bro b/scripts/base/protocols/smb/main.zeek similarity index 100% rename from scripts/base/protocols/smb/main.bro rename to scripts/base/protocols/smb/main.zeek diff --git a/scripts/base/protocols/smb/smb1-main.bro b/scripts/base/protocols/smb/smb1-main.zeek similarity index 100% rename from scripts/base/protocols/smb/smb1-main.bro rename to scripts/base/protocols/smb/smb1-main.zeek diff --git a/scripts/base/protocols/smb/smb2-main.bro b/scripts/base/protocols/smb/smb2-main.zeek similarity index 100% rename from scripts/base/protocols/smb/smb2-main.bro rename to scripts/base/protocols/smb/smb2-main.zeek diff --git a/scripts/base/protocols/smtp/__load__.bro b/scripts/base/protocols/smtp/__load__.zeek similarity index 100% rename from scripts/base/protocols/smtp/__load__.bro rename to scripts/base/protocols/smtp/__load__.zeek diff --git a/scripts/base/protocols/smtp/entities.bro b/scripts/base/protocols/smtp/entities.zeek similarity index 100% rename from scripts/base/protocols/smtp/entities.bro rename to scripts/base/protocols/smtp/entities.zeek diff --git a/scripts/base/protocols/smtp/files.bro b/scripts/base/protocols/smtp/files.zeek similarity index 100% rename from scripts/base/protocols/smtp/files.bro rename to scripts/base/protocols/smtp/files.zeek diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.zeek similarity index 100% rename from scripts/base/protocols/smtp/main.bro rename to scripts/base/protocols/smtp/main.zeek diff --git a/scripts/base/protocols/snmp/__load__.bro b/scripts/base/protocols/snmp/__load__.zeek similarity index 100% rename from scripts/base/protocols/snmp/__load__.bro rename to scripts/base/protocols/snmp/__load__.zeek diff --git a/scripts/base/protocols/snmp/main.bro b/scripts/base/protocols/snmp/main.zeek similarity index 100% rename from scripts/base/protocols/snmp/main.bro rename to scripts/base/protocols/snmp/main.zeek diff --git a/scripts/base/protocols/socks/__load__.bro b/scripts/base/protocols/socks/__load__.zeek similarity index 100% rename from scripts/base/protocols/socks/__load__.bro rename to scripts/base/protocols/socks/__load__.zeek diff --git a/scripts/base/protocols/socks/consts.bro b/scripts/base/protocols/socks/consts.zeek similarity index 100% rename from scripts/base/protocols/socks/consts.bro rename to scripts/base/protocols/socks/consts.zeek diff --git a/scripts/base/protocols/socks/main.bro b/scripts/base/protocols/socks/main.zeek similarity index 100% rename from scripts/base/protocols/socks/main.bro rename to scripts/base/protocols/socks/main.zeek diff --git a/scripts/base/protocols/ssh/__load__.bro b/scripts/base/protocols/ssh/__load__.zeek similarity index 100% rename from scripts/base/protocols/ssh/__load__.bro rename to scripts/base/protocols/ssh/__load__.zeek diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.zeek similarity index 100% rename from scripts/base/protocols/ssh/main.bro rename to scripts/base/protocols/ssh/main.zeek diff --git a/scripts/base/protocols/ssl/__load__.bro b/scripts/base/protocols/ssl/__load__.zeek similarity index 100% rename from scripts/base/protocols/ssl/__load__.bro rename to scripts/base/protocols/ssl/__load__.zeek diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.zeek similarity index 100% rename from scripts/base/protocols/ssl/consts.bro rename to scripts/base/protocols/ssl/consts.zeek diff --git a/scripts/base/protocols/ssl/ct-list.bro b/scripts/base/protocols/ssl/ct-list.zeek similarity index 100% rename from scripts/base/protocols/ssl/ct-list.bro rename to scripts/base/protocols/ssl/ct-list.zeek diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.zeek similarity index 100% rename from scripts/base/protocols/ssl/files.bro rename to scripts/base/protocols/ssl/files.zeek diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.zeek similarity index 99% rename from scripts/base/protocols/ssl/main.bro rename to scripts/base/protocols/ssl/main.zeek index 8abb6e1d3f..73a8639891 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.zeek @@ -69,7 +69,7 @@ export { logged: bool &default=F; }; - ## The default root CA bundle. By default, the mozilla-ca-list.bro + ## The default root CA bundle. By default, the mozilla-ca-list.zeek ## script sets this to Mozilla's root CA list. const root_certs: table[string] of string = {} &redef; @@ -88,7 +88,7 @@ export { url: string; }; - ## The Certificate Transparency log bundle. By default, the ct-list.bro + ## The Certificate Transparency log bundle. By default, the ct-list.zeek ## script sets this to the current list of known logs. Entries ## are indexed by (binary) log-id. option ct_logs: table[string] of CTInfo = {}; diff --git a/scripts/base/protocols/ssl/mozilla-ca-list.bro b/scripts/base/protocols/ssl/mozilla-ca-list.zeek similarity index 100% rename from scripts/base/protocols/ssl/mozilla-ca-list.bro rename to scripts/base/protocols/ssl/mozilla-ca-list.zeek diff --git a/scripts/base/protocols/syslog/__load__.bro b/scripts/base/protocols/syslog/__load__.zeek similarity index 100% rename from scripts/base/protocols/syslog/__load__.bro rename to scripts/base/protocols/syslog/__load__.zeek diff --git a/scripts/base/protocols/syslog/consts.bro b/scripts/base/protocols/syslog/consts.zeek similarity index 100% rename from scripts/base/protocols/syslog/consts.bro rename to scripts/base/protocols/syslog/consts.zeek diff --git a/scripts/base/protocols/syslog/main.bro b/scripts/base/protocols/syslog/main.zeek similarity index 100% rename from scripts/base/protocols/syslog/main.bro rename to scripts/base/protocols/syslog/main.zeek diff --git a/scripts/base/protocols/tunnels/__load__.bro b/scripts/base/protocols/tunnels/__load__.zeek similarity index 100% rename from scripts/base/protocols/tunnels/__load__.bro rename to scripts/base/protocols/tunnels/__load__.zeek diff --git a/scripts/base/protocols/xmpp/__load__.bro b/scripts/base/protocols/xmpp/__load__.zeek similarity index 100% rename from scripts/base/protocols/xmpp/__load__.bro rename to scripts/base/protocols/xmpp/__load__.zeek diff --git a/scripts/base/protocols/xmpp/main.bro b/scripts/base/protocols/xmpp/main.zeek similarity index 100% rename from scripts/base/protocols/xmpp/main.bro rename to scripts/base/protocols/xmpp/main.zeek diff --git a/scripts/base/utils/active-http.bro b/scripts/base/utils/active-http.zeek similarity index 100% rename from scripts/base/utils/active-http.bro rename to scripts/base/utils/active-http.zeek diff --git a/scripts/base/utils/addrs.bro b/scripts/base/utils/addrs.zeek similarity index 100% rename from scripts/base/utils/addrs.bro rename to scripts/base/utils/addrs.zeek diff --git a/scripts/base/utils/conn-ids.bro b/scripts/base/utils/conn-ids.zeek similarity index 100% rename from scripts/base/utils/conn-ids.bro rename to scripts/base/utils/conn-ids.zeek diff --git a/scripts/base/utils/dir.bro b/scripts/base/utils/dir.zeek similarity index 100% rename from scripts/base/utils/dir.bro rename to scripts/base/utils/dir.zeek diff --git a/scripts/base/utils/directions-and-hosts.bro b/scripts/base/utils/directions-and-hosts.zeek similarity index 100% rename from scripts/base/utils/directions-and-hosts.bro rename to scripts/base/utils/directions-and-hosts.zeek diff --git a/scripts/base/utils/email.bro b/scripts/base/utils/email.zeek similarity index 100% rename from scripts/base/utils/email.bro rename to scripts/base/utils/email.zeek diff --git a/scripts/base/utils/exec.bro b/scripts/base/utils/exec.zeek similarity index 100% rename from scripts/base/utils/exec.bro rename to scripts/base/utils/exec.zeek diff --git a/scripts/base/utils/files.bro b/scripts/base/utils/files.zeek similarity index 100% rename from scripts/base/utils/files.bro rename to scripts/base/utils/files.zeek diff --git a/scripts/base/utils/geoip-distance.bro b/scripts/base/utils/geoip-distance.zeek similarity index 100% rename from scripts/base/utils/geoip-distance.bro rename to scripts/base/utils/geoip-distance.zeek diff --git a/scripts/base/utils/hash_hrw.bro b/scripts/base/utils/hash_hrw.zeek similarity index 100% rename from scripts/base/utils/hash_hrw.bro rename to scripts/base/utils/hash_hrw.zeek diff --git a/scripts/base/utils/json.bro b/scripts/base/utils/json.zeek similarity index 100% rename from scripts/base/utils/json.bro rename to scripts/base/utils/json.zeek diff --git a/scripts/base/utils/numbers.bro b/scripts/base/utils/numbers.zeek similarity index 100% rename from scripts/base/utils/numbers.bro rename to scripts/base/utils/numbers.zeek diff --git a/scripts/base/utils/paths.bro b/scripts/base/utils/paths.zeek similarity index 100% rename from scripts/base/utils/paths.bro rename to scripts/base/utils/paths.zeek diff --git a/scripts/base/utils/patterns.bro b/scripts/base/utils/patterns.zeek similarity index 100% rename from scripts/base/utils/patterns.bro rename to scripts/base/utils/patterns.zeek diff --git a/scripts/base/utils/queue.bro b/scripts/base/utils/queue.zeek similarity index 100% rename from scripts/base/utils/queue.bro rename to scripts/base/utils/queue.zeek diff --git a/scripts/base/utils/site.bro b/scripts/base/utils/site.zeek similarity index 100% rename from scripts/base/utils/site.bro rename to scripts/base/utils/site.zeek diff --git a/scripts/base/utils/strings.bro b/scripts/base/utils/strings.zeek similarity index 100% rename from scripts/base/utils/strings.bro rename to scripts/base/utils/strings.zeek diff --git a/scripts/base/utils/thresholds.bro b/scripts/base/utils/thresholds.zeek similarity index 100% rename from scripts/base/utils/thresholds.bro rename to scripts/base/utils/thresholds.zeek diff --git a/scripts/base/utils/time.bro b/scripts/base/utils/time.zeek similarity index 100% rename from scripts/base/utils/time.bro rename to scripts/base/utils/time.zeek diff --git a/scripts/base/utils/urls.bro b/scripts/base/utils/urls.zeek similarity index 100% rename from scripts/base/utils/urls.bro rename to scripts/base/utils/urls.zeek diff --git a/scripts/broxygen/__load__.bro b/scripts/broxygen/__load__.bro deleted file mode 100644 index 5d4ac5ea03..0000000000 --- a/scripts/broxygen/__load__.bro +++ /dev/null @@ -1,17 +0,0 @@ -@load test-all-policy.bro - -# Scripts which are commented out in test-all-policy.bro. -@load protocols/ssl/notary.bro -@load frameworks/control/controllee.bro -@load frameworks/control/controller.bro -@load frameworks/files/extract-all-files.bro -@load policy/misc/dump-events.bro -@load policy/protocols/dhcp/deprecated_events.bro -@load policy/protocols/smb/__load__.bro - -@load ./example.bro - -event bro_init() - { - terminate(); - } diff --git a/scripts/broxygen/__load__.zeek b/scripts/broxygen/__load__.zeek new file mode 100644 index 0000000000..51e119a2c6 --- /dev/null +++ b/scripts/broxygen/__load__.zeek @@ -0,0 +1,17 @@ +@load test-all-policy.zeek + +# Scripts which are commented out in test-all-policy.zeek. +@load protocols/ssl/notary.zeek +@load frameworks/control/controllee.zeek +@load frameworks/control/controller.zeek +@load frameworks/files/extract-all-files.zeek +@load policy/misc/dump-events.zeek +@load policy/protocols/dhcp/deprecated_events.zeek +@load policy/protocols/smb/__load__.zeek + +@load ./example.zeek + +event bro_init() + { + terminate(); + } diff --git a/scripts/broxygen/example.bro b/scripts/broxygen/example.zeek similarity index 100% rename from scripts/broxygen/example.bro rename to scripts/broxygen/example.zeek diff --git a/scripts/policy/files/x509/log-ocsp.bro b/scripts/policy/files/x509/log-ocsp.zeek similarity index 100% rename from scripts/policy/files/x509/log-ocsp.bro rename to scripts/policy/files/x509/log-ocsp.zeek diff --git a/scripts/policy/frameworks/control/controllee.bro b/scripts/policy/frameworks/control/controllee.zeek similarity index 100% rename from scripts/policy/frameworks/control/controllee.bro rename to scripts/policy/frameworks/control/controllee.zeek diff --git a/scripts/policy/frameworks/control/controller.bro b/scripts/policy/frameworks/control/controller.zeek similarity index 100% rename from scripts/policy/frameworks/control/controller.bro rename to scripts/policy/frameworks/control/controller.zeek diff --git a/scripts/policy/frameworks/dpd/detect-protocols.bro b/scripts/policy/frameworks/dpd/detect-protocols.zeek similarity index 100% rename from scripts/policy/frameworks/dpd/detect-protocols.bro rename to scripts/policy/frameworks/dpd/detect-protocols.zeek diff --git a/scripts/policy/frameworks/dpd/packet-segment-logging.bro b/scripts/policy/frameworks/dpd/packet-segment-logging.zeek similarity index 100% rename from scripts/policy/frameworks/dpd/packet-segment-logging.bro rename to scripts/policy/frameworks/dpd/packet-segment-logging.zeek diff --git a/scripts/policy/frameworks/files/detect-MHR.bro b/scripts/policy/frameworks/files/detect-MHR.zeek similarity index 100% rename from scripts/policy/frameworks/files/detect-MHR.bro rename to scripts/policy/frameworks/files/detect-MHR.zeek diff --git a/scripts/policy/frameworks/files/entropy-test-all-files.bro b/scripts/policy/frameworks/files/entropy-test-all-files.zeek similarity index 100% rename from scripts/policy/frameworks/files/entropy-test-all-files.bro rename to scripts/policy/frameworks/files/entropy-test-all-files.zeek diff --git a/scripts/policy/frameworks/files/extract-all-files.bro b/scripts/policy/frameworks/files/extract-all-files.zeek similarity index 100% rename from scripts/policy/frameworks/files/extract-all-files.bro rename to scripts/policy/frameworks/files/extract-all-files.zeek diff --git a/scripts/policy/frameworks/files/hash-all-files.bro b/scripts/policy/frameworks/files/hash-all-files.zeek similarity index 100% rename from scripts/policy/frameworks/files/hash-all-files.bro rename to scripts/policy/frameworks/files/hash-all-files.zeek diff --git a/scripts/policy/frameworks/intel/do_expire.bro b/scripts/policy/frameworks/intel/do_expire.zeek similarity index 100% rename from scripts/policy/frameworks/intel/do_expire.bro rename to scripts/policy/frameworks/intel/do_expire.zeek diff --git a/scripts/policy/frameworks/intel/do_notice.bro b/scripts/policy/frameworks/intel/do_notice.zeek similarity index 100% rename from scripts/policy/frameworks/intel/do_notice.bro rename to scripts/policy/frameworks/intel/do_notice.zeek diff --git a/scripts/policy/frameworks/intel/removal.bro b/scripts/policy/frameworks/intel/removal.zeek similarity index 100% rename from scripts/policy/frameworks/intel/removal.bro rename to scripts/policy/frameworks/intel/removal.zeek diff --git a/scripts/policy/frameworks/intel/seen/__load__.bro b/scripts/policy/frameworks/intel/seen/__load__.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/__load__.bro rename to scripts/policy/frameworks/intel/seen/__load__.zeek diff --git a/scripts/policy/frameworks/intel/seen/conn-established.bro b/scripts/policy/frameworks/intel/seen/conn-established.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/conn-established.bro rename to scripts/policy/frameworks/intel/seen/conn-established.zeek diff --git a/scripts/policy/frameworks/intel/seen/dns.bro b/scripts/policy/frameworks/intel/seen/dns.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/dns.bro rename to scripts/policy/frameworks/intel/seen/dns.zeek diff --git a/scripts/policy/frameworks/intel/seen/file-hashes.bro b/scripts/policy/frameworks/intel/seen/file-hashes.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/file-hashes.bro rename to scripts/policy/frameworks/intel/seen/file-hashes.zeek diff --git a/scripts/policy/frameworks/intel/seen/file-names.bro b/scripts/policy/frameworks/intel/seen/file-names.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/file-names.bro rename to scripts/policy/frameworks/intel/seen/file-names.zeek diff --git a/scripts/policy/frameworks/intel/seen/http-headers.bro b/scripts/policy/frameworks/intel/seen/http-headers.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/http-headers.bro rename to scripts/policy/frameworks/intel/seen/http-headers.zeek diff --git a/scripts/policy/frameworks/intel/seen/http-url.bro b/scripts/policy/frameworks/intel/seen/http-url.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/http-url.bro rename to scripts/policy/frameworks/intel/seen/http-url.zeek diff --git a/scripts/policy/frameworks/intel/seen/pubkey-hashes.bro b/scripts/policy/frameworks/intel/seen/pubkey-hashes.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/pubkey-hashes.bro rename to scripts/policy/frameworks/intel/seen/pubkey-hashes.zeek diff --git a/scripts/policy/frameworks/intel/seen/smb-filenames.bro b/scripts/policy/frameworks/intel/seen/smb-filenames.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/smb-filenames.bro rename to scripts/policy/frameworks/intel/seen/smb-filenames.zeek diff --git a/scripts/policy/frameworks/intel/seen/smtp-url-extraction.bro b/scripts/policy/frameworks/intel/seen/smtp-url-extraction.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/smtp-url-extraction.bro rename to scripts/policy/frameworks/intel/seen/smtp-url-extraction.zeek diff --git a/scripts/policy/frameworks/intel/seen/smtp.bro b/scripts/policy/frameworks/intel/seen/smtp.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/smtp.bro rename to scripts/policy/frameworks/intel/seen/smtp.zeek diff --git a/scripts/policy/frameworks/intel/seen/ssl.bro b/scripts/policy/frameworks/intel/seen/ssl.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/ssl.bro rename to scripts/policy/frameworks/intel/seen/ssl.zeek diff --git a/scripts/policy/frameworks/intel/seen/where-locations.bro b/scripts/policy/frameworks/intel/seen/where-locations.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/where-locations.bro rename to scripts/policy/frameworks/intel/seen/where-locations.zeek diff --git a/scripts/policy/frameworks/intel/seen/x509.bro b/scripts/policy/frameworks/intel/seen/x509.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/x509.bro rename to scripts/policy/frameworks/intel/seen/x509.zeek diff --git a/scripts/policy/frameworks/intel/whitelist.bro b/scripts/policy/frameworks/intel/whitelist.zeek similarity index 100% rename from scripts/policy/frameworks/intel/whitelist.bro rename to scripts/policy/frameworks/intel/whitelist.zeek diff --git a/scripts/policy/frameworks/notice/__load__.bro b/scripts/policy/frameworks/notice/__load__.zeek similarity index 100% rename from scripts/policy/frameworks/notice/__load__.bro rename to scripts/policy/frameworks/notice/__load__.zeek diff --git a/scripts/policy/frameworks/notice/extend-email/hostnames.bro b/scripts/policy/frameworks/notice/extend-email/hostnames.zeek similarity index 100% rename from scripts/policy/frameworks/notice/extend-email/hostnames.bro rename to scripts/policy/frameworks/notice/extend-email/hostnames.zeek diff --git a/scripts/policy/frameworks/packet-filter/shunt.bro b/scripts/policy/frameworks/packet-filter/shunt.zeek similarity index 100% rename from scripts/policy/frameworks/packet-filter/shunt.bro rename to scripts/policy/frameworks/packet-filter/shunt.zeek diff --git a/scripts/policy/frameworks/software/version-changes.bro b/scripts/policy/frameworks/software/version-changes.zeek similarity index 100% rename from scripts/policy/frameworks/software/version-changes.bro rename to scripts/policy/frameworks/software/version-changes.zeek diff --git a/scripts/policy/frameworks/software/vulnerable.bro b/scripts/policy/frameworks/software/vulnerable.zeek similarity index 100% rename from scripts/policy/frameworks/software/vulnerable.bro rename to scripts/policy/frameworks/software/vulnerable.zeek diff --git a/scripts/policy/frameworks/software/windows-version-detection.bro b/scripts/policy/frameworks/software/windows-version-detection.zeek similarity index 100% rename from scripts/policy/frameworks/software/windows-version-detection.bro rename to scripts/policy/frameworks/software/windows-version-detection.zeek diff --git a/scripts/policy/integration/barnyard2/__load__.bro b/scripts/policy/integration/barnyard2/__load__.zeek similarity index 100% rename from scripts/policy/integration/barnyard2/__load__.bro rename to scripts/policy/integration/barnyard2/__load__.zeek diff --git a/scripts/policy/integration/barnyard2/main.bro b/scripts/policy/integration/barnyard2/main.zeek similarity index 100% rename from scripts/policy/integration/barnyard2/main.bro rename to scripts/policy/integration/barnyard2/main.zeek diff --git a/scripts/policy/integration/barnyard2/types.bro b/scripts/policy/integration/barnyard2/types.zeek similarity index 100% rename from scripts/policy/integration/barnyard2/types.bro rename to scripts/policy/integration/barnyard2/types.zeek diff --git a/scripts/policy/integration/collective-intel/__load__.bro b/scripts/policy/integration/collective-intel/__load__.zeek similarity index 100% rename from scripts/policy/integration/collective-intel/__load__.bro rename to scripts/policy/integration/collective-intel/__load__.zeek diff --git a/scripts/policy/integration/collective-intel/main.bro b/scripts/policy/integration/collective-intel/main.zeek similarity index 100% rename from scripts/policy/integration/collective-intel/main.bro rename to scripts/policy/integration/collective-intel/main.zeek diff --git a/scripts/policy/misc/capture-loss.bro b/scripts/policy/misc/capture-loss.zeek similarity index 100% rename from scripts/policy/misc/capture-loss.bro rename to scripts/policy/misc/capture-loss.zeek diff --git a/scripts/policy/misc/detect-traceroute/__load__.bro b/scripts/policy/misc/detect-traceroute/__load__.zeek similarity index 100% rename from scripts/policy/misc/detect-traceroute/__load__.bro rename to scripts/policy/misc/detect-traceroute/__load__.zeek diff --git a/scripts/policy/misc/detect-traceroute/main.bro b/scripts/policy/misc/detect-traceroute/main.zeek similarity index 100% rename from scripts/policy/misc/detect-traceroute/main.bro rename to scripts/policy/misc/detect-traceroute/main.zeek diff --git a/scripts/policy/misc/dump-events.bro b/scripts/policy/misc/dump-events.zeek similarity index 100% rename from scripts/policy/misc/dump-events.bro rename to scripts/policy/misc/dump-events.zeek diff --git a/scripts/policy/misc/load-balancing.bro b/scripts/policy/misc/load-balancing.zeek similarity index 100% rename from scripts/policy/misc/load-balancing.bro rename to scripts/policy/misc/load-balancing.zeek diff --git a/scripts/policy/misc/loaded-scripts.bro b/scripts/policy/misc/loaded-scripts.zeek similarity index 100% rename from scripts/policy/misc/loaded-scripts.bro rename to scripts/policy/misc/loaded-scripts.zeek diff --git a/scripts/policy/misc/profiling.bro b/scripts/policy/misc/profiling.zeek similarity index 100% rename from scripts/policy/misc/profiling.bro rename to scripts/policy/misc/profiling.zeek diff --git a/scripts/policy/misc/scan.bro b/scripts/policy/misc/scan.zeek similarity index 100% rename from scripts/policy/misc/scan.bro rename to scripts/policy/misc/scan.zeek diff --git a/scripts/policy/misc/stats.bro b/scripts/policy/misc/stats.zeek similarity index 100% rename from scripts/policy/misc/stats.bro rename to scripts/policy/misc/stats.zeek diff --git a/scripts/policy/misc/trim-trace-file.bro b/scripts/policy/misc/trim-trace-file.zeek similarity index 100% rename from scripts/policy/misc/trim-trace-file.bro rename to scripts/policy/misc/trim-trace-file.zeek diff --git a/scripts/policy/misc/weird-stats.bro b/scripts/policy/misc/weird-stats.zeek similarity index 100% rename from scripts/policy/misc/weird-stats.bro rename to scripts/policy/misc/weird-stats.zeek diff --git a/scripts/policy/protocols/conn/known-hosts.bro b/scripts/policy/protocols/conn/known-hosts.zeek similarity index 100% rename from scripts/policy/protocols/conn/known-hosts.bro rename to scripts/policy/protocols/conn/known-hosts.zeek diff --git a/scripts/policy/protocols/conn/known-services.bro b/scripts/policy/protocols/conn/known-services.zeek similarity index 100% rename from scripts/policy/protocols/conn/known-services.bro rename to scripts/policy/protocols/conn/known-services.zeek diff --git a/scripts/policy/protocols/conn/mac-logging.bro b/scripts/policy/protocols/conn/mac-logging.zeek similarity index 100% rename from scripts/policy/protocols/conn/mac-logging.bro rename to scripts/policy/protocols/conn/mac-logging.zeek diff --git a/scripts/policy/protocols/conn/vlan-logging.bro b/scripts/policy/protocols/conn/vlan-logging.zeek similarity index 100% rename from scripts/policy/protocols/conn/vlan-logging.bro rename to scripts/policy/protocols/conn/vlan-logging.zeek diff --git a/scripts/policy/protocols/conn/weirds.bro b/scripts/policy/protocols/conn/weirds.zeek similarity index 100% rename from scripts/policy/protocols/conn/weirds.bro rename to scripts/policy/protocols/conn/weirds.zeek diff --git a/scripts/policy/protocols/dhcp/deprecated_events.bro b/scripts/policy/protocols/dhcp/deprecated_events.zeek similarity index 100% rename from scripts/policy/protocols/dhcp/deprecated_events.bro rename to scripts/policy/protocols/dhcp/deprecated_events.zeek diff --git a/scripts/policy/protocols/dhcp/msg-orig.bro b/scripts/policy/protocols/dhcp/msg-orig.zeek similarity index 100% rename from scripts/policy/protocols/dhcp/msg-orig.bro rename to scripts/policy/protocols/dhcp/msg-orig.zeek diff --git a/scripts/policy/protocols/dhcp/software.bro b/scripts/policy/protocols/dhcp/software.zeek similarity index 100% rename from scripts/policy/protocols/dhcp/software.bro rename to scripts/policy/protocols/dhcp/software.zeek diff --git a/scripts/policy/protocols/dhcp/sub-opts.bro b/scripts/policy/protocols/dhcp/sub-opts.zeek similarity index 100% rename from scripts/policy/protocols/dhcp/sub-opts.bro rename to scripts/policy/protocols/dhcp/sub-opts.zeek diff --git a/scripts/policy/protocols/dns/auth-addl.bro b/scripts/policy/protocols/dns/auth-addl.zeek similarity index 100% rename from scripts/policy/protocols/dns/auth-addl.bro rename to scripts/policy/protocols/dns/auth-addl.zeek diff --git a/scripts/policy/protocols/dns/detect-external-names.bro b/scripts/policy/protocols/dns/detect-external-names.zeek similarity index 100% rename from scripts/policy/protocols/dns/detect-external-names.bro rename to scripts/policy/protocols/dns/detect-external-names.zeek diff --git a/scripts/policy/protocols/ftp/detect-bruteforcing.bro b/scripts/policy/protocols/ftp/detect-bruteforcing.zeek similarity index 100% rename from scripts/policy/protocols/ftp/detect-bruteforcing.bro rename to scripts/policy/protocols/ftp/detect-bruteforcing.zeek diff --git a/scripts/policy/protocols/ftp/detect.bro b/scripts/policy/protocols/ftp/detect.zeek similarity index 100% rename from scripts/policy/protocols/ftp/detect.bro rename to scripts/policy/protocols/ftp/detect.zeek diff --git a/scripts/policy/protocols/ftp/software.bro b/scripts/policy/protocols/ftp/software.zeek similarity index 100% rename from scripts/policy/protocols/ftp/software.bro rename to scripts/policy/protocols/ftp/software.zeek diff --git a/scripts/policy/protocols/http/detect-sqli.bro b/scripts/policy/protocols/http/detect-sqli.zeek similarity index 100% rename from scripts/policy/protocols/http/detect-sqli.bro rename to scripts/policy/protocols/http/detect-sqli.zeek diff --git a/scripts/policy/protocols/http/detect-webapps.bro b/scripts/policy/protocols/http/detect-webapps.zeek similarity index 100% rename from scripts/policy/protocols/http/detect-webapps.bro rename to scripts/policy/protocols/http/detect-webapps.zeek diff --git a/scripts/policy/protocols/http/header-names.bro b/scripts/policy/protocols/http/header-names.zeek similarity index 100% rename from scripts/policy/protocols/http/header-names.bro rename to scripts/policy/protocols/http/header-names.zeek diff --git a/scripts/policy/protocols/http/software-browser-plugins.bro b/scripts/policy/protocols/http/software-browser-plugins.zeek similarity index 100% rename from scripts/policy/protocols/http/software-browser-plugins.bro rename to scripts/policy/protocols/http/software-browser-plugins.zeek diff --git a/scripts/policy/protocols/http/software.bro b/scripts/policy/protocols/http/software.zeek similarity index 100% rename from scripts/policy/protocols/http/software.bro rename to scripts/policy/protocols/http/software.zeek diff --git a/scripts/policy/protocols/http/var-extraction-cookies.bro b/scripts/policy/protocols/http/var-extraction-cookies.zeek similarity index 100% rename from scripts/policy/protocols/http/var-extraction-cookies.bro rename to scripts/policy/protocols/http/var-extraction-cookies.zeek diff --git a/scripts/policy/protocols/http/var-extraction-uri.bro b/scripts/policy/protocols/http/var-extraction-uri.zeek similarity index 100% rename from scripts/policy/protocols/http/var-extraction-uri.bro rename to scripts/policy/protocols/http/var-extraction-uri.zeek diff --git a/scripts/policy/protocols/krb/ticket-logging.bro b/scripts/policy/protocols/krb/ticket-logging.zeek similarity index 100% rename from scripts/policy/protocols/krb/ticket-logging.bro rename to scripts/policy/protocols/krb/ticket-logging.zeek diff --git a/scripts/policy/protocols/modbus/known-masters-slaves.bro b/scripts/policy/protocols/modbus/known-masters-slaves.zeek similarity index 100% rename from scripts/policy/protocols/modbus/known-masters-slaves.bro rename to scripts/policy/protocols/modbus/known-masters-slaves.zeek diff --git a/scripts/policy/protocols/modbus/track-memmap.bro b/scripts/policy/protocols/modbus/track-memmap.zeek similarity index 100% rename from scripts/policy/protocols/modbus/track-memmap.bro rename to scripts/policy/protocols/modbus/track-memmap.zeek diff --git a/scripts/policy/protocols/mysql/software.bro b/scripts/policy/protocols/mysql/software.zeek similarity index 100% rename from scripts/policy/protocols/mysql/software.bro rename to scripts/policy/protocols/mysql/software.zeek diff --git a/scripts/policy/protocols/rdp/indicate_ssl.bro b/scripts/policy/protocols/rdp/indicate_ssl.zeek similarity index 100% rename from scripts/policy/protocols/rdp/indicate_ssl.bro rename to scripts/policy/protocols/rdp/indicate_ssl.zeek diff --git a/scripts/policy/protocols/smb/__load__.bro b/scripts/policy/protocols/smb/__load__.zeek similarity index 100% rename from scripts/policy/protocols/smb/__load__.bro rename to scripts/policy/protocols/smb/__load__.zeek diff --git a/scripts/policy/protocols/smb/log-cmds.bro b/scripts/policy/protocols/smb/log-cmds.zeek similarity index 100% rename from scripts/policy/protocols/smb/log-cmds.bro rename to scripts/policy/protocols/smb/log-cmds.zeek diff --git a/scripts/policy/protocols/smtp/blocklists.bro b/scripts/policy/protocols/smtp/blocklists.zeek similarity index 100% rename from scripts/policy/protocols/smtp/blocklists.bro rename to scripts/policy/protocols/smtp/blocklists.zeek diff --git a/scripts/policy/protocols/smtp/detect-suspicious-orig.bro b/scripts/policy/protocols/smtp/detect-suspicious-orig.zeek similarity index 100% rename from scripts/policy/protocols/smtp/detect-suspicious-orig.bro rename to scripts/policy/protocols/smtp/detect-suspicious-orig.zeek diff --git a/scripts/policy/protocols/smtp/entities-excerpt.bro b/scripts/policy/protocols/smtp/entities-excerpt.zeek similarity index 100% rename from scripts/policy/protocols/smtp/entities-excerpt.bro rename to scripts/policy/protocols/smtp/entities-excerpt.zeek diff --git a/scripts/policy/protocols/smtp/software.bro b/scripts/policy/protocols/smtp/software.zeek similarity index 100% rename from scripts/policy/protocols/smtp/software.bro rename to scripts/policy/protocols/smtp/software.zeek diff --git a/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/scripts/policy/protocols/ssh/detect-bruteforcing.zeek similarity index 100% rename from scripts/policy/protocols/ssh/detect-bruteforcing.bro rename to scripts/policy/protocols/ssh/detect-bruteforcing.zeek diff --git a/scripts/policy/protocols/ssh/geo-data.bro b/scripts/policy/protocols/ssh/geo-data.zeek similarity index 100% rename from scripts/policy/protocols/ssh/geo-data.bro rename to scripts/policy/protocols/ssh/geo-data.zeek diff --git a/scripts/policy/protocols/ssh/interesting-hostnames.bro b/scripts/policy/protocols/ssh/interesting-hostnames.zeek similarity index 100% rename from scripts/policy/protocols/ssh/interesting-hostnames.bro rename to scripts/policy/protocols/ssh/interesting-hostnames.zeek diff --git a/scripts/policy/protocols/ssh/software.bro b/scripts/policy/protocols/ssh/software.zeek similarity index 100% rename from scripts/policy/protocols/ssh/software.bro rename to scripts/policy/protocols/ssh/software.zeek diff --git a/scripts/policy/protocols/ssl/expiring-certs.bro b/scripts/policy/protocols/ssl/expiring-certs.zeek similarity index 100% rename from scripts/policy/protocols/ssl/expiring-certs.bro rename to scripts/policy/protocols/ssl/expiring-certs.zeek diff --git a/scripts/policy/protocols/ssl/extract-certs-pem.bro b/scripts/policy/protocols/ssl/extract-certs-pem.zeek similarity index 100% rename from scripts/policy/protocols/ssl/extract-certs-pem.bro rename to scripts/policy/protocols/ssl/extract-certs-pem.zeek diff --git a/scripts/policy/protocols/ssl/heartbleed.bro b/scripts/policy/protocols/ssl/heartbleed.zeek similarity index 100% rename from scripts/policy/protocols/ssl/heartbleed.bro rename to scripts/policy/protocols/ssl/heartbleed.zeek diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.zeek similarity index 100% rename from scripts/policy/protocols/ssl/known-certs.bro rename to scripts/policy/protocols/ssl/known-certs.zeek diff --git a/scripts/policy/protocols/ssl/log-hostcerts-only.bro b/scripts/policy/protocols/ssl/log-hostcerts-only.zeek similarity index 100% rename from scripts/policy/protocols/ssl/log-hostcerts-only.bro rename to scripts/policy/protocols/ssl/log-hostcerts-only.zeek diff --git a/scripts/policy/protocols/ssl/notary.bro b/scripts/policy/protocols/ssl/notary.zeek similarity index 100% rename from scripts/policy/protocols/ssl/notary.bro rename to scripts/policy/protocols/ssl/notary.zeek diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.zeek similarity index 100% rename from scripts/policy/protocols/ssl/validate-certs.bro rename to scripts/policy/protocols/ssl/validate-certs.zeek diff --git a/scripts/policy/protocols/ssl/validate-ocsp.bro b/scripts/policy/protocols/ssl/validate-ocsp.zeek similarity index 100% rename from scripts/policy/protocols/ssl/validate-ocsp.bro rename to scripts/policy/protocols/ssl/validate-ocsp.zeek diff --git a/scripts/policy/protocols/ssl/validate-sct.bro b/scripts/policy/protocols/ssl/validate-sct.zeek similarity index 100% rename from scripts/policy/protocols/ssl/validate-sct.bro rename to scripts/policy/protocols/ssl/validate-sct.zeek diff --git a/scripts/policy/protocols/ssl/weak-keys.bro b/scripts/policy/protocols/ssl/weak-keys.zeek similarity index 100% rename from scripts/policy/protocols/ssl/weak-keys.bro rename to scripts/policy/protocols/ssl/weak-keys.zeek diff --git a/scripts/policy/tuning/__load__.bro b/scripts/policy/tuning/__load__.zeek similarity index 100% rename from scripts/policy/tuning/__load__.bro rename to scripts/policy/tuning/__load__.zeek diff --git a/scripts/policy/tuning/defaults/__load__.bro b/scripts/policy/tuning/defaults/__load__.zeek similarity index 55% rename from scripts/policy/tuning/defaults/__load__.bro rename to scripts/policy/tuning/defaults/__load__.zeek index fd52f92401..2b574a6845 100644 --- a/scripts/policy/tuning/defaults/__load__.bro +++ b/scripts/policy/tuning/defaults/__load__.zeek @@ -1,3 +1,3 @@ @load ./packet-fragments @load ./warnings -@load ./extracted_file_limits.bro +@load ./extracted_file_limits diff --git a/scripts/policy/tuning/defaults/extracted_file_limits.bro b/scripts/policy/tuning/defaults/extracted_file_limits.zeek similarity index 100% rename from scripts/policy/tuning/defaults/extracted_file_limits.bro rename to scripts/policy/tuning/defaults/extracted_file_limits.zeek diff --git a/scripts/policy/tuning/defaults/packet-fragments.bro b/scripts/policy/tuning/defaults/packet-fragments.zeek similarity index 100% rename from scripts/policy/tuning/defaults/packet-fragments.bro rename to scripts/policy/tuning/defaults/packet-fragments.zeek diff --git a/scripts/policy/tuning/defaults/warnings.bro b/scripts/policy/tuning/defaults/warnings.zeek similarity index 100% rename from scripts/policy/tuning/defaults/warnings.bro rename to scripts/policy/tuning/defaults/warnings.zeek diff --git a/scripts/policy/tuning/json-logs.bro b/scripts/policy/tuning/json-logs.zeek similarity index 100% rename from scripts/policy/tuning/json-logs.bro rename to scripts/policy/tuning/json-logs.zeek diff --git a/scripts/policy/tuning/track-all-assets.bro b/scripts/policy/tuning/track-all-assets.zeek similarity index 100% rename from scripts/policy/tuning/track-all-assets.bro rename to scripts/policy/tuning/track-all-assets.zeek diff --git a/scripts/site/local.bro b/scripts/site/local.zeek similarity index 100% rename from scripts/site/local.bro rename to scripts/site/local.zeek diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro deleted file mode 100644 index be2efbbc19..0000000000 --- a/scripts/test-all-policy.bro +++ /dev/null @@ -1,113 +0,0 @@ -# This file loads ALL policy scripts that are part of the Bro distribution. -# -# This is rarely makes sense, and is for testing only. -# -# Note that we have a unit test that makes sure that all policy files shipped are -# actually loaded here. If we have files that are part of the distribution yet -# can't be loaded here, these must still be listed here with their load command -# commented out. - -# The base/ scripts are all loaded by default and not included here. - -# @load frameworks/control/controllee.bro -# @load frameworks/control/controller.bro -@load frameworks/dpd/detect-protocols.bro -@load frameworks/dpd/packet-segment-logging.bro -@load frameworks/intel/do_notice.bro -@load frameworks/intel/do_expire.bro -@load frameworks/intel/whitelist.bro -@load frameworks/intel/removal.bro -@load frameworks/intel/seen/__load__.bro -@load frameworks/intel/seen/conn-established.bro -@load frameworks/intel/seen/dns.bro -@load frameworks/intel/seen/file-hashes.bro -@load frameworks/intel/seen/file-names.bro -@load frameworks/intel/seen/http-headers.bro -@load frameworks/intel/seen/http-url.bro -@load frameworks/intel/seen/pubkey-hashes.bro -@load frameworks/intel/seen/smb-filenames.bro -@load frameworks/intel/seen/smtp-url-extraction.bro -@load frameworks/intel/seen/smtp.bro -@load frameworks/intel/seen/ssl.bro -@load frameworks/intel/seen/where-locations.bro -@load frameworks/intel/seen/x509.bro -@load frameworks/files/detect-MHR.bro -@load frameworks/files/entropy-test-all-files.bro -#@load frameworks/files/extract-all-files.bro -@load frameworks/files/hash-all-files.bro -@load frameworks/notice/__load__.bro -@load frameworks/notice/extend-email/hostnames.bro -@load files/x509/log-ocsp.bro -@load frameworks/packet-filter/shunt.bro -@load frameworks/software/version-changes.bro -@load frameworks/software/vulnerable.bro -@load frameworks/software/windows-version-detection.bro -@load integration/barnyard2/__load__.bro -@load integration/barnyard2/main.bro -@load integration/barnyard2/types.bro -@load integration/collective-intel/__load__.bro -@load integration/collective-intel/main.bro -@load misc/capture-loss.bro -@load misc/detect-traceroute/__load__.bro -@load misc/detect-traceroute/main.bro -# @load misc/dump-events.bro -@load misc/load-balancing.bro -@load misc/loaded-scripts.bro -@load misc/profiling.bro -@load misc/scan.bro -@load misc/stats.bro -@load misc/weird-stats.bro -@load misc/trim-trace-file.bro -@load protocols/conn/known-hosts.bro -@load protocols/conn/known-services.bro -@load protocols/conn/mac-logging.bro -@load protocols/conn/vlan-logging.bro -@load protocols/conn/weirds.bro -#@load protocols/dhcp/deprecated_events.bro -@load protocols/dhcp/msg-orig.bro -@load protocols/dhcp/software.bro -@load protocols/dhcp/sub-opts.bro -@load protocols/dns/auth-addl.bro -@load protocols/dns/detect-external-names.bro -@load protocols/ftp/detect-bruteforcing.bro -@load protocols/ftp/detect.bro -@load protocols/ftp/software.bro -@load protocols/http/detect-sqli.bro -@load protocols/http/detect-webapps.bro -@load protocols/http/header-names.bro -@load protocols/http/software-browser-plugins.bro -@load protocols/http/software.bro -@load protocols/http/var-extraction-cookies.bro -@load protocols/http/var-extraction-uri.bro -@load protocols/krb/ticket-logging.bro -@load protocols/modbus/known-masters-slaves.bro -@load protocols/modbus/track-memmap.bro -@load protocols/mysql/software.bro -@load protocols/rdp/indicate_ssl.bro -#@load protocols/smb/__load__.bro -@load protocols/smb/log-cmds.bro -@load protocols/smtp/blocklists.bro -@load protocols/smtp/detect-suspicious-orig.bro -@load protocols/smtp/entities-excerpt.bro -@load protocols/smtp/software.bro -@load protocols/ssh/detect-bruteforcing.bro -@load protocols/ssh/geo-data.bro -@load protocols/ssh/interesting-hostnames.bro -@load protocols/ssh/software.bro -@load protocols/ssl/expiring-certs.bro -@load protocols/ssl/extract-certs-pem.bro -@load protocols/ssl/heartbleed.bro -@load protocols/ssl/known-certs.bro -@load protocols/ssl/log-hostcerts-only.bro -#@load protocols/ssl/notary.bro -@load protocols/ssl/validate-certs.bro -@load protocols/ssl/validate-ocsp.bro -@load protocols/ssl/validate-sct.bro -@load protocols/ssl/weak-keys.bro -@load tuning/__load__.bro -@load tuning/defaults/__load__.bro -@load tuning/defaults/extracted_file_limits.bro -@load tuning/defaults/packet-fragments.bro -@load tuning/defaults/warnings.bro -@load tuning/json-logs.bro -@load tuning/track-all-assets.bro diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek new file mode 100644 index 0000000000..26408b6d44 --- /dev/null +++ b/scripts/test-all-policy.zeek @@ -0,0 +1,113 @@ +# This file loads ALL policy scripts that are part of the Bro distribution. +# +# This is rarely makes sense, and is for testing only. +# +# Note that we have a unit test that makes sure that all policy files shipped are +# actually loaded here. If we have files that are part of the distribution yet +# can't be loaded here, these must still be listed here with their load command +# commented out. + +# The base/ scripts are all loaded by default and not included here. + +# @load frameworks/control/controllee.zeek +# @load frameworks/control/controller.zeek +@load frameworks/dpd/detect-protocols.zeek +@load frameworks/dpd/packet-segment-logging.zeek +@load frameworks/intel/do_notice.zeek +@load frameworks/intel/do_expire.zeek +@load frameworks/intel/whitelist.zeek +@load frameworks/intel/removal.zeek +@load frameworks/intel/seen/__load__.zeek +@load frameworks/intel/seen/conn-established.zeek +@load frameworks/intel/seen/dns.zeek +@load frameworks/intel/seen/file-hashes.zeek +@load frameworks/intel/seen/file-names.zeek +@load frameworks/intel/seen/http-headers.zeek +@load frameworks/intel/seen/http-url.zeek +@load frameworks/intel/seen/pubkey-hashes.zeek +@load frameworks/intel/seen/smb-filenames.zeek +@load frameworks/intel/seen/smtp-url-extraction.zeek +@load frameworks/intel/seen/smtp.zeek +@load frameworks/intel/seen/ssl.zeek +@load frameworks/intel/seen/where-locations.zeek +@load frameworks/intel/seen/x509.zeek +@load frameworks/files/detect-MHR.zeek +@load frameworks/files/entropy-test-all-files.zeek +#@load frameworks/files/extract-all-files.zeek +@load frameworks/files/hash-all-files.zeek +@load frameworks/notice/__load__.zeek +@load frameworks/notice/extend-email/hostnames.zeek +@load files/x509/log-ocsp.zeek +@load frameworks/packet-filter/shunt.zeek +@load frameworks/software/version-changes.zeek +@load frameworks/software/vulnerable.zeek +@load frameworks/software/windows-version-detection.zeek +@load integration/barnyard2/__load__.zeek +@load integration/barnyard2/main.zeek +@load integration/barnyard2/types.zeek +@load integration/collective-intel/__load__.zeek +@load integration/collective-intel/main.zeek +@load misc/capture-loss.zeek +@load misc/detect-traceroute/__load__.zeek +@load misc/detect-traceroute/main.zeek +# @load misc/dump-events.zeek +@load misc/load-balancing.zeek +@load misc/loaded-scripts.zeek +@load misc/profiling.zeek +@load misc/scan.zeek +@load misc/stats.zeek +@load misc/weird-stats.zeek +@load misc/trim-trace-file.zeek +@load protocols/conn/known-hosts.zeek +@load protocols/conn/known-services.zeek +@load protocols/conn/mac-logging.zeek +@load protocols/conn/vlan-logging.zeek +@load protocols/conn/weirds.zeek +#@load protocols/dhcp/deprecated_events.zeek +@load protocols/dhcp/msg-orig.zeek +@load protocols/dhcp/software.zeek +@load protocols/dhcp/sub-opts.zeek +@load protocols/dns/auth-addl.zeek +@load protocols/dns/detect-external-names.zeek +@load protocols/ftp/detect-bruteforcing.zeek +@load protocols/ftp/detect.zeek +@load protocols/ftp/software.zeek +@load protocols/http/detect-sqli.zeek +@load protocols/http/detect-webapps.zeek +@load protocols/http/header-names.zeek +@load protocols/http/software-browser-plugins.zeek +@load protocols/http/software.zeek +@load protocols/http/var-extraction-cookies.zeek +@load protocols/http/var-extraction-uri.zeek +@load protocols/krb/ticket-logging.zeek +@load protocols/modbus/known-masters-slaves.zeek +@load protocols/modbus/track-memmap.zeek +@load protocols/mysql/software.zeek +@load protocols/rdp/indicate_ssl.zeek +#@load protocols/smb/__load__.zeek +@load protocols/smb/log-cmds.zeek +@load protocols/smtp/blocklists.zeek +@load protocols/smtp/detect-suspicious-orig.zeek +@load protocols/smtp/entities-excerpt.zeek +@load protocols/smtp/software.zeek +@load protocols/ssh/detect-bruteforcing.zeek +@load protocols/ssh/geo-data.zeek +@load protocols/ssh/interesting-hostnames.zeek +@load protocols/ssh/software.zeek +@load protocols/ssl/expiring-certs.zeek +@load protocols/ssl/extract-certs-pem.zeek +@load protocols/ssl/heartbleed.zeek +@load protocols/ssl/known-certs.zeek +@load protocols/ssl/log-hostcerts-only.zeek +#@load protocols/ssl/notary.zeek +@load protocols/ssl/validate-certs.zeek +@load protocols/ssl/validate-ocsp.zeek +@load protocols/ssl/validate-sct.zeek +@load protocols/ssl/weak-keys.zeek +@load tuning/__load__.zeek +@load tuning/defaults/__load__.zeek +@load tuning/defaults/extracted_file_limits.zeek +@load tuning/defaults/packet-fragments.zeek +@load tuning/defaults/warnings.zeek +@load tuning/json-logs.zeek +@load tuning/track-all-assets.zeek diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 7aa750ac80..da7042f956 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -386,17 +386,17 @@ add_dependencies(generate_outputs_stage2b generate_outputs_stage1) add_custom_target(generate_outputs) add_dependencies(generate_outputs generate_outputs_stage2a generate_outputs_stage2b) -# Build __load__.bro files for standard *.bif.bro. +# Build __load__.zeek files for standard *.bif.zeek. bro_bif_create_loader(bif_loader "${bro_BASE_BIF_SCRIPTS}") add_dependencies(bif_loader ${bro_SUBDIRS}) add_dependencies(bro bif_loader) -# Build __load__.bro files for plugins/*.bif.bro. +# Build __load__.zeek files for plugins/*.bif.zeek. bro_bif_create_loader(bif_loader_plugins "${bro_PLUGIN_BIF_SCRIPTS}") add_dependencies(bif_loader_plugins ${bro_SUBDIRS}) add_dependencies(bro bif_loader_plugins) -# Install *.bif.bro. +# Install *.bif.zeek. install(DIRECTORY ${CMAKE_BINARY_DIR}/scripts/base/bif DESTINATION ${BRO_SCRIPT_INSTALL_PATH}/base) # Create plugin directory at install time. diff --git a/src/Debug.cc b/src/Debug.cc index 54a40c58d1..a45c27888e 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -348,7 +348,7 @@ vector parse_location_string(const string& s) if ( ! sscanf(line_string.c_str(), "%d", &plr.line) ) plr.type = plrUnknown; - string path(find_file(filename, bro_path(), "bro")); + string path(find_script_file(filename, bro_path())); if ( path.empty() ) { diff --git a/src/OSFinger.cc b/src/OSFinger.cc index df5f30b0cc..1b540a1fd0 100644 --- a/src/OSFinger.cc +++ b/src/OSFinger.cc @@ -295,7 +295,7 @@ void OSFingerprint::load_config(const char* file) char buf[MAXLINE]; char* p; - FILE* c = open_file(find_file(file, bro_path(), "osf")); + FILE* c = open_file(find_file(file, bro_path(), ".osf")); if (!c) { diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 54228d58dd..5b72264926 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -235,7 +235,7 @@ bool RuleMatcher::ReadFiles(const name_list& files) for ( int i = 0; i < files.length(); ++i ) { - rules_in = open_file(find_file(files[i], bro_path(), "sig")); + rules_in = open_file(find_file(files[i], bro_path(), ".sig")); if ( ! rules_in ) { diff --git a/src/Type.cc b/src/Type.cc index 77a5ac6d16..741f1cfc0f 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1510,7 +1510,7 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name, else { // We allow double-definitions if matching exactly. This is so that - // we can define an enum both in a *.bif and *.bro for avoiding + // we can define an enum both in a *.bif and *.zeek for avoiding // cyclic dependencies. string fullname = make_full_var_name(module_name.c_str(), name); if ( id->Name() != fullname diff --git a/src/broxygen/ScriptInfo.cc b/src/broxygen/ScriptInfo.cc index a32d96cdd5..b13498bddb 100644 --- a/src/broxygen/ScriptInfo.cc +++ b/src/broxygen/ScriptInfo.cc @@ -158,7 +158,7 @@ static string make_redef_details(const string& heading, char underline, ScriptInfo::ScriptInfo(const string& arg_name, const string& arg_path) : Info(), name(arg_name), path(arg_path), - is_pkg_loader(SafeBasename(name).result == PACKAGE_LOADER), + is_pkg_loader(is_package_loader(name)), dependencies(), module_usages(), comments(), id_info(), redef_options(), constants(), state_vars(), types(), events(), hooks(), functions(), redefs() @@ -253,12 +253,12 @@ void ScriptInfo::DoInitPostScript() // The following enum types are automatically created internally in Bro, // so just manually associating them with scripts for now. - if ( name == "base/frameworks/input/main.bro" ) + if ( name == "base/frameworks/input/main.zeek" ) { auto id = global_scope()->Lookup("Input::Reader"); types.push_back(new IdentifierInfo(id, this)); } - else if ( name == "base/frameworks/logging/main.bro" ) + else if ( name == "base/frameworks/logging/main.zeek" ) { auto id = global_scope()->Lookup("Log::Writer"); types.push_back(new IdentifierInfo(id, this)); @@ -314,7 +314,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const if ( it != dependencies.begin() ) rval += ", "; - string path = find_file(*it, bro_path(), "bro"); + string path = find_script_file(*it, bro_path()); string doc = *it; if ( ! path.empty() && is_dir(path.c_str()) ) @@ -365,8 +365,13 @@ time_t ScriptInfo::DoGetModificationTime() const if ( ! info ) { - string pkg_name = *it + "/" + PACKAGE_LOADER; - info = broxygen_mgr->GetScriptInfo(pkg_name); + for (const string& ext : script_extensions) + { + string pkg_name = *it + "/__load__" + ext; + info = broxygen_mgr->GetScriptInfo(pkg_name); + if ( info ) + break; + } if ( ! info ) reporter->InternalWarning("Broxygen failed to get mtime of %s", diff --git a/src/broxygen/ScriptInfo.h b/src/broxygen/ScriptInfo.h index d7328ef7c8..dd43e15a4e 100644 --- a/src/broxygen/ScriptInfo.h +++ b/src/broxygen/ScriptInfo.h @@ -77,7 +77,7 @@ public: { redefs.insert(info); } /** - * @return Whether the script is a package loader (i.e. "__load__.bro"). + * @return Whether the script is a package loader (i.e. "__load__.zeek"). */ bool IsPkgLoader() const { return is_pkg_loader; } diff --git a/src/broxygen/Target.cc b/src/broxygen/Target.cc index dba0d67d6c..98b74ff8db 100644 --- a/src/broxygen/Target.cc +++ b/src/broxygen/Target.cc @@ -410,7 +410,7 @@ void ScriptTarget::DoFindDependencies(const vector& infos) for ( size_t i = 0; i < script_deps.size(); ++i ) { - if ( SafeBasename(script_deps[i]->Name()).result == PACKAGE_LOADER ) + if ( is_package_loader(script_deps[i]->Name()) ) { string pkg_dir = SafeDirname(script_deps[i]->Name()).result; string target_file = Name() + pkg_dir + "/index.rst"; diff --git a/src/broxygen/Target.h b/src/broxygen/Target.h index 9a5a23107c..7f18697eaf 100644 --- a/src/broxygen/Target.h +++ b/src/broxygen/Target.h @@ -41,7 +41,7 @@ struct TargetFile { /** * A Broxygen target abstract base class. A target is generally any portion of * documentation that Bro can build. It's identified by a type (e.g. script, - * identifier, package), a pattern (e.g. "example.bro", "HTTP::Info"), and + * identifier, package), a pattern (e.g. "example.zeek", "HTTP::Info"), and * a path to an output file. */ class Target { diff --git a/src/broxygen/broxygen.bif b/src/broxygen/broxygen.bif index d1b3028edc..4b2f5653b2 100644 --- a/src/broxygen/broxygen.bif +++ b/src/broxygen/broxygen.bif @@ -35,7 +35,7 @@ function get_identifier_comments%(name: string%): string ## ## name: the name of a Bro script. It must be a relative path to where ## it is located within a particular component of BROPATH and use -## the same file name extension/suffix as the actual file (e.g. ".bro"). +## the same file name extension/suffix as the actual file (e.g. ".zeek"). ## ## Returns: summary comments associated with script with *name*. If ## *name* is not a known script, an empty string is returned. diff --git a/src/const.bif b/src/const.bif index 6d60ac707b..9da5950259 100644 --- a/src/const.bif +++ b/src/const.bif @@ -1,6 +1,6 @@ ##! Declaration of various scripting-layer constants that the Bro core uses ##! internally. Documentation and default values for the scripting-layer -##! variables themselves are found in :doc:`/scripts/base/init-bare.bro`. +##! variables themselves are found in :doc:`/scripts/base/init-bare.zeek`. const ignore_keep_alive_rexmit: bool; const skip_http_data: bool; diff --git a/src/main.cc b/src/main.cc index 1116b8c331..e0d8da66e4 100644 --- a/src/main.cc +++ b/src/main.cc @@ -823,11 +823,11 @@ int main(int argc, char** argv) broxygen_mgr = new broxygen::Manager(broxygen_config, bro_argv[0]); - add_essential_input_file("base/init-bare.bro"); - add_essential_input_file("base/init-frameworks-and-bifs.bro"); + add_essential_input_file("base/init-bare.zeek"); + add_essential_input_file("base/init-frameworks-and-bifs.zeek"); if ( ! bare_mode ) - add_input_file("base/init-default.bro"); + add_input_file("base/init-default.zeek"); plugin_mgr->SearchDynamicPlugins(bro_plugin_path()); diff --git a/src/plugin/Manager.cc b/src/plugin/Manager.cc index 836520d03a..47f7ba1ed9 100644 --- a/src/plugin/Manager.cc +++ b/src/plugin/Manager.cc @@ -13,6 +13,7 @@ #include "../Reporter.h" #include "../Func.h" #include "../Event.h" +#include "../util.h" using namespace plugin; @@ -182,30 +183,44 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_ add_to_bro_path(scripts); } - // First load {scripts}/__preload__.bro automatically. - string init = dir + "scripts/__preload__.bro"; + string init; - if ( is_file(init) ) + // First load {scripts}/__preload__.zeek automatically. + for (const string& ext : script_extensions) { - DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); - scripts_to_load.push_back(init); + init = dir + "scripts/__preload__" + ext; + + if ( is_file(init) ) + { + DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); + scripts_to_load.push_back(init); + break; + } } - // Load {bif,scripts}/__load__.bro automatically. - init = dir + "lib/bif/__load__.bro"; - - if ( is_file(init) ) + // Load {bif,scripts}/__load__.zeek automatically. + for (const string& ext : script_extensions) { - DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); - scripts_to_load.push_back(init); + init = dir + "lib/bif/__load__" + ext; + + if ( is_file(init) ) + { + DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); + scripts_to_load.push_back(init); + break; + } } - init = dir + "scripts/__load__.bro"; - - if ( is_file(init) ) + for (const string& ext : script_extensions) { - DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); - scripts_to_load.push_back(init); + init = dir + "scripts/__load__" + ext; + + if ( is_file(init) ) + { + DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); + scripts_to_load.push_back(init); + break; + } } // Load shared libraries. diff --git a/src/reporter.bif b/src/reporter.bif index 71fc50b49d..d273c5cac8 100644 --- a/src/reporter.bif +++ b/src/reporter.bif @@ -4,7 +4,7 @@ ##! If event handlers do exist, it's assumed they take care of determining ##! how/where to output the messages. ##! -##! See :doc:`/scripts/base/frameworks/reporter/main.bro` for a convenient +##! See :doc:`/scripts/base/frameworks/reporter/main.zeek` for a convenient ##! reporter message logging framework. module Reporter; diff --git a/src/scan.l b/src/scan.l index c2be426044..fb8ca20f8e 100644 --- a/src/scan.l +++ b/src/scan.l @@ -77,6 +77,17 @@ static string find_relative_file(const string& filename, const string& ext) return find_file(filename, bro_path(), ext); } +static string find_relative_script_file(const string& filename) + { + if ( filename.empty() ) + return string(); + + if ( filename[0] == '.' ) + return find_script_file(filename, SafeDirname(::filename).result); + else + return find_script_file(filename, bro_path()); + } + static ino_t get_inode_num(FILE* f, const string& path) { struct stat b; @@ -363,14 +374,14 @@ when return TOK_WHEN; @load{WS}{FILE} { const char* new_file = skip_whitespace(yytext + 5); // Skip "@load". string loader = ::filename; // load_files may change ::filename, save copy - string loading = find_relative_file(new_file, "bro"); + string loading = find_relative_script_file(new_file); (void) load_files(new_file); broxygen_mgr->ScriptDependency(loader, loading); } @load-sigs{WS}{FILE} { const char* file = skip_whitespace(yytext + 10); - string path = find_relative_file(file, "sig"); + string path = find_relative_file(file, ".sig"); int rc = PLUGIN_HOOK_WITH_RESULT(HOOK_LOAD_FILE, HookLoadFile(plugin::Plugin::SIGNATURES, file, path), -1); switch ( rc ) { @@ -430,7 +441,7 @@ when return TOK_WHEN; @unload{WS}{FILE} { // Skip "@unload". const char* file = skip_whitespace(yytext + 7); - string path = find_relative_file(file, "bro"); + string path = find_relative_script_file(file); if ( path.empty() ) reporter->Error("failed find file associated with @unload %s", file); @@ -624,7 +635,7 @@ static bool already_scanned(const string& path) static int load_files(const char* orig_file) { - string file_path = find_relative_file(orig_file, "bro"); + string file_path = find_relative_script_file(orig_file); int rc = PLUGIN_HOOK_WITH_RESULT(HOOK_LOAD_FILE, HookLoadFile(plugin::Plugin::SCRIPT, orig_file, file_path), -1); if ( rc == 1 ) @@ -912,7 +923,7 @@ int yywrap() if ( ! did_builtin_init && file_stack.length() == 1 ) { // ### This is a gross hack - we know that the first file - // we parse is init-bare.bro, and after it it's safe to initialize + // we parse is init-bare.zeek, and after it it's safe to initialize // the built-ins. Furthermore, we want to initialize the // built-in's *right* after parsing bro.init, so that other // source files can use built-in's when initializing globals. @@ -950,7 +961,7 @@ int yywrap() // prefixed and flattened version of the loaded file in BROPATH. The // flattening involves taking the path in BROPATH in which the // scanned file lives and replacing '/' path separators with a '.' If - // the scanned file is "__load__.bro", that part of the flattened + // the scanned file is "__load__.zeek", that part of the flattened // file name is discarded. If the prefix is non-empty, it gets placed // in front of the flattened path, separated with another '.' std::list::iterator it; @@ -970,7 +981,7 @@ int yywrap() string canon = without_bropath_component(it->name); string flat = flatten_script_name(canon, prefixes[i]); - string path = find_relative_file(flat, "bro"); + string path = find_relative_script_file(flat); if ( ! path.empty() ) { diff --git a/src/types.bif b/src/types.bif index babccb0f0d..79f5780f52 100644 --- a/src/types.bif +++ b/src/types.bif @@ -141,7 +141,7 @@ enum createmode_t %{ %} # Declare record types that we want to access from the event engine. These are -# defined in init-bare.bro. +# defined in init-bare.zeek. type info_t: record; type fattr_t: record; type sattr_t: record; diff --git a/src/util.cc b/src/util.cc index cce49a7f6d..8b4bd0a88b 100644 --- a/src/util.cc +++ b/src/util.cc @@ -20,6 +20,7 @@ #endif #include +#include #include #include #include @@ -1007,7 +1008,20 @@ string bro_prefixes() return rval; } -const char* PACKAGE_LOADER = "__load__.bro"; +const array script_extensions = {".zeek", ".bro"}; + +bool is_package_loader(const string& path) + { + string filename(std::move(SafeBasename(path).result)); + + for ( const string& ext : script_extensions ) + { + if ( filename == "__load__" + ext ) + return true; + } + + return false; + } FILE* open_file(const string& path, const string& mode) { @@ -1034,13 +1048,22 @@ static bool can_read(const string& path) FILE* open_package(string& path, const string& mode) { string arg_path = path; - path.append("/").append(PACKAGE_LOADER); + path.append("/__load__"); - if ( can_read(path) ) - return open_file(path, mode); + for ( const string& ext : script_extensions ) + { + string p = path + ext; + if ( can_read(p) ) + { + path.append(ext); + return open_file(path, mode); + } + } + path.append(script_extensions[0]); + string package_loader = "__load__" + script_extensions[0]; reporter->Error("Failed to open package '%s': missing '%s' file", - arg_path.c_str(), PACKAGE_LOADER); + arg_path.c_str(), package_loader.c_str()); return 0; } @@ -1123,7 +1146,7 @@ string flatten_script_name(const string& name, const string& prefix) if ( ! rval.empty() ) rval.append("."); - if ( SafeBasename(name).result == PACKAGE_LOADER ) + if ( is_package_loader(name) ) rval.append(SafeDirname(name).result); else rval.append(name); @@ -1221,7 +1244,7 @@ string without_bropath_component(const string& path) } static string find_file_in_path(const string& filename, const string& path, - const string& opt_ext = "") + const vector& opt_ext) { if ( filename.empty() ) return string(); @@ -1239,10 +1262,13 @@ static string find_file_in_path(const string& filename, const string& path, if ( ! opt_ext.empty() ) { - string with_ext = abs_path + '.' + opt_ext; + for ( const string& ext : opt_ext ) + { + string with_ext = abs_path + ext; - if ( can_read(with_ext) ) - return with_ext; + if ( can_read(with_ext) ) + return with_ext; + } } if ( can_read(abs_path) ) @@ -1257,9 +1283,31 @@ string find_file(const string& filename, const string& path_set, vector paths; tokenize_string(path_set, ":", &paths); + vector ext; + if ( ! opt_ext.empty() ) + ext.push_back(opt_ext); + for ( size_t n = 0; n < paths.size(); ++n ) { - string f = find_file_in_path(filename, paths[n], opt_ext); + string f = find_file_in_path(filename, paths[n], ext); + + if ( ! f.empty() ) + return f; + } + + return string(); + } + +string find_script_file(const string& filename, const string& path_set) + { + vector paths; + tokenize_string(path_set, ":", &paths); + + vector ext(script_extensions.begin(), script_extensions.end()); + + for ( size_t n = 0; n < paths.size(); ++n ) + { + string f = find_file_in_path(filename, paths[n], ext); if ( ! f.empty() ) return f; diff --git a/src/util.h b/src/util.h index 232275d9c9..b63b74a3f7 100644 --- a/src/util.h +++ b/src/util.h @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -248,16 +249,16 @@ static const SourceID SOURCE_BROKER = 0xffffffff; extern void pinpoint(); extern int int_list_cmp(const void* v1, const void* v2); -// Contains the name of the script file that gets read -// when a package is loaded (i.e., "__load__.bro). -extern const char* PACKAGE_LOADER; - extern const std::string& bro_path(); extern const char* bro_magic_path(); extern const char* bro_plugin_path(); extern const char* bro_plugin_activate(); extern std::string bro_prefixes(); +extern const std::array script_extensions; + +bool is_package_loader(const std::string& path); + extern void add_to_bro_path(const std::string& dir); @@ -308,7 +309,7 @@ std::string implode_string_vector(const std::vector& v, /** * Flatten a script name by replacing '/' path separators with '.'. - * @param file A path to a Bro script. If it is a __load__.bro, that part + * @param file A path to a Bro script. If it is a __load__.zeek, that part * is discarded when constructing the flattened the name. * @param prefix A string to prepend to the flattened script name. * @return The flattened script name. @@ -341,6 +342,14 @@ std::string without_bropath_component(const std::string& path); std::string find_file(const std::string& filename, const std::string& path_set, const std::string& opt_ext = ""); +/** + * Locate a script file within a given search path. + * @param filename Name of a file to find. + * @param path_set Colon-delimited set of paths to search for the file. + * @return Path to the found file, or an empty string if not found. + */ +std::string find_script_file(const std::string& filename, const std::string& path_set); + // Wrapper around fopen(3). Emits an error when failing to open. FILE* open_file(const std::string& path, const std::string& mode = "r"); diff --git a/testing/btest/Baseline/core.load-file-extension/bro_only b/testing/btest/Baseline/core.load-file-extension/bro_only new file mode 100644 index 0000000000..bb2333014b --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/bro_only @@ -0,0 +1 @@ +Bro script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/bro_preferred b/testing/btest/Baseline/core.load-file-extension/bro_preferred new file mode 100644 index 0000000000..bb2333014b --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/bro_preferred @@ -0,0 +1 @@ +Bro script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/bro_preferred_2 b/testing/btest/Baseline/core.load-file-extension/bro_preferred_2 new file mode 100644 index 0000000000..bb2333014b --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/bro_preferred_2 @@ -0,0 +1 @@ +Bro script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/no_extension b/testing/btest/Baseline/core.load-file-extension/no_extension new file mode 100644 index 0000000000..b9cfe8016f --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/no_extension @@ -0,0 +1 @@ +No file extension script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/xyz_preferred b/testing/btest/Baseline/core.load-file-extension/xyz_preferred new file mode 100644 index 0000000000..8883b557a3 --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/xyz_preferred @@ -0,0 +1 @@ +Non-standard file extension script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/zeek_only b/testing/btest/Baseline/core.load-file-extension/zeek_only new file mode 100644 index 0000000000..129000059a --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/zeek_only @@ -0,0 +1 @@ +Zeek script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/zeek_preferred b/testing/btest/Baseline/core.load-file-extension/zeek_preferred new file mode 100644 index 0000000000..129000059a --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/zeek_preferred @@ -0,0 +1 @@ +Zeek script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/zeek_script_preferred b/testing/btest/Baseline/core.load-file-extension/zeek_script_preferred new file mode 100644 index 0000000000..129000059a --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/zeek_script_preferred @@ -0,0 +1 @@ +Zeek script loaded diff --git a/testing/btest/Baseline/core.load-pkg/output b/testing/btest/Baseline/core.load-pkg/output index 119b2f9a18..ab438bfe3b 100644 --- a/testing/btest/Baseline/core.load-pkg/output +++ b/testing/btest/Baseline/core.load-pkg/output @@ -1 +1,2 @@ -Foo loaded +test.zeek loaded +__load__.zeek loaded diff --git a/testing/btest/Baseline/core.load-pkg/output2 b/testing/btest/Baseline/core.load-pkg/output2 new file mode 100644 index 0000000000..1021a36092 --- /dev/null +++ b/testing/btest/Baseline/core.load-pkg/output2 @@ -0,0 +1,2 @@ +test.zeek loaded +__load__.bro loaded diff --git a/testing/btest/Baseline/core.load-prefixes/output b/testing/btest/Baseline/core.load-prefixes/output index ea35b3a8c0..05e54cb3b9 100644 --- a/testing/btest/Baseline/core.load-prefixes/output +++ b/testing/btest/Baseline/core.load-prefixes/output @@ -1,4 +1,4 @@ -loaded lcl2.base.utils.site.bro -loaded lcl.base.utils.site.bro +loaded lcl2.base.utils.site.zeek +loaded lcl.base.utils.site.zeek loaded lcl2.base.protocols.http.bro -loaded lcl.base.protocols.http.bro +loaded lcl.base.protocols.http.zeek diff --git a/testing/btest/Baseline/core.load-unload/output2 b/testing/btest/Baseline/core.load-unload/output2 new file mode 100644 index 0000000000..bd327f15d4 --- /dev/null +++ b/testing/btest/Baseline/core.load-unload/output2 @@ -0,0 +1 @@ +Loaded: dontloadme.bro diff --git a/testing/btest/Baseline/core.pcap.filter-error/output b/testing/btest/Baseline/core.pcap.filter-error/output index 82804bb483..f52fdf7e0a 100644 --- a/testing/btest/Baseline/core.pcap.filter-error/output +++ b/testing/btest/Baseline/core.pcap.filter-error/output @@ -1,3 +1,3 @@ -fatal error in /home/robin/bro/master/scripts/base/frameworks/packet-filter/./main.bro, line 282: Bad pcap filter 'kaputt' +fatal error in /home/robin/bro/master/scripts/base/frameworks/packet-filter/./main.zeek, line 282: Bad pcap filter 'kaputt' ---- error, cannot compile BPF filter "kaputt, too" diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index bd24bf02aa..55c2c7c9f3 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -6,178 +6,178 @@ #open 2019-04-04-19-22-03 #fields name #types string -scripts/base/init-bare.bro - build/scripts/base/bif/const.bif.bro - build/scripts/base/bif/types.bif.bro - build/scripts/base/bif/bro.bif.bro - build/scripts/base/bif/stats.bif.bro - build/scripts/base/bif/reporter.bif.bro - build/scripts/base/bif/strings.bif.bro - build/scripts/base/bif/option.bif.bro - build/scripts/base/bif/plugins/Bro_SNMP.types.bif.bro - build/scripts/base/bif/plugins/Bro_KRB.types.bif.bro - build/scripts/base/bif/event.bif.bro -scripts/base/init-frameworks-and-bifs.bro - scripts/base/frameworks/logging/__load__.bro - scripts/base/frameworks/logging/main.bro - build/scripts/base/bif/logging.bif.bro - scripts/base/frameworks/logging/postprocessors/__load__.bro - scripts/base/frameworks/logging/postprocessors/scp.bro - scripts/base/frameworks/logging/postprocessors/sftp.bro - scripts/base/frameworks/logging/writers/ascii.bro - scripts/base/frameworks/logging/writers/sqlite.bro - scripts/base/frameworks/logging/writers/none.bro - scripts/base/frameworks/broker/__load__.bro - scripts/base/frameworks/broker/main.bro - build/scripts/base/bif/comm.bif.bro - build/scripts/base/bif/messaging.bif.bro - scripts/base/frameworks/broker/store.bro - build/scripts/base/bif/data.bif.bro - build/scripts/base/bif/store.bif.bro - scripts/base/frameworks/broker/log.bro - scripts/base/frameworks/input/__load__.bro - scripts/base/frameworks/input/main.bro - build/scripts/base/bif/input.bif.bro - scripts/base/frameworks/input/readers/ascii.bro - scripts/base/frameworks/input/readers/raw.bro - scripts/base/frameworks/input/readers/benchmark.bro - scripts/base/frameworks/input/readers/binary.bro - scripts/base/frameworks/input/readers/config.bro - scripts/base/frameworks/input/readers/sqlite.bro - scripts/base/frameworks/analyzer/__load__.bro - scripts/base/frameworks/analyzer/main.bro - scripts/base/frameworks/packet-filter/utils.bro - build/scripts/base/bif/analyzer.bif.bro - scripts/base/frameworks/files/__load__.bro - scripts/base/frameworks/files/main.bro - build/scripts/base/bif/file_analysis.bif.bro - scripts/base/utils/site.bro - scripts/base/utils/patterns.bro - scripts/base/frameworks/files/magic/__load__.bro - build/scripts/base/bif/__load__.bro - build/scripts/base/bif/broxygen.bif.bro - build/scripts/base/bif/pcap.bif.bro - build/scripts/base/bif/bloom-filter.bif.bro - build/scripts/base/bif/cardinality-counter.bif.bro - build/scripts/base/bif/top-k.bif.bro - build/scripts/base/bif/plugins/__load__.bro - build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro - build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.bro - build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.bro - build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro - build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro - build/scripts/base/bif/plugins/Bro_DHCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_DHCP.types.bif.bro - build/scripts/base/bif/plugins/Bro_DNP3.events.bif.bro - build/scripts/base/bif/plugins/Bro_DNS.events.bif.bro - build/scripts/base/bif/plugins/Bro_File.events.bif.bro - build/scripts/base/bif/plugins/Bro_Finger.events.bif.bro - build/scripts/base/bif/plugins/Bro_FTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_FTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.bro - build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.bro - build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.bro - build/scripts/base/bif/plugins/Bro_HTTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_ICMP.events.bif.bro - build/scripts/base/bif/plugins/Bro_Ident.events.bif.bro - build/scripts/base/bif/plugins/Bro_IMAP.events.bif.bro - build/scripts/base/bif/plugins/Bro_InterConn.events.bif.bro - build/scripts/base/bif/plugins/Bro_IRC.events.bif.bro - build/scripts/base/bif/plugins/Bro_KRB.events.bif.bro - build/scripts/base/bif/plugins/Bro_Login.events.bif.bro - build/scripts/base/bif/plugins/Bro_Login.functions.bif.bro - build/scripts/base/bif/plugins/Bro_MIME.events.bif.bro - build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro - build/scripts/base/bif/plugins/Bro_MySQL.events.bif.bro - build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_NCP.consts.bif.bro - build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro - build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro - build/scripts/base/bif/plugins/Bro_NTLM.types.bif.bro - build/scripts/base/bif/plugins/Bro_NTLM.events.bif.bro - build/scripts/base/bif/plugins/Bro_NTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro - build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro - build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro - build/scripts/base/bif/plugins/Bro_RDP.types.bif.bro - build/scripts/base/bif/plugins/Bro_RFB.events.bif.bro - build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro - build/scripts/base/bif/plugins/Bro_SIP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.consts.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.types.bif.bro - build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSH.types.bif.bro - build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.types.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.functions.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.consts.bif.bro - build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro - build/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro - build/scripts/base/bif/plugins/Bro_TCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_TCP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro - build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro - build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.bro - build/scripts/base/bif/plugins/Bro_XMPP.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro - build/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro - build/scripts/base/bif/plugins/Bro_PE.events.bif.bro - build/scripts/base/bif/plugins/Bro_Unified2.events.bif.bro - build/scripts/base/bif/plugins/Bro_Unified2.types.bif.bro - build/scripts/base/bif/plugins/Bro_X509.events.bif.bro - build/scripts/base/bif/plugins/Bro_X509.types.bif.bro - build/scripts/base/bif/plugins/Bro_X509.functions.bif.bro - build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.bro - build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.bro - build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro - build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.bro - build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.bro - build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.bro - build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro - build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro - build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.bro - build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro -scripts/policy/misc/loaded-scripts.bro - scripts/base/utils/paths.bro +scripts/base/init-bare.zeek + build/scripts/base/bif/const.bif.zeek + build/scripts/base/bif/types.bif.zeek + build/scripts/base/bif/bro.bif.zeek + build/scripts/base/bif/stats.bif.zeek + build/scripts/base/bif/reporter.bif.zeek + build/scripts/base/bif/strings.bif.zeek + build/scripts/base/bif/option.bif.zeek + build/scripts/base/bif/plugins/Bro_SNMP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_KRB.types.bif.zeek + build/scripts/base/bif/event.bif.zeek +scripts/base/init-frameworks-and-bifs.zeek + scripts/base/frameworks/logging/__load__.zeek + scripts/base/frameworks/logging/main.zeek + build/scripts/base/bif/logging.bif.zeek + scripts/base/frameworks/logging/postprocessors/__load__.zeek + scripts/base/frameworks/logging/postprocessors/scp.zeek + scripts/base/frameworks/logging/postprocessors/sftp.zeek + scripts/base/frameworks/logging/writers/ascii.zeek + scripts/base/frameworks/logging/writers/sqlite.zeek + scripts/base/frameworks/logging/writers/none.zeek + scripts/base/frameworks/broker/__load__.zeek + scripts/base/frameworks/broker/main.zeek + build/scripts/base/bif/comm.bif.zeek + build/scripts/base/bif/messaging.bif.zeek + scripts/base/frameworks/broker/store.zeek + build/scripts/base/bif/data.bif.zeek + build/scripts/base/bif/store.bif.zeek + scripts/base/frameworks/broker/log.zeek + scripts/base/frameworks/input/__load__.zeek + scripts/base/frameworks/input/main.zeek + build/scripts/base/bif/input.bif.zeek + scripts/base/frameworks/input/readers/ascii.zeek + scripts/base/frameworks/input/readers/raw.zeek + scripts/base/frameworks/input/readers/benchmark.zeek + scripts/base/frameworks/input/readers/binary.zeek + scripts/base/frameworks/input/readers/config.zeek + scripts/base/frameworks/input/readers/sqlite.zeek + scripts/base/frameworks/analyzer/__load__.zeek + scripts/base/frameworks/analyzer/main.zeek + scripts/base/frameworks/packet-filter/utils.zeek + build/scripts/base/bif/analyzer.bif.zeek + scripts/base/frameworks/files/__load__.zeek + scripts/base/frameworks/files/main.zeek + build/scripts/base/bif/file_analysis.bif.zeek + scripts/base/utils/site.zeek + scripts/base/utils/patterns.zeek + scripts/base/frameworks/files/magic/__load__.zeek + build/scripts/base/bif/__load__.zeek + build/scripts/base/bif/broxygen.bif.zeek + build/scripts/base/bif/pcap.bif.zeek + build/scripts/base/bif/bloom-filter.bif.zeek + build/scripts/base/bif/cardinality-counter.bif.zeek + build/scripts/base/bif/top-k.bif.zeek + build/scripts/base/bif/plugins/__load__.zeek + build/scripts/base/bif/plugins/Bro_ARP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.zeek + build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.zeek + build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.zeek + build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DHCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DHCP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_DNP3.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DNS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_File.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Finger.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.zeek + build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.zeek + build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.zeek + build/scripts/base/bif/plugins/Bro_HTTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_ICMP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Ident.events.bif.zeek + build/scripts/base/bif/plugins/Bro_IMAP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_InterConn.events.bif.zeek + build/scripts/base/bif/plugins/Bro_IRC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_KRB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Login.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Login.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_MIME.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Modbus.events.bif.zeek + build/scripts/base/bif/plugins/Bro_MySQL.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NCP.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_NTLM.types.bif.zeek + build/scripts/base/bif/plugins/Bro_NTLM.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_POP3.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RDP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RDP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_RFB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SIP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SNMP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SMTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSH.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SSH.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Syslog.events.bif.zeek + build/scripts/base/bif/plugins/Bro_TCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_TCP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_Teredo.events.bif.zeek + build/scripts/base/bif/plugins/Bro_UDP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.zeek + build/scripts/base/bif/plugins/Bro_XMPP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_FileHash.events.bif.zeek + build/scripts/base/bif/plugins/Bro_PE.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Unified2.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Unified2.types.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.events.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.types.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.zeek + build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.zeek + build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.zeek + build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.zeek + build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.zeek + build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.zeek + build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.zeek + build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.zeek + build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.zeek + build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.zeek +scripts/policy/misc/loaded-scripts.zeek + scripts/base/utils/paths.zeek #close 2019-04-04-19-22-03 diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index e11a4ca00f..68129bbab6 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,18 +1,18 @@ -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.bro, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//broxygen/__load__.bro:10 "Use '@load base/protocols/smb' instead" -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/smb/__load__.bro, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//broxygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 540910b350..6c7f592b5f 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -3,375 +3,375 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2019-04-04-19-22-06 +#open 2019-04-16-17-02-20 #fields name #types string -scripts/base/init-bare.bro - build/scripts/base/bif/const.bif.bro - build/scripts/base/bif/types.bif.bro - build/scripts/base/bif/bro.bif.bro - build/scripts/base/bif/stats.bif.bro - build/scripts/base/bif/reporter.bif.bro - build/scripts/base/bif/strings.bif.bro - build/scripts/base/bif/option.bif.bro - build/scripts/base/bif/plugins/Bro_SNMP.types.bif.bro - build/scripts/base/bif/plugins/Bro_KRB.types.bif.bro - build/scripts/base/bif/event.bif.bro -scripts/base/init-frameworks-and-bifs.bro - scripts/base/frameworks/logging/__load__.bro - scripts/base/frameworks/logging/main.bro - build/scripts/base/bif/logging.bif.bro - scripts/base/frameworks/logging/postprocessors/__load__.bro - scripts/base/frameworks/logging/postprocessors/scp.bro - scripts/base/frameworks/logging/postprocessors/sftp.bro - scripts/base/frameworks/logging/writers/ascii.bro - scripts/base/frameworks/logging/writers/sqlite.bro - scripts/base/frameworks/logging/writers/none.bro - scripts/base/frameworks/broker/__load__.bro - scripts/base/frameworks/broker/main.bro - build/scripts/base/bif/comm.bif.bro - build/scripts/base/bif/messaging.bif.bro - scripts/base/frameworks/broker/store.bro - build/scripts/base/bif/data.bif.bro - build/scripts/base/bif/store.bif.bro - scripts/base/frameworks/broker/log.bro - scripts/base/frameworks/input/__load__.bro - scripts/base/frameworks/input/main.bro - build/scripts/base/bif/input.bif.bro - scripts/base/frameworks/input/readers/ascii.bro - scripts/base/frameworks/input/readers/raw.bro - scripts/base/frameworks/input/readers/benchmark.bro - scripts/base/frameworks/input/readers/binary.bro - scripts/base/frameworks/input/readers/config.bro - scripts/base/frameworks/input/readers/sqlite.bro - scripts/base/frameworks/analyzer/__load__.bro - scripts/base/frameworks/analyzer/main.bro - scripts/base/frameworks/packet-filter/utils.bro - build/scripts/base/bif/analyzer.bif.bro - scripts/base/frameworks/files/__load__.bro - scripts/base/frameworks/files/main.bro - build/scripts/base/bif/file_analysis.bif.bro - scripts/base/utils/site.bro - scripts/base/utils/patterns.bro - scripts/base/frameworks/files/magic/__load__.bro - build/scripts/base/bif/__load__.bro - build/scripts/base/bif/broxygen.bif.bro - build/scripts/base/bif/pcap.bif.bro - build/scripts/base/bif/bloom-filter.bif.bro - build/scripts/base/bif/cardinality-counter.bif.bro - build/scripts/base/bif/top-k.bif.bro - build/scripts/base/bif/plugins/__load__.bro - build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro - build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.bro - build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.bro - build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro - build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro - build/scripts/base/bif/plugins/Bro_DHCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_DHCP.types.bif.bro - build/scripts/base/bif/plugins/Bro_DNP3.events.bif.bro - build/scripts/base/bif/plugins/Bro_DNS.events.bif.bro - build/scripts/base/bif/plugins/Bro_File.events.bif.bro - build/scripts/base/bif/plugins/Bro_Finger.events.bif.bro - build/scripts/base/bif/plugins/Bro_FTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_FTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.bro - build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.bro - build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.bro - build/scripts/base/bif/plugins/Bro_HTTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_ICMP.events.bif.bro - build/scripts/base/bif/plugins/Bro_Ident.events.bif.bro - build/scripts/base/bif/plugins/Bro_IMAP.events.bif.bro - build/scripts/base/bif/plugins/Bro_InterConn.events.bif.bro - build/scripts/base/bif/plugins/Bro_IRC.events.bif.bro - build/scripts/base/bif/plugins/Bro_KRB.events.bif.bro - build/scripts/base/bif/plugins/Bro_Login.events.bif.bro - build/scripts/base/bif/plugins/Bro_Login.functions.bif.bro - build/scripts/base/bif/plugins/Bro_MIME.events.bif.bro - build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro - build/scripts/base/bif/plugins/Bro_MySQL.events.bif.bro - build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_NCP.consts.bif.bro - build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro - build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro - build/scripts/base/bif/plugins/Bro_NTLM.types.bif.bro - build/scripts/base/bif/plugins/Bro_NTLM.events.bif.bro - build/scripts/base/bif/plugins/Bro_NTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro - build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro - build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro - build/scripts/base/bif/plugins/Bro_RDP.types.bif.bro - build/scripts/base/bif/plugins/Bro_RFB.events.bif.bro - build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro - build/scripts/base/bif/plugins/Bro_SIP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.consts.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.types.bif.bro - build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSH.types.bif.bro - build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.types.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.functions.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.consts.bif.bro - build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro - build/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro - build/scripts/base/bif/plugins/Bro_TCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_TCP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro - build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro - build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.bro - build/scripts/base/bif/plugins/Bro_XMPP.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro - build/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro - build/scripts/base/bif/plugins/Bro_PE.events.bif.bro - build/scripts/base/bif/plugins/Bro_Unified2.events.bif.bro - build/scripts/base/bif/plugins/Bro_Unified2.types.bif.bro - build/scripts/base/bif/plugins/Bro_X509.events.bif.bro - build/scripts/base/bif/plugins/Bro_X509.types.bif.bro - build/scripts/base/bif/plugins/Bro_X509.functions.bif.bro - build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.bro - build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.bro - build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro - build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.bro - build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.bro - build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.bro - build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro - build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro - build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.bro - build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro -scripts/base/init-default.bro - scripts/base/utils/active-http.bro - scripts/base/utils/exec.bro - scripts/base/utils/addrs.bro - scripts/base/utils/conn-ids.bro - scripts/base/utils/dir.bro - scripts/base/frameworks/reporter/__load__.bro - scripts/base/frameworks/reporter/main.bro - scripts/base/utils/paths.bro - scripts/base/utils/directions-and-hosts.bro - scripts/base/utils/email.bro - scripts/base/utils/files.bro - scripts/base/utils/geoip-distance.bro - scripts/base/utils/hash_hrw.bro - scripts/base/utils/numbers.bro - scripts/base/utils/queue.bro - scripts/base/utils/strings.bro - scripts/base/utils/thresholds.bro - scripts/base/utils/time.bro - scripts/base/utils/urls.bro - scripts/base/frameworks/notice/__load__.bro - scripts/base/frameworks/notice/main.bro - scripts/base/frameworks/cluster/__load__.bro - scripts/base/frameworks/cluster/main.bro - scripts/base/frameworks/control/__load__.bro - scripts/base/frameworks/control/main.bro - scripts/base/frameworks/cluster/pools.bro - scripts/base/frameworks/notice/weird.bro - scripts/base/frameworks/notice/actions/drop.bro - scripts/base/frameworks/netcontrol/__load__.bro - scripts/base/frameworks/netcontrol/types.bro - scripts/base/frameworks/netcontrol/main.bro - scripts/base/frameworks/netcontrol/plugin.bro - scripts/base/frameworks/netcontrol/plugins/__load__.bro - scripts/base/frameworks/netcontrol/plugins/debug.bro - scripts/base/frameworks/netcontrol/plugins/openflow.bro - scripts/base/frameworks/openflow/__load__.bro - scripts/base/frameworks/openflow/consts.bro - scripts/base/frameworks/openflow/types.bro - scripts/base/frameworks/openflow/main.bro - scripts/base/frameworks/openflow/plugins/__load__.bro - scripts/base/frameworks/openflow/plugins/ryu.bro - scripts/base/utils/json.bro - scripts/base/frameworks/openflow/plugins/log.bro - scripts/base/frameworks/openflow/plugins/broker.bro - scripts/base/frameworks/openflow/non-cluster.bro - scripts/base/frameworks/netcontrol/plugins/packetfilter.bro - scripts/base/frameworks/netcontrol/plugins/broker.bro - scripts/base/frameworks/netcontrol/plugins/acld.bro - scripts/base/frameworks/netcontrol/drop.bro - scripts/base/frameworks/netcontrol/shunt.bro - scripts/base/frameworks/netcontrol/catch-and-release.bro - scripts/base/frameworks/netcontrol/non-cluster.bro - scripts/base/frameworks/notice/actions/email_admin.bro - scripts/base/frameworks/notice/actions/page.bro - scripts/base/frameworks/notice/actions/add-geodata.bro - scripts/base/frameworks/notice/actions/pp-alarms.bro - scripts/base/frameworks/dpd/__load__.bro - scripts/base/frameworks/dpd/main.bro - scripts/base/frameworks/signatures/__load__.bro - scripts/base/frameworks/signatures/main.bro - scripts/base/frameworks/packet-filter/__load__.bro - scripts/base/frameworks/packet-filter/main.bro - scripts/base/frameworks/packet-filter/netstats.bro - scripts/base/frameworks/software/__load__.bro - scripts/base/frameworks/software/main.bro - scripts/base/frameworks/intel/__load__.bro - scripts/base/frameworks/intel/main.bro - scripts/base/frameworks/intel/files.bro - scripts/base/frameworks/intel/input.bro - scripts/base/frameworks/config/__load__.bro - scripts/base/frameworks/config/main.bro - scripts/base/frameworks/config/input.bro - scripts/base/frameworks/config/weird.bro - scripts/base/frameworks/sumstats/__load__.bro - scripts/base/frameworks/sumstats/main.bro - scripts/base/frameworks/sumstats/plugins/__load__.bro - scripts/base/frameworks/sumstats/plugins/average.bro - scripts/base/frameworks/sumstats/plugins/hll_unique.bro - scripts/base/frameworks/sumstats/plugins/last.bro - scripts/base/frameworks/sumstats/plugins/max.bro - scripts/base/frameworks/sumstats/plugins/min.bro - scripts/base/frameworks/sumstats/plugins/sample.bro - scripts/base/frameworks/sumstats/plugins/std-dev.bro - scripts/base/frameworks/sumstats/plugins/variance.bro - scripts/base/frameworks/sumstats/plugins/sum.bro - scripts/base/frameworks/sumstats/plugins/topk.bro - scripts/base/frameworks/sumstats/plugins/unique.bro - scripts/base/frameworks/sumstats/non-cluster.bro - scripts/base/frameworks/tunnels/__load__.bro - scripts/base/frameworks/tunnels/main.bro - scripts/base/protocols/conn/__load__.bro - scripts/base/protocols/conn/main.bro - scripts/base/protocols/conn/contents.bro - scripts/base/protocols/conn/inactivity.bro - scripts/base/protocols/conn/polling.bro - scripts/base/protocols/conn/thresholds.bro - scripts/base/protocols/dce-rpc/__load__.bro - scripts/base/protocols/dce-rpc/consts.bro - scripts/base/protocols/dce-rpc/main.bro - scripts/base/protocols/dhcp/__load__.bro - scripts/base/protocols/dhcp/consts.bro - scripts/base/protocols/dhcp/main.bro - scripts/base/protocols/dnp3/__load__.bro - scripts/base/protocols/dnp3/main.bro - scripts/base/protocols/dnp3/consts.bro - scripts/base/protocols/dns/__load__.bro - scripts/base/protocols/dns/consts.bro - scripts/base/protocols/dns/main.bro - scripts/base/protocols/ftp/__load__.bro - scripts/base/protocols/ftp/utils-commands.bro - scripts/base/protocols/ftp/info.bro - scripts/base/protocols/ftp/main.bro - scripts/base/protocols/ftp/utils.bro - scripts/base/protocols/ftp/files.bro - scripts/base/protocols/ftp/gridftp.bro - scripts/base/protocols/ssl/__load__.bro - scripts/base/protocols/ssl/consts.bro - scripts/base/protocols/ssl/main.bro - scripts/base/protocols/ssl/mozilla-ca-list.bro - scripts/base/protocols/ssl/ct-list.bro - scripts/base/protocols/ssl/files.bro - scripts/base/files/x509/__load__.bro - scripts/base/files/x509/main.bro - scripts/base/files/hash/__load__.bro - scripts/base/files/hash/main.bro - scripts/base/protocols/http/__load__.bro - scripts/base/protocols/http/main.bro - scripts/base/protocols/http/entities.bro - scripts/base/protocols/http/utils.bro - scripts/base/protocols/http/files.bro - scripts/base/protocols/imap/__load__.bro - scripts/base/protocols/imap/main.bro - scripts/base/protocols/irc/__load__.bro - scripts/base/protocols/irc/main.bro - scripts/base/protocols/irc/dcc-send.bro - scripts/base/protocols/irc/files.bro - scripts/base/protocols/krb/__load__.bro - scripts/base/protocols/krb/main.bro - scripts/base/protocols/krb/consts.bro - scripts/base/protocols/krb/files.bro - scripts/base/protocols/modbus/__load__.bro - scripts/base/protocols/modbus/consts.bro - scripts/base/protocols/modbus/main.bro - scripts/base/protocols/mysql/__load__.bro - scripts/base/protocols/mysql/main.bro - scripts/base/protocols/mysql/consts.bro - scripts/base/protocols/ntlm/__load__.bro - scripts/base/protocols/ntlm/main.bro - scripts/base/protocols/pop3/__load__.bro - scripts/base/protocols/radius/__load__.bro - scripts/base/protocols/radius/main.bro - scripts/base/protocols/radius/consts.bro - scripts/base/protocols/rdp/__load__.bro - scripts/base/protocols/rdp/consts.bro - scripts/base/protocols/rdp/main.bro - scripts/base/protocols/rfb/__load__.bro - scripts/base/protocols/rfb/main.bro - scripts/base/protocols/sip/__load__.bro - scripts/base/protocols/sip/main.bro - scripts/base/protocols/snmp/__load__.bro - scripts/base/protocols/snmp/main.bro - scripts/base/protocols/smb/__load__.bro - scripts/base/protocols/smb/consts.bro - scripts/base/protocols/smb/const-dos-error.bro - scripts/base/protocols/smb/const-nt-status.bro - scripts/base/protocols/smb/main.bro - scripts/base/protocols/smb/smb1-main.bro - scripts/base/protocols/smb/smb2-main.bro - scripts/base/protocols/smb/files.bro - scripts/base/protocols/smtp/__load__.bro - scripts/base/protocols/smtp/main.bro - scripts/base/protocols/smtp/entities.bro - scripts/base/protocols/smtp/files.bro - scripts/base/protocols/socks/__load__.bro - scripts/base/protocols/socks/consts.bro - scripts/base/protocols/socks/main.bro - scripts/base/protocols/ssh/__load__.bro - scripts/base/protocols/ssh/main.bro - scripts/base/protocols/syslog/__load__.bro - scripts/base/protocols/syslog/consts.bro - scripts/base/protocols/syslog/main.bro - scripts/base/protocols/tunnels/__load__.bro - scripts/base/protocols/xmpp/__load__.bro - scripts/base/protocols/xmpp/main.bro - scripts/base/files/pe/__load__.bro - scripts/base/files/pe/consts.bro - scripts/base/files/pe/main.bro - scripts/base/files/extract/__load__.bro - scripts/base/files/extract/main.bro - scripts/base/files/unified2/__load__.bro - scripts/base/files/unified2/main.bro - scripts/base/misc/find-checksum-offloading.bro - scripts/base/misc/find-filtered-trace.bro - scripts/base/misc/version.bro -scripts/policy/misc/loaded-scripts.bro -#close 2019-04-04-19-22-06 +scripts/base/init-bare.zeek + build/scripts/base/bif/const.bif.zeek + build/scripts/base/bif/types.bif.zeek + build/scripts/base/bif/bro.bif.zeek + build/scripts/base/bif/stats.bif.zeek + build/scripts/base/bif/reporter.bif.zeek + build/scripts/base/bif/strings.bif.zeek + build/scripts/base/bif/option.bif.zeek + build/scripts/base/bif/plugins/Bro_SNMP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_KRB.types.bif.zeek + build/scripts/base/bif/event.bif.zeek +scripts/base/init-frameworks-and-bifs.zeek + scripts/base/frameworks/logging/__load__.zeek + scripts/base/frameworks/logging/main.zeek + build/scripts/base/bif/logging.bif.zeek + scripts/base/frameworks/logging/postprocessors/__load__.zeek + scripts/base/frameworks/logging/postprocessors/scp.zeek + scripts/base/frameworks/logging/postprocessors/sftp.zeek + scripts/base/frameworks/logging/writers/ascii.zeek + scripts/base/frameworks/logging/writers/sqlite.zeek + scripts/base/frameworks/logging/writers/none.zeek + scripts/base/frameworks/broker/__load__.zeek + scripts/base/frameworks/broker/main.zeek + build/scripts/base/bif/comm.bif.zeek + build/scripts/base/bif/messaging.bif.zeek + scripts/base/frameworks/broker/store.zeek + build/scripts/base/bif/data.bif.zeek + build/scripts/base/bif/store.bif.zeek + scripts/base/frameworks/broker/log.zeek + scripts/base/frameworks/input/__load__.zeek + scripts/base/frameworks/input/main.zeek + build/scripts/base/bif/input.bif.zeek + scripts/base/frameworks/input/readers/ascii.zeek + scripts/base/frameworks/input/readers/raw.zeek + scripts/base/frameworks/input/readers/benchmark.zeek + scripts/base/frameworks/input/readers/binary.zeek + scripts/base/frameworks/input/readers/config.zeek + scripts/base/frameworks/input/readers/sqlite.zeek + scripts/base/frameworks/analyzer/__load__.zeek + scripts/base/frameworks/analyzer/main.zeek + scripts/base/frameworks/packet-filter/utils.zeek + build/scripts/base/bif/analyzer.bif.zeek + scripts/base/frameworks/files/__load__.zeek + scripts/base/frameworks/files/main.zeek + build/scripts/base/bif/file_analysis.bif.zeek + scripts/base/utils/site.zeek + scripts/base/utils/patterns.zeek + scripts/base/frameworks/files/magic/__load__.zeek + build/scripts/base/bif/__load__.zeek + build/scripts/base/bif/broxygen.bif.zeek + build/scripts/base/bif/pcap.bif.zeek + build/scripts/base/bif/bloom-filter.bif.zeek + build/scripts/base/bif/cardinality-counter.bif.zeek + build/scripts/base/bif/top-k.bif.zeek + build/scripts/base/bif/plugins/__load__.zeek + build/scripts/base/bif/plugins/Bro_ARP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.zeek + build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.zeek + build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.zeek + build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DHCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DHCP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_DNP3.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DNS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_File.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Finger.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.zeek + build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.zeek + build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.zeek + build/scripts/base/bif/plugins/Bro_HTTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_ICMP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Ident.events.bif.zeek + build/scripts/base/bif/plugins/Bro_IMAP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_InterConn.events.bif.zeek + build/scripts/base/bif/plugins/Bro_IRC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_KRB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Login.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Login.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_MIME.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Modbus.events.bif.zeek + build/scripts/base/bif/plugins/Bro_MySQL.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NCP.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_NTLM.types.bif.zeek + build/scripts/base/bif/plugins/Bro_NTLM.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_POP3.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RDP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RDP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_RFB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SIP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SNMP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SMTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSH.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SSH.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Syslog.events.bif.zeek + build/scripts/base/bif/plugins/Bro_TCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_TCP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_Teredo.events.bif.zeek + build/scripts/base/bif/plugins/Bro_UDP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.zeek + build/scripts/base/bif/plugins/Bro_XMPP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_FileHash.events.bif.zeek + build/scripts/base/bif/plugins/Bro_PE.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Unified2.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Unified2.types.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.events.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.types.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.zeek + build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.zeek + build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.zeek + build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.zeek + build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.zeek + build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.zeek + build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.zeek + build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.zeek + build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.zeek + build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.zeek +scripts/base/init-default.zeek + scripts/base/utils/active-http.zeek + scripts/base/utils/exec.zeek + scripts/base/utils/addrs.zeek + scripts/base/utils/conn-ids.zeek + scripts/base/utils/dir.zeek + scripts/base/frameworks/reporter/__load__.zeek + scripts/base/frameworks/reporter/main.zeek + scripts/base/utils/paths.zeek + scripts/base/utils/directions-and-hosts.zeek + scripts/base/utils/email.zeek + scripts/base/utils/files.zeek + scripts/base/utils/geoip-distance.zeek + scripts/base/utils/hash_hrw.zeek + scripts/base/utils/numbers.zeek + scripts/base/utils/queue.zeek + scripts/base/utils/strings.zeek + scripts/base/utils/thresholds.zeek + scripts/base/utils/time.zeek + scripts/base/utils/urls.zeek + scripts/base/frameworks/notice/__load__.zeek + scripts/base/frameworks/notice/main.zeek + scripts/base/frameworks/cluster/__load__.zeek + scripts/base/frameworks/cluster/main.zeek + scripts/base/frameworks/control/__load__.zeek + scripts/base/frameworks/control/main.zeek + scripts/base/frameworks/cluster/pools.zeek + scripts/base/frameworks/notice/weird.zeek + scripts/base/frameworks/notice/actions/drop.zeek + scripts/base/frameworks/netcontrol/__load__.zeek + scripts/base/frameworks/netcontrol/types.zeek + scripts/base/frameworks/netcontrol/main.zeek + scripts/base/frameworks/netcontrol/plugin.zeek + scripts/base/frameworks/netcontrol/plugins/__load__.zeek + scripts/base/frameworks/netcontrol/plugins/debug.zeek + scripts/base/frameworks/netcontrol/plugins/openflow.zeek + scripts/base/frameworks/openflow/__load__.zeek + scripts/base/frameworks/openflow/consts.zeek + scripts/base/frameworks/openflow/types.zeek + scripts/base/frameworks/openflow/main.zeek + scripts/base/frameworks/openflow/plugins/__load__.zeek + scripts/base/frameworks/openflow/plugins/ryu.zeek + scripts/base/utils/json.zeek + scripts/base/frameworks/openflow/plugins/log.zeek + scripts/base/frameworks/openflow/plugins/broker.zeek + scripts/base/frameworks/openflow/non-cluster.zeek + scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek + scripts/base/frameworks/netcontrol/plugins/broker.zeek + scripts/base/frameworks/netcontrol/plugins/acld.zeek + scripts/base/frameworks/netcontrol/drop.zeek + scripts/base/frameworks/netcontrol/shunt.zeek + scripts/base/frameworks/netcontrol/catch-and-release.zeek + scripts/base/frameworks/netcontrol/non-cluster.zeek + scripts/base/frameworks/notice/actions/email_admin.zeek + scripts/base/frameworks/notice/actions/page.zeek + scripts/base/frameworks/notice/actions/add-geodata.zeek + scripts/base/frameworks/notice/actions/pp-alarms.zeek + scripts/base/frameworks/dpd/__load__.zeek + scripts/base/frameworks/dpd/main.zeek + scripts/base/frameworks/signatures/__load__.zeek + scripts/base/frameworks/signatures/main.zeek + scripts/base/frameworks/packet-filter/__load__.zeek + scripts/base/frameworks/packet-filter/main.zeek + scripts/base/frameworks/packet-filter/netstats.zeek + scripts/base/frameworks/software/__load__.zeek + scripts/base/frameworks/software/main.zeek + scripts/base/frameworks/intel/__load__.zeek + scripts/base/frameworks/intel/main.zeek + scripts/base/frameworks/intel/files.zeek + scripts/base/frameworks/intel/input.zeek + scripts/base/frameworks/config/__load__.zeek + scripts/base/frameworks/config/main.zeek + scripts/base/frameworks/config/input.zeek + scripts/base/frameworks/config/weird.zeek + scripts/base/frameworks/sumstats/__load__.zeek + scripts/base/frameworks/sumstats/main.zeek + scripts/base/frameworks/sumstats/plugins/__load__.zeek + scripts/base/frameworks/sumstats/plugins/average.zeek + scripts/base/frameworks/sumstats/plugins/hll_unique.zeek + scripts/base/frameworks/sumstats/plugins/last.zeek + scripts/base/frameworks/sumstats/plugins/max.zeek + scripts/base/frameworks/sumstats/plugins/min.zeek + scripts/base/frameworks/sumstats/plugins/sample.zeek + scripts/base/frameworks/sumstats/plugins/std-dev.zeek + scripts/base/frameworks/sumstats/plugins/variance.zeek + scripts/base/frameworks/sumstats/plugins/sum.zeek + scripts/base/frameworks/sumstats/plugins/topk.zeek + scripts/base/frameworks/sumstats/plugins/unique.zeek + scripts/base/frameworks/sumstats/non-cluster.zeek + scripts/base/frameworks/tunnels/__load__.zeek + scripts/base/frameworks/tunnels/main.zeek + scripts/base/protocols/conn/__load__.zeek + scripts/base/protocols/conn/main.zeek + scripts/base/protocols/conn/contents.zeek + scripts/base/protocols/conn/inactivity.zeek + scripts/base/protocols/conn/polling.zeek + scripts/base/protocols/conn/thresholds.zeek + scripts/base/protocols/dce-rpc/__load__.zeek + scripts/base/protocols/dce-rpc/consts.zeek + scripts/base/protocols/dce-rpc/main.zeek + scripts/base/protocols/dhcp/__load__.zeek + scripts/base/protocols/dhcp/consts.zeek + scripts/base/protocols/dhcp/main.zeek + scripts/base/protocols/dnp3/__load__.zeek + scripts/base/protocols/dnp3/main.zeek + scripts/base/protocols/dnp3/consts.zeek + scripts/base/protocols/dns/__load__.zeek + scripts/base/protocols/dns/consts.zeek + scripts/base/protocols/dns/main.zeek + scripts/base/protocols/ftp/__load__.zeek + scripts/base/protocols/ftp/utils-commands.zeek + scripts/base/protocols/ftp/info.zeek + scripts/base/protocols/ftp/main.zeek + scripts/base/protocols/ftp/utils.zeek + scripts/base/protocols/ftp/files.zeek + scripts/base/protocols/ftp/gridftp.zeek + scripts/base/protocols/ssl/__load__.zeek + scripts/base/protocols/ssl/consts.zeek + scripts/base/protocols/ssl/main.zeek + scripts/base/protocols/ssl/mozilla-ca-list.zeek + scripts/base/protocols/ssl/ct-list.zeek + scripts/base/protocols/ssl/files.zeek + scripts/base/files/x509/__load__.zeek + scripts/base/files/x509/main.zeek + scripts/base/files/hash/__load__.zeek + scripts/base/files/hash/main.zeek + scripts/base/protocols/http/__load__.zeek + scripts/base/protocols/http/main.zeek + scripts/base/protocols/http/entities.zeek + scripts/base/protocols/http/utils.zeek + scripts/base/protocols/http/files.zeek + scripts/base/protocols/imap/__load__.zeek + scripts/base/protocols/imap/main.zeek + scripts/base/protocols/irc/__load__.zeek + scripts/base/protocols/irc/main.zeek + scripts/base/protocols/irc/dcc-send.zeek + scripts/base/protocols/irc/files.zeek + scripts/base/protocols/krb/__load__.zeek + scripts/base/protocols/krb/main.zeek + scripts/base/protocols/krb/consts.zeek + scripts/base/protocols/krb/files.zeek + scripts/base/protocols/modbus/__load__.zeek + scripts/base/protocols/modbus/consts.zeek + scripts/base/protocols/modbus/main.zeek + scripts/base/protocols/mysql/__load__.zeek + scripts/base/protocols/mysql/main.zeek + scripts/base/protocols/mysql/consts.zeek + scripts/base/protocols/ntlm/__load__.zeek + scripts/base/protocols/ntlm/main.zeek + scripts/base/protocols/pop3/__load__.zeek + scripts/base/protocols/radius/__load__.zeek + scripts/base/protocols/radius/main.zeek + scripts/base/protocols/radius/consts.zeek + scripts/base/protocols/rdp/__load__.zeek + scripts/base/protocols/rdp/consts.zeek + scripts/base/protocols/rdp/main.zeek + scripts/base/protocols/rfb/__load__.zeek + scripts/base/protocols/rfb/main.zeek + scripts/base/protocols/sip/__load__.zeek + scripts/base/protocols/sip/main.zeek + scripts/base/protocols/snmp/__load__.zeek + scripts/base/protocols/snmp/main.zeek + scripts/base/protocols/smb/__load__.zeek + scripts/base/protocols/smb/consts.zeek + scripts/base/protocols/smb/const-dos-error.zeek + scripts/base/protocols/smb/const-nt-status.zeek + scripts/base/protocols/smb/main.zeek + scripts/base/protocols/smb/smb1-main.zeek + scripts/base/protocols/smb/smb2-main.zeek + scripts/base/protocols/smb/files.zeek + scripts/base/protocols/smtp/__load__.zeek + scripts/base/protocols/smtp/main.zeek + scripts/base/protocols/smtp/entities.zeek + scripts/base/protocols/smtp/files.zeek + scripts/base/protocols/socks/__load__.zeek + scripts/base/protocols/socks/consts.zeek + scripts/base/protocols/socks/main.zeek + scripts/base/protocols/ssh/__load__.zeek + scripts/base/protocols/ssh/main.zeek + scripts/base/protocols/syslog/__load__.zeek + scripts/base/protocols/syslog/consts.zeek + scripts/base/protocols/syslog/main.zeek + scripts/base/protocols/tunnels/__load__.zeek + scripts/base/protocols/xmpp/__load__.zeek + scripts/base/protocols/xmpp/main.zeek + scripts/base/files/pe/__load__.zeek + scripts/base/files/pe/consts.zeek + scripts/base/files/pe/main.zeek + scripts/base/files/extract/__load__.zeek + scripts/base/files/extract/main.zeek + scripts/base/files/unified2/__load__.zeek + scripts/base/files/unified2/main.zeek + scripts/base/misc/find-checksum-offloading.zeek + scripts/base/misc/find-filtered-trace.zeek + scripts/base/misc/version.zeek +scripts/policy/misc/loaded-scripts.zeek +#close 2019-04-16-17-02-20 diff --git a/testing/btest/Baseline/coverage.init-default/missing_loads b/testing/btest/Baseline/coverage.init-default/missing_loads index 31966f11c1..893a603972 100644 --- a/testing/btest/Baseline/coverage.init-default/missing_loads +++ b/testing/btest/Baseline/coverage.init-default/missing_loads @@ -1,10 +1,10 @@ --./frameworks/cluster/nodes/logger.bro --./frameworks/cluster/nodes/manager.bro --./frameworks/cluster/nodes/proxy.bro --./frameworks/cluster/nodes/worker.bro --./frameworks/cluster/setup-connections.bro --./frameworks/intel/cluster.bro --./frameworks/netcontrol/cluster.bro --./frameworks/openflow/cluster.bro --./frameworks/packet-filter/cluster.bro --./frameworks/sumstats/cluster.bro +-./frameworks/cluster/nodes/logger.zeek +-./frameworks/cluster/nodes/manager.zeek +-./frameworks/cluster/nodes/proxy.zeek +-./frameworks/cluster/nodes/worker.zeek +-./frameworks/cluster/setup-connections.zeek +-./frameworks/intel/cluster.zeek +-./frameworks/netcontrol/cluster.zeek +-./frameworks/openflow/cluster.zeek +-./frameworks/packet-filter/cluster.zeek +-./frameworks/sumstats/cluster.zeek diff --git a/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr b/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr index da6c357abf..177214239c 100644 --- a/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr +++ b/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr @@ -1,11 +1,11 @@ -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.bro, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/scripts/broxygen/__load__.bro:10 "Use '@load base/protocols/smb' instead" -error in /Users/jon/projects/bro/bro/scripts/policy/frameworks/control/controller.bro, line 22: The '' control command is unknown. +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/scripts/broxygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" +error in /Users/jon/projects/bro/bro/scripts/policy/frameworks/control/controller.zeek, line 22: The '' control command is unknown. , line 1: received termination signal diff --git a/testing/btest/Baseline/doc.broxygen.example/example.rst b/testing/btest/Baseline/doc.broxygen.example/example.rst index d729ab85ee..e012c20051 100644 --- a/testing/btest/Baseline/doc.broxygen.example/example.rst +++ b/testing/btest/Baseline/doc.broxygen.example/example.rst @@ -1,7 +1,7 @@ :tocdepth: 3 -broxygen/example.bro -==================== +broxygen/example.zeek +===================== .. bro:namespace:: BroxygenExample This is an example script that demonstrates Broxygen-style @@ -27,7 +27,7 @@ And a custom directive does the equivalent references: .. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info :Namespace: BroxygenExample -:Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.bro ` +:Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.zeek ` Summary ~~~~~~~ diff --git a/testing/btest/Baseline/doc.broxygen.package/test.rst b/testing/btest/Baseline/doc.broxygen.package/test.rst index b96de2148b..7c1f32dd44 100644 --- a/testing/btest/Baseline/doc.broxygen.package/test.rst +++ b/testing/btest/Baseline/doc.broxygen.package/test.rst @@ -8,10 +8,10 @@ reference documentation for all Bro scripts (i.e. "Broxygen"). Its only purpose is to provide an easy way to load all known Bro scripts plus any extra scripts needed or used by the documentation process. -:doc:`/scripts/broxygen/__load__.bro` +:doc:`/scripts/broxygen/__load__.zeek` -:doc:`/scripts/broxygen/example.bro` +:doc:`/scripts/broxygen/example.zeek` This is an example script that demonstrates Broxygen-style documentation. It generally will make most sense when viewing diff --git a/testing/btest/Baseline/doc.broxygen.script_index/test.rst b/testing/btest/Baseline/doc.broxygen.script_index/test.rst index dda280facf..30d849c2e0 100644 --- a/testing/btest/Baseline/doc.broxygen.script_index/test.rst +++ b/testing/btest/Baseline/doc.broxygen.script_index/test.rst @@ -1,5 +1,5 @@ .. toctree:: :maxdepth: 1 - broxygen/__load__.bro - broxygen/example.bro + broxygen/__load__.zeek + broxygen/example.zeek diff --git a/testing/btest/Baseline/doc.broxygen.script_summary/test.rst b/testing/btest/Baseline/doc.broxygen.script_summary/test.rst index 125a579c81..509f2c9286 100644 --- a/testing/btest/Baseline/doc.broxygen.script_summary/test.rst +++ b/testing/btest/Baseline/doc.broxygen.script_summary/test.rst @@ -1,4 +1,4 @@ -:doc:`/scripts/broxygen/example.bro` +:doc:`/scripts/broxygen/example.zeek` This is an example script that demonstrates Broxygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered diff --git a/testing/btest/Baseline/language.index-assignment-invalid/out b/testing/btest/Baseline/language.index-assignment-invalid/out index 3972a9f10e..44e82d16f6 100644 --- a/testing/btest/Baseline/language.index-assignment-invalid/out +++ b/testing/btest/Baseline/language.index-assignment-invalid/out @@ -1,4 +1,4 @@ -runtime error in /home/jon/pro/zeek/zeek/scripts/base/utils/queue.bro, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=], expression: Queue::ret[Queue::j], call stack: +runtime error in /home/jon/pro/zeek/zeek/scripts/base/utils/queue.zeek, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=], expression: Queue::ret[Queue::j], call stack: #0 Queue::get_vector([initialized=T, vals={[2] = test,[6] = jkl;,[4] = asdf,[1] = goodbye,[5] = 3,[0] = hello,[3] = [a=T, b=hi, c=]}, settings=[max_len=], top=7, bottom=0, size=0], [hello, goodbye, test]) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:19 #1 bar(55) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:27 #2 foo(hi, 13) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:39 diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 04908bed0b..0d383879f7 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -277,7 +277,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> @@ -462,7 +462,7 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) -> 0.000000 MetaHookPost CallFunction(NetControl::init, , ()) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> @@ -575,294 +575,294 @@ 0.000000 MetaHookPost CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) -> 0.000000 MetaHookPost CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) -> 0.000000 MetaHookPost DrainEvents() -> -0.000000 MetaHookPost LoadFile(0, ..<...>/main.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, ..<...>/plugin.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ARP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_AsciiReader.ascii.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_AsciiWriter.ascii.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_BackDoor.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_BenchmarkReader.benchmark.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_BinaryReader.binary.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_BitTorrent.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ConfigReader.config.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ConnSize.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ConnSize.functions.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DCE_RPC.consts.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DCE_RPC.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DCE_RPC.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DHCP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DHCP.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DNP3.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DNS.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FTP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FTP.functions.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_File.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FileEntropy.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FileExtract.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FileExtract.functions.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FileHash.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Finger.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_GSSAPI.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_GTPv1.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Gnutella.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_HTTP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_HTTP.functions.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ICMP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_IMAP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_IRC.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Ident.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_InterConn.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_KRB.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_KRB.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Login.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Login.functions.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_MIME.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Modbus.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_MySQL.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NCP.consts.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NCP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTLM.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTLM.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NetBIOS.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NetBIOS.functions.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NoneWriter.none.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_PE.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_POP3.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RADIUS.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RDP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RDP.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RFB.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RPC.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RawReader.raw.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SIP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.consts.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_check_directory.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_close.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_create_directory.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_echo.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_logoff_andx.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_negotiate.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_nt_cancel.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_nt_create_andx.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_query_information.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_read_andx.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_session_setup_andx.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction2.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction2_secondary.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction_secondary.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_tree_connect_andx.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_tree_disconnect.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_write_andx.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_close.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_create.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_negotiate.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_read.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_session_setup.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_set_info.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_transform_header.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_tree_connect.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_tree_disconnect.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_write.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMTP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMTP.functions.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SNMP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SNMP.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SOCKS.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SQLiteReader.sqlite.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SQLiteWriter.sqlite.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSH.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSH.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.consts.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.functions.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SteppingStone.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Syslog.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_TCP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_TCP.functions.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Teredo.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_UDP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Unified2.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Unified2.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_VXLAN.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_X509.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_X509.functions.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_X509.ocsp_events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_X509.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_XMPP.events.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/acld.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/add-geodata.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/addrs.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/analyzer.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/ascii.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/average.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/benchmark.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/binary.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/bloom-filter.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/bro.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/broker.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/broxygen.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/cardinality-counter.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/catch-and-release.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/comm.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/config.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/const-dos-error.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/const-nt-status.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/const.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/consts.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/contents.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/ct-list.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/data.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/dcc-send.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/debug.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/drop.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/email_admin.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/entities.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/event.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/exec.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/file_analysis.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/files.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/gridftp.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/hll_unique.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/hooks.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/inactivity.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/info.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/input.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/input.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/last.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/log.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/logging.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, ..<...>/main.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, ..<...>/plugin.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ARP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_AsciiReader.ascii.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_AsciiWriter.ascii.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_BackDoor.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_BenchmarkReader.benchmark.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_BinaryReader.binary.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_BitTorrent.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ConfigReader.config.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ConnSize.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ConnSize.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DCE_RPC.consts.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DCE_RPC.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DCE_RPC.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DHCP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DHCP.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DNP3.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DNS.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FTP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FTP.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_File.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FileEntropy.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FileExtract.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FileExtract.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FileHash.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Finger.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_GSSAPI.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_GTPv1.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Gnutella.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_HTTP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_HTTP.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ICMP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_IMAP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_IRC.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Ident.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_InterConn.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_KRB.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_KRB.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Login.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Login.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_MIME.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Modbus.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_MySQL.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NCP.consts.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NCP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTLM.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTLM.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NetBIOS.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NetBIOS.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NoneWriter.none.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_PE.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_POP3.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RADIUS.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RDP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RDP.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RFB.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RPC.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RawReader.raw.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SIP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.consts.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_check_directory.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_close.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_create_directory.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_echo.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_logoff_andx.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_negotiate.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_nt_cancel.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_nt_create_andx.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_query_information.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_read_andx.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_session_setup_andx.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction2.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction_secondary.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_tree_disconnect.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_write_andx.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_close.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_create.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_negotiate.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_read.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_session_setup.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_set_info.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_transform_header.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_tree_connect.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_tree_disconnect.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_write.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMTP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMTP.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SNMP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SNMP.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SOCKS.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SQLiteReader.sqlite.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SQLiteWriter.sqlite.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSH.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSH.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.consts.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SteppingStone.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Syslog.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_TCP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_TCP.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Teredo.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_UDP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Unified2.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Unified2.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_VXLAN.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_X509.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_X509.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_X509.ocsp_events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_X509.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Bro_XMPP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/acld.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/add-geodata.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/addrs.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/analyzer.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/ascii.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/average.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/benchmark.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/binary.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/bloom-filter.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/bro.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/broker.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/broxygen.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/cardinality-counter.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/catch-and-release.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/comm.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/config.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/const-dos-error.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/const-nt-status.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/const.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/consts.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/contents.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/ct-list.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/data.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/dcc-send.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/debug.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/drop.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/email_admin.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/entities.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/event.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/exec.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/file_analysis.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/files.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/gridftp.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/hll_unique.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/hooks.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/inactivity.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/info.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/input.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/input.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/last.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/log.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/logging.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/magic) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/main.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/max.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/messaging.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/min.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/mozilla-ca-list.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/netstats.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/non-cluster.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/none.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/openflow.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/option.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/packetfilter.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/page.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/patterns.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/pcap.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/plugin.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/main.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/max.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/messaging.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/min.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/mozilla-ca-list.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/netstats.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/non-cluster.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/none.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/openflow.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/option.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/packetfilter.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/page.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/patterns.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/pcap.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/plugin.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/plugins) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/polling.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/pools.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/polling.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/pools.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/postprocessors) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/pp-alarms.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/raw.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/reporter.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/ryu.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/sample.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/scp.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/sftp.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/shunt.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/site.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/smb1-main.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/smb2-main.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/sqlite.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/stats.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/std-dev.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/store.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/store.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/strings.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/sum.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/thresholds.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/top-k.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/topk.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/types.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/unique.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/utils-commands.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/utils.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/variance.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/weird.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, <...>/__load__.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, <...>/__preload__.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/pp-alarms.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/raw.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/reporter.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/ryu.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/sample.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/scp.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/sftp.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/shunt.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/site.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/smb1-main.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/smb2-main.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/sqlite.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/stats.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/std-dev.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/store.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/store.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/strings.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/sum.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/thresholds.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/top-k.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/topk.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/types.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/unique.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/utils-commands.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/utils.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/variance.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/weird.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, <...>/__load__.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, <...>/__preload__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/hooks.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/Bro_KRB.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/Bro_SNMP.types.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/active-http.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/addrs.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/Bro_KRB.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/Bro_SNMP.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/active-http.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/addrs.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/analyzer) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/analyzer.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/analyzer.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/bif) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/bro.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/bro.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/broker) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/cluster) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/comm.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/comm.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/config) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/conn) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/conn-ids.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/const.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/conn-ids.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/const.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/control) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/data.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/data.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/dce-rpc) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/dhcp) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/dir.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/directions-and-hosts.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/dir.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/directions-and-hosts.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/dnp3) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/dns) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/dpd) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/email.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/event.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/exec.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/email.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/event.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/exec.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/extract) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/file_analysis.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/file_analysis.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/files) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/files.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/find-checksum-offloading.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/find-filtered-trace.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/files.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/find-checksum-offloading.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/find-filtered-trace.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ftp) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/geoip-distance.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/geoip-distance.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/hash) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/hash_hrw.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/hash_hrw.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/http) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/imap) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/init-default.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/init-frameworks-and-bifs.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/init-default.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/init-frameworks-and-bifs.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/input) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/input.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/input.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/intel) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/irc) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/json.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/json.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/krb) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/logging) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/logging.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/main.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/messaging.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/logging.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/main.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/messaging.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/modbus) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/mysql) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/netcontrol) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/notice) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ntlm) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/numbers.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/numbers.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/openflow) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/option.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/option.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/packet-filter) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/paths.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/patterns.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/paths.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/patterns.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/pe) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/plugins) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/pop3) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/queue.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/queue.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/radius) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/rdp) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/reporter) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/reporter.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/reporter.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/rfb) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/signatures) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/sip) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/site.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/site.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/smb) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/smtp) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/snmp) -> -1 @@ -870,21 +870,21 @@ 0.000000 MetaHookPost LoadFile(0, base<...>/software) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ssh) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ssl) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/stats.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/store.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/strings.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/strings.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/stats.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/store.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/strings.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/strings.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/sumstats) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/syslog) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/thresholds.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/time.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/thresholds.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/time.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/tunnels) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/types.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/unified2) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/urls.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/utils.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/version.bro) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/weird.bro) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/urls.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/utils.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/version.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/weird.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/x509) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/xmpp) -> -1 0.000000 MetaHookPost LoadFile(1, .<...>/archive.sig) -> -1 @@ -1180,7 +1180,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) @@ -1365,7 +1365,7 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(NetControl::check_plugins, , ()) 0.000000 MetaHookPre CallFunction(NetControl::init, , ()) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) @@ -1478,294 +1478,294 @@ 0.000000 MetaHookPre CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) 0.000000 MetaHookPre CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) 0.000000 MetaHookPre DrainEvents() -0.000000 MetaHookPre LoadFile(0, ..<...>/main.bro) -0.000000 MetaHookPre LoadFile(0, ..<...>/plugin.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ARP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_AsciiReader.ascii.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_AsciiWriter.ascii.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_BackDoor.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_BenchmarkReader.benchmark.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_BinaryReader.binary.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_BitTorrent.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ConfigReader.config.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ConnSize.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ConnSize.functions.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DCE_RPC.consts.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DCE_RPC.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DCE_RPC.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DHCP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DHCP.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DNP3.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DNS.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FTP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FTP.functions.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_File.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FileEntropy.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FileExtract.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FileExtract.functions.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FileHash.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Finger.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_GSSAPI.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_GTPv1.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Gnutella.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_HTTP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_HTTP.functions.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ICMP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_IMAP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_IRC.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Ident.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_InterConn.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_KRB.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_KRB.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Login.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Login.functions.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_MIME.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Modbus.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_MySQL.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NCP.consts.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NCP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTLM.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTLM.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NetBIOS.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NetBIOS.functions.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NoneWriter.none.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_PE.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_POP3.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RADIUS.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RDP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RDP.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RFB.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RPC.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RawReader.raw.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SIP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.consts.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_check_directory.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_close.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_create_directory.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_echo.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_logoff_andx.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_negotiate.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_nt_cancel.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_nt_create_andx.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_query_information.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_read_andx.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_session_setup_andx.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction2.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction2_secondary.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction_secondary.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_tree_connect_andx.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_tree_disconnect.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_write_andx.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_close.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_create.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_negotiate.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_read.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_session_setup.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_set_info.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_transform_header.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_tree_connect.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_tree_disconnect.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_write.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMTP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMTP.functions.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SNMP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SNMP.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SOCKS.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SQLiteReader.sqlite.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SQLiteWriter.sqlite.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSH.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSH.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.consts.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.functions.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SteppingStone.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Syslog.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_TCP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_TCP.functions.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Teredo.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_UDP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Unified2.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Unified2.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_VXLAN.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_X509.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_X509.functions.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_X509.ocsp_events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_X509.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_XMPP.events.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/acld.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/add-geodata.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/addrs.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/analyzer.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/ascii.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/average.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/benchmark.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/binary.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/bloom-filter.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/bro.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/broker.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/broxygen.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/cardinality-counter.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/catch-and-release.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/comm.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/config.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/const-dos-error.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/const-nt-status.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/const.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/consts.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/contents.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/ct-list.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/data.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/dcc-send.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/debug.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/drop.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/email_admin.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/entities.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/event.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/exec.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/file_analysis.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/files.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/gridftp.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/hll_unique.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/hooks.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/inactivity.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/info.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/input.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/input.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/last.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/log.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/logging.bif.bro) +0.000000 MetaHookPre LoadFile(0, ..<...>/main.zeek) +0.000000 MetaHookPre LoadFile(0, ..<...>/plugin.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ARP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_AsciiReader.ascii.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_AsciiWriter.ascii.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_BackDoor.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_BenchmarkReader.benchmark.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_BinaryReader.binary.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_BitTorrent.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ConfigReader.config.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ConnSize.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ConnSize.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DCE_RPC.consts.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DCE_RPC.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DCE_RPC.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DHCP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DHCP.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DNP3.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DNS.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FTP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FTP.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_File.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FileEntropy.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FileExtract.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FileExtract.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FileHash.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Finger.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_GSSAPI.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_GTPv1.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Gnutella.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_HTTP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_HTTP.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ICMP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_IMAP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_IRC.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Ident.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_InterConn.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_KRB.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_KRB.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Login.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Login.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_MIME.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Modbus.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_MySQL.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NCP.consts.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NCP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTLM.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTLM.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NetBIOS.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NetBIOS.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NoneWriter.none.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_PE.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_POP3.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RADIUS.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RDP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RDP.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RFB.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RPC.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RawReader.raw.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SIP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.consts.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_check_directory.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_close.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_create_directory.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_echo.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_logoff_andx.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_negotiate.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_nt_cancel.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_nt_create_andx.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_query_information.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_read_andx.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_session_setup_andx.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction2.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction_secondary.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_tree_disconnect.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_write_andx.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_close.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_create.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_negotiate.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_read.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_session_setup.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_set_info.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_transform_header.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_tree_connect.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_tree_disconnect.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_write.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMTP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMTP.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SNMP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SNMP.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SOCKS.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SQLiteReader.sqlite.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SQLiteWriter.sqlite.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSH.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSH.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.consts.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SteppingStone.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Syslog.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_TCP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_TCP.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Teredo.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_UDP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Unified2.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Unified2.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_VXLAN.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_X509.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_X509.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_X509.ocsp_events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_X509.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Bro_XMPP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/acld.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/add-geodata.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/addrs.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/analyzer.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/ascii.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/average.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/benchmark.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/binary.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/bloom-filter.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/bro.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/broker.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/broxygen.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/cardinality-counter.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/catch-and-release.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/comm.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/config.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/const-dos-error.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/const-nt-status.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/const.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/consts.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/contents.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/ct-list.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/data.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/dcc-send.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/debug.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/drop.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/email_admin.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/entities.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/event.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/exec.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/file_analysis.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/files.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/gridftp.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/hll_unique.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/hooks.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/inactivity.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/info.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/input.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/input.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/last.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/log.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/logging.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/magic) -0.000000 MetaHookPre LoadFile(0, .<...>/main.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/max.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/messaging.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/min.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/mozilla-ca-list.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/netstats.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/non-cluster.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/none.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/openflow.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/option.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/packetfilter.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/page.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/patterns.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/pcap.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/plugin.bro) +0.000000 MetaHookPre LoadFile(0, .<...>/main.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/max.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/messaging.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/min.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/mozilla-ca-list.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/netstats.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/non-cluster.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/none.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/openflow.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/option.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/packetfilter.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/page.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/patterns.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/pcap.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/plugin.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/plugins) -0.000000 MetaHookPre LoadFile(0, .<...>/polling.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/pools.bro) +0.000000 MetaHookPre LoadFile(0, .<...>/polling.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/pools.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/postprocessors) -0.000000 MetaHookPre LoadFile(0, .<...>/pp-alarms.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/raw.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/reporter.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/ryu.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/sample.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/scp.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/sftp.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/shunt.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/site.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/smb1-main.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/smb2-main.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/sqlite.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/stats.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/std-dev.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/store.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/store.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/strings.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/sum.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/thresholds.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/top-k.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/topk.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/types.bif.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/types.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/unique.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/utils-commands.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/utils.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/variance.bro) -0.000000 MetaHookPre LoadFile(0, .<...>/weird.bro) -0.000000 MetaHookPre LoadFile(0, <...>/__load__.bro) -0.000000 MetaHookPre LoadFile(0, <...>/__preload__.bro) +0.000000 MetaHookPre LoadFile(0, .<...>/pp-alarms.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/raw.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/reporter.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/ryu.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/sample.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/scp.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/sftp.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/shunt.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/site.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/smb1-main.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/smb2-main.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/sqlite.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/stats.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/std-dev.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/store.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/store.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/strings.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/sum.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/thresholds.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/top-k.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/topk.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/types.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/unique.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/utils-commands.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/utils.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/variance.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/weird.zeek) +0.000000 MetaHookPre LoadFile(0, <...>/__load__.zeek) +0.000000 MetaHookPre LoadFile(0, <...>/__preload__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/hooks.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/Bro_KRB.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/Bro_SNMP.types.bif.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/active-http.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/addrs.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/Bro_KRB.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/Bro_SNMP.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/active-http.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/addrs.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/analyzer) -0.000000 MetaHookPre LoadFile(0, base<...>/analyzer.bif.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/analyzer.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/bif) -0.000000 MetaHookPre LoadFile(0, base<...>/bro.bif.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/bro.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/broker) 0.000000 MetaHookPre LoadFile(0, base<...>/cluster) -0.000000 MetaHookPre LoadFile(0, base<...>/comm.bif.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/comm.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/config) 0.000000 MetaHookPre LoadFile(0, base<...>/conn) -0.000000 MetaHookPre LoadFile(0, base<...>/conn-ids.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/const.bif.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/conn-ids.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/const.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/control) -0.000000 MetaHookPre LoadFile(0, base<...>/data.bif.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/data.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/dce-rpc) 0.000000 MetaHookPre LoadFile(0, base<...>/dhcp) -0.000000 MetaHookPre LoadFile(0, base<...>/dir.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/directions-and-hosts.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/dir.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/directions-and-hosts.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/dnp3) 0.000000 MetaHookPre LoadFile(0, base<...>/dns) 0.000000 MetaHookPre LoadFile(0, base<...>/dpd) -0.000000 MetaHookPre LoadFile(0, base<...>/email.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/event.bif.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/exec.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/email.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/event.bif.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/exec.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/extract) -0.000000 MetaHookPre LoadFile(0, base<...>/file_analysis.bif.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/file_analysis.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/files) -0.000000 MetaHookPre LoadFile(0, base<...>/files.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/find-checksum-offloading.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/find-filtered-trace.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/files.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/find-checksum-offloading.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/find-filtered-trace.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/ftp) -0.000000 MetaHookPre LoadFile(0, base<...>/geoip-distance.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/geoip-distance.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/hash) -0.000000 MetaHookPre LoadFile(0, base<...>/hash_hrw.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/hash_hrw.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/http) 0.000000 MetaHookPre LoadFile(0, base<...>/imap) -0.000000 MetaHookPre LoadFile(0, base<...>/init-default.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/init-frameworks-and-bifs.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/init-default.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/init-frameworks-and-bifs.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/input) -0.000000 MetaHookPre LoadFile(0, base<...>/input.bif.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/input.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/intel) 0.000000 MetaHookPre LoadFile(0, base<...>/irc) -0.000000 MetaHookPre LoadFile(0, base<...>/json.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/json.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/krb) 0.000000 MetaHookPre LoadFile(0, base<...>/logging) -0.000000 MetaHookPre LoadFile(0, base<...>/logging.bif.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/main.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/messaging.bif.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/logging.bif.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/main.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/messaging.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/modbus) 0.000000 MetaHookPre LoadFile(0, base<...>/mysql) 0.000000 MetaHookPre LoadFile(0, base<...>/netcontrol) 0.000000 MetaHookPre LoadFile(0, base<...>/notice) 0.000000 MetaHookPre LoadFile(0, base<...>/ntlm) -0.000000 MetaHookPre LoadFile(0, base<...>/numbers.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/numbers.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/openflow) -0.000000 MetaHookPre LoadFile(0, base<...>/option.bif.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/option.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/packet-filter) -0.000000 MetaHookPre LoadFile(0, base<...>/paths.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/patterns.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/paths.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/patterns.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/pe) 0.000000 MetaHookPre LoadFile(0, base<...>/plugins) 0.000000 MetaHookPre LoadFile(0, base<...>/pop3) -0.000000 MetaHookPre LoadFile(0, base<...>/queue.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/queue.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/radius) 0.000000 MetaHookPre LoadFile(0, base<...>/rdp) 0.000000 MetaHookPre LoadFile(0, base<...>/reporter) -0.000000 MetaHookPre LoadFile(0, base<...>/reporter.bif.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/reporter.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/rfb) 0.000000 MetaHookPre LoadFile(0, base<...>/signatures) 0.000000 MetaHookPre LoadFile(0, base<...>/sip) -0.000000 MetaHookPre LoadFile(0, base<...>/site.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/site.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/smb) 0.000000 MetaHookPre LoadFile(0, base<...>/smtp) 0.000000 MetaHookPre LoadFile(0, base<...>/snmp) @@ -1773,21 +1773,21 @@ 0.000000 MetaHookPre LoadFile(0, base<...>/software) 0.000000 MetaHookPre LoadFile(0, base<...>/ssh) 0.000000 MetaHookPre LoadFile(0, base<...>/ssl) -0.000000 MetaHookPre LoadFile(0, base<...>/stats.bif.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/store.bif.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/strings.bif.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/strings.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/stats.bif.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/store.bif.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/strings.bif.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/strings.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/sumstats) 0.000000 MetaHookPre LoadFile(0, base<...>/syslog) -0.000000 MetaHookPre LoadFile(0, base<...>/thresholds.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/time.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/thresholds.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/time.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/tunnels) -0.000000 MetaHookPre LoadFile(0, base<...>/types.bif.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/unified2) -0.000000 MetaHookPre LoadFile(0, base<...>/urls.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/utils.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/version.bro) -0.000000 MetaHookPre LoadFile(0, base<...>/weird.bro) +0.000000 MetaHookPre LoadFile(0, base<...>/urls.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/utils.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/version.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/weird.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/x509) 0.000000 MetaHookPre LoadFile(0, base<...>/xmpp) 0.000000 MetaHookPre LoadFile(1, .<...>/archive.sig) @@ -2082,7 +2082,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) @@ -2267,7 +2267,7 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction NetControl::check_plugins() 0.000000 | HookCallFunction NetControl::init() 0.000000 | HookCallFunction Notice::want_pp() @@ -2380,303 +2380,303 @@ 0.000000 | HookCallFunction string_to_pattern((^\.?|\.)()$, F) 0.000000 | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, ) 0.000000 | HookDrainEvents -0.000000 | HookLoadFile ..<...>/main.bro -0.000000 | HookLoadFile ..<...>/plugin.bro -0.000000 | HookLoadFile .<...>/Bro_ARP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_AsciiReader.ascii.bif.bro -0.000000 | HookLoadFile .<...>/Bro_AsciiWriter.ascii.bif.bro -0.000000 | HookLoadFile .<...>/Bro_BackDoor.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_BenchmarkReader.benchmark.bif.bro -0.000000 | HookLoadFile .<...>/Bro_BinaryReader.binary.bif.bro -0.000000 | HookLoadFile .<...>/Bro_BitTorrent.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_ConfigReader.config.bif.bro -0.000000 | HookLoadFile .<...>/Bro_ConnSize.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_ConnSize.functions.bif.bro -0.000000 | HookLoadFile .<...>/Bro_DCE_RPC.consts.bif.bro -0.000000 | HookLoadFile .<...>/Bro_DCE_RPC.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_DCE_RPC.types.bif.bro -0.000000 | HookLoadFile .<...>/Bro_DHCP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_DHCP.types.bif.bro -0.000000 | HookLoadFile .<...>/Bro_DNP3.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_DNS.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_FTP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_FTP.functions.bif.bro -0.000000 | HookLoadFile .<...>/Bro_File.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_FileEntropy.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_FileExtract.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_FileExtract.functions.bif.bro -0.000000 | HookLoadFile .<...>/Bro_FileHash.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_Finger.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_GSSAPI.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_GTPv1.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_Gnutella.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_HTTP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_HTTP.functions.bif.bro -0.000000 | HookLoadFile .<...>/Bro_ICMP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_IMAP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_IRC.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_Ident.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_InterConn.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_KRB.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_KRB.types.bif.bro -0.000000 | HookLoadFile .<...>/Bro_Login.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_Login.functions.bif.bro -0.000000 | HookLoadFile .<...>/Bro_MIME.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_Modbus.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_MySQL.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_NCP.consts.bif.bro -0.000000 | HookLoadFile .<...>/Bro_NCP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_NTLM.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_NTLM.types.bif.bro -0.000000 | HookLoadFile .<...>/Bro_NTP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_NetBIOS.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_NetBIOS.functions.bif.bro -0.000000 | HookLoadFile .<...>/Bro_NoneWriter.none.bif.bro -0.000000 | HookLoadFile .<...>/Bro_PE.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_POP3.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_RADIUS.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_RDP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_RDP.types.bif.bro -0.000000 | HookLoadFile .<...>/Bro_RFB.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_RPC.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_RawReader.raw.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SIP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.consts.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_check_directory.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_close.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_create_directory.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_echo.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_logoff_andx.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_negotiate.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_nt_cancel.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_nt_create_andx.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_query_information.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_read_andx.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_session_setup_andx.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_transaction.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_transaction2.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_transaction2_secondary.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_transaction_secondary.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_tree_connect_andx.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_tree_disconnect.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_write_andx.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_close.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_create.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_negotiate.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_read.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_session_setup.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_set_info.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_transform_header.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_tree_connect.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_tree_disconnect.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_write.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMB.types.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMTP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SMTP.functions.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SNMP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SNMP.types.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SOCKS.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SQLiteReader.sqlite.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SQLiteWriter.sqlite.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SSH.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SSH.types.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SSL.consts.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SSL.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SSL.functions.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SSL.types.bif.bro -0.000000 | HookLoadFile .<...>/Bro_SteppingStone.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_Syslog.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_TCP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_TCP.functions.bif.bro -0.000000 | HookLoadFile .<...>/Bro_Teredo.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_UDP.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_Unified2.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_Unified2.types.bif.bro -0.000000 | HookLoadFile .<...>/Bro_VXLAN.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_X509.events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_X509.functions.bif.bro -0.000000 | HookLoadFile .<...>/Bro_X509.ocsp_events.bif.bro -0.000000 | HookLoadFile .<...>/Bro_X509.types.bif.bro -0.000000 | HookLoadFile .<...>/Bro_XMPP.events.bif.bro -0.000000 | HookLoadFile .<...>/acld.bro -0.000000 | HookLoadFile .<...>/add-geodata.bro -0.000000 | HookLoadFile .<...>/addrs.bro -0.000000 | HookLoadFile .<...>/analyzer.bif.bro +0.000000 | HookLoadFile ..<...>/main.zeek +0.000000 | HookLoadFile ..<...>/plugin.zeek +0.000000 | HookLoadFile .<...>/Bro_ARP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_AsciiReader.ascii.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_AsciiWriter.ascii.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_BackDoor.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_BenchmarkReader.benchmark.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_BinaryReader.binary.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_BitTorrent.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_ConfigReader.config.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_ConnSize.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_ConnSize.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_DCE_RPC.consts.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_DCE_RPC.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_DCE_RPC.types.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_DHCP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_DHCP.types.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_DNP3.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_DNS.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_FTP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_FTP.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_File.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_FileEntropy.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_FileExtract.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_FileExtract.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_FileHash.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_Finger.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_GSSAPI.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_GTPv1.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_Gnutella.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_HTTP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_HTTP.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_ICMP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_IMAP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_IRC.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_Ident.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_InterConn.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_KRB.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_KRB.types.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_Login.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_Login.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_MIME.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_Modbus.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_MySQL.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_NCP.consts.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_NCP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_NTLM.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_NTLM.types.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_NTP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_NetBIOS.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_NetBIOS.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_NoneWriter.none.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_PE.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_POP3.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_RADIUS.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_RDP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_RDP.types.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_RFB.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_RPC.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_RawReader.raw.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SIP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.consts.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_check_directory.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_close.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_create_directory.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_echo.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_logoff_andx.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_negotiate.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_nt_cancel.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_nt_create_andx.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_query_information.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_read_andx.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_session_setup_andx.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_transaction.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_transaction2.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_transaction_secondary.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_tree_disconnect.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_write_andx.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_close.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_create.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_negotiate.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_read.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_session_setup.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_set_info.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_transform_header.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_tree_connect.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_tree_disconnect.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_write.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMB.types.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMTP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SMTP.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SNMP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SNMP.types.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SOCKS.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SQLiteReader.sqlite.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SQLiteWriter.sqlite.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SSH.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SSH.types.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SSL.consts.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SSL.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SSL.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SSL.types.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_SteppingStone.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_Syslog.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_TCP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_TCP.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_Teredo.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_UDP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_Unified2.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_Unified2.types.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_VXLAN.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_X509.events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_X509.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_X509.ocsp_events.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_X509.types.bif.zeek +0.000000 | HookLoadFile .<...>/Bro_XMPP.events.bif.zeek +0.000000 | HookLoadFile .<...>/acld.zeek +0.000000 | HookLoadFile .<...>/add-geodata.zeek +0.000000 | HookLoadFile .<...>/addrs.zeek +0.000000 | HookLoadFile .<...>/analyzer.bif.zeek 0.000000 | HookLoadFile .<...>/archive.sig -0.000000 | HookLoadFile .<...>/ascii.bro +0.000000 | HookLoadFile .<...>/ascii.zeek 0.000000 | HookLoadFile .<...>/audio.sig -0.000000 | HookLoadFile .<...>/average.bro -0.000000 | HookLoadFile .<...>/benchmark.bro -0.000000 | HookLoadFile .<...>/binary.bro -0.000000 | HookLoadFile .<...>/bloom-filter.bif.bro -0.000000 | HookLoadFile .<...>/bro.bif.bro -0.000000 | HookLoadFile .<...>/broker.bro -0.000000 | HookLoadFile .<...>/broxygen.bif.bro -0.000000 | HookLoadFile .<...>/cardinality-counter.bif.bro -0.000000 | HookLoadFile .<...>/catch-and-release.bro -0.000000 | HookLoadFile .<...>/comm.bif.bro -0.000000 | HookLoadFile .<...>/config.bro -0.000000 | HookLoadFile .<...>/const-dos-error.bro -0.000000 | HookLoadFile .<...>/const-nt-status.bro -0.000000 | HookLoadFile .<...>/const.bif.bro -0.000000 | HookLoadFile .<...>/consts.bro -0.000000 | HookLoadFile .<...>/contents.bro -0.000000 | HookLoadFile .<...>/ct-list.bro -0.000000 | HookLoadFile .<...>/data.bif.bro -0.000000 | HookLoadFile .<...>/dcc-send.bro -0.000000 | HookLoadFile .<...>/debug.bro +0.000000 | HookLoadFile .<...>/average.zeek +0.000000 | HookLoadFile .<...>/benchmark.zeek +0.000000 | HookLoadFile .<...>/binary.zeek +0.000000 | HookLoadFile .<...>/bloom-filter.bif.zeek +0.000000 | HookLoadFile .<...>/bro.bif.zeek +0.000000 | HookLoadFile .<...>/broker.zeek +0.000000 | HookLoadFile .<...>/broxygen.bif.zeek +0.000000 | HookLoadFile .<...>/cardinality-counter.bif.zeek +0.000000 | HookLoadFile .<...>/catch-and-release.zeek +0.000000 | HookLoadFile .<...>/comm.bif.zeek +0.000000 | HookLoadFile .<...>/config.zeek +0.000000 | HookLoadFile .<...>/const-dos-error.zeek +0.000000 | HookLoadFile .<...>/const-nt-status.zeek +0.000000 | HookLoadFile .<...>/const.bif.zeek +0.000000 | HookLoadFile .<...>/consts.zeek +0.000000 | HookLoadFile .<...>/contents.zeek +0.000000 | HookLoadFile .<...>/ct-list.zeek +0.000000 | HookLoadFile .<...>/data.bif.zeek +0.000000 | HookLoadFile .<...>/dcc-send.zeek +0.000000 | HookLoadFile .<...>/debug.zeek 0.000000 | HookLoadFile .<...>/dpd.sig -0.000000 | HookLoadFile .<...>/drop.bro -0.000000 | HookLoadFile .<...>/email_admin.bro -0.000000 | HookLoadFile .<...>/entities.bro -0.000000 | HookLoadFile .<...>/event.bif.bro -0.000000 | HookLoadFile .<...>/exec.bro -0.000000 | HookLoadFile .<...>/file_analysis.bif.bro -0.000000 | HookLoadFile .<...>/files.bro +0.000000 | HookLoadFile .<...>/drop.zeek +0.000000 | HookLoadFile .<...>/email_admin.zeek +0.000000 | HookLoadFile .<...>/entities.zeek +0.000000 | HookLoadFile .<...>/event.bif.zeek +0.000000 | HookLoadFile .<...>/exec.zeek +0.000000 | HookLoadFile .<...>/file_analysis.bif.zeek +0.000000 | HookLoadFile .<...>/files.zeek 0.000000 | HookLoadFile .<...>/font.sig 0.000000 | HookLoadFile .<...>/general.sig -0.000000 | HookLoadFile .<...>/gridftp.bro -0.000000 | HookLoadFile .<...>/hll_unique.bro -0.000000 | HookLoadFile .<...>/hooks.bif.bro +0.000000 | HookLoadFile .<...>/gridftp.zeek +0.000000 | HookLoadFile .<...>/hll_unique.zeek +0.000000 | HookLoadFile .<...>/hooks.bif.zeek 0.000000 | HookLoadFile .<...>/image.sig -0.000000 | HookLoadFile .<...>/inactivity.bro -0.000000 | HookLoadFile .<...>/info.bro -0.000000 | HookLoadFile .<...>/input.bif.bro -0.000000 | HookLoadFile .<...>/input.bro -0.000000 | HookLoadFile .<...>/last.bro +0.000000 | HookLoadFile .<...>/inactivity.zeek +0.000000 | HookLoadFile .<...>/info.zeek +0.000000 | HookLoadFile .<...>/input.bif.zeek +0.000000 | HookLoadFile .<...>/input.zeek +0.000000 | HookLoadFile .<...>/last.zeek 0.000000 | HookLoadFile .<...>/libmagic.sig -0.000000 | HookLoadFile .<...>/log.bro -0.000000 | HookLoadFile .<...>/logging.bif.bro +0.000000 | HookLoadFile .<...>/log.zeek +0.000000 | HookLoadFile .<...>/logging.bif.zeek 0.000000 | HookLoadFile .<...>/magic -0.000000 | HookLoadFile .<...>/main.bro -0.000000 | HookLoadFile .<...>/max.bro -0.000000 | HookLoadFile .<...>/messaging.bif.bro -0.000000 | HookLoadFile .<...>/min.bro -0.000000 | HookLoadFile .<...>/mozilla-ca-list.bro +0.000000 | HookLoadFile .<...>/main.zeek +0.000000 | HookLoadFile .<...>/max.zeek +0.000000 | HookLoadFile .<...>/messaging.bif.zeek +0.000000 | HookLoadFile .<...>/min.zeek +0.000000 | HookLoadFile .<...>/mozilla-ca-list.zeek 0.000000 | HookLoadFile .<...>/msoffice.sig -0.000000 | HookLoadFile .<...>/netstats.bro -0.000000 | HookLoadFile .<...>/non-cluster.bro -0.000000 | HookLoadFile .<...>/none.bro -0.000000 | HookLoadFile .<...>/openflow.bro -0.000000 | HookLoadFile .<...>/option.bif.bro -0.000000 | HookLoadFile .<...>/packetfilter.bro -0.000000 | HookLoadFile .<...>/page.bro -0.000000 | HookLoadFile .<...>/patterns.bro -0.000000 | HookLoadFile .<...>/pcap.bif.bro -0.000000 | HookLoadFile .<...>/plugin.bro +0.000000 | HookLoadFile .<...>/netstats.zeek +0.000000 | HookLoadFile .<...>/non-cluster.zeek +0.000000 | HookLoadFile .<...>/none.zeek +0.000000 | HookLoadFile .<...>/openflow.zeek +0.000000 | HookLoadFile .<...>/option.bif.zeek +0.000000 | HookLoadFile .<...>/packetfilter.zeek +0.000000 | HookLoadFile .<...>/page.zeek +0.000000 | HookLoadFile .<...>/patterns.zeek +0.000000 | HookLoadFile .<...>/pcap.bif.zeek +0.000000 | HookLoadFile .<...>/plugin.zeek 0.000000 | HookLoadFile .<...>/plugins -0.000000 | HookLoadFile .<...>/polling.bro -0.000000 | HookLoadFile .<...>/pools.bro +0.000000 | HookLoadFile .<...>/polling.zeek +0.000000 | HookLoadFile .<...>/pools.zeek 0.000000 | HookLoadFile .<...>/postprocessors -0.000000 | HookLoadFile .<...>/pp-alarms.bro -0.000000 | HookLoadFile .<...>/raw.bro -0.000000 | HookLoadFile .<...>/reporter.bif.bro -0.000000 | HookLoadFile .<...>/ryu.bro -0.000000 | HookLoadFile .<...>/sample.bro -0.000000 | HookLoadFile .<...>/scp.bro -0.000000 | HookLoadFile .<...>/sftp.bro -0.000000 | HookLoadFile .<...>/shunt.bro -0.000000 | HookLoadFile .<...>/site.bro -0.000000 | HookLoadFile .<...>/smb1-main.bro -0.000000 | HookLoadFile .<...>/smb2-main.bro -0.000000 | HookLoadFile .<...>/sqlite.bro -0.000000 | HookLoadFile .<...>/stats.bif.bro -0.000000 | HookLoadFile .<...>/std-dev.bro -0.000000 | HookLoadFile .<...>/store.bif.bro -0.000000 | HookLoadFile .<...>/store.bro -0.000000 | HookLoadFile .<...>/strings.bif.bro -0.000000 | HookLoadFile .<...>/sum.bro -0.000000 | HookLoadFile .<...>/thresholds.bro -0.000000 | HookLoadFile .<...>/top-k.bif.bro -0.000000 | HookLoadFile .<...>/topk.bro -0.000000 | HookLoadFile .<...>/types.bif.bro -0.000000 | HookLoadFile .<...>/types.bro -0.000000 | HookLoadFile .<...>/unique.bro -0.000000 | HookLoadFile .<...>/utils-commands.bro -0.000000 | HookLoadFile .<...>/utils.bro -0.000000 | HookLoadFile .<...>/variance.bro +0.000000 | HookLoadFile .<...>/pp-alarms.zeek +0.000000 | HookLoadFile .<...>/raw.zeek +0.000000 | HookLoadFile .<...>/reporter.bif.zeek +0.000000 | HookLoadFile .<...>/ryu.zeek +0.000000 | HookLoadFile .<...>/sample.zeek +0.000000 | HookLoadFile .<...>/scp.zeek +0.000000 | HookLoadFile .<...>/sftp.zeek +0.000000 | HookLoadFile .<...>/shunt.zeek +0.000000 | HookLoadFile .<...>/site.zeek +0.000000 | HookLoadFile .<...>/smb1-main.zeek +0.000000 | HookLoadFile .<...>/smb2-main.zeek +0.000000 | HookLoadFile .<...>/sqlite.zeek +0.000000 | HookLoadFile .<...>/stats.bif.zeek +0.000000 | HookLoadFile .<...>/std-dev.zeek +0.000000 | HookLoadFile .<...>/store.bif.zeek +0.000000 | HookLoadFile .<...>/store.zeek +0.000000 | HookLoadFile .<...>/strings.bif.zeek +0.000000 | HookLoadFile .<...>/sum.zeek +0.000000 | HookLoadFile .<...>/thresholds.zeek +0.000000 | HookLoadFile .<...>/top-k.bif.zeek +0.000000 | HookLoadFile .<...>/topk.zeek +0.000000 | HookLoadFile .<...>/types.bif.zeek +0.000000 | HookLoadFile .<...>/types.zeek +0.000000 | HookLoadFile .<...>/unique.zeek +0.000000 | HookLoadFile .<...>/utils-commands.zeek +0.000000 | HookLoadFile .<...>/utils.zeek +0.000000 | HookLoadFile .<...>/variance.zeek 0.000000 | HookLoadFile .<...>/video.sig -0.000000 | HookLoadFile .<...>/weird.bro -0.000000 | HookLoadFile <...>/__load__.bro -0.000000 | HookLoadFile <...>/__preload__.bro +0.000000 | HookLoadFile .<...>/weird.zeek +0.000000 | HookLoadFile <...>/__load__.zeek +0.000000 | HookLoadFile <...>/__preload__.zeek 0.000000 | HookLoadFile <...>/hooks.bro -0.000000 | HookLoadFile base<...>/Bro_KRB.types.bif.bro -0.000000 | HookLoadFile base<...>/Bro_SNMP.types.bif.bro -0.000000 | HookLoadFile base<...>/active-http.bro -0.000000 | HookLoadFile base<...>/addrs.bro +0.000000 | HookLoadFile base<...>/Bro_KRB.types.bif.zeek +0.000000 | HookLoadFile base<...>/Bro_SNMP.types.bif.zeek +0.000000 | HookLoadFile base<...>/active-http.zeek +0.000000 | HookLoadFile base<...>/addrs.zeek 0.000000 | HookLoadFile base<...>/analyzer -0.000000 | HookLoadFile base<...>/analyzer.bif.bro +0.000000 | HookLoadFile base<...>/analyzer.bif.zeek 0.000000 | HookLoadFile base<...>/bif -0.000000 | HookLoadFile base<...>/bro.bif.bro +0.000000 | HookLoadFile base<...>/bro.bif.zeek 0.000000 | HookLoadFile base<...>/broker 0.000000 | HookLoadFile base<...>/cluster -0.000000 | HookLoadFile base<...>/comm.bif.bro +0.000000 | HookLoadFile base<...>/comm.bif.zeek 0.000000 | HookLoadFile base<...>/config 0.000000 | HookLoadFile base<...>/conn -0.000000 | HookLoadFile base<...>/conn-ids.bro -0.000000 | HookLoadFile base<...>/const.bif.bro +0.000000 | HookLoadFile base<...>/conn-ids.zeek +0.000000 | HookLoadFile base<...>/const.bif.zeek 0.000000 | HookLoadFile base<...>/control -0.000000 | HookLoadFile base<...>/data.bif.bro +0.000000 | HookLoadFile base<...>/data.bif.zeek 0.000000 | HookLoadFile base<...>/dce-rpc 0.000000 | HookLoadFile base<...>/dhcp -0.000000 | HookLoadFile base<...>/dir.bro -0.000000 | HookLoadFile base<...>/directions-and-hosts.bro +0.000000 | HookLoadFile base<...>/dir.zeek +0.000000 | HookLoadFile base<...>/directions-and-hosts.zeek 0.000000 | HookLoadFile base<...>/dnp3 0.000000 | HookLoadFile base<...>/dns 0.000000 | HookLoadFile base<...>/dpd -0.000000 | HookLoadFile base<...>/email.bro -0.000000 | HookLoadFile base<...>/event.bif.bro -0.000000 | HookLoadFile base<...>/exec.bro +0.000000 | HookLoadFile base<...>/email.zeek +0.000000 | HookLoadFile base<...>/event.bif.zeek +0.000000 | HookLoadFile base<...>/exec.zeek 0.000000 | HookLoadFile base<...>/extract -0.000000 | HookLoadFile base<...>/file_analysis.bif.bro +0.000000 | HookLoadFile base<...>/file_analysis.bif.zeek 0.000000 | HookLoadFile base<...>/files -0.000000 | HookLoadFile base<...>/files.bro -0.000000 | HookLoadFile base<...>/find-checksum-offloading.bro -0.000000 | HookLoadFile base<...>/find-filtered-trace.bro +0.000000 | HookLoadFile base<...>/files.zeek +0.000000 | HookLoadFile base<...>/find-checksum-offloading.zeek +0.000000 | HookLoadFile base<...>/find-filtered-trace.zeek 0.000000 | HookLoadFile base<...>/ftp -0.000000 | HookLoadFile base<...>/geoip-distance.bro +0.000000 | HookLoadFile base<...>/geoip-distance.zeek 0.000000 | HookLoadFile base<...>/hash -0.000000 | HookLoadFile base<...>/hash_hrw.bro +0.000000 | HookLoadFile base<...>/hash_hrw.zeek 0.000000 | HookLoadFile base<...>/http 0.000000 | HookLoadFile base<...>/imap -0.000000 | HookLoadFile base<...>/init-default.bro -0.000000 | HookLoadFile base<...>/init-frameworks-and-bifs.bro +0.000000 | HookLoadFile base<...>/init-default.zeek +0.000000 | HookLoadFile base<...>/init-frameworks-and-bifs.zeek 0.000000 | HookLoadFile base<...>/input -0.000000 | HookLoadFile base<...>/input.bif.bro +0.000000 | HookLoadFile base<...>/input.bif.zeek 0.000000 | HookLoadFile base<...>/intel 0.000000 | HookLoadFile base<...>/irc -0.000000 | HookLoadFile base<...>/json.bro +0.000000 | HookLoadFile base<...>/json.zeek 0.000000 | HookLoadFile base<...>/krb 0.000000 | HookLoadFile base<...>/logging -0.000000 | HookLoadFile base<...>/logging.bif.bro -0.000000 | HookLoadFile base<...>/main.bro -0.000000 | HookLoadFile base<...>/messaging.bif.bro +0.000000 | HookLoadFile base<...>/logging.bif.zeek +0.000000 | HookLoadFile base<...>/main.zeek +0.000000 | HookLoadFile base<...>/messaging.bif.zeek 0.000000 | HookLoadFile base<...>/modbus 0.000000 | HookLoadFile base<...>/mysql 0.000000 | HookLoadFile base<...>/netcontrol 0.000000 | HookLoadFile base<...>/notice 0.000000 | HookLoadFile base<...>/ntlm -0.000000 | HookLoadFile base<...>/numbers.bro +0.000000 | HookLoadFile base<...>/numbers.zeek 0.000000 | HookLoadFile base<...>/openflow -0.000000 | HookLoadFile base<...>/option.bif.bro +0.000000 | HookLoadFile base<...>/option.bif.zeek 0.000000 | HookLoadFile base<...>/packet-filter -0.000000 | HookLoadFile base<...>/paths.bro -0.000000 | HookLoadFile base<...>/patterns.bro +0.000000 | HookLoadFile base<...>/paths.zeek +0.000000 | HookLoadFile base<...>/patterns.zeek 0.000000 | HookLoadFile base<...>/pe 0.000000 | HookLoadFile base<...>/plugins 0.000000 | HookLoadFile base<...>/pop3 -0.000000 | HookLoadFile base<...>/queue.bro +0.000000 | HookLoadFile base<...>/queue.zeek 0.000000 | HookLoadFile base<...>/radius 0.000000 | HookLoadFile base<...>/rdp 0.000000 | HookLoadFile base<...>/reporter -0.000000 | HookLoadFile base<...>/reporter.bif.bro +0.000000 | HookLoadFile base<...>/reporter.bif.zeek 0.000000 | HookLoadFile base<...>/rfb 0.000000 | HookLoadFile base<...>/signatures 0.000000 | HookLoadFile base<...>/sip -0.000000 | HookLoadFile base<...>/site.bro +0.000000 | HookLoadFile base<...>/site.zeek 0.000000 | HookLoadFile base<...>/smb 0.000000 | HookLoadFile base<...>/smtp 0.000000 | HookLoadFile base<...>/snmp @@ -2684,25 +2684,25 @@ 0.000000 | HookLoadFile base<...>/software 0.000000 | HookLoadFile base<...>/ssh 0.000000 | HookLoadFile base<...>/ssl -0.000000 | HookLoadFile base<...>/stats.bif.bro -0.000000 | HookLoadFile base<...>/store.bif.bro -0.000000 | HookLoadFile base<...>/strings.bif.bro -0.000000 | HookLoadFile base<...>/strings.bro +0.000000 | HookLoadFile base<...>/stats.bif.zeek +0.000000 | HookLoadFile base<...>/store.bif.zeek +0.000000 | HookLoadFile base<...>/strings.bif.zeek +0.000000 | HookLoadFile base<...>/strings.zeek 0.000000 | HookLoadFile base<...>/sumstats 0.000000 | HookLoadFile base<...>/syslog -0.000000 | HookLoadFile base<...>/thresholds.bro -0.000000 | HookLoadFile base<...>/time.bro +0.000000 | HookLoadFile base<...>/thresholds.zeek +0.000000 | HookLoadFile base<...>/time.zeek 0.000000 | HookLoadFile base<...>/tunnels -0.000000 | HookLoadFile base<...>/types.bif.bro +0.000000 | HookLoadFile base<...>/types.bif.zeek 0.000000 | HookLoadFile base<...>/unified2 -0.000000 | HookLoadFile base<...>/urls.bro -0.000000 | HookLoadFile base<...>/utils.bro -0.000000 | HookLoadFile base<...>/version.bro -0.000000 | HookLoadFile base<...>/weird.bro +0.000000 | HookLoadFile base<...>/urls.zeek +0.000000 | HookLoadFile base<...>/utils.zeek +0.000000 | HookLoadFile base<...>/version.zeek +0.000000 | HookLoadFile base<...>/weird.zeek 0.000000 | HookLoadFile base<...>/x509 0.000000 | HookLoadFile base<...>/xmpp 0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} -0.000000 | HookLogWrite packet_filter [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T] +0.000000 | HookLogWrite packet_filter [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T] 0.000000 | HookQueueEvent NetControl::init() 0.000000 | HookQueueEvent bro_init() 0.000000 | HookQueueEvent filter_change_tracking() diff --git a/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output b/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output index 90d390518f..c6dec0f9aa 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output +++ b/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output @@ -6,6 +6,6 @@ #open 2019-03-24-20-20-10 #fields ts level message location #types time enum string string -0.000000 Reporter::INFO Tried to remove non-existing item '192.168.1.1' (Intel::ADDR). /home/jgras/devel/zeek/scripts/base/frameworks/intel/./main.bro, lines 563-564 +0.000000 Reporter::INFO Tried to remove non-existing item '192.168.1.1' (Intel::ADDR). /home/jgras/devel/zeek/scripts/base/frameworks/intel/./main.zeek, lines 563-564 0.000000 Reporter::INFO received termination signal (empty) #close 2019-03-24-20-20-10 diff --git a/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 b/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 index c2f791ba82..2f84ca097a 100644 --- a/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 +++ b/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 @@ -1 +1 @@ -1389719059.311687 warning in /Users/jsiwek/Projects/bro/bro/scripts/base/misc/find-filtered-trace.bro, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired. +1389719059.311687 warning in /Users/jsiwek/Projects/bro/bro/scripts/base/misc/find-filtered-trace.zeek, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired. diff --git a/testing/btest/Baseline/scripts.base.misc.version/.stderr b/testing/btest/Baseline/scripts.base.misc.version/.stderr index bfae6163df..28da0b203a 100644 --- a/testing/btest/Baseline/scripts.base.misc.version/.stderr +++ b/testing/btest/Baseline/scripts.base.misc.version/.stderr @@ -1,4 +1,4 @@ -error in /home/robin/bro/master/scripts/base/misc/version.bro, line 54: Version string 1 cannot be parsed -error in /home/robin/bro/master/scripts/base/misc/version.bro, line 54: Version string 12.5 cannot be parsed -error in /home/robin/bro/master/scripts/base/misc/version.bro, line 54: Version string 1.12-beta-drunk cannot be parsed -error in /home/robin/bro/master/scripts/base/misc/version.bro, line 54: Version string JustARandomString cannot be parsed +error in /home/robin/bro/master/scripts/base/misc/version.zeek, line 54: Version string 1 cannot be parsed +error in /home/robin/bro/master/scripts/base/misc/version.zeek, line 54: Version string 12.5 cannot be parsed +error in /home/robin/bro/master/scripts/base/misc/version.zeek, line 54: Version string 1.12-beta-drunk cannot be parsed +error in /home/robin/bro/master/scripts/base/misc/version.zeek, line 54: Version string JustARandomString cannot be parsed diff --git a/testing/btest/core/ip-broken-header.bro b/testing/btest/core/ip-broken-header.bro index 426e7a7bc0..a539628829 100644 --- a/testing/btest/core/ip-broken-header.bro +++ b/testing/btest/core/ip-broken-header.bro @@ -4,4 +4,4 @@ # @TEST-EXEC: gunzip -c $TRACES/trunc/mpls-6in6-broken.pcap.gz | bro -C -b -r - %INPUT # @TEST-EXEC: btest-diff weird.log -@load base/frameworks/notice/weird.bro +@load base/frameworks/notice/weird diff --git a/testing/btest/core/load-duplicates.bro b/testing/btest/core/load-duplicates.bro index 8c86fbc272..9b3810d40d 100644 --- a/testing/btest/core/load-duplicates.bro +++ b/testing/btest/core/load-duplicates.bro @@ -3,12 +3,13 @@ # @TEST-EXEC: mkdir -p foo/bar # @TEST-EXEC: echo "@load bar/test" >loader.bro # @TEST-EXEC: cp %INPUT foo/bar/test.bro +# @TEST-EXEC: cp %INPUT foo/bar/test2.bro +# # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test.bro # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader foo/bar/test # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader foo/bar/test.bro # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader `pwd`/foo/bar/test.bro +# @TEST-EXEC-FAIL: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test2 -type Test: enum { - TEST, -}; +global pi = 3.14; diff --git a/testing/btest/core/load-file-extension.bro b/testing/btest/core/load-file-extension.bro new file mode 100644 index 0000000000..1b5520c873 --- /dev/null +++ b/testing/btest/core/load-file-extension.bro @@ -0,0 +1,89 @@ +# Test loading scripts with different file extensions. +# +# Test that either ".zeek" or ".bro" can be loaded without specifying extension +# @TEST-EXEC: cp x/foo.bro . +# @TEST-EXEC: bro -b load_foo > bro_only +# @TEST-EXEC: btest-diff bro_only +# @TEST-EXEC: rm foo.bro +# +# @TEST-EXEC: cp x/foo.zeek . +# @TEST-EXEC: bro -b load_foo > zeek_only +# @TEST-EXEC: btest-diff zeek_only +# @TEST-EXEC: rm foo.zeek +# +# Test that ".zeek" is the preferred file extension, unless ".bro" is specified +# @TEST-EXEC: cp x/foo.* . +# @TEST-EXEC: cp x2/foo . +# @TEST-EXEC: bro -b load_foo > zeek_preferred +# @TEST-EXEC: btest-diff zeek_preferred +# +# @TEST-EXEC: bro -b load_foo_bro > bro_preferred +# @TEST-EXEC: btest-diff bro_preferred +# @TEST-EXEC: rm foo* +# +# Test that ".bro" is preferred over a script with no file extension (when +# there is no ".zeek" script) +# @TEST-EXEC: cp x/foo.bro . +# @TEST-EXEC: cp x2/foo . +# @TEST-EXEC: bro -b load_foo > bro_preferred_2 +# @TEST-EXEC: btest-diff bro_preferred_2 +# @TEST-EXEC: rm foo* +# +# Test that a script with no file extension can be loaded +# @TEST-EXEC: cp x2/foo . +# @TEST-EXEC: bro -b load_foo > no_extension +# @TEST-EXEC: btest-diff no_extension +# @TEST-EXEC: rm foo +# +# Test that a ".zeek" script is preferred over a script package of same name +# @TEST-EXEC: cp -r x/foo* . +# @TEST-EXEC: bro -b load_foo > zeek_script_preferred +# @TEST-EXEC: btest-diff zeek_script_preferred +# @TEST-EXEC: rm -r foo* +# +# Test that unrecognized file extensions can be loaded explicitly +# @TEST-EXEC: cp x/foo.* . +# @TEST-EXEC: bro -b load_foo_xyz > xyz_preferred +# @TEST-EXEC: btest-diff xyz_preferred +# @TEST-EXEC: rm foo.* +# +# @TEST-EXEC: cp x/foo.xyz . +# @TEST-EXEC-FAIL: bro -b load_foo +# @TEST-EXEC: rm foo.xyz + +@TEST-START-FILE load_foo +@load foo +@TEST-END-FILE + +@TEST-START-FILE load_foo_bro +@load foo.bro +@TEST-END-FILE + +@TEST-START-FILE load_foo_xyz +@load foo.xyz +@TEST-END-FILE + + +@TEST-START-FILE x/foo.bro +print "Bro script loaded"; +@TEST-END-FILE + +@TEST-START-FILE x/foo.zeek +print "Zeek script loaded"; +@TEST-END-FILE + +@TEST-START-FILE x/foo.xyz +print "Non-standard file extension script loaded"; +@TEST-END-FILE + +@TEST-START-FILE x/foo/__load__.zeek +@load ./main +@TEST-END-FILE + +@TEST-START-FILE x/foo/main.zeek +print "Script package loaded"; +@TEST-END-FILE + +@TEST-START-FILE x2/foo +print "No file extension script loaded"; +@TEST-END-FILE diff --git a/testing/btest/core/load-pkg.bro b/testing/btest/core/load-pkg.bro index e6671e038d..8c861f7982 100644 --- a/testing/btest/core/load-pkg.bro +++ b/testing/btest/core/load-pkg.bro @@ -1,10 +1,28 @@ +# Test that package loading works when a package loader script is present. +# +# Test that ".zeek" is loaded when there is also a ".bro" # @TEST-EXEC: bro -b foo >output # @TEST-EXEC: btest-diff output +# +# Test that ".bro" is loaded when there is no ".zeek" +# @TEST-EXEC: rm foo/__load__.zeek +# @TEST-EXEC: bro -b foo >output2 +# @TEST-EXEC: btest-diff output2 +# +# Test that package cannot be loaded when no package loader script exists. +# @TEST-EXEC: rm foo/__load__.bro +# @TEST-EXEC-FAIL: bro -b foo @TEST-START-FILE foo/__load__.bro -@load ./test.bro +@load ./test +print "__load__.bro loaded"; @TEST-END-FILE -@TEST-START-FILE foo/test.bro -print "Foo loaded"; +@TEST-START-FILE foo/__load__.zeek +@load ./test +print "__load__.zeek loaded"; +@TEST-END-FILE + +@TEST-START-FILE foo/test.zeek +print "test.zeek loaded"; @TEST-END-FILE diff --git a/testing/btest/core/load-prefixes.bro b/testing/btest/core/load-prefixes.bro index 1dfc3ac5dd..5147bd0250 100644 --- a/testing/btest/core/load-prefixes.bro +++ b/testing/btest/core/load-prefixes.bro @@ -8,16 +8,20 @@ @prefixes += lcl2 @TEST-END-FILE -@TEST-START-FILE lcl.base.utils.site.bro -print "loaded lcl.base.utils.site.bro"; +# Since base/utils/site.zeek is a script, only a script with the original file +# extension can be loaded here. +@TEST-START-FILE lcl.base.utils.site.zeek +print "loaded lcl.base.utils.site.zeek"; @TEST-END-FILE -@TEST-START-FILE lcl2.base.utils.site.bro -print "loaded lcl2.base.utils.site.bro"; +@TEST-START-FILE lcl2.base.utils.site.zeek +print "loaded lcl2.base.utils.site.zeek"; @TEST-END-FILE -@TEST-START-FILE lcl.base.protocols.http.bro -print "loaded lcl.base.protocols.http.bro"; +# For a script package like base/protocols/http/, either of the recognized +# file extensions can be loaded here. +@TEST-START-FILE lcl.base.protocols.http.zeek +print "loaded lcl.base.protocols.http.zeek"; @TEST-END-FILE @TEST-START-FILE lcl2.base.protocols.http.bro diff --git a/testing/btest/core/load-unload.bro b/testing/btest/core/load-unload.bro index 6525a8e8ea..6b2614a50c 100644 --- a/testing/btest/core/load-unload.bro +++ b/testing/btest/core/load-unload.bro @@ -1,11 +1,32 @@ # This tests the @unload directive # -# @TEST-EXEC: bro -b %INPUT misc/loaded-scripts dontloadmebro > output +# Test that @unload works with ".bro" when there is no ".zeek" script +# @TEST-EXEC: bro -b unloadbro misc/loaded-scripts dontloadmebro > output # @TEST-EXEC: btest-diff output -# @TEST-EXEC: grep -q dontloadmebro loaded_scripts.log && exit 1 || exit 0 +# @TEST-EXEC: grep dontloadmebro loaded_scripts.log && exit 1 || exit 0 +# +# Test that @unload looks for ".zeek" first (assuming no file extension is +# specified in the @unload) +# @TEST-EXEC: bro -b unload misc/loaded-scripts dontloadme.zeek dontloadme.bro > output2 +# @TEST-EXEC: btest-diff output2 +# @TEST-EXEC: grep dontloadme.bro loaded_scripts.log +@TEST-START-FILE unloadbro.bro @unload dontloadmebro +@TEST-END-FILE @TEST-START-FILE dontloadmebro.bro -print "FAIL"; +print "Loaded: dontloadmebro.bro"; +@TEST-END-FILE + +@TEST-START-FILE unload.zeek +@unload dontloadme +@TEST-END-FILE + +@TEST-START-FILE dontloadme.zeek +print "Loaded: dontloadme.zeek"; +@TEST-END-FILE + +@TEST-START-FILE dontloadme.bro +print "Loaded: dontloadme.bro"; @TEST-END-FILE diff --git a/testing/btest/coverage/bare-load-baseline.test b/testing/btest/coverage/bare-load-baseline.test index e518e703fb..98ce72e4b8 100644 --- a/testing/btest/coverage/bare-load-baseline.test +++ b/testing/btest/coverage/bare-load-baseline.test @@ -1,6 +1,6 @@ # This test is meant to cover whether the set of scripts that get loaded by # default in bare mode matches a baseline of known defaults. The baseline -# should only need updating if something new is @load'd from init-bare.bro +# should only need updating if something new is @load'd from init-bare.zeek # (or from an @load'd descendent of it). # # As the output has absolute paths in it, we need to remove the common diff --git a/testing/btest/coverage/bare-mode-errors.test b/testing/btest/coverage/bare-mode-errors.test index 2310b66b4b..6f5e6983f6 100644 --- a/testing/btest/coverage/bare-mode-errors.test +++ b/testing/btest/coverage/bare-mode-errors.test @@ -5,5 +5,5 @@ # when writing a new bro scripts. # # @TEST-EXEC: test -d $DIST/scripts -# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.bro`; do bro -b --parse-only $script >>errors 2>&1; done +# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do bro -b --parse-only $script >>errors 2>&1; done # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors diff --git a/testing/btest/coverage/find-bro-logs.test b/testing/btest/coverage/find-bro-logs.test index e7bcf0578f..ee0e45262b 100644 --- a/testing/btest/coverage/find-bro-logs.test +++ b/testing/btest/coverage/find-bro-logs.test @@ -28,7 +28,7 @@ def find_scripts(): for r, d, f in os.walk(scriptdir): for fname in f: - if fname.endswith(".bro"): + if fname.endswith(".zeek") or fname.endswith(".bro"): scripts.append(os.path.join(r, fname)) return scripts diff --git a/testing/btest/coverage/init-default.test b/testing/btest/coverage/init-default.test index 537b5ca77d..edc0012ef1 100644 --- a/testing/btest/coverage/init-default.test +++ b/testing/btest/coverage/init-default.test @@ -1,19 +1,19 @@ -# Makes sure that all base/* scripts are loaded by default via init-default.bro; -# and that all scripts loaded there in there actually exist. +# Makes sure that all base/* scripts are loaded by default via +# init-default.zeek; and that all scripts loaded there actually exist. # # This test will fail if a new bro script is added under the scripts/base/ -# directory and it is not also added as an @load in base/init-default.bro. +# directory and it is not also added as an @load in base/init-default.zeek. # In some cases, a script in base is loaded based on the bro configuration # (e.g. cluster operation), and in such cases, the missing_loads baseline # can be adjusted to tolerate that. #@TEST-EXEC: test -d $DIST/scripts/base -#@TEST-EXEC: test -e $DIST/scripts/base/init-default.bro -#@TEST-EXEC: ( cd $DIST/scripts/base && find . -name '*.bro' ) | sort >"all scripts found" +#@TEST-EXEC: test -e $DIST/scripts/base/init-default.zeek +#@TEST-EXEC: ( cd $DIST/scripts/base && find . -name '*.zeek' ) | sort >"all scripts found" #@TEST-EXEC: bro misc/loaded-scripts #@TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix -#@TEST-EXEC: cat loaded_scripts.log | egrep -v "/build/scripts/|$(cat buildprefix)/scripts/|/loaded-scripts.bro|#" | sed 's#/./#/#g' >loaded_scripts.log.tmp +#@TEST-EXEC: cat loaded_scripts.log | egrep -v "/build/scripts/|$(cat buildprefix)/scripts/|/loaded-scripts.zeek|#" | sed 's#/./#/#g' >loaded_scripts.log.tmp #@TEST-EXEC: cat loaded_scripts.log.tmp | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix -#@TEST-EXEC: cat loaded_scripts.log.tmp | sed 's/ //g' | sed "s#`cat prefix`#./#g" | sort >init-default.bro -#@TEST-EXEC: diff -u "all scripts found" init-default.bro | egrep "^-[^-]" > missing_loads +#@TEST-EXEC: cat loaded_scripts.log.tmp | sed 's/ //g' | sed "s#`cat prefix`#./#g" | sort >init-default.zeek +#@TEST-EXEC: diff -u "all scripts found" init-default.zeek | egrep "^-[^-]" > missing_loads #@TEST-EXEC: btest-diff missing_loads diff --git a/testing/btest/coverage/test-all-policy.test b/testing/btest/coverage/test-all-policy.test index 3a545a02af..61e4297f83 100644 --- a/testing/btest/coverage/test-all-policy.test +++ b/testing/btest/coverage/test-all-policy.test @@ -1,12 +1,12 @@ # Makes sure that all policy/* scripts are loaded in -# scripts/test-all-policy.bro and that all scripts loaded there actually exist. +# scripts/test-all-policy.zeek and that all scripts loaded there actually exist. # # This test will fail if new bro scripts are added to the scripts/policy/ -# directory. Correcting that just involves updating scripts/test-all-policy.bro -# to @load the new bro scripts. +# directory. Correcting that just involves updating +# scripts/test-all-policy.zeek to @load the new bro scripts. -@TEST-EXEC: test -e $DIST/scripts/test-all-policy.bro +@TEST-EXEC: test -e $DIST/scripts/test-all-policy.zeek @TEST-EXEC: test -d $DIST/scripts -@TEST-EXEC: ( cd $DIST/scripts/policy && find . -name '*.bro' ) | sort >"all scripts found" -@TEST-EXEC: cat $DIST/scripts/test-all-policy.bro | grep '@load' | sed 'sm^\( *# *\)\{0,\}@load *m./mg' | sort >test-all-policy.bro -@TEST-EXEC: diff -u "all scripts found" test-all-policy.bro 1>&2 +@TEST-EXEC: ( cd $DIST/scripts/policy && find . -name '*.zeek' ) | sort >"all scripts found" +@TEST-EXEC: cat $DIST/scripts/test-all-policy.zeek | grep '@load' | sed 'sm^\( *# *\)\{0,\}@load *m./mg' | sort >test-all-policy.zeek +@TEST-EXEC: diff -u "all scripts found" test-all-policy.zeek 1>&2 diff --git a/testing/btest/doc/broxygen/example.bro b/testing/btest/doc/broxygen/example.bro index 22a6fc7418..7a7d30c92a 100644 --- a/testing/btest/doc/broxygen/example.bro +++ b/testing/btest/doc/broxygen/example.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-diff example.rst @TEST-START-FILE broxygen.config -script broxygen/example.bro example.rst +script broxygen/example.zeek example.rst @TEST-END-FILE -@load broxygen/example.bro +@load broxygen/example diff --git a/testing/btest/doc/broxygen/script_summary.bro b/testing/btest/doc/broxygen/script_summary.bro index a517a08072..6ea5e95576 100644 --- a/testing/btest/doc/broxygen/script_summary.bro +++ b/testing/btest/doc/broxygen/script_summary.bro @@ -3,7 +3,7 @@ # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE broxygen.config -script_summary broxygen/example.bro test.rst +script_summary broxygen/example.zeek test.rst @TEST-END-FILE @load broxygen diff --git a/testing/btest/plugins/bifs-and-scripts-install.sh b/testing/btest/plugins/bifs-and-scripts-install.sh index 60c754f8ff..5498e515ca 100644 --- a/testing/btest/plugins/bifs-and-scripts-install.sh +++ b/testing/btest/plugins/bifs-and-scripts-install.sh @@ -9,7 +9,7 @@ mkdir -p scripts/demo/foo/base/ -cat >scripts/__load__.bro <scripts/__load__.zeek <scripts/__load__.bro <scripts/__load__.zeek <all-events.log -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro %INPUT DumpEvents::include_args=F >all-events-no-args.log -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro %INPUT DumpEvents::include=/smtp_/ >smtp-events.log +# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT >all-events.log +# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include_args=F >all-events-no-args.log +# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include=/smtp_/ >smtp-events.log # # @TEST-EXEC: btest-diff all-events.log # @TEST-EXEC: btest-diff all-events-no-args.log diff --git a/testing/btest/scripts/policy/misc/weird-stats.bro b/testing/btest/scripts/policy/misc/weird-stats.bro index b26fce8e47..d5b83e3c05 100644 --- a/testing/btest/scripts/policy/misc/weird-stats.bro +++ b/testing/btest/scripts/policy/misc/weird-stats.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff bro/weird_stats.log -@load misc/weird-stats.bro +@load misc/weird-stats redef exit_only_after_terminate = T; redef WeirdStats::weird_stat_interval = 5sec; diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro index 4a3ec44468..712e333037 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro @@ -1,6 +1,6 @@ # @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.bro %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log -@load protocols/ssl/validate-certs.bro +@load protocols/ssl/validate-certs redef SSL::ssl_cache_intermediate_ca = F; diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro index 9a00919643..03803fe2fa 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro @@ -4,4 +4,4 @@ # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log -@load protocols/ssl/validate-certs.bro +@load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro b/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro index 0e6065f937..8dbd358e17 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro @@ -5,7 +5,7 @@ # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log -@load protocols/ssl/validate-sct.bro +@load protocols/ssl/validate-sct module SSL;