From 5331bf10ecf94730823651c290146d974422b002 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 7 Jun 2019 20:55:03 -0700 Subject: [PATCH] GH-323: change builtin plugin namespaces to Zeek --- NEWS | 3 + scripts/base/init-bare.zeek | 4 +- src/analyzer/protocol/arp/CMakeLists.txt | 2 +- src/analyzer/protocol/arp/Plugin.cc | 4 +- src/analyzer/protocol/ayiya/CMakeLists.txt | 2 +- src/analyzer/protocol/ayiya/Plugin.cc | 4 +- src/analyzer/protocol/backdoor/CMakeLists.txt | 2 +- src/analyzer/protocol/backdoor/Plugin.cc | 4 +- .../protocol/bittorrent/CMakeLists.txt | 2 +- src/analyzer/protocol/bittorrent/Plugin.cc | 4 +- .../protocol/conn-size/CMakeLists.txt | 2 +- src/analyzer/protocol/conn-size/Plugin.cc | 4 +- src/analyzer/protocol/dce-rpc/CMakeLists.txt | 2 +- src/analyzer/protocol/dce-rpc/Plugin.cc | 4 +- src/analyzer/protocol/dhcp/CMakeLists.txt | 2 +- src/analyzer/protocol/dhcp/Plugin.cc | 4 +- src/analyzer/protocol/dnp3/CMakeLists.txt | 2 +- src/analyzer/protocol/dnp3/Plugin.cc | 4 +- src/analyzer/protocol/dns/CMakeLists.txt | 2 +- src/analyzer/protocol/dns/Plugin.cc | 4 +- src/analyzer/protocol/file/CMakeLists.txt | 2 +- src/analyzer/protocol/file/Plugin.cc | 4 +- src/analyzer/protocol/finger/CMakeLists.txt | 2 +- src/analyzer/protocol/finger/Plugin.cc | 4 +- src/analyzer/protocol/ftp/CMakeLists.txt | 2 +- src/analyzer/protocol/ftp/Plugin.cc | 4 +- src/analyzer/protocol/gnutella/CMakeLists.txt | 2 +- src/analyzer/protocol/gnutella/Plugin.cc | 4 +- src/analyzer/protocol/gssapi/CMakeLists.txt | 2 +- src/analyzer/protocol/gssapi/Plugin.cc | 4 +- src/analyzer/protocol/gtpv1/CMakeLists.txt | 2 +- src/analyzer/protocol/gtpv1/Plugin.cc | 4 +- src/analyzer/protocol/http/CMakeLists.txt | 2 +- src/analyzer/protocol/http/Plugin.cc | 4 +- src/analyzer/protocol/icmp/CMakeLists.txt | 2 +- src/analyzer/protocol/icmp/Plugin.cc | 4 +- src/analyzer/protocol/ident/CMakeLists.txt | 2 +- src/analyzer/protocol/ident/Plugin.cc | 4 +- src/analyzer/protocol/imap/CMakeLists.txt | 2 +- src/analyzer/protocol/imap/Plugin.cc | 4 +- .../protocol/interconn/CMakeLists.txt | 2 +- src/analyzer/protocol/interconn/Plugin.cc | 4 +- src/analyzer/protocol/irc/CMakeLists.txt | 2 +- src/analyzer/protocol/irc/Plugin.cc | 4 +- src/analyzer/protocol/krb/CMakeLists.txt | 2 +- src/analyzer/protocol/krb/Plugin.cc | 4 +- src/analyzer/protocol/login/CMakeLists.txt | 2 +- src/analyzer/protocol/login/Plugin.cc | 4 +- src/analyzer/protocol/mime/CMakeLists.txt | 2 +- src/analyzer/protocol/mime/Plugin.cc | 4 +- src/analyzer/protocol/modbus/CMakeLists.txt | 2 +- src/analyzer/protocol/modbus/Plugin.cc | 4 +- src/analyzer/protocol/mysql/CMakeLists.txt | 2 +- src/analyzer/protocol/mysql/Plugin.cc | 4 +- src/analyzer/protocol/ncp/CMakeLists.txt | 2 +- src/analyzer/protocol/ncp/Plugin.cc | 4 +- src/analyzer/protocol/netbios/CMakeLists.txt | 2 +- src/analyzer/protocol/netbios/Plugin.cc | 4 +- src/analyzer/protocol/ntlm/CMakeLists.txt | 2 +- src/analyzer/protocol/ntlm/Plugin.cc | 4 +- src/analyzer/protocol/ntp/CMakeLists.txt | 2 +- src/analyzer/protocol/ntp/Plugin.cc | 4 +- src/analyzer/protocol/pia/CMakeLists.txt | 2 +- src/analyzer/protocol/pia/Plugin.cc | 4 +- src/analyzer/protocol/pop3/CMakeLists.txt | 2 +- src/analyzer/protocol/pop3/Plugin.cc | 4 +- src/analyzer/protocol/radius/CMakeLists.txt | 2 +- src/analyzer/protocol/radius/Plugin.cc | 4 +- src/analyzer/protocol/rdp/CMakeLists.txt | 2 +- src/analyzer/protocol/rdp/Plugin.cc | 4 +- src/analyzer/protocol/rfb/CMakeLists.txt | 2 +- src/analyzer/protocol/rfb/Plugin.cc | 6 +- src/analyzer/protocol/rpc/CMakeLists.txt | 2 +- src/analyzer/protocol/rpc/Plugin.cc | 4 +- src/analyzer/protocol/sip/CMakeLists.txt | 2 +- src/analyzer/protocol/sip/Plugin.cc | 4 +- src/analyzer/protocol/smb/CMakeLists.txt | 2 +- src/analyzer/protocol/smb/Plugin.cc | 4 +- src/analyzer/protocol/smtp/CMakeLists.txt | 2 +- src/analyzer/protocol/smtp/Plugin.cc | 4 +- src/analyzer/protocol/snmp/CMakeLists.txt | 2 +- src/analyzer/protocol/snmp/Plugin.cc | 4 +- src/analyzer/protocol/socks/CMakeLists.txt | 2 +- src/analyzer/protocol/socks/Plugin.cc | 4 +- src/analyzer/protocol/ssh/CMakeLists.txt | 2 +- src/analyzer/protocol/ssh/Plugin.cc | 4 +- src/analyzer/protocol/ssl/CMakeLists.txt | 2 +- src/analyzer/protocol/ssl/Plugin.cc | 4 +- .../protocol/stepping-stone/CMakeLists.txt | 2 +- .../protocol/stepping-stone/Plugin.cc | 4 +- src/analyzer/protocol/syslog/CMakeLists.txt | 2 +- src/analyzer/protocol/syslog/Plugin.cc | 4 +- src/analyzer/protocol/tcp/CMakeLists.txt | 2 +- src/analyzer/protocol/tcp/Plugin.cc | 4 +- src/analyzer/protocol/teredo/CMakeLists.txt | 2 +- src/analyzer/protocol/teredo/Plugin.cc | 4 +- src/analyzer/protocol/udp/CMakeLists.txt | 2 +- src/analyzer/protocol/udp/Plugin.cc | 4 +- src/analyzer/protocol/vxlan/CMakeLists.txt | 2 +- src/analyzer/protocol/vxlan/Plugin.cc | 4 +- src/analyzer/protocol/xmpp/CMakeLists.txt | 2 +- src/analyzer/protocol/xmpp/Plugin.cc | 4 +- src/analyzer/protocol/zip/CMakeLists.txt | 2 +- src/analyzer/protocol/zip/Plugin.cc | 4 +- .../analyzer/data_event/CMakeLists.txt | 2 +- .../analyzer/data_event/Plugin.cc | 4 +- .../analyzer/entropy/CMakeLists.txt | 2 +- src/file_analysis/analyzer/entropy/Plugin.cc | 4 +- .../analyzer/extract/CMakeLists.txt | 2 +- src/file_analysis/analyzer/extract/Plugin.cc | 4 +- .../analyzer/hash/CMakeLists.txt | 2 +- src/file_analysis/analyzer/hash/Plugin.cc | 4 +- src/file_analysis/analyzer/pe/CMakeLists.txt | 2 +- src/file_analysis/analyzer/pe/Plugin.cc | 4 +- .../analyzer/unified2/CMakeLists.txt | 2 +- src/file_analysis/analyzer/unified2/Plugin.cc | 4 +- .../analyzer/x509/CMakeLists.txt | 2 +- src/file_analysis/analyzer/x509/Plugin.cc | 4 +- src/input/readers/ascii/CMakeLists.txt | 2 +- src/input/readers/ascii/Plugin.cc | 4 +- src/input/readers/benchmark/CMakeLists.txt | 2 +- src/input/readers/benchmark/Plugin.cc | 4 +- src/input/readers/binary/CMakeLists.txt | 2 +- src/input/readers/binary/Plugin.cc | 4 +- src/input/readers/config/CMakeLists.txt | 2 +- src/input/readers/config/Plugin.cc | 4 +- src/input/readers/raw/CMakeLists.txt | 2 +- src/input/readers/raw/Plugin.cc | 6 +- src/input/readers/raw/Plugin.h | 2 +- src/input/readers/raw/Raw.cc | 2 +- src/input/readers/sqlite/CMakeLists.txt | 2 +- src/input/readers/sqlite/Plugin.cc | 4 +- src/iosource/pcap/CMakeLists.txt | 2 +- src/iosource/pcap/Plugin.cc | 4 +- src/logging/writers/ascii/CMakeLists.txt | 2 +- src/logging/writers/ascii/Plugin.cc | 4 +- src/logging/writers/none/CMakeLists.txt | 2 +- src/logging/writers/none/Plugin.cc | 4 +- src/logging/writers/sqlite/CMakeLists.txt | 2 +- src/logging/writers/sqlite/Plugin.cc | 4 +- .../canonified_loaded_scripts.log | 242 +++--- .../canonified_loaded_scripts.log | 242 +++--- testing/btest/Baseline/plugins.hooks/output | 740 +++++++++--------- .../base/frameworks/logging/sqlite/error.zeek | 2 +- .../base/frameworks/logging/sqlite/set.zeek | 2 +- .../logging/sqlite/simultaneous-writes.zeek | 2 +- .../base/frameworks/logging/sqlite/types.zeek | 2 +- .../frameworks/logging/sqlite/wikipedia.zeek | 2 +- 148 files changed, 830 insertions(+), 827 deletions(-) diff --git a/NEWS b/NEWS index 6abb21c055..b43f9333c1 100644 --- a/NEWS +++ b/NEWS @@ -265,6 +265,9 @@ Changed Functionality were parsed separately as some TLS protocol versions specified a separate timestamp field as part of the full 32-byte random sequence. +- The namespace used by all the builtin plugins that ship with Zeek have + changed to use "Zeek::" instead of "Bro::". + Removed Functionality --------------------- diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index c0d2da80e3..72c58105ae 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -4331,7 +4331,7 @@ export { type RDP::ClientChannelList: vector of ClientChannelDef; } -@load base/bif/plugins/Bro_SNMP.types.bif +@load base/bif/plugins/Zeek_SNMP.types.bif module SNMP; export { @@ -4453,7 +4453,7 @@ export { }; } -@load base/bif/plugins/Bro_KRB.types.bif +@load base/bif/plugins/Zeek_KRB.types.bif module KRB; export { diff --git a/src/analyzer/protocol/arp/CMakeLists.txt b/src/analyzer/protocol/arp/CMakeLists.txt index 9f28d80296..0b911b1979 100644 --- a/src/analyzer/protocol/arp/CMakeLists.txt +++ b/src/analyzer/protocol/arp/CMakeLists.txt @@ -8,7 +8,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro ARP) +zeek_plugin_begin(Zeek ARP) zeek_plugin_cc(ARP.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/arp/Plugin.cc b/src/analyzer/protocol/arp/Plugin.cc index d0297d5f78..0ba8648b30 100644 --- a/src/analyzer/protocol/arp/Plugin.cc +++ b/src/analyzer/protocol/arp/Plugin.cc @@ -4,14 +4,14 @@ #include "plugin/Plugin.h" namespace plugin { -namespace Bro_ARP { +namespace Zeek_ARP { class Plugin : public plugin::Plugin { public: plugin::Configuration Configure() { plugin::Configuration config; - config.name = "Bro::ARP"; + config.name = "Zeek::ARP"; config.description = "ARP Parsing"; return config; } diff --git a/src/analyzer/protocol/ayiya/CMakeLists.txt b/src/analyzer/protocol/ayiya/CMakeLists.txt index 6ad6cfcf17..480d0bdfeb 100644 --- a/src/analyzer/protocol/ayiya/CMakeLists.txt +++ b/src/analyzer/protocol/ayiya/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro AYIYA) +zeek_plugin_begin(Zeek AYIYA) zeek_plugin_cc(AYIYA.cc Plugin.cc) zeek_plugin_pac(ayiya.pac ayiya-protocol.pac ayiya-analyzer.pac) zeek_plugin_end() diff --git a/src/analyzer/protocol/ayiya/Plugin.cc b/src/analyzer/protocol/ayiya/Plugin.cc index 7b660722e4..2b4b8ee7d9 100644 --- a/src/analyzer/protocol/ayiya/Plugin.cc +++ b/src/analyzer/protocol/ayiya/Plugin.cc @@ -6,7 +6,7 @@ #include "AYIYA.h" namespace plugin { -namespace Bro_AYIYA { +namespace Zeek_AYIYA { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("AYIYA", ::analyzer::ayiya::AYIYA_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::AYIYA"; + config.name = "Zeek::AYIYA"; config.description = "AYIYA Analyzer"; return config; } diff --git a/src/analyzer/protocol/backdoor/CMakeLists.txt b/src/analyzer/protocol/backdoor/CMakeLists.txt index d45396f99d..66511d3d99 100644 --- a/src/analyzer/protocol/backdoor/CMakeLists.txt +++ b/src/analyzer/protocol/backdoor/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro BackDoor) +zeek_plugin_begin(Zeek BackDoor) zeek_plugin_cc(BackDoor.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/backdoor/Plugin.cc b/src/analyzer/protocol/backdoor/Plugin.cc index 111ba70709..aeec615c50 100644 --- a/src/analyzer/protocol/backdoor/Plugin.cc +++ b/src/analyzer/protocol/backdoor/Plugin.cc @@ -6,7 +6,7 @@ #include "BackDoor.h" namespace plugin { -namespace Bro_BackDoor { +namespace Zeek_BackDoor { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("BackDoor", ::analyzer::backdoor::BackDoor_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::BackDoor"; + config.name = "Zeek::BackDoor"; config.description = "Backdoor Analyzer deprecated"; return config; } diff --git a/src/analyzer/protocol/bittorrent/CMakeLists.txt b/src/analyzer/protocol/bittorrent/CMakeLists.txt index c7c8c82d2b..ca7c9b9e36 100644 --- a/src/analyzer/protocol/bittorrent/CMakeLists.txt +++ b/src/analyzer/protocol/bittorrent/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro BitTorrent) +zeek_plugin_begin(Zeek BitTorrent) zeek_plugin_cc(BitTorrent.cc BitTorrentTracker.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_pac(bittorrent.pac bittorrent-analyzer.pac bittorrent-protocol.pac) diff --git a/src/analyzer/protocol/bittorrent/Plugin.cc b/src/analyzer/protocol/bittorrent/Plugin.cc index b663dde25d..14f778ac9f 100644 --- a/src/analyzer/protocol/bittorrent/Plugin.cc +++ b/src/analyzer/protocol/bittorrent/Plugin.cc @@ -7,7 +7,7 @@ #include "BitTorrentTracker.h" namespace plugin { -namespace Bro_BitTorrent { +namespace Zeek_BitTorrent { class Plugin : public plugin::Plugin { public: @@ -17,7 +17,7 @@ public: AddComponent(new ::analyzer::Component("BitTorrentTracker", ::analyzer::bittorrent::BitTorrentTracker_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::BitTorrent"; + config.name = "Zeek::BitTorrent"; config.description = "BitTorrent Analyzer"; return config; } diff --git a/src/analyzer/protocol/conn-size/CMakeLists.txt b/src/analyzer/protocol/conn-size/CMakeLists.txt index fb2e7f68da..30b1bedab3 100644 --- a/src/analyzer/protocol/conn-size/CMakeLists.txt +++ b/src/analyzer/protocol/conn-size/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro ConnSize) +zeek_plugin_begin(Zeek ConnSize) zeek_plugin_cc(ConnSize.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_bif(functions.bif) diff --git a/src/analyzer/protocol/conn-size/Plugin.cc b/src/analyzer/protocol/conn-size/Plugin.cc index d373ce5d4a..ce1b600da2 100644 --- a/src/analyzer/protocol/conn-size/Plugin.cc +++ b/src/analyzer/protocol/conn-size/Plugin.cc @@ -6,7 +6,7 @@ #include "ConnSize.h" namespace plugin { -namespace Bro_ConnSize { +namespace Zeek_ConnSize { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("ConnSize", ::analyzer::conn_size::ConnSize_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::ConnSize"; + config.name = "Zeek::ConnSize"; config.description = "Connection size analyzer"; return config; } diff --git a/src/analyzer/protocol/dce-rpc/CMakeLists.txt b/src/analyzer/protocol/dce-rpc/CMakeLists.txt index db499691d7..286f7fd0b2 100644 --- a/src/analyzer/protocol/dce-rpc/CMakeLists.txt +++ b/src/analyzer/protocol/dce-rpc/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro DCE_RPC) +zeek_plugin_begin(Zeek DCE_RPC) zeek_plugin_cc(DCE_RPC.cc Plugin.cc) zeek_plugin_bif(consts.bif types.bif events.bif) zeek_plugin_pac( diff --git a/src/analyzer/protocol/dce-rpc/Plugin.cc b/src/analyzer/protocol/dce-rpc/Plugin.cc index c4d250921d..d821cbea2b 100644 --- a/src/analyzer/protocol/dce-rpc/Plugin.cc +++ b/src/analyzer/protocol/dce-rpc/Plugin.cc @@ -6,7 +6,7 @@ #include "DCE_RPC.h" namespace plugin { -namespace Bro_DCE_RPC { +namespace Zeek_DCE_RPC { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("DCE_RPC", ::analyzer::dce_rpc::DCE_RPC_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::DCE_RPC"; + config.name = "Zeek::DCE_RPC"; config.description = "DCE-RPC analyzer"; return config; } diff --git a/src/analyzer/protocol/dhcp/CMakeLists.txt b/src/analyzer/protocol/dhcp/CMakeLists.txt index df79660338..8fa784b4be 100644 --- a/src/analyzer/protocol/dhcp/CMakeLists.txt +++ b/src/analyzer/protocol/dhcp/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro DHCP) +zeek_plugin_begin(Zeek DHCP) zeek_plugin_cc(DHCP.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_bif(types.bif) diff --git a/src/analyzer/protocol/dhcp/Plugin.cc b/src/analyzer/protocol/dhcp/Plugin.cc index eecf6f9170..62318604c4 100644 --- a/src/analyzer/protocol/dhcp/Plugin.cc +++ b/src/analyzer/protocol/dhcp/Plugin.cc @@ -6,7 +6,7 @@ #include "DHCP.h" namespace plugin { -namespace Bro_DHCP { +namespace Zeek_DHCP { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("DHCP", ::analyzer::dhcp::DHCP_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::DHCP"; + config.name = "Zeek::DHCP"; config.description = "DHCP analyzer"; return config; } diff --git a/src/analyzer/protocol/dnp3/CMakeLists.txt b/src/analyzer/protocol/dnp3/CMakeLists.txt index 9134412a57..aaa7581319 100644 --- a/src/analyzer/protocol/dnp3/CMakeLists.txt +++ b/src/analyzer/protocol/dnp3/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro DNP3) +zeek_plugin_begin(Zeek DNP3) zeek_plugin_cc(DNP3.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_pac(dnp3.pac dnp3-analyzer.pac dnp3-protocol.pac dnp3-objects.pac) diff --git a/src/analyzer/protocol/dnp3/Plugin.cc b/src/analyzer/protocol/dnp3/Plugin.cc index 6a64138ce7..8543360b6a 100644 --- a/src/analyzer/protocol/dnp3/Plugin.cc +++ b/src/analyzer/protocol/dnp3/Plugin.cc @@ -6,7 +6,7 @@ #include "DNP3.h" namespace plugin { -namespace Bro_DNP3 { +namespace Zeek_DNP3 { class Plugin : public plugin::Plugin { public: @@ -16,7 +16,7 @@ public: AddComponent(new ::analyzer::Component("DNP3_UDP", ::analyzer::dnp3::DNP3_UDP_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::DNP3"; + config.name = "Zeek::DNP3"; config.description = "DNP3 UDP/TCP analyzers"; return config; } diff --git a/src/analyzer/protocol/dns/CMakeLists.txt b/src/analyzer/protocol/dns/CMakeLists.txt index bb01552bf5..76c3129eba 100644 --- a/src/analyzer/protocol/dns/CMakeLists.txt +++ b/src/analyzer/protocol/dns/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro DNS) +zeek_plugin_begin(Zeek DNS) zeek_plugin_cc(DNS.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/dns/Plugin.cc b/src/analyzer/protocol/dns/Plugin.cc index 1cba094c54..3ceef34ea1 100644 --- a/src/analyzer/protocol/dns/Plugin.cc +++ b/src/analyzer/protocol/dns/Plugin.cc @@ -6,7 +6,7 @@ #include "DNS.h" namespace plugin { -namespace Bro_DNS { +namespace Zeek_DNS { class Plugin : public plugin::Plugin { public: @@ -16,7 +16,7 @@ public: AddComponent(new ::analyzer::Component("Contents_DNS", 0)); plugin::Configuration config; - config.name = "Bro::DNS"; + config.name = "Zeek::DNS"; config.description = "DNS analyzer"; return config; } diff --git a/src/analyzer/protocol/file/CMakeLists.txt b/src/analyzer/protocol/file/CMakeLists.txt index 0746f8d785..5c11356991 100644 --- a/src/analyzer/protocol/file/CMakeLists.txt +++ b/src/analyzer/protocol/file/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro File) +zeek_plugin_begin(Zeek File) zeek_plugin_cc(File.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/file/Plugin.cc b/src/analyzer/protocol/file/Plugin.cc index 499736ebd8..36586fb6a9 100644 --- a/src/analyzer/protocol/file/Plugin.cc +++ b/src/analyzer/protocol/file/Plugin.cc @@ -6,7 +6,7 @@ #include "./File.h" namespace plugin { -namespace Bro_File { +namespace Zeek_File { class Plugin : public plugin::Plugin { public: @@ -16,7 +16,7 @@ public: AddComponent(new ::analyzer::Component("IRC_Data", ::analyzer::file::IRC_Data::Instantiate)); plugin::Configuration config; - config.name = "Bro::File"; + config.name = "Zeek::File"; config.description = "Generic file analyzer"; return config; } diff --git a/src/analyzer/protocol/finger/CMakeLists.txt b/src/analyzer/protocol/finger/CMakeLists.txt index 095b3e81ec..e89f268a8a 100644 --- a/src/analyzer/protocol/finger/CMakeLists.txt +++ b/src/analyzer/protocol/finger/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro Finger) +zeek_plugin_begin(Zeek Finger) zeek_plugin_cc(Finger.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/finger/Plugin.cc b/src/analyzer/protocol/finger/Plugin.cc index 7dbaaf702d..b6fafd3b4c 100644 --- a/src/analyzer/protocol/finger/Plugin.cc +++ b/src/analyzer/protocol/finger/Plugin.cc @@ -5,7 +5,7 @@ #include "Finger.h" namespace plugin { -namespace Bro_Finger { +namespace Zeek_Finger { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::analyzer::Component("Finger", ::analyzer::finger::Finger_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::Finger"; + config.name = "Zeek::Finger"; config.description = "Finger analyzer"; return config; } diff --git a/src/analyzer/protocol/ftp/CMakeLists.txt b/src/analyzer/protocol/ftp/CMakeLists.txt index f55edec611..ff6d372295 100644 --- a/src/analyzer/protocol/ftp/CMakeLists.txt +++ b/src/analyzer/protocol/ftp/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro FTP) +zeek_plugin_begin(Zeek FTP) zeek_plugin_cc(FTP.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_bif(functions.bif) diff --git a/src/analyzer/protocol/ftp/Plugin.cc b/src/analyzer/protocol/ftp/Plugin.cc index 80e5bf4381..ae70d2f705 100644 --- a/src/analyzer/protocol/ftp/Plugin.cc +++ b/src/analyzer/protocol/ftp/Plugin.cc @@ -6,7 +6,7 @@ #include "FTP.h" namespace plugin { -namespace Bro_FTP { +namespace Zeek_FTP { class Plugin : public plugin::Plugin { public: @@ -16,7 +16,7 @@ public: AddComponent(new ::analyzer::Component("FTP_ADAT", 0)); plugin::Configuration config; - config.name = "Bro::FTP"; + config.name = "Zeek::FTP"; config.description = "FTP analyzer"; return config; } diff --git a/src/analyzer/protocol/gnutella/CMakeLists.txt b/src/analyzer/protocol/gnutella/CMakeLists.txt index 254fd667ff..d463ac6af7 100644 --- a/src/analyzer/protocol/gnutella/CMakeLists.txt +++ b/src/analyzer/protocol/gnutella/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro Gnutella) +zeek_plugin_begin(Zeek Gnutella) zeek_plugin_cc(Gnutella.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/gnutella/Plugin.cc b/src/analyzer/protocol/gnutella/Plugin.cc index afd0ff491e..b6a560ec58 100644 --- a/src/analyzer/protocol/gnutella/Plugin.cc +++ b/src/analyzer/protocol/gnutella/Plugin.cc @@ -6,7 +6,7 @@ #include "Gnutella.h" namespace plugin { -namespace Bro_Gnutella { +namespace Zeek_Gnutella { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("Gnutella", ::analyzer::gnutella::Gnutella_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::Gnutella"; + config.name = "Zeek::Gnutella"; config.description = "Gnutella analyzer"; return config; } diff --git a/src/analyzer/protocol/gssapi/CMakeLists.txt b/src/analyzer/protocol/gssapi/CMakeLists.txt index 0ed07e2263..74ae705313 100644 --- a/src/analyzer/protocol/gssapi/CMakeLists.txt +++ b/src/analyzer/protocol/gssapi/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro GSSAPI) +zeek_plugin_begin(Zeek GSSAPI) zeek_plugin_cc(GSSAPI.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_pac( diff --git a/src/analyzer/protocol/gssapi/Plugin.cc b/src/analyzer/protocol/gssapi/Plugin.cc index 3765d9b79d..c0cd7fe11c 100644 --- a/src/analyzer/protocol/gssapi/Plugin.cc +++ b/src/analyzer/protocol/gssapi/Plugin.cc @@ -5,7 +5,7 @@ #include "GSSAPI.h" namespace plugin { -namespace Bro_GSSAPI { +namespace Zeek_GSSAPI { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::analyzer::Component("GSSAPI", ::analyzer::gssapi::GSSAPI_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::GSSAPI"; + config.name = "Zeek::GSSAPI"; config.description = "GSSAPI analyzer"; return config; } diff --git a/src/analyzer/protocol/gtpv1/CMakeLists.txt b/src/analyzer/protocol/gtpv1/CMakeLists.txt index 0c2f243eda..61856cf1f1 100644 --- a/src/analyzer/protocol/gtpv1/CMakeLists.txt +++ b/src/analyzer/protocol/gtpv1/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro GTPv1) +zeek_plugin_begin(Zeek GTPv1) zeek_plugin_cc(GTPv1.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_pac(gtpv1.pac gtpv1-protocol.pac gtpv1-analyzer.pac) diff --git a/src/analyzer/protocol/gtpv1/Plugin.cc b/src/analyzer/protocol/gtpv1/Plugin.cc index 846c78d18f..4b7929a747 100644 --- a/src/analyzer/protocol/gtpv1/Plugin.cc +++ b/src/analyzer/protocol/gtpv1/Plugin.cc @@ -6,7 +6,7 @@ #include "GTPv1.h" namespace plugin { -namespace Bro_GTPv1 { +namespace Zeek_GTPv1 { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("GTPv1", ::analyzer::gtpv1::GTPv1_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::GTPv1"; + config.name = "Zeek::GTPv1"; config.description = "GTPv1 analyzer"; return config; } diff --git a/src/analyzer/protocol/http/CMakeLists.txt b/src/analyzer/protocol/http/CMakeLists.txt index 555252b2d6..1b173e6949 100644 --- a/src/analyzer/protocol/http/CMakeLists.txt +++ b/src/analyzer/protocol/http/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro HTTP) +zeek_plugin_begin(Zeek HTTP) zeek_plugin_cc(HTTP.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_bif(functions.bif) diff --git a/src/analyzer/protocol/http/Plugin.cc b/src/analyzer/protocol/http/Plugin.cc index f88866f66f..f2b7402415 100644 --- a/src/analyzer/protocol/http/Plugin.cc +++ b/src/analyzer/protocol/http/Plugin.cc @@ -6,7 +6,7 @@ #include "HTTP.h" namespace plugin { -namespace Bro_HTTP { +namespace Zeek_HTTP { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("HTTP", ::analyzer::http::HTTP_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::HTTP"; + config.name = "Zeek::HTTP"; config.description = "HTTP analyzer"; return config; } diff --git a/src/analyzer/protocol/icmp/CMakeLists.txt b/src/analyzer/protocol/icmp/CMakeLists.txt index 0dfcea50ef..875b3597ec 100644 --- a/src/analyzer/protocol/icmp/CMakeLists.txt +++ b/src/analyzer/protocol/icmp/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro ICMP) +zeek_plugin_begin(Zeek ICMP) zeek_plugin_cc(ICMP.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/icmp/Plugin.cc b/src/analyzer/protocol/icmp/Plugin.cc index f216bcbbe9..390eb751d1 100644 --- a/src/analyzer/protocol/icmp/Plugin.cc +++ b/src/analyzer/protocol/icmp/Plugin.cc @@ -6,7 +6,7 @@ #include "ICMP.h" namespace plugin { -namespace Bro_ICMP { +namespace Zeek_ICMP { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("ICMP", ::analyzer::icmp::ICMP_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::ICMP"; + config.name = "Zeek::ICMP"; config.description = "ICMP analyzer"; return config; } diff --git a/src/analyzer/protocol/ident/CMakeLists.txt b/src/analyzer/protocol/ident/CMakeLists.txt index eed123d31c..22ac6e94a1 100644 --- a/src/analyzer/protocol/ident/CMakeLists.txt +++ b/src/analyzer/protocol/ident/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro Ident) +zeek_plugin_begin(Zeek Ident) zeek_plugin_cc(Ident.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/ident/Plugin.cc b/src/analyzer/protocol/ident/Plugin.cc index e495210f08..23a798a72f 100644 --- a/src/analyzer/protocol/ident/Plugin.cc +++ b/src/analyzer/protocol/ident/Plugin.cc @@ -6,7 +6,7 @@ #include "Ident.h" namespace plugin { -namespace Bro_Ident { +namespace Zeek_Ident { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("Ident", ::analyzer::ident::Ident_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::Ident"; + config.name = "Zeek::Ident"; config.description = "Ident analyzer"; return config; } diff --git a/src/analyzer/protocol/imap/CMakeLists.txt b/src/analyzer/protocol/imap/CMakeLists.txt index 0a84b0ce09..472b465b71 100644 --- a/src/analyzer/protocol/imap/CMakeLists.txt +++ b/src/analyzer/protocol/imap/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro IMAP) +zeek_plugin_begin(Zeek IMAP) zeek_plugin_cc(Plugin.cc) zeek_plugin_cc(IMAP.cc) zeek_plugin_bif(events.bif) diff --git a/src/analyzer/protocol/imap/Plugin.cc b/src/analyzer/protocol/imap/Plugin.cc index 63358f1aeb..3192ea8f28 100644 --- a/src/analyzer/protocol/imap/Plugin.cc +++ b/src/analyzer/protocol/imap/Plugin.cc @@ -3,7 +3,7 @@ #include "IMAP.h" namespace plugin { -namespace Bro_IMAP { +namespace Zeek_IMAP { class Plugin : public plugin::Plugin { public: @@ -12,7 +12,7 @@ public: AddComponent(new ::analyzer::Component("IMAP", ::analyzer::imap::IMAP_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::IMAP"; + config.name = "Zeek::IMAP"; config.description = "IMAP analyzer (StartTLS only)"; return config; } diff --git a/src/analyzer/protocol/interconn/CMakeLists.txt b/src/analyzer/protocol/interconn/CMakeLists.txt index 0a00a441f1..c1cf40da3f 100644 --- a/src/analyzer/protocol/interconn/CMakeLists.txt +++ b/src/analyzer/protocol/interconn/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro InterConn) +zeek_plugin_begin(Zeek InterConn) zeek_plugin_cc(InterConn.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/interconn/Plugin.cc b/src/analyzer/protocol/interconn/Plugin.cc index a4ee39ca07..bbd1b866ed 100644 --- a/src/analyzer/protocol/interconn/Plugin.cc +++ b/src/analyzer/protocol/interconn/Plugin.cc @@ -6,7 +6,7 @@ #include "InterConn.h" namespace plugin { -namespace Bro_InterConn { +namespace Zeek_InterConn { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("InterConn", ::analyzer::interconn::InterConn_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::InterConn"; + config.name = "Zeek::InterConn"; config.description = "InterConn analyzer deprecated"; return config; } diff --git a/src/analyzer/protocol/irc/CMakeLists.txt b/src/analyzer/protocol/irc/CMakeLists.txt index 50e4dcb90d..4538172d75 100644 --- a/src/analyzer/protocol/irc/CMakeLists.txt +++ b/src/analyzer/protocol/irc/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro IRC) +zeek_plugin_begin(Zeek IRC) zeek_plugin_cc(IRC.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/irc/Plugin.cc b/src/analyzer/protocol/irc/Plugin.cc index 54769ba0b0..fc63baad12 100644 --- a/src/analyzer/protocol/irc/Plugin.cc +++ b/src/analyzer/protocol/irc/Plugin.cc @@ -6,7 +6,7 @@ #include "IRC.h" namespace plugin { -namespace Bro_IRC { +namespace Zeek_IRC { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("IRC", ::analyzer::irc::IRC_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::IRC"; + config.name = "Zeek::IRC"; config.description = "IRC analyzer"; return config; } diff --git a/src/analyzer/protocol/krb/CMakeLists.txt b/src/analyzer/protocol/krb/CMakeLists.txt index bf82ca0b64..d052e9bb6c 100644 --- a/src/analyzer/protocol/krb/CMakeLists.txt +++ b/src/analyzer/protocol/krb/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro KRB) +zeek_plugin_begin(Zeek KRB) zeek_plugin_cc(Plugin.cc) zeek_plugin_cc(KRB.cc) zeek_plugin_cc(KRB_TCP.cc) diff --git a/src/analyzer/protocol/krb/Plugin.cc b/src/analyzer/protocol/krb/Plugin.cc index ffbefb5b1c..707498f729 100644 --- a/src/analyzer/protocol/krb/Plugin.cc +++ b/src/analyzer/protocol/krb/Plugin.cc @@ -5,7 +5,7 @@ #include "KRB_TCP.h" namespace plugin { - namespace Bro_KRB { + namespace Zeek_KRB { class Plugin : public plugin::Plugin { public: plugin::Configuration Configure() @@ -13,7 +13,7 @@ namespace plugin { AddComponent(new ::analyzer::Component("KRB", ::analyzer::krb::KRB_Analyzer::Instantiate)); AddComponent(new ::analyzer::Component("KRB_TCP", ::analyzer::krb_tcp::KRB_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::KRB"; + config.name = "Zeek::KRB"; config.description = "Kerberos analyzer"; return config; } diff --git a/src/analyzer/protocol/login/CMakeLists.txt b/src/analyzer/protocol/login/CMakeLists.txt index 98eecb7300..cb8217aaeb 100644 --- a/src/analyzer/protocol/login/CMakeLists.txt +++ b/src/analyzer/protocol/login/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro Login) +zeek_plugin_begin(Zeek Login) zeek_plugin_cc(Login.cc RSH.cc Telnet.cc Rlogin.cc NVT.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_bif(functions.bif) diff --git a/src/analyzer/protocol/login/Plugin.cc b/src/analyzer/protocol/login/Plugin.cc index 3e4a83ceae..182c070592 100644 --- a/src/analyzer/protocol/login/Plugin.cc +++ b/src/analyzer/protocol/login/Plugin.cc @@ -9,7 +9,7 @@ #include "Rlogin.h" namespace plugin { -namespace Bro_Login { +namespace Zeek_Login { class Plugin : public plugin::Plugin { public: @@ -24,7 +24,7 @@ public: AddComponent(new ::analyzer::Component("Contents_Rlogin", 0)); plugin::Configuration config; - config.name = "Bro::Login"; + config.name = "Zeek::Login"; config.description = "Telnet/Rsh/Rlogin analyzers"; return config; } diff --git a/src/analyzer/protocol/mime/CMakeLists.txt b/src/analyzer/protocol/mime/CMakeLists.txt index 571ac2de9f..6275297dc9 100644 --- a/src/analyzer/protocol/mime/CMakeLists.txt +++ b/src/analyzer/protocol/mime/CMakeLists.txt @@ -8,7 +8,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro MIME) +zeek_plugin_begin(Zeek MIME) zeek_plugin_cc(MIME.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/mime/Plugin.cc b/src/analyzer/protocol/mime/Plugin.cc index f7a1c22f3e..6cff9f0a5a 100644 --- a/src/analyzer/protocol/mime/Plugin.cc +++ b/src/analyzer/protocol/mime/Plugin.cc @@ -4,14 +4,14 @@ #include "plugin/Plugin.h" namespace plugin { -namespace Bro_MIME { +namespace Zeek_MIME { class Plugin : public plugin::Plugin { public: plugin::Configuration Configure() { plugin::Configuration config; - config.name = "Bro::MIME"; + config.name = "Zeek::MIME"; config.description = "MIME parsing"; return config; } diff --git a/src/analyzer/protocol/modbus/CMakeLists.txt b/src/analyzer/protocol/modbus/CMakeLists.txt index 210609f504..2560f18a60 100644 --- a/src/analyzer/protocol/modbus/CMakeLists.txt +++ b/src/analyzer/protocol/modbus/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro Modbus) +zeek_plugin_begin(Zeek Modbus) zeek_plugin_cc(Modbus.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_pac(modbus.pac modbus-analyzer.pac modbus-protocol.pac) diff --git a/src/analyzer/protocol/modbus/Plugin.cc b/src/analyzer/protocol/modbus/Plugin.cc index 8a01878113..68b78fcbe7 100644 --- a/src/analyzer/protocol/modbus/Plugin.cc +++ b/src/analyzer/protocol/modbus/Plugin.cc @@ -6,7 +6,7 @@ #include "Modbus.h" namespace plugin { -namespace Bro_Modbus { +namespace Zeek_Modbus { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("MODBUS", ::analyzer::modbus::ModbusTCP_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::Modbus"; + config.name = "Zeek::Modbus"; config.description = "Modbus analyzer"; return config; } diff --git a/src/analyzer/protocol/mysql/CMakeLists.txt b/src/analyzer/protocol/mysql/CMakeLists.txt index 01dbefdd3f..3ac448c665 100644 --- a/src/analyzer/protocol/mysql/CMakeLists.txt +++ b/src/analyzer/protocol/mysql/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro MySQL) +zeek_plugin_begin(Zeek MySQL) zeek_plugin_cc(MySQL.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_pac(mysql.pac mysql-analyzer.pac mysql-protocol.pac) diff --git a/src/analyzer/protocol/mysql/Plugin.cc b/src/analyzer/protocol/mysql/Plugin.cc index 48bfd04a97..0f484e29ce 100644 --- a/src/analyzer/protocol/mysql/Plugin.cc +++ b/src/analyzer/protocol/mysql/Plugin.cc @@ -5,14 +5,14 @@ #include "MySQL.h" namespace plugin { - namespace Bro_MySQL { + namespace Zeek_MySQL { class Plugin : public plugin::Plugin { public: plugin::Configuration Configure() { AddComponent(new ::analyzer::Component("MySQL", ::analyzer::MySQL::MySQL_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::MySQL"; + config.name = "Zeek::MySQL"; config.description = "MySQL analyzer"; return config; } diff --git a/src/analyzer/protocol/ncp/CMakeLists.txt b/src/analyzer/protocol/ncp/CMakeLists.txt index 0257c5aba6..62b198553b 100644 --- a/src/analyzer/protocol/ncp/CMakeLists.txt +++ b/src/analyzer/protocol/ncp/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro NCP) +zeek_plugin_begin(Zeek NCP) zeek_plugin_cc(NCP.cc Plugin.cc) zeek_plugin_bif(events.bif consts.bif) zeek_plugin_pac(ncp.pac) diff --git a/src/analyzer/protocol/ncp/Plugin.cc b/src/analyzer/protocol/ncp/Plugin.cc index fe1de9a250..9ea75a4674 100644 --- a/src/analyzer/protocol/ncp/Plugin.cc +++ b/src/analyzer/protocol/ncp/Plugin.cc @@ -6,7 +6,7 @@ #include "NCP.h" namespace plugin { -namespace Bro_NCP { +namespace Zeek_NCP { class Plugin : public plugin::Plugin { public: @@ -16,7 +16,7 @@ public: AddComponent(new ::analyzer::Component("Contents_NCP", 0)); plugin::Configuration config; - config.name = "Bro::NCP"; + config.name = "Zeek::NCP"; config.description = "NCP analyzer"; return config; } diff --git a/src/analyzer/protocol/netbios/CMakeLists.txt b/src/analyzer/protocol/netbios/CMakeLists.txt index 3f4e53ac66..4ae22a6f42 100644 --- a/src/analyzer/protocol/netbios/CMakeLists.txt +++ b/src/analyzer/protocol/netbios/CMakeLists.txt @@ -5,7 +5,7 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DI include_directories(AFTER ${CMAKE_CURRENT_BINARY_DIR}/../dce-rpc) include_directories(AFTER ${CMAKE_CURRENT_BINARY_DIR}/../smb) -zeek_plugin_begin(Bro NetBIOS) +zeek_plugin_begin(Zeek NetBIOS) zeek_plugin_cc(NetbiosSSN.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_bif(functions.bif) diff --git a/src/analyzer/protocol/netbios/Plugin.cc b/src/analyzer/protocol/netbios/Plugin.cc index 0ec730889d..7f49cdfb09 100644 --- a/src/analyzer/protocol/netbios/Plugin.cc +++ b/src/analyzer/protocol/netbios/Plugin.cc @@ -6,7 +6,7 @@ #include "NetbiosSSN.h" namespace plugin { -namespace Bro_NetBIOS { +namespace Zeek_NetBIOS { class Plugin : public plugin::Plugin { public: @@ -16,7 +16,7 @@ public: AddComponent(new ::analyzer::Component("Contents_NetbiosSSN", 0)); plugin::Configuration config; - config.name = "Bro::NetBIOS"; + config.name = "Zeek::NetBIOS"; config.description = "NetBIOS analyzer support"; return config; } diff --git a/src/analyzer/protocol/ntlm/CMakeLists.txt b/src/analyzer/protocol/ntlm/CMakeLists.txt index e7adf7470c..e2e627f36b 100644 --- a/src/analyzer/protocol/ntlm/CMakeLists.txt +++ b/src/analyzer/protocol/ntlm/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro NTLM) +zeek_plugin_begin(Zeek NTLM) zeek_plugin_cc(NTLM.cc Plugin.cc) zeek_plugin_bif(types.bif events.bif) zeek_plugin_pac( diff --git a/src/analyzer/protocol/ntlm/Plugin.cc b/src/analyzer/protocol/ntlm/Plugin.cc index a9450537b5..e85b0cff17 100644 --- a/src/analyzer/protocol/ntlm/Plugin.cc +++ b/src/analyzer/protocol/ntlm/Plugin.cc @@ -5,7 +5,7 @@ #include "NTLM.h" namespace plugin { -namespace Bro_NTLM { +namespace Zeek_NTLM { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::analyzer::Component("NTLM", ::analyzer::ntlm::NTLM_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::NTLM"; + config.name = "Zeek::NTLM"; config.description = "NTLM analyzer"; return config; } diff --git a/src/analyzer/protocol/ntp/CMakeLists.txt b/src/analyzer/protocol/ntp/CMakeLists.txt index d541755904..8395031a32 100644 --- a/src/analyzer/protocol/ntp/CMakeLists.txt +++ b/src/analyzer/protocol/ntp/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro NTP) +zeek_plugin_begin(Zeek NTP) zeek_plugin_cc(NTP.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/ntp/Plugin.cc b/src/analyzer/protocol/ntp/Plugin.cc index 3399fbb867..bd426d5fc1 100644 --- a/src/analyzer/protocol/ntp/Plugin.cc +++ b/src/analyzer/protocol/ntp/Plugin.cc @@ -6,7 +6,7 @@ #include "NTP.h" namespace plugin { -namespace Bro_NTP { +namespace Zeek_NTP { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("NTP", ::analyzer::ntp::NTP_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::NTP"; + config.name = "Zeek::NTP"; config.description = "NTP analyzer"; return config; } diff --git a/src/analyzer/protocol/pia/CMakeLists.txt b/src/analyzer/protocol/pia/CMakeLists.txt index d00030f20a..b2bcf0c70c 100644 --- a/src/analyzer/protocol/pia/CMakeLists.txt +++ b/src/analyzer/protocol/pia/CMakeLists.txt @@ -3,6 +3,6 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro PIA) +zeek_plugin_begin(Zeek PIA) zeek_plugin_cc(PIA.cc Plugin.cc) zeek_plugin_end() diff --git a/src/analyzer/protocol/pia/Plugin.cc b/src/analyzer/protocol/pia/Plugin.cc index 983617be66..c46e710f9d 100644 --- a/src/analyzer/protocol/pia/Plugin.cc +++ b/src/analyzer/protocol/pia/Plugin.cc @@ -6,7 +6,7 @@ #include "PIA.h" namespace plugin { -namespace Bro_PIA { +namespace Zeek_PIA { class Plugin : public plugin::Plugin { public: @@ -16,7 +16,7 @@ public: AddComponent(new ::analyzer::Component("PIA_UDP", ::analyzer::pia::PIA_UDP::Instantiate)); plugin::Configuration config; - config.name = "Bro::PIA"; + config.name = "Zeek::PIA"; config.description = "Analyzers implementing Dynamic Protocol"; return config; } diff --git a/src/analyzer/protocol/pop3/CMakeLists.txt b/src/analyzer/protocol/pop3/CMakeLists.txt index 2c17c3472b..dcca381140 100644 --- a/src/analyzer/protocol/pop3/CMakeLists.txt +++ b/src/analyzer/protocol/pop3/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro POP3) +zeek_plugin_begin(Zeek POP3) zeek_plugin_cc(POP3.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/pop3/Plugin.cc b/src/analyzer/protocol/pop3/Plugin.cc index f6a97b824e..0fed697e83 100644 --- a/src/analyzer/protocol/pop3/Plugin.cc +++ b/src/analyzer/protocol/pop3/Plugin.cc @@ -6,7 +6,7 @@ #include "POP3.h" namespace plugin { -namespace Bro_POP3 { +namespace Zeek_POP3 { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("POP3", ::analyzer::pop3::POP3_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::POP3"; + config.name = "Zeek::POP3"; config.description = "POP3 analyzer"; return config; } diff --git a/src/analyzer/protocol/radius/CMakeLists.txt b/src/analyzer/protocol/radius/CMakeLists.txt index 14fdcda418..3e5477be9e 100644 --- a/src/analyzer/protocol/radius/CMakeLists.txt +++ b/src/analyzer/protocol/radius/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro RADIUS) +zeek_plugin_begin(Zeek RADIUS) zeek_plugin_cc(RADIUS.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_pac(radius.pac radius-analyzer.pac radius-protocol.pac) diff --git a/src/analyzer/protocol/radius/Plugin.cc b/src/analyzer/protocol/radius/Plugin.cc index c2729289ef..8b6efe15b8 100644 --- a/src/analyzer/protocol/radius/Plugin.cc +++ b/src/analyzer/protocol/radius/Plugin.cc @@ -6,7 +6,7 @@ #include "RADIUS.h" namespace plugin { -namespace Bro_RADIUS { +namespace Zeek_RADIUS { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("RADIUS", ::analyzer::RADIUS::RADIUS_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::RADIUS"; + config.name = "Zeek::RADIUS"; config.description = "RADIUS analyzer"; return config; } diff --git a/src/analyzer/protocol/rdp/CMakeLists.txt b/src/analyzer/protocol/rdp/CMakeLists.txt index 8e0e821f5a..67ad09c18c 100644 --- a/src/analyzer/protocol/rdp/CMakeLists.txt +++ b/src/analyzer/protocol/rdp/CMakeLists.txt @@ -2,7 +2,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro RDP) +zeek_plugin_begin(Zeek RDP) zeek_plugin_cc(RDP.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_bif(types.bif) diff --git a/src/analyzer/protocol/rdp/Plugin.cc b/src/analyzer/protocol/rdp/Plugin.cc index 770bdfc730..169c7501d6 100644 --- a/src/analyzer/protocol/rdp/Plugin.cc +++ b/src/analyzer/protocol/rdp/Plugin.cc @@ -3,7 +3,7 @@ #include "RDP.h" namespace plugin { -namespace Bro_RDP { +namespace Zeek_RDP { class Plugin : public plugin::Plugin { public: @@ -12,7 +12,7 @@ public: AddComponent(new ::analyzer::Component("RDP", ::analyzer::rdp::RDP_Analyzer::InstantiateAnalyzer)); plugin::Configuration config; - config.name = "Bro::RDP"; + config.name = "Zeek::RDP"; config.description = "RDP analyzer"; return config; } diff --git a/src/analyzer/protocol/rfb/CMakeLists.txt b/src/analyzer/protocol/rfb/CMakeLists.txt index 72b4bc240e..10c8b2de12 100644 --- a/src/analyzer/protocol/rfb/CMakeLists.txt +++ b/src/analyzer/protocol/rfb/CMakeLists.txt @@ -2,7 +2,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro RFB) +zeek_plugin_begin(Zeek RFB) zeek_plugin_cc(RFB.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_pac(rfb.pac rfb-analyzer.pac rfb-protocol.pac) diff --git a/src/analyzer/protocol/rfb/Plugin.cc b/src/analyzer/protocol/rfb/Plugin.cc index b3bed0f093..8cf53bb007 100644 --- a/src/analyzer/protocol/rfb/Plugin.cc +++ b/src/analyzer/protocol/rfb/Plugin.cc @@ -3,7 +3,7 @@ #include "RFB.h" namespace plugin { -namespace Bro_RFB { +namespace Zeek_RFB { class Plugin : public plugin::Plugin { public: @@ -13,11 +13,11 @@ public: ::analyzer::rfb::RFB_Analyzer::InstantiateAnalyzer)); plugin::Configuration config; - config.name = "Bro::RFB"; + config.name = "Zeek::RFB"; config.description = "Parser for rfb (VNC) analyzer"; return config; } } plugin; } -} \ No newline at end of file +} diff --git a/src/analyzer/protocol/rpc/CMakeLists.txt b/src/analyzer/protocol/rpc/CMakeLists.txt index 82168bb364..f1da2c9692 100644 --- a/src/analyzer/protocol/rpc/CMakeLists.txt +++ b/src/analyzer/protocol/rpc/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro RPC) +zeek_plugin_begin(Zeek RPC) zeek_plugin_cc(RPC.cc NFS.cc MOUNT.cc Portmap.cc XDR.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/rpc/Plugin.cc b/src/analyzer/protocol/rpc/Plugin.cc index abc2f679f2..2fff0ff6cf 100644 --- a/src/analyzer/protocol/rpc/Plugin.cc +++ b/src/analyzer/protocol/rpc/Plugin.cc @@ -9,7 +9,7 @@ #include "Portmap.h" namespace plugin { -namespace Bro_RPC { +namespace Zeek_RPC { class Plugin : public plugin::Plugin { public: @@ -22,7 +22,7 @@ public: AddComponent(new ::analyzer::Component("Contents_NFS", 0)); plugin::Configuration config; - config.name = "Bro::RPC"; + config.name = "Zeek::RPC"; config.description = "Analyzers for RPC-based protocols"; return config; } diff --git a/src/analyzer/protocol/sip/CMakeLists.txt b/src/analyzer/protocol/sip/CMakeLists.txt index d9e2871063..e0ae9d2b90 100644 --- a/src/analyzer/protocol/sip/CMakeLists.txt +++ b/src/analyzer/protocol/sip/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro SIP) +zeek_plugin_begin(Zeek SIP) zeek_plugin_cc(Plugin.cc) zeek_plugin_cc(SIP.cc) zeek_plugin_cc(SIP_TCP.cc) diff --git a/src/analyzer/protocol/sip/Plugin.cc b/src/analyzer/protocol/sip/Plugin.cc index cb8d49ddb6..23ddebc12c 100644 --- a/src/analyzer/protocol/sip/Plugin.cc +++ b/src/analyzer/protocol/sip/Plugin.cc @@ -7,7 +7,7 @@ #include "SIP_TCP.h" namespace plugin { -namespace Bro_SIP { +namespace Zeek_SIP { class Plugin : public plugin::Plugin { public: @@ -19,7 +19,7 @@ public: // AddComponent(new ::analyzer::Component("SIP_TCP", ::analyzer::sip_tcp::SIP_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::SIP"; + config.name = "Zeek::SIP"; config.description = "SIP analyzer UDP-only"; return config; } diff --git a/src/analyzer/protocol/smb/CMakeLists.txt b/src/analyzer/protocol/smb/CMakeLists.txt index 04e6720b57..5fbbe190d0 100644 --- a/src/analyzer/protocol/smb/CMakeLists.txt +++ b/src/analyzer/protocol/smb/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) include_directories(AFTER ${CMAKE_CURRENT_BINARY_DIR}/../dce-rpc) -zeek_plugin_begin(Bro SMB) +zeek_plugin_begin(Zeek SMB) zeek_plugin_cc(SMB.cc Plugin.cc) zeek_plugin_bif( smb1_com_check_directory.bif diff --git a/src/analyzer/protocol/smb/Plugin.cc b/src/analyzer/protocol/smb/Plugin.cc index 7af28aa671..788333bb7c 100644 --- a/src/analyzer/protocol/smb/Plugin.cc +++ b/src/analyzer/protocol/smb/Plugin.cc @@ -5,7 +5,7 @@ #include "SMB.h" namespace plugin { -namespace Bro_SMB { +namespace Zeek_SMB { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("Contents_SMB", 0)); plugin::Configuration config; - config.name = "Bro::SMB"; + config.name = "Zeek::SMB"; config.description = "SMB analyzer"; return config; } diff --git a/src/analyzer/protocol/smtp/CMakeLists.txt b/src/analyzer/protocol/smtp/CMakeLists.txt index f338ebc4c7..3ffebc66a8 100644 --- a/src/analyzer/protocol/smtp/CMakeLists.txt +++ b/src/analyzer/protocol/smtp/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro SMTP) +zeek_plugin_begin(Zeek SMTP) zeek_plugin_cc(SMTP.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_bif(functions.bif) diff --git a/src/analyzer/protocol/smtp/Plugin.cc b/src/analyzer/protocol/smtp/Plugin.cc index ae0ef0e71a..784da4d860 100644 --- a/src/analyzer/protocol/smtp/Plugin.cc +++ b/src/analyzer/protocol/smtp/Plugin.cc @@ -6,7 +6,7 @@ #include "SMTP.h" namespace plugin { -namespace Bro_SMTP { +namespace Zeek_SMTP { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("SMTP", ::analyzer::smtp::SMTP_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::SMTP"; + config.name = "Zeek::SMTP"; config.description = "SMTP analyzer"; return config; } diff --git a/src/analyzer/protocol/snmp/CMakeLists.txt b/src/analyzer/protocol/snmp/CMakeLists.txt index 66c096bc03..988949bbad 100644 --- a/src/analyzer/protocol/snmp/CMakeLists.txt +++ b/src/analyzer/protocol/snmp/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro SNMP) +zeek_plugin_begin(Zeek SNMP) zeek_plugin_cc(SNMP.cc Plugin.cc) zeek_plugin_bif(types.bif) zeek_plugin_bif(events.bif) diff --git a/src/analyzer/protocol/snmp/Plugin.cc b/src/analyzer/protocol/snmp/Plugin.cc index 30f690ec96..d5c6e98309 100644 --- a/src/analyzer/protocol/snmp/Plugin.cc +++ b/src/analyzer/protocol/snmp/Plugin.cc @@ -5,7 +5,7 @@ #include "SNMP.h" namespace plugin { -namespace Bro_SNMP { +namespace Zeek_SNMP { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::analyzer::Component("SNMP", ::analyzer::snmp::SNMP_Analyzer::InstantiateAnalyzer)); plugin::Configuration config; - config.name = "Bro::SNMP"; + config.name = "Zeek::SNMP"; config.description = "SNMP analyzer"; return config; } diff --git a/src/analyzer/protocol/socks/CMakeLists.txt b/src/analyzer/protocol/socks/CMakeLists.txt index 3fbc88b83a..93e111814a 100644 --- a/src/analyzer/protocol/socks/CMakeLists.txt +++ b/src/analyzer/protocol/socks/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro SOCKS) +zeek_plugin_begin(Zeek SOCKS) zeek_plugin_cc(SOCKS.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_pac(socks.pac socks-protocol.pac socks-analyzer.pac) diff --git a/src/analyzer/protocol/socks/Plugin.cc b/src/analyzer/protocol/socks/Plugin.cc index 661e39efbc..8efbeeb23e 100644 --- a/src/analyzer/protocol/socks/Plugin.cc +++ b/src/analyzer/protocol/socks/Plugin.cc @@ -6,7 +6,7 @@ #include "SOCKS.h" namespace plugin { -namespace Bro_SOCKS { +namespace Zeek_SOCKS { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("SOCKS", ::analyzer::socks::SOCKS_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::SOCKS"; + config.name = "Zeek::SOCKS"; config.description = "SOCKS analyzer"; return config; } diff --git a/src/analyzer/protocol/ssh/CMakeLists.txt b/src/analyzer/protocol/ssh/CMakeLists.txt index 66fe3eb1a4..a7cb99b353 100644 --- a/src/analyzer/protocol/ssh/CMakeLists.txt +++ b/src/analyzer/protocol/ssh/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro SSH) +zeek_plugin_begin(Zeek SSH) zeek_plugin_cc(SSH.cc Plugin.cc) zeek_plugin_bif(types.bif) zeek_plugin_bif(events.bif) diff --git a/src/analyzer/protocol/ssh/Plugin.cc b/src/analyzer/protocol/ssh/Plugin.cc index be5d2f428b..7b6ac67c88 100644 --- a/src/analyzer/protocol/ssh/Plugin.cc +++ b/src/analyzer/protocol/ssh/Plugin.cc @@ -4,7 +4,7 @@ #include "SSH.h" namespace plugin { - namespace Bro_SSH { + namespace Zeek_SSH { class Plugin : public plugin::Plugin { public: @@ -13,7 +13,7 @@ namespace plugin { AddComponent(new ::analyzer::Component("SSH", ::analyzer::SSH::SSH_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::SSH"; + config.name = "Zeek::SSH"; config.description = "Secure Shell analyzer"; return config; } diff --git a/src/analyzer/protocol/ssl/CMakeLists.txt b/src/analyzer/protocol/ssl/CMakeLists.txt index 52b75f1336..47093a978e 100644 --- a/src/analyzer/protocol/ssl/CMakeLists.txt +++ b/src/analyzer/protocol/ssl/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro SSL) +zeek_plugin_begin(Zeek SSL) zeek_plugin_cc(SSL.cc DTLS.cc Plugin.cc) zeek_plugin_bif(types.bif) zeek_plugin_bif(events.bif) diff --git a/src/analyzer/protocol/ssl/Plugin.cc b/src/analyzer/protocol/ssl/Plugin.cc index 85b65aedfd..60d6b0d4a3 100644 --- a/src/analyzer/protocol/ssl/Plugin.cc +++ b/src/analyzer/protocol/ssl/Plugin.cc @@ -7,7 +7,7 @@ #include "DTLS.h" namespace plugin { -namespace Bro_SSL { +namespace Zeek_SSL { class Plugin : public plugin::Plugin { public: @@ -17,7 +17,7 @@ public: AddComponent(new ::analyzer::Component("DTLS", ::analyzer::dtls::DTLS_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::SSL"; + config.name = "Zeek::SSL"; config.description = "SSL/TLS and DTLS analyzers"; return config; } diff --git a/src/analyzer/protocol/stepping-stone/CMakeLists.txt b/src/analyzer/protocol/stepping-stone/CMakeLists.txt index 91888ac5cb..8975da49f9 100644 --- a/src/analyzer/protocol/stepping-stone/CMakeLists.txt +++ b/src/analyzer/protocol/stepping-stone/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro SteppingStone) +zeek_plugin_begin(Zeek SteppingStone) zeek_plugin_cc(SteppingStone.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/stepping-stone/Plugin.cc b/src/analyzer/protocol/stepping-stone/Plugin.cc index f3566eb551..5d76fa7d74 100644 --- a/src/analyzer/protocol/stepping-stone/Plugin.cc +++ b/src/analyzer/protocol/stepping-stone/Plugin.cc @@ -6,7 +6,7 @@ #include "SteppingStone.h" namespace plugin { -namespace Bro_SteppingStone { +namespace Zeek_SteppingStone { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("SteppingStone", ::analyzer::stepping_stone::SteppingStone_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::SteppingStone"; + config.name = "Zeek::SteppingStone"; config.description = "Stepping stone analyzer"; return config; } diff --git a/src/analyzer/protocol/syslog/CMakeLists.txt b/src/analyzer/protocol/syslog/CMakeLists.txt index 81f58c86c3..5e1fca87ad 100644 --- a/src/analyzer/protocol/syslog/CMakeLists.txt +++ b/src/analyzer/protocol/syslog/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro Syslog) +zeek_plugin_begin(Zeek Syslog) zeek_plugin_cc(Syslog.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_pac(syslog.pac syslog-analyzer.pac syslog-protocol.pac) diff --git a/src/analyzer/protocol/syslog/Plugin.cc b/src/analyzer/protocol/syslog/Plugin.cc index c2478bdeb0..e4d5f38fa1 100644 --- a/src/analyzer/protocol/syslog/Plugin.cc +++ b/src/analyzer/protocol/syslog/Plugin.cc @@ -6,7 +6,7 @@ #include "Syslog.h" namespace plugin { -namespace Bro_Syslog { +namespace Zeek_Syslog { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("Syslog", ::analyzer::syslog::Syslog_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::Syslog"; + config.name = "Zeek::Syslog"; config.description = "Syslog analyzer UDP-only"; return config; } diff --git a/src/analyzer/protocol/tcp/CMakeLists.txt b/src/analyzer/protocol/tcp/CMakeLists.txt index af91902f51..c00f3e5379 100644 --- a/src/analyzer/protocol/tcp/CMakeLists.txt +++ b/src/analyzer/protocol/tcp/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro TCP) +zeek_plugin_begin(Zeek TCP) zeek_plugin_cc(TCP.cc TCP_Endpoint.cc TCP_Reassembler.cc ContentLine.cc Stats.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_bif(functions.bif) diff --git a/src/analyzer/protocol/tcp/Plugin.cc b/src/analyzer/protocol/tcp/Plugin.cc index b258135b37..3a99b2036a 100644 --- a/src/analyzer/protocol/tcp/Plugin.cc +++ b/src/analyzer/protocol/tcp/Plugin.cc @@ -6,7 +6,7 @@ #include "TCP.h" namespace plugin { -namespace Bro_TCP { +namespace Zeek_TCP { class Plugin : public plugin::Plugin { public: @@ -18,7 +18,7 @@ public: AddComponent(new ::analyzer::Component("Contents", 0)); plugin::Configuration config; - config.name = "Bro::TCP"; + config.name = "Zeek::TCP"; config.description = "TCP analyzer"; return config; } diff --git a/src/analyzer/protocol/teredo/CMakeLists.txt b/src/analyzer/protocol/teredo/CMakeLists.txt index d5e68bb86e..da23152c3d 100644 --- a/src/analyzer/protocol/teredo/CMakeLists.txt +++ b/src/analyzer/protocol/teredo/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro Teredo) +zeek_plugin_begin(Zeek Teredo) zeek_plugin_cc(Teredo.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/teredo/Plugin.cc b/src/analyzer/protocol/teredo/Plugin.cc index 226d84a4a2..eeebea870d 100644 --- a/src/analyzer/protocol/teredo/Plugin.cc +++ b/src/analyzer/protocol/teredo/Plugin.cc @@ -6,7 +6,7 @@ #include "Teredo.h" namespace plugin { -namespace Bro_Teredo { +namespace Zeek_Teredo { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("Teredo", ::analyzer::teredo::Teredo_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::Teredo"; + config.name = "Zeek::Teredo"; config.description = "Teredo analyzer"; return config; } diff --git a/src/analyzer/protocol/udp/CMakeLists.txt b/src/analyzer/protocol/udp/CMakeLists.txt index 4c9e252a08..47140a9df2 100644 --- a/src/analyzer/protocol/udp/CMakeLists.txt +++ b/src/analyzer/protocol/udp/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro UDP) +zeek_plugin_begin(Zeek UDP) zeek_plugin_cc(UDP.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/udp/Plugin.cc b/src/analyzer/protocol/udp/Plugin.cc index 2569d95a86..9a42be6fa8 100644 --- a/src/analyzer/protocol/udp/Plugin.cc +++ b/src/analyzer/protocol/udp/Plugin.cc @@ -6,7 +6,7 @@ #include "analyzer/protocol/udp/UDP.h" namespace plugin { -namespace Bro_UDP { +namespace Zeek_UDP { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("UDP", ::analyzer::udp::UDP_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::UDP"; + config.name = "Zeek::UDP"; config.description = "UDP Analyzer"; return config; } diff --git a/src/analyzer/protocol/vxlan/CMakeLists.txt b/src/analyzer/protocol/vxlan/CMakeLists.txt index 438250cdea..64c8600844 100644 --- a/src/analyzer/protocol/vxlan/CMakeLists.txt +++ b/src/analyzer/protocol/vxlan/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro VXLAN) +zeek_plugin_begin(Zeek VXLAN) zeek_plugin_cc(VXLAN.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/analyzer/protocol/vxlan/Plugin.cc b/src/analyzer/protocol/vxlan/Plugin.cc index 1c214d691f..73c2cfd53b 100644 --- a/src/analyzer/protocol/vxlan/Plugin.cc +++ b/src/analyzer/protocol/vxlan/Plugin.cc @@ -5,7 +5,7 @@ #include "VXLAN.h" namespace plugin { -namespace Bro_VXLAN { +namespace Zeek_VXLAN { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::analyzer::Component("VXLAN", ::analyzer::vxlan::VXLAN_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::VXLAN"; + config.name = "Zeek::VXLAN"; config.description = "VXLAN analyzer"; return config; } diff --git a/src/analyzer/protocol/xmpp/CMakeLists.txt b/src/analyzer/protocol/xmpp/CMakeLists.txt index 93b866c2a8..5cc55f82a7 100644 --- a/src/analyzer/protocol/xmpp/CMakeLists.txt +++ b/src/analyzer/protocol/xmpp/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro XMPP) +zeek_plugin_begin(Zeek XMPP) zeek_plugin_cc(Plugin.cc) zeek_plugin_cc(XMPP.cc) zeek_plugin_bif(events.bif) diff --git a/src/analyzer/protocol/xmpp/Plugin.cc b/src/analyzer/protocol/xmpp/Plugin.cc index d3bfcc5b10..92165e3d99 100644 --- a/src/analyzer/protocol/xmpp/Plugin.cc +++ b/src/analyzer/protocol/xmpp/Plugin.cc @@ -4,7 +4,7 @@ #include "XMPP.h" namespace plugin { -namespace Bro_XMPP { +namespace Zeek_XMPP { class Plugin : public plugin::Plugin { public: @@ -13,7 +13,7 @@ public: AddComponent(new ::analyzer::Component("XMPP", ::analyzer::xmpp::XMPP_Analyzer::Instantiate)); plugin::Configuration config; - config.name = "Bro::XMPP"; + config.name = "Zeek::XMPP"; config.description = "XMPP analyzer (StartTLS only)"; return config; } diff --git a/src/analyzer/protocol/zip/CMakeLists.txt b/src/analyzer/protocol/zip/CMakeLists.txt index 5fc7e901ec..579d225e5a 100644 --- a/src/analyzer/protocol/zip/CMakeLists.txt +++ b/src/analyzer/protocol/zip/CMakeLists.txt @@ -3,6 +3,6 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro ZIP) +zeek_plugin_begin(Zeek ZIP) zeek_plugin_cc(ZIP.cc Plugin.cc) zeek_plugin_end() diff --git a/src/analyzer/protocol/zip/Plugin.cc b/src/analyzer/protocol/zip/Plugin.cc index 7a0bff39ad..f81576e1bb 100644 --- a/src/analyzer/protocol/zip/Plugin.cc +++ b/src/analyzer/protocol/zip/Plugin.cc @@ -6,7 +6,7 @@ #include "ZIP.h" namespace plugin { -namespace Bro_ZIP { +namespace Zeek_ZIP { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::analyzer::Component("ZIP", 0)); plugin::Configuration config; - config.name = "Bro::ZIP"; + config.name = "Zeek::ZIP"; config.description = "Generic ZIP support analyzer"; return config; } diff --git a/src/file_analysis/analyzer/data_event/CMakeLists.txt b/src/file_analysis/analyzer/data_event/CMakeLists.txt index cbba53cdbc..0a62b1d666 100644 --- a/src/file_analysis/analyzer/data_event/CMakeLists.txt +++ b/src/file_analysis/analyzer/data_event/CMakeLists.txt @@ -3,6 +3,6 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro FileDataEvent) +zeek_plugin_begin(Zeek FileDataEvent) zeek_plugin_cc(DataEvent.cc Plugin.cc ../../Analyzer.cc) zeek_plugin_end() diff --git a/src/file_analysis/analyzer/data_event/Plugin.cc b/src/file_analysis/analyzer/data_event/Plugin.cc index d39120cfe6..b41d2356a7 100644 --- a/src/file_analysis/analyzer/data_event/Plugin.cc +++ b/src/file_analysis/analyzer/data_event/Plugin.cc @@ -5,7 +5,7 @@ #include "DataEvent.h" namespace plugin { -namespace Bro_FileDataEvent { +namespace Zeek_FileDataEvent { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::file_analysis::Component("DATA_EVENT", ::file_analysis::DataEvent::Instantiate)); plugin::Configuration config; - config.name = "Bro::FileDataEvent"; + config.name = "Zeek::FileDataEvent"; config.description = "Delivers file content"; return config; } diff --git a/src/file_analysis/analyzer/entropy/CMakeLists.txt b/src/file_analysis/analyzer/entropy/CMakeLists.txt index 6eba4e85a3..7841f27f94 100644 --- a/src/file_analysis/analyzer/entropy/CMakeLists.txt +++ b/src/file_analysis/analyzer/entropy/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro FileEntropy) +zeek_plugin_begin(Zeek FileEntropy) zeek_plugin_cc(Entropy.cc Plugin.cc ../../Analyzer.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/file_analysis/analyzer/entropy/Plugin.cc b/src/file_analysis/analyzer/entropy/Plugin.cc index f1dd954cba..a4ae3416cd 100644 --- a/src/file_analysis/analyzer/entropy/Plugin.cc +++ b/src/file_analysis/analyzer/entropy/Plugin.cc @@ -5,7 +5,7 @@ #include "Entropy.h" namespace plugin { -namespace Bro_FileEntropy { +namespace Zeek_FileEntropy { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::file_analysis::Component("ENTROPY", ::file_analysis::Entropy::Instantiate)); plugin::Configuration config; - config.name = "Bro::FileEntropy"; + config.name = "Zeek::FileEntropy"; config.description = "Entropy test file content"; return config; } diff --git a/src/file_analysis/analyzer/extract/CMakeLists.txt b/src/file_analysis/analyzer/extract/CMakeLists.txt index 4588152fde..7df895af38 100644 --- a/src/file_analysis/analyzer/extract/CMakeLists.txt +++ b/src/file_analysis/analyzer/extract/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro FileExtract) +zeek_plugin_begin(Zeek FileExtract) zeek_plugin_cc(Extract.cc Plugin.cc ../../Analyzer.cc) zeek_plugin_bif(events.bif) zeek_plugin_bif(functions.bif) diff --git a/src/file_analysis/analyzer/extract/Plugin.cc b/src/file_analysis/analyzer/extract/Plugin.cc index f4e234ef11..be8c44eaac 100644 --- a/src/file_analysis/analyzer/extract/Plugin.cc +++ b/src/file_analysis/analyzer/extract/Plugin.cc @@ -5,7 +5,7 @@ #include "Extract.h" namespace plugin { -namespace Bro_FileExtract { +namespace Zeek_FileExtract { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::file_analysis::Component("EXTRACT", ::file_analysis::Extract::Instantiate)); plugin::Configuration config; - config.name = "Bro::FileExtract"; + config.name = "Zeek::FileExtract"; config.description = "Extract file content"; return config; } diff --git a/src/file_analysis/analyzer/hash/CMakeLists.txt b/src/file_analysis/analyzer/hash/CMakeLists.txt index bfa975f682..46d557fd4b 100644 --- a/src/file_analysis/analyzer/hash/CMakeLists.txt +++ b/src/file_analysis/analyzer/hash/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro FileHash) +zeek_plugin_begin(Zeek FileHash) zeek_plugin_cc(Hash.cc Plugin.cc ../../Analyzer.cc) zeek_plugin_bif(events.bif) zeek_plugin_end() diff --git a/src/file_analysis/analyzer/hash/Plugin.cc b/src/file_analysis/analyzer/hash/Plugin.cc index 8bb0f0fab3..774e51511e 100644 --- a/src/file_analysis/analyzer/hash/Plugin.cc +++ b/src/file_analysis/analyzer/hash/Plugin.cc @@ -5,7 +5,7 @@ #include "Hash.h" namespace plugin { -namespace Bro_FileHash { +namespace Zeek_FileHash { class Plugin : public plugin::Plugin { public: @@ -16,7 +16,7 @@ public: AddComponent(new ::file_analysis::Component("SHA256", ::file_analysis::SHA256::Instantiate)); plugin::Configuration config; - config.name = "Bro::FileHash"; + config.name = "Zeek::FileHash"; config.description = "Hash file content"; return config; } diff --git a/src/file_analysis/analyzer/pe/CMakeLists.txt b/src/file_analysis/analyzer/pe/CMakeLists.txt index b380c5ffef..c6439ce54d 100644 --- a/src/file_analysis/analyzer/pe/CMakeLists.txt +++ b/src/file_analysis/analyzer/pe/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro PE) +zeek_plugin_begin(Zeek PE) zeek_plugin_cc(PE.cc Plugin.cc) zeek_plugin_bif(events.bif) zeek_plugin_pac( diff --git a/src/file_analysis/analyzer/pe/Plugin.cc b/src/file_analysis/analyzer/pe/Plugin.cc index 8601dedb67..08a255785e 100644 --- a/src/file_analysis/analyzer/pe/Plugin.cc +++ b/src/file_analysis/analyzer/pe/Plugin.cc @@ -5,7 +5,7 @@ #include "PE.h" namespace plugin { -namespace Bro_PE { +namespace Zeek_PE { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::file_analysis::Component("PE", ::file_analysis::PE::Instantiate)); plugin::Configuration config; - config.name = "Bro::PE"; + config.name = "Zeek::PE"; config.description = "Portable Executable analyzer"; return config; } diff --git a/src/file_analysis/analyzer/unified2/CMakeLists.txt b/src/file_analysis/analyzer/unified2/CMakeLists.txt index 487cf152be..bd1537c8ef 100644 --- a/src/file_analysis/analyzer/unified2/CMakeLists.txt +++ b/src/file_analysis/analyzer/unified2/CMakeLists.txt @@ -4,7 +4,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro Unified2) +zeek_plugin_begin(Zeek Unified2) zeek_plugin_cc(Unified2.cc Plugin.cc ../../Analyzer.cc) zeek_plugin_bif(events.bif types.bif) zeek_plugin_pac(unified2.pac unified2-file.pac unified2-analyzer.pac) diff --git a/src/file_analysis/analyzer/unified2/Plugin.cc b/src/file_analysis/analyzer/unified2/Plugin.cc index a0f885b7cb..2fef6e5dfa 100644 --- a/src/file_analysis/analyzer/unified2/Plugin.cc +++ b/src/file_analysis/analyzer/unified2/Plugin.cc @@ -7,7 +7,7 @@ #include "Unified2.h" namespace plugin { -namespace Bro_Unified2 { +namespace Zeek_Unified2 { class Plugin : public plugin::Plugin { public: @@ -16,7 +16,7 @@ public: AddComponent(new ::file_analysis::Component("UNIFIED2", ::file_analysis::Unified2::Instantiate)); plugin::Configuration config; - config.name = "Bro::Unified2"; + config.name = "Zeek::Unified2"; config.description = "Analyze Unified2 alert files."; return config; } diff --git a/src/file_analysis/analyzer/x509/CMakeLists.txt b/src/file_analysis/analyzer/x509/CMakeLists.txt index fae96dd726..d8ef11fe17 100644 --- a/src/file_analysis/analyzer/x509/CMakeLists.txt +++ b/src/file_analysis/analyzer/x509/CMakeLists.txt @@ -4,7 +4,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro X509) +zeek_plugin_begin(Zeek X509) zeek_plugin_cc(X509Common.cc X509.cc OCSP.cc Plugin.cc) zeek_plugin_bif(events.bif types.bif functions.bif ocsp_events.bif) zeek_plugin_pac(x509-extension.pac x509-signed_certificate_timestamp.pac) diff --git a/src/file_analysis/analyzer/x509/Plugin.cc b/src/file_analysis/analyzer/x509/Plugin.cc index 31dbe346a8..9de6648893 100644 --- a/src/file_analysis/analyzer/x509/Plugin.cc +++ b/src/file_analysis/analyzer/x509/Plugin.cc @@ -7,7 +7,7 @@ #include "OCSP.h" namespace plugin { -namespace Bro_X509 { +namespace Zeek_X509 { class Plugin : public plugin::Plugin { public: @@ -18,7 +18,7 @@ public: AddComponent(new ::file_analysis::Component("OCSP_REPLY", ::file_analysis::OCSP::InstantiateReply)); plugin::Configuration config; - config.name = "Bro::X509"; + config.name = "Zeek::X509"; config.description = "X509 and OCSP analyzer"; return config; } diff --git a/src/input/readers/ascii/CMakeLists.txt b/src/input/readers/ascii/CMakeLists.txt index 5c69899b55..fe5c9f01a4 100644 --- a/src/input/readers/ascii/CMakeLists.txt +++ b/src/input/readers/ascii/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro AsciiReader) +zeek_plugin_begin(Zeek AsciiReader) zeek_plugin_cc(Ascii.cc Plugin.cc) zeek_plugin_bif(ascii.bif) zeek_plugin_end() diff --git a/src/input/readers/ascii/Plugin.cc b/src/input/readers/ascii/Plugin.cc index b389cb8602..79738ccba5 100644 --- a/src/input/readers/ascii/Plugin.cc +++ b/src/input/readers/ascii/Plugin.cc @@ -5,7 +5,7 @@ #include "Ascii.h" namespace plugin { -namespace Bro_AsciiReader { +namespace Zeek_AsciiReader { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::input::Component("Ascii", ::input::reader::Ascii::Instantiate)); plugin::Configuration config; - config.name = "Bro::AsciiReader"; + config.name = "Zeek::AsciiReader"; config.description = "ASCII input reader"; return config; } diff --git a/src/input/readers/benchmark/CMakeLists.txt b/src/input/readers/benchmark/CMakeLists.txt index 96c3b8bba5..1595af8f6c 100644 --- a/src/input/readers/benchmark/CMakeLists.txt +++ b/src/input/readers/benchmark/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro BenchmarkReader) +zeek_plugin_begin(Zeek BenchmarkReader) zeek_plugin_cc(Benchmark.cc Plugin.cc) zeek_plugin_bif(benchmark.bif) zeek_plugin_end() diff --git a/src/input/readers/benchmark/Plugin.cc b/src/input/readers/benchmark/Plugin.cc index d5e0975a80..8da8b24148 100644 --- a/src/input/readers/benchmark/Plugin.cc +++ b/src/input/readers/benchmark/Plugin.cc @@ -5,7 +5,7 @@ #include "Benchmark.h" namespace plugin { -namespace Bro_BenchmarkReader { +namespace Zeek_BenchmarkReader { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::input::Component("Benchmark", ::input::reader::Benchmark::Instantiate)); plugin::Configuration config; - config.name = "Bro::BenchmarkReader"; + config.name = "Zeek::BenchmarkReader"; config.description = "Benchmark input reader"; return config; } diff --git a/src/input/readers/binary/CMakeLists.txt b/src/input/readers/binary/CMakeLists.txt index 17859ce2b3..32dd2059e0 100644 --- a/src/input/readers/binary/CMakeLists.txt +++ b/src/input/readers/binary/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro BinaryReader) +zeek_plugin_begin(Zeek BinaryReader) zeek_plugin_cc(Binary.cc Plugin.cc) zeek_plugin_bif(binary.bif) zeek_plugin_end() diff --git a/src/input/readers/binary/Plugin.cc b/src/input/readers/binary/Plugin.cc index 7c5dc16b8b..a84260eb67 100644 --- a/src/input/readers/binary/Plugin.cc +++ b/src/input/readers/binary/Plugin.cc @@ -5,7 +5,7 @@ #include "Binary.h" namespace plugin { -namespace Bro_BinaryReader { +namespace Zeek_BinaryReader { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::input::Component("Binary", ::input::reader::Binary::Instantiate)); plugin::Configuration config; - config.name = "Bro::BinaryReader"; + config.name = "Zeek::BinaryReader"; config.description = "Binary input reader"; return config; } diff --git a/src/input/readers/config/CMakeLists.txt b/src/input/readers/config/CMakeLists.txt index 7ea9a3681a..8f3553db2c 100644 --- a/src/input/readers/config/CMakeLists.txt +++ b/src/input/readers/config/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro ConfigReader) +zeek_plugin_begin(Zeek ConfigReader) zeek_plugin_cc(Config.cc Plugin.cc) zeek_plugin_bif(config.bif) zeek_plugin_end() diff --git a/src/input/readers/config/Plugin.cc b/src/input/readers/config/Plugin.cc index 77c8a97091..810acc2370 100644 --- a/src/input/readers/config/Plugin.cc +++ b/src/input/readers/config/Plugin.cc @@ -5,7 +5,7 @@ #include "Config.h" namespace plugin { -namespace Bro_ConfigReader { +namespace Zeek_ConfigReader { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::input::Component("Config", ::input::reader::Config::Instantiate)); plugin::Configuration config; - config.name = "Bro::ConfigReader"; + config.name = "Zeek::ConfigReader"; config.description = "Configuration file input reader"; return config; } diff --git a/src/input/readers/raw/CMakeLists.txt b/src/input/readers/raw/CMakeLists.txt index 166524fa9a..2b197d5a4e 100644 --- a/src/input/readers/raw/CMakeLists.txt +++ b/src/input/readers/raw/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro RawReader) +zeek_plugin_begin(Zeek RawReader) zeek_plugin_cc(Raw.cc Plugin.cc) zeek_plugin_bif(raw.bif) zeek_plugin_end() diff --git a/src/input/readers/raw/Plugin.cc b/src/input/readers/raw/Plugin.cc index e16a233fe6..5791b836a1 100644 --- a/src/input/readers/raw/Plugin.cc +++ b/src/input/readers/raw/Plugin.cc @@ -2,9 +2,9 @@ #include "Plugin.h" -namespace plugin { namespace Bro_RawReader { Plugin plugin; } } +namespace plugin { namespace Zeek_RawReader { Plugin plugin; } } -using namespace plugin::Bro_RawReader; +using namespace plugin::Zeek_RawReader; Plugin::Plugin() { @@ -15,7 +15,7 @@ plugin::Configuration Plugin::Configure() AddComponent(new ::input::Component("Raw", ::input::reader::Raw::Instantiate)); plugin::Configuration config; - config.name = "Bro::RawReader"; + config.name = "Zeek::RawReader"; config.description = "Raw input reader"; return config; } diff --git a/src/input/readers/raw/Plugin.h b/src/input/readers/raw/Plugin.h index 31fa611130..7dcd5e1b13 100644 --- a/src/input/readers/raw/Plugin.h +++ b/src/input/readers/raw/Plugin.h @@ -7,7 +7,7 @@ #include "Raw.h" namespace plugin { -namespace Bro_RawReader { +namespace Zeek_RawReader { class Plugin : public plugin::Plugin { public: diff --git a/src/input/readers/raw/Raw.cc b/src/input/readers/raw/Raw.cc index 51b041744c..81627ac169 100644 --- a/src/input/readers/raw/Raw.cc +++ b/src/input/readers/raw/Raw.cc @@ -99,7 +99,7 @@ bool Raw::SetFDFlags(int fd, int cmd, int flags) std::unique_lock Raw::AcquireForkMutex() { - auto lock = plugin::Bro_RawReader::plugin.ForkMutex(); + auto lock = plugin::Zeek_RawReader::plugin.ForkMutex(); try { diff --git a/src/input/readers/sqlite/CMakeLists.txt b/src/input/readers/sqlite/CMakeLists.txt index 8be6247c69..868a6c704b 100644 --- a/src/input/readers/sqlite/CMakeLists.txt +++ b/src/input/readers/sqlite/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro SQLiteReader) +zeek_plugin_begin(Zeek SQLiteReader) zeek_plugin_cc(SQLite.cc Plugin.cc) zeek_plugin_bif(sqlite.bif) zeek_plugin_end() diff --git a/src/input/readers/sqlite/Plugin.cc b/src/input/readers/sqlite/Plugin.cc index db75d6dc22..6217d3bf93 100644 --- a/src/input/readers/sqlite/Plugin.cc +++ b/src/input/readers/sqlite/Plugin.cc @@ -5,7 +5,7 @@ #include "SQLite.h" namespace plugin { -namespace Bro_SQLiteReader { +namespace Zeek_SQLiteReader { class Plugin : public plugin::Plugin { public: @@ -14,7 +14,7 @@ public: AddComponent(new ::input::Component("SQLite", ::input::reader::SQLite::Instantiate)); plugin::Configuration config; - config.name = "Bro::SQLiteReader"; + config.name = "Zeek::SQLiteReader"; config.description = "SQLite input reader"; return config; } diff --git a/src/iosource/pcap/CMakeLists.txt b/src/iosource/pcap/CMakeLists.txt index e003cf36f3..f829a96a19 100644 --- a/src/iosource/pcap/CMakeLists.txt +++ b/src/iosource/pcap/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro Pcap) +zeek_plugin_begin(Zeek Pcap) zeek_plugin_cc(Source.cc Dumper.cc Plugin.cc) bif_target(pcap.bif) zeek_plugin_end() diff --git a/src/iosource/pcap/Plugin.cc b/src/iosource/pcap/Plugin.cc index af74b16ead..75f8f54a2c 100644 --- a/src/iosource/pcap/Plugin.cc +++ b/src/iosource/pcap/Plugin.cc @@ -6,7 +6,7 @@ #include "Dumper.h" namespace plugin { -namespace Bro_Pcap { +namespace Zeek_Pcap { class Plugin : public plugin::Plugin { public: @@ -16,7 +16,7 @@ public: AddComponent(new ::iosource::PktDumperComponent("PcapWriter", "pcap", ::iosource::pcap::PcapDumper::Instantiate)); plugin::Configuration config; - config.name = "Bro::Pcap"; + config.name = "Zeek::Pcap"; config.description = "Packet acquisition via libpcap"; return config; } diff --git a/src/logging/writers/ascii/CMakeLists.txt b/src/logging/writers/ascii/CMakeLists.txt index e4c7789ed0..430631f997 100644 --- a/src/logging/writers/ascii/CMakeLists.txt +++ b/src/logging/writers/ascii/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro AsciiWriter) +zeek_plugin_begin(Zeek AsciiWriter) zeek_plugin_cc(Ascii.cc Plugin.cc) zeek_plugin_bif(ascii.bif) zeek_plugin_end() diff --git a/src/logging/writers/ascii/Plugin.cc b/src/logging/writers/ascii/Plugin.cc index 4dcefda47b..cc258c4236 100644 --- a/src/logging/writers/ascii/Plugin.cc +++ b/src/logging/writers/ascii/Plugin.cc @@ -6,7 +6,7 @@ #include "Ascii.h" namespace plugin { -namespace Bro_AsciiWriter { +namespace Zeek_AsciiWriter { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::logging::Component("Ascii", ::logging::writer::Ascii::Instantiate)); plugin::Configuration config; - config.name = "Bro::AsciiWriter"; + config.name = "Zeek::AsciiWriter"; config.description = "ASCII log writer"; return config; } diff --git a/src/logging/writers/none/CMakeLists.txt b/src/logging/writers/none/CMakeLists.txt index 1cd0f413e1..af386e3aee 100644 --- a/src/logging/writers/none/CMakeLists.txt +++ b/src/logging/writers/none/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro NoneWriter) +zeek_plugin_begin(Zeek NoneWriter) zeek_plugin_cc(None.cc Plugin.cc) zeek_plugin_bif(none.bif) zeek_plugin_end() diff --git a/src/logging/writers/none/Plugin.cc b/src/logging/writers/none/Plugin.cc index f712e7408c..3c86a238a1 100644 --- a/src/logging/writers/none/Plugin.cc +++ b/src/logging/writers/none/Plugin.cc @@ -6,7 +6,7 @@ #include "None.h" namespace plugin { -namespace Bro_NoneWriter { +namespace Zeek_NoneWriter { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::logging::Component("None", ::logging::writer::None::Instantiate)); plugin::Configuration config; - config.name = "Bro::NoneWriter"; + config.name = "Zeek::NoneWriter"; config.description = "None log writer (primarily for debugging)"; return config; } diff --git a/src/logging/writers/sqlite/CMakeLists.txt b/src/logging/writers/sqlite/CMakeLists.txt index 9d2f06d4ef..41c2f01c9e 100644 --- a/src/logging/writers/sqlite/CMakeLists.txt +++ b/src/logging/writers/sqlite/CMakeLists.txt @@ -3,7 +3,7 @@ include(ZeekPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) -zeek_plugin_begin(Bro SQLiteWriter) +zeek_plugin_begin(Zeek SQLiteWriter) zeek_plugin_cc(SQLite.cc Plugin.cc) zeek_plugin_bif(sqlite.bif) zeek_plugin_end() diff --git a/src/logging/writers/sqlite/Plugin.cc b/src/logging/writers/sqlite/Plugin.cc index f48ec838f1..a7ddc95472 100644 --- a/src/logging/writers/sqlite/Plugin.cc +++ b/src/logging/writers/sqlite/Plugin.cc @@ -6,7 +6,7 @@ #include "SQLite.h" namespace plugin { -namespace Bro_SQLiteWriter { +namespace Zeek_SQLiteWriter { class Plugin : public plugin::Plugin { public: @@ -15,7 +15,7 @@ public: AddComponent(new ::logging::Component("SQLite", ::logging::writer::SQLite::Instantiate)); plugin::Configuration config; - config.name = "Bro::SQLiteWriter"; + config.name = "Zeek::SQLiteWriter"; config.description = "SQLite log writer"; return config; } diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index a4caf4f6be..e334d7f6c6 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2019-04-04-19-22-03 +#open 2019-06-08-03-43-02 #fields name #types string scripts/base/init-bare.zeek @@ -14,8 +14,8 @@ scripts/base/init-bare.zeek build/scripts/base/bif/reporter.bif.zeek build/scripts/base/bif/strings.bif.zeek build/scripts/base/bif/option.bif.zeek - build/scripts/base/bif/plugins/Bro_SNMP.types.bif.zeek - build/scripts/base/bif/plugins/Bro_KRB.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_SNMP.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek build/scripts/base/bif/event.bif.zeek scripts/base/init-frameworks-and-bifs.zeek scripts/base/frameworks/logging/__load__.zeek @@ -61,123 +61,123 @@ scripts/base/init-frameworks-and-bifs.zeek build/scripts/base/bif/cardinality-counter.bif.zeek build/scripts/base/bif/top-k.bif.zeek build/scripts/base/bif/plugins/__load__.zeek - build/scripts/base/bif/plugins/Bro_ARP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.zeek - build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.zeek - build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.zeek - build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.zeek - build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.zeek - build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.zeek - build/scripts/base/bif/plugins/Bro_DHCP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_DHCP.types.bif.zeek - build/scripts/base/bif/plugins/Bro_DNP3.events.bif.zeek - build/scripts/base/bif/plugins/Bro_DNS.events.bif.zeek - build/scripts/base/bif/plugins/Bro_File.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Finger.events.bif.zeek - build/scripts/base/bif/plugins/Bro_FTP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_FTP.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.zeek - build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.zeek - build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.zeek - build/scripts/base/bif/plugins/Bro_HTTP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_ICMP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Ident.events.bif.zeek - build/scripts/base/bif/plugins/Bro_IMAP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_InterConn.events.bif.zeek - build/scripts/base/bif/plugins/Bro_IRC.events.bif.zeek - build/scripts/base/bif/plugins/Bro_KRB.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Login.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Login.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_MIME.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Modbus.events.bif.zeek - build/scripts/base/bif/plugins/Bro_MySQL.events.bif.zeek - build/scripts/base/bif/plugins/Bro_NCP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_NCP.consts.bif.zeek - build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.zeek - build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_NTLM.types.bif.zeek - build/scripts/base/bif/plugins/Bro_NTLM.events.bif.zeek - build/scripts/base/bif/plugins/Bro_NTP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_POP3.events.bif.zeek - build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.zeek - build/scripts/base/bif/plugins/Bro_RDP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_RDP.types.bif.zeek - build/scripts/base/bif/plugins/Bro_RFB.events.bif.zeek - build/scripts/base/bif/plugins/Bro_RPC.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SIP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SNMP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.consts.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.types.bif.zeek - build/scripts/base/bif/plugins/Bro_SMTP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SSH.types.bif.zeek - build/scripts/base/bif/plugins/Bro_SSH.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SSL.types.bif.zeek - build/scripts/base/bif/plugins/Bro_SSL.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SSL.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_SSL.consts.bif.zeek - build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Syslog.events.bif.zeek - build/scripts/base/bif/plugins/Bro_TCP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_TCP.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_Teredo.events.bif.zeek - build/scripts/base/bif/plugins/Bro_UDP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.zeek - build/scripts/base/bif/plugins/Bro_XMPP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.zeek - build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.zeek - build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_FileHash.events.bif.zeek - build/scripts/base/bif/plugins/Bro_PE.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Unified2.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Unified2.types.bif.zeek - build/scripts/base/bif/plugins/Bro_X509.events.bif.zeek - build/scripts/base/bif/plugins/Bro_X509.types.bif.zeek - build/scripts/base/bif/plugins/Bro_X509.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.zeek - build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.zeek - build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.zeek - build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.zeek - build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.zeek - build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.zeek - build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.zeek - build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.zeek - build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.zeek - build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.zeek + build/scripts/base/bif/plugins/Zeek_ARP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_BackDoor.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_BitTorrent.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_ConnSize.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_ConnSize.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_DCE_RPC.consts.bif.zeek + build/scripts/base/bif/plugins/Zeek_DCE_RPC.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_DHCP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_DHCP.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_DNP3.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_DNS.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_File.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Finger.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_FTP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_FTP.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_Gnutella.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_GSSAPI.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_GTPv1.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_HTTP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_HTTP.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_ICMP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Ident.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_IMAP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_InterConn.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_IRC.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_KRB.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Login.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Login.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_MIME.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Modbus.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_MySQL.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_NCP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_NCP.consts.bif.zeek + build/scripts/base/bif/plugins/Zeek_NetBIOS.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_NetBIOS.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_NTLM.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_NTLM.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_NTP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_POP3.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_RADIUS.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_RDP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_RDP.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_RFB.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SIP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SNMP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_check_directory.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_close.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_create_directory.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_echo.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_logoff_andx.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_nt_cancel.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_query_information.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_read_andx.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_transaction.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_transaction2.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_write_andx.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_close.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_create.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_read.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_session_setup.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_set_info.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_tree_connect.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_write.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_transform_header.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.consts.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMTP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMTP.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_SOCKS.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SSH.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_SSH.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SSL.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_SSL.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SSL.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_SSL.consts.bif.zeek + build/scripts/base/bif/plugins/Zeek_SteppingStone.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Syslog.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_TCP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_TCP.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_Teredo.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_UDP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_VXLAN.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_XMPP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_FileEntropy.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_FileExtract.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_FileExtract.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_FileHash.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_PE.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Unified2.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Unified2.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_X509.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_X509.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_X509.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_X509.ocsp_events.bif.zeek + build/scripts/base/bif/plugins/Zeek_AsciiReader.ascii.bif.zeek + build/scripts/base/bif/plugins/Zeek_BenchmarkReader.benchmark.bif.zeek + build/scripts/base/bif/plugins/Zeek_BinaryReader.binary.bif.zeek + build/scripts/base/bif/plugins/Zeek_ConfigReader.config.bif.zeek + build/scripts/base/bif/plugins/Zeek_RawReader.raw.bif.zeek + build/scripts/base/bif/plugins/Zeek_SQLiteReader.sqlite.bif.zeek + build/scripts/base/bif/plugins/Zeek_AsciiWriter.ascii.bif.zeek + build/scripts/base/bif/plugins/Zeek_NoneWriter.none.bif.zeek + build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek scripts/policy/misc/loaded-scripts.zeek scripts/base/utils/paths.zeek -#close 2019-04-04-19-22-03 +#close 2019-06-08-03-43-02 diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 3eec8e27cc..0b49a08672 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2019-06-05-18-41-18 +#open 2019-06-08-03-43-03 #fields name #types string scripts/base/init-bare.zeek @@ -14,8 +14,8 @@ scripts/base/init-bare.zeek build/scripts/base/bif/reporter.bif.zeek build/scripts/base/bif/strings.bif.zeek build/scripts/base/bif/option.bif.zeek - build/scripts/base/bif/plugins/Bro_SNMP.types.bif.zeek - build/scripts/base/bif/plugins/Bro_KRB.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_SNMP.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek build/scripts/base/bif/event.bif.zeek scripts/base/init-frameworks-and-bifs.zeek scripts/base/frameworks/logging/__load__.zeek @@ -61,123 +61,123 @@ scripts/base/init-frameworks-and-bifs.zeek build/scripts/base/bif/cardinality-counter.bif.zeek build/scripts/base/bif/top-k.bif.zeek build/scripts/base/bif/plugins/__load__.zeek - build/scripts/base/bif/plugins/Bro_ARP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.zeek - build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.zeek - build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.zeek - build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.zeek - build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.zeek - build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.zeek - build/scripts/base/bif/plugins/Bro_DHCP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_DHCP.types.bif.zeek - build/scripts/base/bif/plugins/Bro_DNP3.events.bif.zeek - build/scripts/base/bif/plugins/Bro_DNS.events.bif.zeek - build/scripts/base/bif/plugins/Bro_File.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Finger.events.bif.zeek - build/scripts/base/bif/plugins/Bro_FTP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_FTP.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.zeek - build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.zeek - build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.zeek - build/scripts/base/bif/plugins/Bro_HTTP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_ICMP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Ident.events.bif.zeek - build/scripts/base/bif/plugins/Bro_IMAP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_InterConn.events.bif.zeek - build/scripts/base/bif/plugins/Bro_IRC.events.bif.zeek - build/scripts/base/bif/plugins/Bro_KRB.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Login.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Login.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_MIME.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Modbus.events.bif.zeek - build/scripts/base/bif/plugins/Bro_MySQL.events.bif.zeek - build/scripts/base/bif/plugins/Bro_NCP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_NCP.consts.bif.zeek - build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.zeek - build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_NTLM.types.bif.zeek - build/scripts/base/bif/plugins/Bro_NTLM.events.bif.zeek - build/scripts/base/bif/plugins/Bro_NTP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_POP3.events.bif.zeek - build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.zeek - build/scripts/base/bif/plugins/Bro_RDP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_RDP.types.bif.zeek - build/scripts/base/bif/plugins/Bro_RFB.events.bif.zeek - build/scripts/base/bif/plugins/Bro_RPC.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SIP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SNMP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.consts.bif.zeek - build/scripts/base/bif/plugins/Bro_SMB.types.bif.zeek - build/scripts/base/bif/plugins/Bro_SMTP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SSH.types.bif.zeek - build/scripts/base/bif/plugins/Bro_SSH.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SSL.types.bif.zeek - build/scripts/base/bif/plugins/Bro_SSL.events.bif.zeek - build/scripts/base/bif/plugins/Bro_SSL.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_SSL.consts.bif.zeek - build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Syslog.events.bif.zeek - build/scripts/base/bif/plugins/Bro_TCP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_TCP.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_Teredo.events.bif.zeek - build/scripts/base/bif/plugins/Bro_UDP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.zeek - build/scripts/base/bif/plugins/Bro_XMPP.events.bif.zeek - build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.zeek - build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.zeek - build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_FileHash.events.bif.zeek - build/scripts/base/bif/plugins/Bro_PE.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Unified2.events.bif.zeek - build/scripts/base/bif/plugins/Bro_Unified2.types.bif.zeek - build/scripts/base/bif/plugins/Bro_X509.events.bif.zeek - build/scripts/base/bif/plugins/Bro_X509.types.bif.zeek - build/scripts/base/bif/plugins/Bro_X509.functions.bif.zeek - build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.zeek - build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.zeek - build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.zeek - build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.zeek - build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.zeek - build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.zeek - build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.zeek - build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.zeek - build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.zeek - build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.zeek + build/scripts/base/bif/plugins/Zeek_ARP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_BackDoor.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_BitTorrent.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_ConnSize.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_ConnSize.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_DCE_RPC.consts.bif.zeek + build/scripts/base/bif/plugins/Zeek_DCE_RPC.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_DCE_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_DHCP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_DHCP.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_DNP3.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_DNS.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_File.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Finger.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_FTP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_FTP.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_Gnutella.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_GSSAPI.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_GTPv1.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_HTTP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_HTTP.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_ICMP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Ident.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_IMAP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_InterConn.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_IRC.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_KRB.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Login.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Login.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_MIME.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Modbus.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_MySQL.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_NCP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_NCP.consts.bif.zeek + build/scripts/base/bif/plugins/Zeek_NetBIOS.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_NetBIOS.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_NTLM.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_NTLM.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_NTP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_POP3.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_RADIUS.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_RDP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_RDP.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_RFB.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SIP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SNMP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_check_directory.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_close.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_create_directory.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_echo.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_logoff_andx.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_nt_cancel.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_query_information.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_read_andx.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_transaction.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_transaction2.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_com_write_andx.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb1_events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_close.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_create.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_read.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_session_setup.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_set_info.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_tree_connect.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_write.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_com_transform_header.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.smb2_events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.consts.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMB.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMTP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SMTP.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_SOCKS.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SSH.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_SSH.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SSL.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_SSL.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_SSL.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_SSL.consts.bif.zeek + build/scripts/base/bif/plugins/Zeek_SteppingStone.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Syslog.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_TCP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_TCP.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_Teredo.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_UDP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_VXLAN.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_XMPP.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_FileEntropy.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_FileExtract.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_FileExtract.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_FileHash.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_PE.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Unified2.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_Unified2.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_X509.events.bif.zeek + build/scripts/base/bif/plugins/Zeek_X509.types.bif.zeek + build/scripts/base/bif/plugins/Zeek_X509.functions.bif.zeek + build/scripts/base/bif/plugins/Zeek_X509.ocsp_events.bif.zeek + build/scripts/base/bif/plugins/Zeek_AsciiReader.ascii.bif.zeek + build/scripts/base/bif/plugins/Zeek_BenchmarkReader.benchmark.bif.zeek + build/scripts/base/bif/plugins/Zeek_BinaryReader.binary.bif.zeek + build/scripts/base/bif/plugins/Zeek_ConfigReader.config.bif.zeek + build/scripts/base/bif/plugins/Zeek_RawReader.raw.bif.zeek + build/scripts/base/bif/plugins/Zeek_SQLiteReader.sqlite.bif.zeek + build/scripts/base/bif/plugins/Zeek_AsciiWriter.ascii.bif.zeek + build/scripts/base/bif/plugins/Zeek_NoneWriter.none.bif.zeek + build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek scripts/base/init-default.zeek scripts/base/utils/active-http.zeek scripts/base/utils/exec.zeek @@ -370,4 +370,4 @@ scripts/base/init-default.zeek scripts/base/misc/find-filtered-trace.zeek scripts/base/misc/version.zeek scripts/policy/misc/loaded-scripts.zeek -#close 2019-06-05-18-41-19 +#close 2019-06-08-03-43-03 diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 27949c8795..b091251bec 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -273,7 +273,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1559874010.315687, node=zeek, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> @@ -450,7 +450,7 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1559874010.315687, node=zeek, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) -> 0.000000 MetaHookPost CallFunction(NetControl::init, , ()) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> @@ -562,125 +562,125 @@ 0.000000 MetaHookPost DrainEvents() -> 0.000000 MetaHookPost LoadFile(0, ..<...>/main.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ..<...>/plugin.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ARP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_AsciiReader.ascii.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_AsciiWriter.ascii.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_BackDoor.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_BenchmarkReader.benchmark.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_BinaryReader.binary.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_BitTorrent.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ConfigReader.config.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ConnSize.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ConnSize.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DCE_RPC.consts.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DCE_RPC.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DCE_RPC.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DHCP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DHCP.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DNP3.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_DNS.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FTP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FTP.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_File.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FileEntropy.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FileExtract.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FileExtract.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_FileHash.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Finger.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_GSSAPI.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_GTPv1.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Gnutella.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_HTTP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_HTTP.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_ICMP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_IMAP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_IRC.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Ident.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_InterConn.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_KRB.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_KRB.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Login.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Login.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_MIME.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Modbus.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_MySQL.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NCP.consts.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NCP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTLM.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTLM.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NTP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NetBIOS.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NetBIOS.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_NoneWriter.none.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_PE.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_POP3.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RADIUS.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RDP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RDP.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RFB.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RPC.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_RawReader.raw.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SIP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.consts.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_check_directory.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_close.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_create_directory.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_echo.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_logoff_andx.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_negotiate.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_nt_cancel.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_nt_create_andx.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_query_information.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_read_andx.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_session_setup_andx.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction2.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction_secondary.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_tree_disconnect.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_com_write_andx.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb1_events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_close.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_create.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_negotiate.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_read.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_session_setup.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_set_info.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_transform_header.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_tree_connect.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_tree_disconnect.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_com_write.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.smb2_events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMB.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMTP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SMTP.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SNMP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SNMP.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SOCKS.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SQLiteReader.sqlite.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SQLiteWriter.sqlite.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSH.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSH.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.consts.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SSL.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_SteppingStone.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Syslog.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_TCP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_TCP.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Teredo.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_UDP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Unified2.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_Unified2.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_VXLAN.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_X509.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_X509.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_X509.ocsp_events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_X509.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Bro_XMPP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_ARP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_AsciiReader.ascii.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_AsciiWriter.ascii.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_BackDoor.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_BenchmarkReader.benchmark.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_BinaryReader.binary.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_BitTorrent.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_ConfigReader.config.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_ConnSize.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_ConnSize.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DCE_RPC.consts.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DCE_RPC.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DCE_RPC.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DHCP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DHCP.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DNP3.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DNS.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_FTP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_FTP.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_File.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_FileEntropy.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_FileExtract.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_FileExtract.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_FileHash.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Finger.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_GSSAPI.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_GTPv1.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Gnutella.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_HTTP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_HTTP.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_ICMP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_IMAP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_IRC.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Ident.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_InterConn.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_KRB.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_KRB.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Login.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Login.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_MIME.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Modbus.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_MySQL.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NCP.consts.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NCP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NTLM.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NTLM.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NTP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NetBIOS.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NetBIOS.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NoneWriter.none.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_PE.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_POP3.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_RADIUS.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_RDP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_RDP.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_RFB.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_RPC.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_RawReader.raw.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SIP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.consts.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_check_directory.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_close.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_create_directory.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_echo.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_negotiate.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_query_information.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_read_andx.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_write_andx.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_close.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_create.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_negotiate.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_read.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_session_setup.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_set_info.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_transform_header.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_write.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMTP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMTP.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SNMP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SNMP.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SOCKS.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SQLiteReader.sqlite.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SQLiteWriter.sqlite.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SSH.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SSH.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SSL.consts.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SSL.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SSL.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SSL.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SteppingStone.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Syslog.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_TCP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_TCP.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Teredo.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_UDP.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Unified2.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Unified2.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_VXLAN.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_X509.events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_X509.functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_X509.ocsp_events.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_X509.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_XMPP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/acld.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/add-geodata.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/addrs.zeek) -> -1 @@ -773,8 +773,8 @@ 0.000000 MetaHookPost LoadFile(0, <...>/__load__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__preload__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/hooks.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/Bro_KRB.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/Bro_SNMP.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/Zeek_KRB.types.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/Zeek_SNMP.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/active-http.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/addrs.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/analyzer) -> -1 @@ -1159,7 +1159,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1559874010.315687, node=zeek, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) @@ -1336,7 +1336,7 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1559874010.315687, node=zeek, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(NetControl::check_plugins, , ()) 0.000000 MetaHookPre CallFunction(NetControl::init, , ()) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) @@ -1448,125 +1448,125 @@ 0.000000 MetaHookPre DrainEvents() 0.000000 MetaHookPre LoadFile(0, ..<...>/main.zeek) 0.000000 MetaHookPre LoadFile(0, ..<...>/plugin.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ARP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_AsciiReader.ascii.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_AsciiWriter.ascii.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_BackDoor.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_BenchmarkReader.benchmark.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_BinaryReader.binary.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_BitTorrent.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ConfigReader.config.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ConnSize.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ConnSize.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DCE_RPC.consts.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DCE_RPC.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DCE_RPC.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DHCP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DHCP.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DNP3.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_DNS.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FTP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FTP.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_File.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FileEntropy.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FileExtract.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FileExtract.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_FileHash.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Finger.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_GSSAPI.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_GTPv1.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Gnutella.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_HTTP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_HTTP.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_ICMP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_IMAP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_IRC.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Ident.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_InterConn.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_KRB.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_KRB.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Login.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Login.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_MIME.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Modbus.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_MySQL.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NCP.consts.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NCP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTLM.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTLM.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NTP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NetBIOS.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NetBIOS.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_NoneWriter.none.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_PE.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_POP3.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RADIUS.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RDP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RDP.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RFB.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RPC.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_RawReader.raw.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SIP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.consts.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_check_directory.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_close.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_create_directory.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_echo.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_logoff_andx.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_negotiate.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_nt_cancel.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_nt_create_andx.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_query_information.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_read_andx.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_session_setup_andx.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction2.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_transaction_secondary.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_tree_disconnect.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_com_write_andx.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb1_events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_close.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_create.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_negotiate.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_read.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_session_setup.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_set_info.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_transform_header.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_tree_connect.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_tree_disconnect.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_com_write.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.smb2_events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMB.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMTP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SMTP.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SNMP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SNMP.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SOCKS.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SQLiteReader.sqlite.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SQLiteWriter.sqlite.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSH.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSH.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.consts.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SSL.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_SteppingStone.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Syslog.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_TCP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_TCP.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Teredo.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_UDP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Unified2.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_Unified2.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_VXLAN.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_X509.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_X509.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_X509.ocsp_events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_X509.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Bro_XMPP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_ARP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_AsciiReader.ascii.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_AsciiWriter.ascii.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_BackDoor.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_BenchmarkReader.benchmark.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_BinaryReader.binary.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_BitTorrent.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_ConfigReader.config.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_ConnSize.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_ConnSize.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DCE_RPC.consts.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DCE_RPC.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DCE_RPC.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DHCP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DHCP.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DNP3.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DNS.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_FTP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_FTP.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_File.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_FileEntropy.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_FileExtract.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_FileExtract.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_FileHash.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Finger.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_GSSAPI.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_GTPv1.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Gnutella.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_HTTP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_HTTP.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_ICMP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_IMAP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_IRC.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Ident.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_InterConn.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_KRB.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_KRB.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Login.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Login.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_MIME.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Modbus.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_MySQL.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NCP.consts.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NCP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NTLM.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NTLM.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NTP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NetBIOS.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NetBIOS.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NoneWriter.none.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_PE.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_POP3.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_RADIUS.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_RDP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_RDP.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_RFB.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_RPC.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_RawReader.raw.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SIP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.consts.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_check_directory.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_close.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_create_directory.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_echo.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_negotiate.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_query_information.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_read_andx.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_write_andx.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_close.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_create.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_negotiate.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_read.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_session_setup.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_set_info.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_transform_header.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_write.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMTP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMTP.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SNMP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SNMP.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SOCKS.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SQLiteReader.sqlite.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SQLiteWriter.sqlite.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SSH.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SSH.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SSL.consts.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SSL.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SSL.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SSL.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SteppingStone.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Syslog.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_TCP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_TCP.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Teredo.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_UDP.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Unified2.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Unified2.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_VXLAN.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_X509.events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_X509.functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_X509.ocsp_events.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_X509.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_XMPP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/acld.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/add-geodata.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/addrs.zeek) @@ -1659,8 +1659,8 @@ 0.000000 MetaHookPre LoadFile(0, <...>/__load__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__preload__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/hooks.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/Bro_KRB.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/Bro_SNMP.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/Zeek_KRB.types.bif.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/Zeek_SNMP.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/active-http.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/addrs.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/analyzer) @@ -2044,7 +2044,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1559874010.315687, node=zeek, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) @@ -2221,7 +2221,7 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1559874010.315687, node=zeek, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction NetControl::check_plugins() 0.000000 | HookCallFunction NetControl::init() 0.000000 | HookCallFunction Notice::want_pp() @@ -2333,125 +2333,125 @@ 0.000000 | HookDrainEvents 0.000000 | HookLoadFile ..<...>/main.zeek 0.000000 | HookLoadFile ..<...>/plugin.zeek -0.000000 | HookLoadFile .<...>/Bro_ARP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_AsciiReader.ascii.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_AsciiWriter.ascii.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_BackDoor.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_BenchmarkReader.benchmark.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_BinaryReader.binary.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_BitTorrent.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_ConfigReader.config.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_ConnSize.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_ConnSize.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_DCE_RPC.consts.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_DCE_RPC.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_DCE_RPC.types.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_DHCP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_DHCP.types.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_DNP3.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_DNS.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_FTP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_FTP.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_File.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_FileEntropy.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_FileExtract.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_FileExtract.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_FileHash.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_Finger.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_GSSAPI.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_GTPv1.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_Gnutella.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_HTTP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_HTTP.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_ICMP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_IMAP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_IRC.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_Ident.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_InterConn.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_KRB.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_KRB.types.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_Login.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_Login.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_MIME.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_Modbus.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_MySQL.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_NCP.consts.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_NCP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_NTLM.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_NTLM.types.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_NTP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_NetBIOS.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_NetBIOS.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_NoneWriter.none.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_PE.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_POP3.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_RADIUS.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_RDP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_RDP.types.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_RFB.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_RPC.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_RawReader.raw.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SIP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.consts.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_check_directory.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_close.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_create_directory.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_echo.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_logoff_andx.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_negotiate.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_nt_cancel.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_nt_create_andx.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_query_information.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_read_andx.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_session_setup_andx.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_transaction.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_transaction2.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_transaction_secondary.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_tree_disconnect.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_com_write_andx.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb1_events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_close.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_create.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_negotiate.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_read.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_session_setup.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_set_info.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_transform_header.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_tree_connect.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_tree_disconnect.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_com_write.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.smb2_events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMB.types.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMTP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SMTP.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SNMP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SNMP.types.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SOCKS.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SQLiteReader.sqlite.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SQLiteWriter.sqlite.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SSH.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SSH.types.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SSL.consts.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SSL.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SSL.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SSL.types.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_SteppingStone.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_Syslog.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_TCP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_TCP.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_Teredo.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_UDP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_Unified2.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_Unified2.types.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_VXLAN.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_X509.events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_X509.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_X509.ocsp_events.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_X509.types.bif.zeek -0.000000 | HookLoadFile .<...>/Bro_XMPP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_ARP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_AsciiReader.ascii.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_AsciiWriter.ascii.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_BackDoor.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_BenchmarkReader.benchmark.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_BinaryReader.binary.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_BitTorrent.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_ConfigReader.config.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_ConnSize.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_ConnSize.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_DCE_RPC.consts.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_DCE_RPC.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_DCE_RPC.types.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_DHCP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_DHCP.types.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_DNP3.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_DNS.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_FTP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_FTP.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_File.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_FileEntropy.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_FileExtract.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_FileExtract.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_FileHash.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_Finger.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_GSSAPI.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_GTPv1.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_Gnutella.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_HTTP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_HTTP.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_ICMP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_IMAP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_IRC.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_Ident.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_InterConn.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_KRB.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_KRB.types.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_Login.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_Login.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_MIME.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_Modbus.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_MySQL.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_NCP.consts.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_NCP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_NTLM.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_NTLM.types.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_NTP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_NetBIOS.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_NetBIOS.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_NoneWriter.none.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_PE.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_POP3.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_RADIUS.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_RDP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_RDP.types.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_RFB.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_RPC.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_RawReader.raw.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SIP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.consts.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_check_directory.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_close.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_create_directory.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_echo.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_negotiate.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_query_information.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_read_andx.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction2.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_write_andx.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_close.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_create.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_negotiate.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_read.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_session_setup.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_set_info.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_transform_header.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_write.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMB.types.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMTP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SMTP.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SNMP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SNMP.types.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SOCKS.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SQLiteReader.sqlite.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SQLiteWriter.sqlite.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SSH.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SSH.types.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SSL.consts.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SSL.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SSL.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SSL.types.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_SteppingStone.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_Syslog.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_TCP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_TCP.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_Teredo.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_UDP.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_Unified2.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_Unified2.types.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_VXLAN.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_X509.events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_X509.functions.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_X509.ocsp_events.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_X509.types.bif.zeek +0.000000 | HookLoadFile .<...>/Zeek_XMPP.events.bif.zeek 0.000000 | HookLoadFile .<...>/acld.zeek 0.000000 | HookLoadFile .<...>/add-geodata.zeek 0.000000 | HookLoadFile .<...>/addrs.zeek @@ -2553,8 +2553,8 @@ 0.000000 | HookLoadFile <...>/__load__.zeek 0.000000 | HookLoadFile <...>/__preload__.zeek 0.000000 | HookLoadFile <...>/hooks.zeek -0.000000 | HookLoadFile base<...>/Bro_KRB.types.bif.zeek -0.000000 | HookLoadFile base<...>/Bro_SNMP.types.bif.zeek +0.000000 | HookLoadFile base<...>/Zeek_KRB.types.bif.zeek +0.000000 | HookLoadFile base<...>/Zeek_SNMP.types.bif.zeek 0.000000 | HookLoadFile base<...>/active-http.zeek 0.000000 | HookLoadFile base<...>/addrs.zeek 0.000000 | HookLoadFile base<...>/analyzer @@ -2651,7 +2651,7 @@ 0.000000 | HookLoadFile base<...>/x509 0.000000 | HookLoadFile base<...>/xmpp 0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} -0.000000 | HookLogWrite packet_filter [ts=1559874010.315687, node=zeek, filter=ip or not ip, init=T, success=T] +0.000000 | HookLogWrite packet_filter [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T] 0.000000 | HookQueueEvent NetControl::init() 0.000000 | HookQueueEvent filter_change_tracking() 0.000000 | HookQueueEvent zeek_init() diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek index e913fbc544..3a1566b5a2 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek @@ -1,6 +1,6 @@ # # @TEST-REQUIRES: which sqlite3 -# @TEST-REQUIRES: has-writer Bro::SQLiteWriter +# @TEST-REQUIRES: has-writer Zeek::SQLiteWriter # @TEST-GROUP: sqlite # # @TEST-EXEC: cat ssh.sql | sqlite3 ssh.sqlite diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek index 17779a6312..e597a74024 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek @@ -3,7 +3,7 @@ # chance of being off by one if someone changes it). # # @TEST-REQUIRES: which sqlite3 -# @TEST-REQUIRES: has-writer Bro::SQLiteWriter +# @TEST-REQUIRES: has-writer Zeek::SQLiteWriter # @TEST-GROUP: sqlite # # @TEST-EXEC: zeek -b %INPUT diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek index f685dfa26f..fcdbd928ee 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek @@ -1,7 +1,7 @@ # Test simultaneous writes to the same database file. # # @TEST-REQUIRES: which sqlite3 -# @TEST-REQUIRES: has-writer Bro::SQLiteWriter +# @TEST-REQUIRES: has-writer Zeek::SQLiteWriter # @TEST-GROUP: sqlite # # @TEST-EXEC: zeek -b %INPUT diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek index 751517a9b9..065fa98a77 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek @@ -1,6 +1,6 @@ # # @TEST-REQUIRES: which sqlite3 -# @TEST-REQUIRES: has-writer Bro::SQLiteWriter +# @TEST-REQUIRES: has-writer Zeek::SQLiteWriter # @TEST-GROUP: sqlite # # @TEST-EXEC: zeek -b %INPUT diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek index 8ffc867b92..cd6eaf7f26 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek @@ -1,6 +1,6 @@ # # @TEST-REQUIRES: which sqlite3 -# @TEST-REQUIRES: has-writer Bro::SQLiteWriter +# @TEST-REQUIRES: has-writer Zeek::SQLiteWriter # @TEST-GROUP: sqlite # # @TEST-EXEC: zeek -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_SQLITE