Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/jsiwek/gh-387-broker-topic-names'

Browse source 
* origin/topic/jsiwek/gh-387-broker-topic-names:
  GH-387: update Broker topic names to use "zeek/" prefix
This commit is contained in:
Jon Siwek 2019-06-14 19:26:21 -07:00
commit 56bb28a636
37 changed files with 358 additions and 310 deletions
Download patch file Download diff file Expand all files Collapse all files

6
CHANGES
View file

@ -1,4 +1,10 @@
2.6-412 | 2019-06-14 19:26:21 -0700
* GH-387: update Broker topic names to use "zeek/" prefix (Jon Siwek, Corelight)
* GH-323: change builtin plugin namespaces to Zeek (Jon Siwek, Corelight)
2.6-408 | 2019-06-13 11:19:50 -0700
* Fix potential null-dereference in current_time() (Tim Wojtulewicz, Corelight)

33
NEWS
View file

@ -275,6 +275,39 @@ Changed Functionality
- The namespace used by all the builtin plugins that ship with Zeek have
changed to use "Zeek::" instead of "Bro::".
- Any Broker topic names used in scripts shipped with Zeek that
previously were prefixed with "bro/" are now prefixed with "zeek/"
instead.
In the case where external applications were using a "bro/" topic
to send data into a Bro process, a Zeek process still subscribes
to those topics in addition to the equivalently named "zeek/" topic.
In the case where external applications were using a "bro/" topic
to subscribe to remote messages or query data stores, there's no
backwards compatibility and external applications must be changed
to use the new "zeek/" topic. The thought is this change will have
low impact since most data published under "bro/" topic names is
intended for use only as a detail of implementing cluster-enabled
versions of various scripts.
A list of the most relevant/common topic names that could potentially
be used in external applications to consume/query remote data that
one may need to change:
- store names
- bro/known/services
- bro/known/hosts
- bro/known/certs
- cluster nodes
- bro/cluster/<node type>
- bro/cluster/node/<name>
- bro/cluster/nodeid/<id>
- logging
- bro/logs/<stream>
Removed Functionality
---------------------

2
VERSION
View file

@ -1 +1 @@
2.6-408
2.6-412

2
doc

@ -1 +1 @@
Subproject commit c2181caaeee801efbe327a9739d2f58c0efca2f7
Subproject commit abca6eabff514dfdd02c4312fa8f8c1e3d658bfe

2
scripts/base/frameworks/broker/main.zeek
View file

@ -113,7 +113,7 @@ export {
## The default topic prefix where logs will be published. The log's stream
## id is appended when writing to a particular stream.
const default_log_topic_prefix = "bro/logs/" &redef;
const default_log_topic_prefix = "zeek/logs/" &redef;
## The default implementation for :zeek:see:`Broker::log_topic`.
function default_log_topic(id: Log::ID, path: string): string

14
scripts/base/frameworks/cluster/main.zeek
View file

@ -17,31 +17,31 @@ export {
## The topic name used for exchanging messages that are relevant to
## logger nodes in a cluster. Used with broker-enabled cluster communication.
const logger_topic = "bro/cluster/logger" &redef;
const logger_topic = "zeek/cluster/logger" &redef;
## The topic name used for exchanging messages that are relevant to
## manager nodes in a cluster. Used with broker-enabled cluster communication.
const manager_topic = "bro/cluster/manager" &redef;
const manager_topic = "zeek/cluster/manager" &redef;
## The topic name used for exchanging messages that are relevant to
## proxy nodes in a cluster. Used with broker-enabled cluster communication.
const proxy_topic = "bro/cluster/proxy" &redef;
const proxy_topic = "zeek/cluster/proxy" &redef;
## The topic name used for exchanging messages that are relevant to
## worker nodes in a cluster. Used with broker-enabled cluster communication.
const worker_topic = "bro/cluster/worker" &redef;
const worker_topic = "zeek/cluster/worker" &redef;
## The topic name used for exchanging messages that are relevant to
## time machine nodes in a cluster. Used with broker-enabled cluster communication.
const time_machine_topic = "bro/cluster/time_machine" &redef;
const time_machine_topic = "zeek/cluster/time_machine" &redef;
## The topic prefix used for exchanging messages that are relevant to
## a named node in a cluster. Used with broker-enabled cluster communication.
const node_topic_prefix = "bro/cluster/node/" &redef;
const node_topic_prefix = "zeek/cluster/node/" &redef;
## The topic prefix used for exchanging messages that are relevant to
## a unique node in a cluster. Used with broker-enabled cluster communication.
const nodeid_topic_prefix = "bro/cluster/nodeid/" &redef;
const nodeid_topic_prefix = "zeek/cluster/nodeid/" &redef;
## Name of the node on which master data stores will be created if no other
## has already been specified by the user in :zeek:see:`Cluster::stores`.

6
scripts/base/frameworks/cluster/pools.zeek
View file

@ -60,17 +60,17 @@ export {
## The specification for :zeek:see:`Cluster::proxy_pool`.
global proxy_pool_spec: PoolSpec =
PoolSpec($topic = "bro/cluster/pool/proxy",
PoolSpec($topic = "zeek/cluster/pool/proxy",
$node_type = Cluster::PROXY) &redef;
## The specification for :zeek:see:`Cluster::worker_pool`.
global worker_pool_spec: PoolSpec =
PoolSpec($topic = "bro/cluster/pool/worker",
PoolSpec($topic = "zeek/cluster/pool/worker",
$node_type = Cluster::WORKER) &redef;
## The specification for :zeek:see:`Cluster::logger_pool`.
global logger_pool_spec: PoolSpec =
PoolSpec($topic = "bro/cluster/pool/logger",
PoolSpec($topic = "zeek/cluster/pool/logger",
$node_type = Cluster::LOGGER) &redef;
## A pool containing all the proxy nodes of a cluster.

2
scripts/policy/protocols/conn/known-hosts.zeek
View file

@ -36,7 +36,7 @@ export {
global host_store: Cluster::StoreInfo;
## The Broker topic name to use for :zeek:see:`Known::host_store`.
const host_store_name = "bro/known/hosts" &redef;
const host_store_name = "zeek/known/hosts" &redef;
## The expiry interval of new entries in :zeek:see:`Known::host_store`.
## This also changes the interval at which hosts get logged.

2
scripts/policy/protocols/conn/known-services.zeek
View file

@ -48,7 +48,7 @@ export {
global service_store: Cluster::StoreInfo;
## The Broker topic name to use for :zeek:see:`Known::service_store`.
const service_store_name = "bro/known/services" &redef;
const service_store_name = "zeek/known/services" &redef;
## The expiry interval of new entries in :zeek:see:`Known::service_store`.
## This also changes the interval at which services get logged.

2
scripts/policy/protocols/ssl/known-certs.zeek
View file

@ -48,7 +48,7 @@ export {
global cert_store: Cluster::StoreInfo;
## The Broker topic name to use for :zeek:see:`Known::cert_store`.
const cert_store_name = "bro/known/certs" &redef;
const cert_store_name = "zeek/known/certs" &redef;
## The expiry interval of new entries in :zeek:see:`Known::cert_store`.
## This also changes the interval at which certs get logged.

9
src/broker/Manager.cc
View file

@ -772,6 +772,15 @@ bool Manager::Subscribe(const string& topic_prefix)
{
DBG_LOG(DBG_BROKER, "Subscribing to topic prefix %s", topic_prefix.c_str());
bstate->subscriber.add_topic(topic_prefix, ! after_zeek_init);
// For backward compatibility, we also may receive messages on
// "bro/" topic prefixes in addition to "zeek/".
if ( strncmp(topic_prefix.data(), "zeek/", 5) == 0 )
{
std::string alt_topic = "bro/" + topic_prefix.substr(5);
bstate->subscriber.add_topic(std::move(alt_topic), ! after_zeek_init);
}
return true;
}

32
testing/btest/Baseline/plugins.hooks/output
View file

@ -161,9 +161,9 @@
0.000000 MetaHookPost CallFunction(Cluster::is_enabled, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Cluster::is_enabled, <null>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Cluster::local_node_type, <null>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Cluster::register_pool, <frame>, ([topic=bro<...>/logger, node_type=Cluster::LOGGER, max_nodes=<uninitialized>, exclusive=F])) -> <no result>
0.000000 MetaHookPost CallFunction(Cluster::register_pool, <frame>, ([topic=bro<...>/proxy, node_type=Cluster::PROXY, max_nodes=<uninitialized>, exclusive=F])) -> <no result>
0.000000 MetaHookPost CallFunction(Cluster::register_pool, <frame>, ([topic=bro<...>/worker, node_type=Cluster::WORKER, max_nodes=<uninitialized>, exclusive=F])) -> <no result>
0.000000 MetaHookPost CallFunction(Cluster::register_pool, <frame>, ([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=<uninitialized>, exclusive=F])) -> <no result>
0.000000 MetaHookPost CallFunction(Cluster::register_pool, <frame>, ([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=<uninitialized>, exclusive=F])) -> <no result>
0.000000 MetaHookPost CallFunction(Cluster::register_pool, <frame>, ([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=<uninitialized>, exclusive=F])) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_analyzer_add_callback, <frame>, (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)FileExtract::f$info$extracted_cutoff = Fmkdir(FileExtract::prefix)})) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_MD5, application/pkix-cert)) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_MD5, application/x-x509-ca-cert)) -> <no result>
@ -273,7 +273,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1560564690.769635, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@ -450,7 +450,7 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1560564690.769635, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@ -1047,9 +1047,9 @@
0.000000 MetaHookPre CallFunction(Cluster::is_enabled, <frame>, ())
0.000000 MetaHookPre CallFunction(Cluster::is_enabled, <null>, ())
0.000000 MetaHookPre CallFunction(Cluster::local_node_type, <null>, ())
0.000000 MetaHookPre CallFunction(Cluster::register_pool, <frame>, ([topic=bro<...>/logger, node_type=Cluster::LOGGER, max_nodes=<uninitialized>, exclusive=F]))
0.000000 MetaHookPre CallFunction(Cluster::register_pool, <frame>, ([topic=bro<...>/proxy, node_type=Cluster::PROXY, max_nodes=<uninitialized>, exclusive=F]))
0.000000 MetaHookPre CallFunction(Cluster::register_pool, <frame>, ([topic=bro<...>/worker, node_type=Cluster::WORKER, max_nodes=<uninitialized>, exclusive=F]))
0.000000 MetaHookPre CallFunction(Cluster::register_pool, <frame>, ([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=<uninitialized>, exclusive=F]))
0.000000 MetaHookPre CallFunction(Cluster::register_pool, <frame>, ([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=<uninitialized>, exclusive=F]))
0.000000 MetaHookPre CallFunction(Cluster::register_pool, <frame>, ([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=<uninitialized>, exclusive=F]))
0.000000 MetaHookPre CallFunction(Files::register_analyzer_add_callback, <frame>, (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)FileExtract::f$info$extracted_cutoff = Fmkdir(FileExtract::prefix)}))
0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_MD5, application/pkix-cert))
0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_MD5, application/x-x509-ca-cert))
@ -1159,7 +1159,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1560564690.769635, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@ -1336,7 +1336,7 @@
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1560564690.769635, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
@ -1932,9 +1932,9 @@
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_XMPP, {5222<...>/tcp})
0.000000 | HookCallFunction Cluster::is_enabled()
0.000000 | HookCallFunction Cluster::local_node_type()
0.000000 | HookCallFunction Cluster::register_pool([topic=bro<...>/logger, node_type=Cluster::LOGGER, max_nodes=<uninitialized>, exclusive=F])
0.000000 | HookCallFunction Cluster::register_pool([topic=bro<...>/proxy, node_type=Cluster::PROXY, max_nodes=<uninitialized>, exclusive=F])
0.000000 | HookCallFunction Cluster::register_pool([topic=bro<...>/worker, node_type=Cluster::WORKER, max_nodes=<uninitialized>, exclusive=F])
0.000000 | HookCallFunction Cluster::register_pool([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=<uninitialized>, exclusive=F])
0.000000 | HookCallFunction Cluster::register_pool([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=<uninitialized>, exclusive=F])
0.000000 | HookCallFunction Cluster::register_pool([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=<uninitialized>, exclusive=F])
0.000000 | HookCallFunction Files::register_analyzer_add_callback(Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)FileExtract::f$info$extracted_cutoff = Fmkdir(FileExtract::prefix)})
0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/pkix-cert)
0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/x-x509-ca-cert)
@ -2044,7 +2044,7 @@
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1560564690.769635, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@ -2221,7 +2221,7 @@
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1560564690.769635, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction NetControl::check_plugins()
0.000000 | HookCallFunction NetControl::init()
0.000000 | HookCallFunction Notice::want_pp()
@ -2651,7 +2651,7 @@
0.000000 | HookLoadFile base<...>/x509
0.000000 | HookLoadFile base<...>/xmpp
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
0.000000 | HookLogWrite packet_filter [ts=1559965406.801449, node=zeek, filter=ip or not ip, init=T, success=T]
0.000000 | HookLogWrite packet_filter [ts=1560564690.769635, node=zeek, filter=ip or not ip, init=T, success=T]
0.000000 | HookQueueEvent NetControl::init()
0.000000 | HookQueueEvent filter_change_tracking()
0.000000 | HookQueueEvent zeek_init()

144
testing/btest/Baseline/scripts.base.frameworks.cluster.custom_pool_exclusivity/manager-1..stdout
View file

@ -1,101 +1,101 @@
1st stuff
hrw, 0, bro/cluster/node/proxy-1
hrw (custom pool), 0, bro/cluster/node/proxy-2
hrw, 1, bro/cluster/node/proxy-1
hrw (custom pool), 1, bro/cluster/node/proxy-2
hrw, 2, bro/cluster/node/proxy-1
hrw (custom pool), 2, bro/cluster/node/proxy-2
hrw, 3, bro/cluster/node/proxy-1
hrw (custom pool), 3, bro/cluster/node/proxy-2
hrw, 13, bro/cluster/node/proxy-1
hrw (custom pool), 13, bro/cluster/node/proxy-2
hrw, 37, bro/cluster/node/proxy-1
hrw (custom pool), 37, bro/cluster/node/proxy-2
hrw, 42, bro/cluster/node/proxy-1
hrw (custom pool), 42, bro/cluster/node/proxy-2
hrw, 101, bro/cluster/node/proxy-1
hrw (custom pool), 101, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-2
hrw, 0, bro/cluster/node/proxy-1
hrw (custom pool), 0, bro/cluster/node/proxy-2
hrw, 1, bro/cluster/node/proxy-1
hrw (custom pool), 1, bro/cluster/node/proxy-2
hrw, 2, bro/cluster/node/proxy-1
hrw (custom pool), 2, bro/cluster/node/proxy-2
hrw, 3, bro/cluster/node/proxy-1
hrw (custom pool), 3, bro/cluster/node/proxy-2
hrw, 13, bro/cluster/node/proxy-1
hrw (custom pool), 13, bro/cluster/node/proxy-2
hrw, 37, bro/cluster/node/proxy-1
hrw (custom pool), 37, bro/cluster/node/proxy-2
hrw, 42, bro/cluster/node/proxy-1
hrw (custom pool), 42, bro/cluster/node/proxy-2
hrw, 101, bro/cluster/node/proxy-1
hrw (custom pool), 101, bro/cluster/node/proxy-2
hrw, 0, zeek/cluster/node/proxy-1
hrw (custom pool), 0, zeek/cluster/node/proxy-2
hrw, 1, zeek/cluster/node/proxy-1
hrw (custom pool), 1, zeek/cluster/node/proxy-2
hrw, 2, zeek/cluster/node/proxy-1
hrw (custom pool), 2, zeek/cluster/node/proxy-2
hrw, 3, zeek/cluster/node/proxy-1
hrw (custom pool), 3, zeek/cluster/node/proxy-2
hrw, 13, zeek/cluster/node/proxy-1
hrw (custom pool), 13, zeek/cluster/node/proxy-2
hrw, 37, zeek/cluster/node/proxy-1
hrw (custom pool), 37, zeek/cluster/node/proxy-2
hrw, 42, zeek/cluster/node/proxy-1
hrw (custom pool), 42, zeek/cluster/node/proxy-2
hrw, 101, zeek/cluster/node/proxy-1
hrw (custom pool), 101, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-2
hrw, 0, zeek/cluster/node/proxy-1
hrw (custom pool), 0, zeek/cluster/node/proxy-2
hrw, 1, zeek/cluster/node/proxy-1
hrw (custom pool), 1, zeek/cluster/node/proxy-2
hrw, 2, zeek/cluster/node/proxy-1
hrw (custom pool), 2, zeek/cluster/node/proxy-2
hrw, 3, zeek/cluster/node/proxy-1
hrw (custom pool), 3, zeek/cluster/node/proxy-2
hrw, 13, zeek/cluster/node/proxy-1
hrw (custom pool), 13, zeek/cluster/node/proxy-2
hrw, 37, zeek/cluster/node/proxy-1
hrw (custom pool), 37, zeek/cluster/node/proxy-2
hrw, 42, zeek/cluster/node/proxy-1
hrw (custom pool), 42, zeek/cluster/node/proxy-2
hrw, 101, zeek/cluster/node/proxy-1
hrw (custom pool), 101, zeek/cluster/node/proxy-2
2nd stuff
hrw, 0,
hrw (custom pool), 0, bro/cluster/node/proxy-2
hrw (custom pool), 0, zeek/cluster/node/proxy-2
hrw, 1,
hrw (custom pool), 1, bro/cluster/node/proxy-2
hrw (custom pool), 1, zeek/cluster/node/proxy-2
hrw, 2,
hrw (custom pool), 2, bro/cluster/node/proxy-2
hrw (custom pool), 2, zeek/cluster/node/proxy-2
hrw, 3,
hrw (custom pool), 3, bro/cluster/node/proxy-2
hrw (custom pool), 3, zeek/cluster/node/proxy-2
hrw, 13,
hrw (custom pool), 13, bro/cluster/node/proxy-2
hrw (custom pool), 13, zeek/cluster/node/proxy-2
hrw, 37,
hrw (custom pool), 37, bro/cluster/node/proxy-2
hrw (custom pool), 37, zeek/cluster/node/proxy-2
hrw, 42,
hrw (custom pool), 42, bro/cluster/node/proxy-2
hrw (custom pool), 42, zeek/cluster/node/proxy-2
hrw, 101,
hrw (custom pool), 101, bro/cluster/node/proxy-2
hrw (custom pool), 101, zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
hrw, 0,
hrw (custom pool), 0, bro/cluster/node/proxy-2
hrw (custom pool), 0, zeek/cluster/node/proxy-2
hrw, 1,
hrw (custom pool), 1, bro/cluster/node/proxy-2
hrw (custom pool), 1, zeek/cluster/node/proxy-2
hrw, 2,
hrw (custom pool), 2, bro/cluster/node/proxy-2
hrw (custom pool), 2, zeek/cluster/node/proxy-2
hrw, 3,
hrw (custom pool), 3, bro/cluster/node/proxy-2
hrw (custom pool), 3, zeek/cluster/node/proxy-2
hrw, 13,
hrw (custom pool), 13, bro/cluster/node/proxy-2
hrw (custom pool), 13, zeek/cluster/node/proxy-2
hrw, 37,
hrw (custom pool), 37, bro/cluster/node/proxy-2
hrw (custom pool), 37, zeek/cluster/node/proxy-2
hrw, 42,
hrw (custom pool), 42, bro/cluster/node/proxy-2
hrw (custom pool), 42, zeek/cluster/node/proxy-2
hrw, 101,
hrw (custom pool), 101, bro/cluster/node/proxy-2
hrw (custom pool), 101, zeek/cluster/node/proxy-2
no stuff
hrw, 0,
hrw (custom pool), 0,

144
testing/btest/Baseline/scripts.base.frameworks.cluster.custom_pool_limits/manager-1..stdout
View file

@ -1,101 +1,101 @@
1st stuff
hrw, 0, bro/cluster/node/proxy-1
hrw (custom pool), 0, bro/cluster/node/proxy-1
hrw, 1, bro/cluster/node/proxy-1
hrw (custom pool), 1, bro/cluster/node/proxy-1
hrw, 2, bro/cluster/node/proxy-1
hrw (custom pool), 2, bro/cluster/node/proxy-1
hrw, 3, bro/cluster/node/proxy-1
hrw (custom pool), 3, bro/cluster/node/proxy-1
hrw, 13, bro/cluster/node/proxy-1
hrw (custom pool), 13, bro/cluster/node/proxy-2
hrw, 37, bro/cluster/node/proxy-1
hrw (custom pool), 37, bro/cluster/node/proxy-2
hrw, 42, bro/cluster/node/proxy-1
hrw (custom pool), 42, bro/cluster/node/proxy-2
hrw, 101, bro/cluster/node/proxy-1
hrw (custom pool), 101, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-1
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-1
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-1
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-1
rr, bro/cluster/node/proxy-1
rr (custom pool), bro/cluster/node/proxy-2
hrw, 0, bro/cluster/node/proxy-1
hrw (custom pool), 0, bro/cluster/node/proxy-1
hrw, 1, bro/cluster/node/proxy-1
hrw (custom pool), 1, bro/cluster/node/proxy-1
hrw, 2, bro/cluster/node/proxy-1
hrw (custom pool), 2, bro/cluster/node/proxy-1
hrw, 3, bro/cluster/node/proxy-1
hrw (custom pool), 3, bro/cluster/node/proxy-1
hrw, 13, bro/cluster/node/proxy-1
hrw (custom pool), 13, bro/cluster/node/proxy-2
hrw, 37, bro/cluster/node/proxy-1
hrw (custom pool), 37, bro/cluster/node/proxy-2
hrw, 42, bro/cluster/node/proxy-1
hrw (custom pool), 42, bro/cluster/node/proxy-2
hrw, 101, bro/cluster/node/proxy-1
hrw (custom pool), 101, bro/cluster/node/proxy-2
hrw, 0, zeek/cluster/node/proxy-1
hrw (custom pool), 0, zeek/cluster/node/proxy-1
hrw, 1, zeek/cluster/node/proxy-1
hrw (custom pool), 1, zeek/cluster/node/proxy-1
hrw, 2, zeek/cluster/node/proxy-1
hrw (custom pool), 2, zeek/cluster/node/proxy-1
hrw, 3, zeek/cluster/node/proxy-1
hrw (custom pool), 3, zeek/cluster/node/proxy-1
hrw, 13, zeek/cluster/node/proxy-1
hrw (custom pool), 13, zeek/cluster/node/proxy-2
hrw, 37, zeek/cluster/node/proxy-1
hrw (custom pool), 37, zeek/cluster/node/proxy-2
hrw, 42, zeek/cluster/node/proxy-1
hrw (custom pool), 42, zeek/cluster/node/proxy-2
hrw, 101, zeek/cluster/node/proxy-1
hrw (custom pool), 101, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-1
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-1
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-1
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-1
rr, zeek/cluster/node/proxy-1
rr (custom pool), zeek/cluster/node/proxy-2
hrw, 0, zeek/cluster/node/proxy-1
hrw (custom pool), 0, zeek/cluster/node/proxy-1
hrw, 1, zeek/cluster/node/proxy-1
hrw (custom pool), 1, zeek/cluster/node/proxy-1
hrw, 2, zeek/cluster/node/proxy-1
hrw (custom pool), 2, zeek/cluster/node/proxy-1
hrw, 3, zeek/cluster/node/proxy-1
hrw (custom pool), 3, zeek/cluster/node/proxy-1
hrw, 13, zeek/cluster/node/proxy-1
hrw (custom pool), 13, zeek/cluster/node/proxy-2
hrw, 37, zeek/cluster/node/proxy-1
hrw (custom pool), 37, zeek/cluster/node/proxy-2
hrw, 42, zeek/cluster/node/proxy-1
hrw (custom pool), 42, zeek/cluster/node/proxy-2
hrw, 101, zeek/cluster/node/proxy-1
hrw (custom pool), 101, zeek/cluster/node/proxy-2
2nd stuff
hrw, 0,
hrw (custom pool), 0, bro/cluster/node/proxy-2
hrw (custom pool), 0, zeek/cluster/node/proxy-2
hrw, 1,
hrw (custom pool), 1, bro/cluster/node/proxy-2
hrw (custom pool), 1, zeek/cluster/node/proxy-2
hrw, 2,
hrw (custom pool), 2, bro/cluster/node/proxy-2
hrw (custom pool), 2, zeek/cluster/node/proxy-2
hrw, 3,
hrw (custom pool), 3, bro/cluster/node/proxy-2
hrw (custom pool), 3, zeek/cluster/node/proxy-2
hrw, 13,
hrw (custom pool), 13, bro/cluster/node/proxy-2
hrw (custom pool), 13, zeek/cluster/node/proxy-2
hrw, 37,
hrw (custom pool), 37, bro/cluster/node/proxy-2
hrw (custom pool), 37, zeek/cluster/node/proxy-2
hrw, 42,
hrw (custom pool), 42, bro/cluster/node/proxy-2
hrw (custom pool), 42, zeek/cluster/node/proxy-2
hrw, 101,
hrw (custom pool), 101, bro/cluster/node/proxy-2
hrw (custom pool), 101, zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
rr,
rr (custom pool), bro/cluster/node/proxy-2
rr (custom pool), zeek/cluster/node/proxy-2
hrw, 0,
hrw (custom pool), 0, bro/cluster/node/proxy-2
hrw (custom pool), 0, zeek/cluster/node/proxy-2
hrw, 1,
hrw (custom pool), 1, bro/cluster/node/proxy-2
hrw (custom pool), 1, zeek/cluster/node/proxy-2
hrw, 2,
hrw (custom pool), 2, bro/cluster/node/proxy-2
hrw (custom pool), 2, zeek/cluster/node/proxy-2
hrw, 3,
hrw (custom pool), 3, bro/cluster/node/proxy-2
hrw (custom pool), 3, zeek/cluster/node/proxy-2
hrw, 13,
hrw (custom pool), 13, bro/cluster/node/proxy-2
hrw (custom pool), 13, zeek/cluster/node/proxy-2
hrw, 37,
hrw (custom pool), 37, bro/cluster/node/proxy-2
hrw (custom pool), 37, zeek/cluster/node/proxy-2
hrw, 42,
hrw (custom pool), 42, bro/cluster/node/proxy-2
hrw (custom pool), 42, zeek/cluster/node/proxy-2
hrw, 101,
hrw (custom pool), 101, bro/cluster/node/proxy-2
hrw (custom pool), 101, zeek/cluster/node/proxy-2
no stuff
hrw, 0,
hrw (custom pool), 0,

96
testing/btest/Baseline/scripts.base.frameworks.cluster.topic_distribution/manager-1..stdout
View file

@ -1,53 +1,53 @@
1st stuff
hrw, 0, bro/cluster/node/proxy-1
hrw, 1, bro/cluster/node/proxy-1
hrw, 2, bro/cluster/node/proxy-1
hrw, 3, bro/cluster/node/proxy-1
hrw, 13, bro/cluster/node/proxy-2
hrw, 37, bro/cluster/node/proxy-2
hrw, 42, bro/cluster/node/proxy-2
hrw, 101, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-1
rr, bro/cluster/node/proxy-2
hrw, 0, bro/cluster/node/proxy-1
hrw, 1, bro/cluster/node/proxy-1
hrw, 2, bro/cluster/node/proxy-1
hrw, 3, bro/cluster/node/proxy-1
hrw, 13, bro/cluster/node/proxy-2
hrw, 37, bro/cluster/node/proxy-2
hrw, 42, bro/cluster/node/proxy-2
hrw, 101, bro/cluster/node/proxy-2
hrw, 0, zeek/cluster/node/proxy-1
hrw, 1, zeek/cluster/node/proxy-1
hrw, 2, zeek/cluster/node/proxy-1
hrw, 3, zeek/cluster/node/proxy-1
hrw, 13, zeek/cluster/node/proxy-2
hrw, 37, zeek/cluster/node/proxy-2
hrw, 42, zeek/cluster/node/proxy-2
hrw, 101, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-1
rr, zeek/cluster/node/proxy-2
hrw, 0, zeek/cluster/node/proxy-1
hrw, 1, zeek/cluster/node/proxy-1
hrw, 2, zeek/cluster/node/proxy-1
hrw, 3, zeek/cluster/node/proxy-1
hrw, 13, zeek/cluster/node/proxy-2
hrw, 37, zeek/cluster/node/proxy-2
hrw, 42, zeek/cluster/node/proxy-2
hrw, 101, zeek/cluster/node/proxy-2
2nd stuff
hrw, 0, bro/cluster/node/proxy-2
hrw, 1, bro/cluster/node/proxy-2
hrw, 2, bro/cluster/node/proxy-2
hrw, 3, bro/cluster/node/proxy-2
hrw, 13, bro/cluster/node/proxy-2
hrw, 37, bro/cluster/node/proxy-2
hrw, 42, bro/cluster/node/proxy-2
hrw, 101, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-2
rr, bro/cluster/node/proxy-2
hrw, 0, bro/cluster/node/proxy-2
hrw, 1, bro/cluster/node/proxy-2
hrw, 2, bro/cluster/node/proxy-2
hrw, 3, bro/cluster/node/proxy-2
hrw, 13, bro/cluster/node/proxy-2
hrw, 37, bro/cluster/node/proxy-2
hrw, 42, bro/cluster/node/proxy-2
hrw, 101, bro/cluster/node/proxy-2
hrw, 0, zeek/cluster/node/proxy-2
hrw, 1, zeek/cluster/node/proxy-2
hrw, 2, zeek/cluster/node/proxy-2
hrw, 3, zeek/cluster/node/proxy-2
hrw, 13, zeek/cluster/node/proxy-2
hrw, 37, zeek/cluster/node/proxy-2
hrw, 42, zeek/cluster/node/proxy-2
hrw, 101, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-2
rr, zeek/cluster/node/proxy-2
hrw, 0, zeek/cluster/node/proxy-2
hrw, 1, zeek/cluster/node/proxy-2
hrw, 2, zeek/cluster/node/proxy-2
hrw, 3, zeek/cluster/node/proxy-2
hrw, 13, zeek/cluster/node/proxy-2
hrw, 37, zeek/cluster/node/proxy-2
hrw, 42, zeek/cluster/node/proxy-2
hrw, 101, zeek/cluster/node/proxy-2
no stuff
hrw, 0,
hrw, 1,

28
testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/send.netcontrol.log
View file

@ -6,20 +6,20 @@
#open 2017-04-07-17-26-05
#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin
#types time string enum string enum string enum string string string string int interval string string
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Acld-bro/event/netcontroltest
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Acld-zeek/event/netcontroltest
0.000000 - NetControl::MESSAGE - - - - - - - waiting for plugins to initialize - - - -
1491585965.002956 - NetControl::MESSAGE - - - - - - - activation finished - - - Acld-bro/event/netcontroltest
1491585965.002956 - NetControl::MESSAGE - - - - - - - activation finished - - - Acld-zeek/event/netcontroltest
1491585965.002956 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
1491585965.027155 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/*->74.125.239.97/32/* - - 0 36000.000000 here Acld-bro/event/netcontroltest
1491585965.027155 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/443 - - 0 36000.000000 there Acld-bro/event/netcontroltest
1491585965.027155 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 36000.000000 - Acld-bro/event/netcontroltest
1491585965.027706 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/*->74.125.239.97/32/* - blockhosthost 0 36000.000000 here Acld-bro/event/netcontroltest
1491585965.027706 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/*->74.125.239.97/32/* - - 0 36000.000000 here Acld-bro/event/netcontroltest
1491585965.027706 3 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/443 - droptcpport 0 36000.000000 there Acld-bro/event/netcontroltest
1491585965.027706 3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/443 - - 0 36000.000000 there Acld-bro/event/netcontroltest
1491585965.027706 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - drop 0 36000.000000 - Acld-bro/event/netcontroltest
1491585965.027706 4 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 36000.000000 - Acld-bro/event/netcontroltest
1491585965.027706 2 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/*->74.125.239.97/32/* - restorehosthost 0 36000.000000 here Acld-bro/event/netcontroltest
1491585965.027706 3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/443 - restoretcpport 0 36000.000000 there Acld-bro/event/netcontroltest
1491585965.027706 4 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - restore 0 36000.000000 - Acld-bro/event/netcontroltest
1491585965.027155 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/*->74.125.239.97/32/* - - 0 36000.000000 here Acld-zeek/event/netcontroltest
1491585965.027155 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/443 - - 0 36000.000000 there Acld-zeek/event/netcontroltest
1491585965.027155 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 36000.000000 - Acld-zeek/event/netcontroltest
1491585965.027706 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/*->74.125.239.97/32/* - blockhosthost 0 36000.000000 here Acld-zeek/event/netcontroltest
1491585965.027706 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/*->74.125.239.97/32/* - - 0 36000.000000 here Acld-zeek/event/netcontroltest
1491585965.027706 3 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/443 - droptcpport 0 36000.000000 there Acld-zeek/event/netcontroltest
1491585965.027706 3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/443 - - 0 36000.000000 there Acld-zeek/event/netcontroltest
1491585965.027706 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - drop 0 36000.000000 - Acld-zeek/event/netcontroltest
1491585965.027706 4 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 36000.000000 - Acld-zeek/event/netcontroltest
1491585965.027706 2 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/*->74.125.239.97/32/* - restorehosthost 0 36000.000000 here Acld-zeek/event/netcontroltest
1491585965.027706 3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/443 - restoretcpport 0 36000.000000 there Acld-zeek/event/netcontroltest
1491585965.027706 4 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - restore 0 36000.000000 - Acld-zeek/event/netcontroltest
#close 2017-04-07-17-26-05

18
testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.netcontrol.log
View file

@ -6,15 +6,15 @@
#open 2016-08-05-17-34-55
#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin
#types time string enum string enum string enum string string string string int interval string string
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Broker-bro/event/netcontroltest
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Broker-zeek/event/netcontroltest
0.000000 - NetControl::MESSAGE - - - - - - - waiting for plugins to initialize - - - -
1470418495.661396 - NetControl::MESSAGE - - - - - - - activation finished - - - Broker-bro/event/netcontroltest
1470418495.661396 - NetControl::MESSAGE - - - - - - - activation finished - - - Broker-zeek/event/netcontroltest
1470418495.661396 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
1470418496.045332 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest
1470418496.045332 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest
1470418496.045364 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest
1470418496.045364 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest
1470418496.045364 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest
1470418496.045364 3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - removing 0 36000.000000 - Broker-bro/event/netcontroltest
1470418496.045364 3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest
1470418496.045332 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-zeek/event/netcontroltest
1470418496.045332 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-zeek/event/netcontroltest
1470418496.045364 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-zeek/event/netcontroltest
1470418496.045364 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-zeek/event/netcontroltest
1470418496.045364 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-zeek/event/netcontroltest
1470418496.045364 3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - removing 0 36000.000000 - Broker-zeek/event/netcontroltest
1470418496.045364 3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-zeek/event/netcontroltest
#close 2016-08-05-17-34-56

8
testing/btest/broker/connect-on-retry.zeek
View file

@ -18,8 +18,8 @@ global ping: event(msg: string, c: count);
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::auto_publish("bro/event/my_topic", ping);
Broker::subscribe("zeek/event/my_topic");
Broker::auto_publish("zeek/event/my_topic", ping);
Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
}
@ -67,8 +67,8 @@ event delayed_listen()
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::auto_publish("bro/event/my_topic", pong);
Broker::subscribe("zeek/event/my_topic");
Broker::auto_publish("zeek/event/my_topic", pong);
schedule 5secs { delayed_listen() };
}

4
testing/btest/broker/disconnect.zeek
View file

@ -17,7 +17,7 @@
redef exit_only_after_terminate = T;
global peers = 0;
const test_topic = "bro/test/my_topic";
const test_topic = "zeek/test/my_topic";
event my_event(i: count)
{
@ -52,7 +52,7 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
redef exit_only_after_terminate = T;
const test_topic = "bro/test/my_topic";
const test_topic = "zeek/test/my_topic";
event my_event(i: count)
{

2
testing/btest/broker/error.zeek
View file

@ -29,7 +29,7 @@ event Broker::error(code: Broker::ErrorCode, msg: string)
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::subscribe("zeek/event/my_topic");
schedule 2secs { do_something() };
schedule 4secs { do_terminate() };

8
testing/btest/broker/remote_event.zeek
View file

@ -17,7 +17,7 @@ global ping: event(msg: string, c: count);
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::subscribe("zeek/event/my_topic");
Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
print "is_remote should be F, and is", is_remote_event();
}
@ -26,7 +26,7 @@ function send_event()
{
++event_count;
local e = Broker::make_event(ping, "my-message", event_count);
Broker::publish("bro/event/my_topic", e);
Broker::publish("zeek/event/my_topic", e);
}
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
@ -66,7 +66,7 @@ global pong: event(msg: string, c: count);
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::subscribe("zeek/event/my_topic");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}
@ -93,7 +93,7 @@ event ping(msg: string, n: count)
}
local e = Broker::make_event(pong, msg, n);
Broker::publish("bro/event/my_topic", e);
Broker::publish("zeek/event/my_topic", e);
}
@TEST-END-FILE

10
testing/btest/broker/remote_event_any.zeek
View file

@ -17,7 +17,7 @@ global ping: event(msg: string, c: any);
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::subscribe("zeek/event/my_topic");
Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
print "is_remote should be F, and is", is_remote_event();
}
@ -26,7 +26,7 @@ function send_event()
{
++event_count;
local e = Broker::make_event(ping, "my-message", event_count);
Broker::publish("bro/event/my_topic", e);
Broker::publish("zeek/event/my_topic", e);
}
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
@ -69,7 +69,7 @@ global pong: event(msg: string, c: any);
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::subscribe("zeek/event/my_topic");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}
@ -98,10 +98,10 @@ event ping(msg: string, n: any)
}
if ( (n as count) % 2 == 0 )
Broker::publish("bro/event/my_topic", pong, msg, n as count);
Broker::publish("zeek/event/my_topic", pong, msg, n as count);
else
# internals should not wrap n into another Broker::Data record
Broker::publish("bro/event/my_topic", pong, msg, n);
Broker::publish("zeek/event/my_topic", pong, msg, n);
}
@TEST-END-FILE

8
testing/btest/broker/remote_event_auto.zeek
View file

@ -17,8 +17,8 @@ global ping: event(msg: string, c: count);
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::auto_publish("bro/event/my_topic", ping);
Broker::subscribe("zeek/event/my_topic");
Broker::auto_publish("zeek/event/my_topic", ping);
Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
}
@ -61,8 +61,8 @@ global pong: event(msg: string, c: count);
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::auto_publish("bro/event/my_topic", pong);
Broker::subscribe("zeek/event/my_topic");
Broker::auto_publish("zeek/event/my_topic", pong);
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}

8
testing/btest/broker/remote_event_ssl_auth.zeek
View file

@ -176,7 +176,7 @@ global ping: event(msg: string, c: count);
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::subscribe("zeek/event/my_topic");
Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
}
@ -184,7 +184,7 @@ function send_event()
{
++event_count;
local e = Broker::make_event(ping, "my-message", event_count);
Broker::publish("bro/event/my_topic", e);
Broker::publish("zeek/event/my_topic", e);
}
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
@ -227,7 +227,7 @@ global pong: event(msg: string, c: count);
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::subscribe("zeek/event/my_topic");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}
@ -253,7 +253,7 @@ event ping(msg: string, n: count)
}
local e = Broker::make_event(pong, msg, n);
Broker::publish("bro/event/my_topic", e);
Broker::publish("zeek/event/my_topic", e);
}
@TEST-END-FILE

4
testing/btest/broker/remote_id.zeek
View file

@ -24,7 +24,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
{
print "peer added";
Broker::publish_id("bro/ids/test", "test_var");
Broker::publish_id("zeek/ids/test", "test_var");
}
@TEST-END-FILE
@ -47,7 +47,7 @@ event check_var()
event zeek_init()
{
print "intial val", test_var;
Broker::subscribe("bro/ids");
Broker::subscribe("zeek/ids");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}

2
testing/btest/broker/remote_log.zeek
View file

@ -44,7 +44,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
event zeek_init()
{
Broker::subscribe("bro/");
Broker::subscribe("zeek/");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}

2
testing/btest/broker/remote_log_late_join.zeek
View file

@ -44,7 +44,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
event zeek_init()
{
Broker::subscribe("bro/");
Broker::subscribe("zeek/");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}

4
testing/btest/broker/remote_log_types.zeek
View file

@ -60,7 +60,7 @@ event zeek_init() &priority=5
event zeek_init()
{
Broker::subscribe("bro/");
Broker::subscribe("zeek/");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}
@ -123,7 +123,7 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
]);
local e = Broker::make_event(quit_receiver);
Broker::publish("bro/", e);
Broker::publish("zeek/", e);
schedule 1sec { quit_sender() };
}

2
testing/btest/broker/ssl_auth_failure.zeek
View file

@ -105,7 +105,7 @@ event do_terminate()
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::subscribe("zeek/event/my_topic");
Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
schedule 5secs { do_terminate() };
}

8
testing/btest/broker/store/clone.zeek
View file

@ -50,8 +50,8 @@ event inserted()
event zeek_init()
{
Broker::auto_publish("bro/events", done);
Broker::subscribe("bro/");
Broker::auto_publish("zeek/events", done);
Broker::subscribe("zeek/");
h = Broker::create_master("test");
Broker::put(h, "one", "110");
@ -131,8 +131,8 @@ event lookup(stage: count)
event zeek_init()
{
Broker::auto_publish("bro/events", inserted);
Broker::subscribe("bro/");
Broker::auto_publish("zeek/events", inserted);
Broker::subscribe("zeek/");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}

6
testing/btest/broker/unpeer.zeek
View file

@ -36,8 +36,8 @@ event unpeer(endpoint: Broker::EndpointInfo)
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::auto_publish("bro/event/my_topic", print_something);
Broker::subscribe("zeek/event/my_topic");
Broker::auto_publish("zeek/event/my_topic", print_something);
Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
}
@ -67,7 +67,7 @@ event print_something(i: int)
event zeek_init()
{
Broker::subscribe("bro/event/my_topic");
Broker::subscribe("zeek/event/my_topic");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
schedule 10secs { do_terminate() };
}

4
testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek
View file

@ -22,7 +22,7 @@ redef Cluster::nodes = {
global my_pool_spec: Cluster::PoolSpec =
Cluster::PoolSpec(
$topic = "bro/cluster/pool/my_pool",
$topic = "zeek/cluster/pool/my_pool",
$node_type = Cluster::PROXY
);
@ -30,7 +30,7 @@ global my_pool: Cluster::Pool;
redef Cluster::proxy_pool_spec =
Cluster::PoolSpec(
$topic = "bro/cluster/pool/proxy",
$topic = "zeek/cluster/pool/proxy",
$node_type = Cluster::PROXY,
$exclusive = T,
$max_nodes = 1

4
testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek
View file

@ -22,7 +22,7 @@ redef Cluster::nodes = {
global my_pool_spec: Cluster::PoolSpec =
Cluster::PoolSpec(
$topic = "bro/cluster/pool/my_pool",
$topic = "zeek/cluster/pool/my_pool",
$node_type = Cluster::PROXY
);
@ -30,7 +30,7 @@ global my_pool: Cluster::Pool;
redef Cluster::proxy_pool_spec =
Cluster::PoolSpec(
$topic = "bro/cluster/pool/proxy",
$topic = "zeek/cluster/pool/proxy",
$node_type = Cluster::PROXY,
$exclusive = F,
$max_nodes = 1

8
testing/btest/scripts/base/frameworks/netcontrol/acld-hook.zeek
View file

@ -21,7 +21,7 @@ event zeek_init()
event NetControl::init()
{
local netcontrol_acld = NetControl::create_acld(NetControl::AcldConfig($acld_host=127.0.0.1, $acld_port=to_port(getenv("BROKER_PORT")), $acld_topic="bro/event/netcontroltest"));
local netcontrol_acld = NetControl::create_acld(NetControl::AcldConfig($acld_host=127.0.0.1, $acld_port=to_port(getenv("BROKER_PORT")), $acld_topic="zeek/event/netcontroltest"));
NetControl::activate(netcontrol_acld, 0);
}
@ -103,7 +103,7 @@ event die()
event zeek_init()
{
Broker::subscribe("bro/event/netcontroltest");
Broker::subscribe("zeek/event/netcontroltest");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}
@ -116,14 +116,14 @@ event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::
{
print "add_rule", id, r$entity, r$ty, ar;
Broker::publish("bro/event/netcontroltest", NetControl::acld_rule_added, id, r, ar$command);
Broker::publish("zeek/event/netcontroltest", NetControl::acld_rule_added, id, r, ar$command);
}
event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
{
print "remove_rule", id, r$entity, r$ty, ar;
Broker::publish("bro/event/netcontroltest", NetControl::acld_rule_removed, id, r, ar$command);
Broker::publish("zeek/event/netcontroltest", NetControl::acld_rule_removed, id, r, ar$command);
if ( r$cid == 4 )
{

12
testing/btest/scripts/base/frameworks/netcontrol/acld.zeek
View file

@ -22,7 +22,7 @@ event zeek_init()
event NetControl::init()
{
local netcontrol_acld = NetControl::create_acld(NetControl::AcldConfig($acld_host=127.0.0.1, $acld_port=to_port(getenv("BROKER_PORT")), $acld_topic="bro/event/netcontroltest"));
local netcontrol_acld = NetControl::create_acld(NetControl::AcldConfig($acld_host=127.0.0.1, $acld_port=to_port(getenv("BROKER_PORT")), $acld_topic="zeek/event/netcontroltest"));
NetControl::activate(netcontrol_acld, 0);
}
@ -108,7 +108,7 @@ event die()
event zeek_init()
{
Broker::subscribe("bro/event/netcontroltest");
Broker::subscribe("zeek/event/netcontroltest");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}
@ -122,9 +122,9 @@ event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::
print "add_rule", id, r$entity, r$ty, ar;
if ( r$cid != 3 )
Broker::publish("bro/event/netcontroltest", NetControl::acld_rule_added, id, r, ar$command);
Broker::publish("zeek/event/netcontroltest", NetControl::acld_rule_added, id, r, ar$command);
else
Broker::publish("bro/event/netcontroltest", NetControl::acld_rule_exists, id, r, ar$command);
Broker::publish("zeek/event/netcontroltest", NetControl::acld_rule_exists, id, r, ar$command);
}
event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
@ -132,9 +132,9 @@ event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetContro
print "remove_rule", id, r$entity, r$ty, ar;
if ( r$cid != 2 )
Broker::publish("bro/event/netcontroltest", NetControl::acld_rule_removed, id, r, ar$command);
Broker::publish("zeek/event/netcontroltest", NetControl::acld_rule_removed, id, r, ar$command);
else
Broker::publish("bro/event/netcontroltest", NetControl::acld_rule_error, id, r, ar$command);
Broker::publish("zeek/event/netcontroltest", NetControl::acld_rule_error, id, r, ar$command);
if ( r$cid == 4 )
{

12
testing/btest/scripts/base/frameworks/netcontrol/broker.zeek
View file

@ -22,7 +22,7 @@ event zeek_init()
event NetControl::init()
{
local netcontrol_broker = NetControl::create_broker(NetControl::BrokerConfig($host=127.0.0.1, $bport=to_port(getenv("BROKER_PORT")), $topic="bro/event/netcontroltest"), T);
local netcontrol_broker = NetControl::create_broker(NetControl::BrokerConfig($host=127.0.0.1, $bport=to_port(getenv("BROKER_PORT")), $topic="zeek/event/netcontroltest"), T);
NetControl::activate(netcontrol_broker, 0);
}
@ -92,7 +92,7 @@ event die()
event zeek_init()
{
Broker::subscribe("bro/event/netcontroltest");
Broker::subscribe("zeek/event/netcontroltest");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}
@ -106,19 +106,19 @@ event NetControl::broker_add_rule(id: count, r: NetControl::Rule)
print "add_rule", id, r$entity, r$ty;
if ( r$cid == 3 )
Broker::publish("bro/event/netcontroltest", NetControl::broker_rule_added, id, r, "");
Broker::publish("zeek/event/netcontroltest", NetControl::broker_rule_added, id, r, "");
if ( r$cid == 2 )
Broker::publish("bro/event/netcontroltest", NetControl::broker_rule_exists, id, r, "");
Broker::publish("zeek/event/netcontroltest", NetControl::broker_rule_exists, id, r, "");
if ( r$cid == 2 )
Broker::publish("bro/event/netcontroltest", NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo());
Broker::publish("zeek/event/netcontroltest", NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo());
}
event NetControl::broker_remove_rule(id: count, r: NetControl::Rule, reason: string)
{
print "remove_rule", id, r$entity, r$ty, reason;
Broker::publish("bro/event/netcontroltest", NetControl::broker_rule_removed, id, r, "");
Broker::publish("zeek/event/netcontroltest", NetControl::broker_rule_removed, id, r, "");
if ( r$cid == 3 )
{

8
testing/btest/scripts/base/frameworks/openflow/broker-basic.zeek
View file

@ -18,7 +18,7 @@ global of_controller: OpenFlow::Controller;
event zeek_init()
{
suspend_processing();
of_controller = OpenFlow::broker_new("broker1", 127.0.0.1, to_port(getenv("BROKER_PORT")), "bro/openflow", 42);
of_controller = OpenFlow::broker_new("broker1", 127.0.0.1, to_port(getenv("BROKER_PORT")), "zeek/openflow", 42);
}
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
@ -88,7 +88,7 @@ redef exit_only_after_terminate = T;
event zeek_init()
{
Broker::subscribe("bro/openflow");
Broker::subscribe("zeek/openflow");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
}
@ -105,8 +105,8 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
event OpenFlow::broker_flow_mod(name: string, dpid: count, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod)
{
print "got flow_mod", dpid, match, flow_mod;
Broker::publish("bro/openflow", OpenFlow::flow_mod_success, name, match, flow_mod, "");
Broker::publish("bro/openflow", OpenFlow::flow_mod_failure, name, match, flow_mod, "");
Broker::publish("zeek/openflow", OpenFlow::flow_mod_success, name, match, flow_mod, "");
Broker::publish("zeek/openflow", OpenFlow::flow_mod_failure, name, match, flow_mod, "");
}
event OpenFlow::broker_flow_clear(name: string, dpid: count)