From acdd7a79345dd701e24215616f4a5d5438787786 Mon Sep 17 00:00:00 2001 From: Christian Kreibich Date: Thu, 17 Oct 2024 09:23:54 -0700 Subject: [PATCH 1/2] Minor comment tweaks for init-frameworks-and-bifs.zeek --- scripts/base/init-frameworks-and-bifs.zeek | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/base/init-frameworks-and-bifs.zeek b/scripts/base/init-frameworks-and-bifs.zeek index 7a0588eb40..d182c764ba 100644 --- a/scripts/base/init-frameworks-and-bifs.zeek +++ b/scripts/base/init-frameworks-and-bifs.zeek @@ -1,8 +1,7 @@ # Load these frameworks here because they use fairly deep integration with # BiFs and script-land defined types. They are also more likely to -# make use of calling BIFs for variable initializations, and that -# can't be done until init-bare.zeek has been loaded completely (hence -# the separate file). +# call BIFs for variable initializations, and that can't be done +# until init-bare.zeek has been loaded completely (hence this separate file). @load base/frameworks/logging @load base/frameworks/broker @load base/frameworks/supervisor @@ -13,6 +12,7 @@ @load base/frameworks/files @load base/frameworks/telemetry/options +# Load BiFs defined by built-in Zeek components. @load base/bif # Load BiFs defined by plugins. From 71f7e899745f4c0693136c38875fdc9c98b3e24d Mon Sep 17 00:00:00 2001 From: Christian Kreibich Date: Thu, 17 Oct 2024 15:25:24 -0700 Subject: [PATCH 2/2] Telemetry framework: move BIFs to the primary-bif stage This moves the Telemetry framework's BIF-defined functionalit from the secondary-BIFs stage to the primary one. That is, this functionality is now available from the end of init-bare.zeek, not only after the end of init-frameworks-and-bifs.zeek. This allows us to use script-layer telemetry in our Zeek's own code that get pulled in during init-frameworks-and-bifs. This change splits up the BIF features into functions, constants, and types, because that's the granularity most workable in Func.cc and NetVar. It also now defines the Telemetry::MetricsType enum once, not redundantly in BIFs and script layer. Due to subtle load ordering issues between the telemetry and cluster frameworks this pushes the redef stage of Telemetry::metrics_port and address into base/frameworks/telemetry/options.zeek, which is loaded sufficiently late in init-frameworks-and-bifs.zeek to sidestep those issues. (When not doing this, the effect is that the redef in telemetry/main.zeek doesn't yet find the cluster-provided values, and Zeek does not end up listening on these ports.) The need to add basic Zeek headers in script_opt/ZAM/ZBody.cc as a side-effect of this is curious, but looks harmless. Also includes baseline updates for the usual btests and adds a few doc strings. --- scripts/base/frameworks/telemetry/main.zeek | 20 +-------- .../base/frameworks/telemetry/options.zeek | 31 +++++++++++--- scripts/base/init-bare.zeek | 10 ++--- src/CMakeLists.txt | 5 +++ src/Func.cc | 3 ++ src/NetVar.cc | 4 ++ src/NetVar.h | 2 + src/script_opt/ZAM/ZBody.cc | 2 + src/telemetry/CMakeLists.txt | 8 ++-- src/telemetry/Counter.h | 2 +- src/telemetry/Gauge.h | 2 +- src/telemetry/Histogram.h | 2 +- src/telemetry/Manager.cc | 3 +- src/telemetry/Utils.cc | 1 - .../{consts.bif => telemetry_consts.bif} | 0 ...{telemetry.bif => telemetry_functions.bif} | 6 --- src/telemetry/telemetry_types.bif | 8 ++++ .../canonified_loaded_scripts.log | 5 ++- .../canonified_loaded_scripts.log | 5 ++- testing/btest/Baseline/plugins.hooks/output | 42 +++++++++++++------ 20 files changed, 98 insertions(+), 63 deletions(-) rename src/telemetry/{consts.bif => telemetry_consts.bif} (100%) rename src/telemetry/{telemetry.bif => telemetry_functions.bif} (99%) create mode 100644 src/telemetry/telemetry_types.bif diff --git a/scripts/base/frameworks/telemetry/main.zeek b/scripts/base/frameworks/telemetry/main.zeek index 0e5ce1b1f5..52b4644077 100644 --- a/scripts/base/frameworks/telemetry/main.zeek +++ b/scripts/base/frameworks/telemetry/main.zeek @@ -5,28 +5,10 @@ ##! enabled by setting :zeek:see:`Telemetry::metrics_port`. @load base/misc/version -@load base/frameworks/cluster - -@load base/frameworks/telemetry/options +@load base/bif/telemetry_functions.bif module Telemetry; -# In a cluster configuration, open the port number for metrics -# from the cluster node configuration for exporting data to -# Prometheus. -# -# The manager node will also provide a ``/services.json`` endpoint -# for the HTTP Service Discovery system in Prometheus to use for -# configuration. This endpoint will include information for all of -# the other nodes in the cluster. -@if ( Cluster::is_enabled() ) -redef Telemetry::metrics_endpoint_name = Cluster::node; - -@if ( Cluster::local_node_metrics_port() != 0/unknown ) -redef Telemetry::metrics_port = Cluster::local_node_metrics_port(); -@endif -@endif - export { ## Alias for a vector of label values. type labels_vector: vector of string; diff --git a/scripts/base/frameworks/telemetry/options.zeek b/scripts/base/frameworks/telemetry/options.zeek index 6aa05f5f9b..29ad4631d3 100644 --- a/scripts/base/frameworks/telemetry/options.zeek +++ b/scripts/base/frameworks/telemetry/options.zeek @@ -1,9 +1,10 @@ -module Telemetry; +##! Configurable settings for the Telemetry framework. +##! +##! These reside separately from the main framework so that they can be loaded +##! in bare mode without all of the framework. This allows things like the +##! plugins.hooks test to see the options without needing the rest. -# This file contains the options for the Telemetry framework. These are kept -# separately so that they can be loaded in bare mode without loading all of -# the rest of the framework. This allows things like the plugins.hooks test -# to see the options without needing the rest. +module Telemetry; export { ## Address used to make metric data available to Prometheus scrapers via @@ -19,3 +20,23 @@ export { ## defaults to the name of the node in the cluster configuration. const metrics_endpoint_name = "" &redef; } + +# When running a cluster, use the metrics port from the cluster node +# configuration for exporting data to Prometheus. +# +# The manager node will also provide a ``/services.json`` endpoint +# for the HTTP Service Discovery system in Prometheus to use for +# configuration. This endpoint will include information for all of +# the other nodes in the cluster. + +# We do this here, and not in main.zeek, to avoid ordering issues when loading +# the telemetry and cluster frameworks. This applies even in bare mode, per +# init-frameworks-and-bifs.zeek: the cluster's metrics ports need to be available +# for the redefs to assign the correct values. +@if ( Cluster::is_enabled() ) +redef Telemetry::metrics_endpoint_name = Cluster::node; + +@if ( Cluster::local_node_metrics_port() != 0/unknown ) +redef Telemetry::metrics_port = Cluster::local_node_metrics_port(); +@endif +@endif diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index f053cec928..29152c3ec2 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -5823,15 +5823,11 @@ export { const flowbuffer_contract_threshold = 2 * 1024 * 1024 &redef; } +@load base/bif/telemetry_functions.bif +@load base/bif/telemetry_types.bif + module Telemetry; export { - - type MetricType: enum { - COUNTER, - GAUGE, - HISTOGRAM, - }; - ## Type that captures options used to create metrics. type MetricOpts: record { ## The prefix (namespace) of the metric. Zeek uses the ``zeek`` diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index e04d281c2c..3c5dfacf25 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -123,6 +123,11 @@ set(BIF_SRCS strings.bif types.bif zeek.bif + # The script-layer telemetry API needs to be available to our own frameworks + # to allow them to add metrics, so we source it in early. + telemetry/telemetry_types.bif + telemetry/telemetry_consts.bif + telemetry/telemetry_functions.bif # The packet analysis BIF is treated like other top-level BIFs because it's # needed before parsing the packet protocol scripts, which happen very near # to the start of parsing. diff --git a/src/Func.cc b/src/Func.cc index ca25db62cc..0fa151581d 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -53,6 +53,7 @@ #include "packet_analysis.bif.func_h" #include "CPP-load.bif.func_h" #include "mmdb.bif.func_h" +#include "telemetry_functions.bif.func_h" #include "zeek.bif.func_def" #include "communityid.bif.func_def" @@ -64,6 +65,7 @@ #include "packet_analysis.bif.func_def" #include "CPP-load.bif.func_def" #include "mmdb.bif.func_def" +#include "telemetry_functions.bif.func_def" // clang-format on extern RETSIGTYPE sig_handler(int signo); @@ -1067,6 +1069,7 @@ void init_primary_bifs() { #include "stats.bif.func_init" #include "strings.bif.func_init" #include "supervisor.bif.func_init" +#include "telemetry_functions.bif.func_init" #include "zeek.bif.func_init" init_builtin_types(); diff --git a/src/NetVar.cc b/src/NetVar.cc index 1b97300858..32f40048e1 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -203,9 +203,11 @@ static void bif_init_net_var() { #include "packet_analysis.bif.netvar_init" #include "reporter.bif.netvar_init" #include "supervisor.bif.netvar_init" +#include "telemetry_consts.bif.netvar_init" } static void init_bif_types() { +#include "telemetry_types.bif.netvar_init" #include "types.bif.netvar_init" } @@ -214,6 +216,8 @@ static void init_bif_types() { #include "packet_analysis.bif.netvar_def" #include "reporter.bif.netvar_def" #include "supervisor.bif.netvar_def" +#include "telemetry_consts.bif.netvar_def" +#include "telemetry_types.bif.netvar_def" #include "types.bif.netvar_def" // Re-open the namespace now that the bif headers are all included. diff --git a/src/NetVar.h b/src/NetVar.h index 8f7319f30f..290f5873a6 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -105,4 +105,6 @@ extern void init_builtin_types(); #include "packet_analysis.bif.netvar_h" #include "reporter.bif.netvar_h" #include "supervisor.bif.netvar_h" +#include "telemetry_consts.bif.netvar_h" +#include "telemetry_types.bif.netvar_h" #include "types.bif.netvar_h" diff --git a/src/script_opt/ZAM/ZBody.cc b/src/script_opt/ZAM/ZBody.cc index 79f29a8fd8..d1528c9d12 100644 --- a/src/script_opt/ZAM/ZBody.cc +++ b/src/script_opt/ZAM/ZBody.cc @@ -2,10 +2,12 @@ #include "zeek/script_opt/ZAM/ZBody.h" +#include "zeek/Conn.h" #include "zeek/Desc.h" #include "zeek/EventHandler.h" #include "zeek/File.h" #include "zeek/Frame.h" +#include "zeek/IPAddr.h" #include "zeek/OpaqueVal.h" #include "zeek/Overflow.h" #include "zeek/RE.h" diff --git a/src/telemetry/CMakeLists.txt b/src/telemetry/CMakeLists.txt index a760dcd13c..875ec14639 100644 --- a/src/telemetry/CMakeLists.txt +++ b/src/telemetry/CMakeLists.txt @@ -7,10 +7,10 @@ zeek_add_subdir_library( Manager.cc Opaques.cc ProcessStats.cc - Utils.cc - BIFS - consts.bif - telemetry.bif) + Utils.cc) + +# BIFs are loaded in src/CMakeLists.txt so they are available early on, to allow +# our own frameworks to establish metrics in the script layer. # We don't need to include the civetweb headers across the whole project, only # here in the telemetry framework. diff --git a/src/telemetry/Counter.h b/src/telemetry/Counter.h index c9595c7709..3e84a910ce 100644 --- a/src/telemetry/Counter.h +++ b/src/telemetry/Counter.h @@ -7,10 +7,10 @@ #include #include +#include "zeek/NetVar.h" #include "zeek/Span.h" #include "zeek/telemetry/MetricFamily.h" #include "zeek/telemetry/Utils.h" -#include "zeek/telemetry/telemetry.bif.h" namespace zeek::telemetry { diff --git a/src/telemetry/Gauge.h b/src/telemetry/Gauge.h index 22b0e4a0aa..0800f20e83 100644 --- a/src/telemetry/Gauge.h +++ b/src/telemetry/Gauge.h @@ -8,10 +8,10 @@ #include #include +#include "zeek/NetVar.h" #include "zeek/Span.h" #include "zeek/telemetry/MetricFamily.h" #include "zeek/telemetry/Utils.h" -#include "zeek/telemetry/telemetry.bif.h" namespace zeek::telemetry { diff --git a/src/telemetry/Histogram.h b/src/telemetry/Histogram.h index b2131b40c8..51a887c78d 100644 --- a/src/telemetry/Histogram.h +++ b/src/telemetry/Histogram.h @@ -8,10 +8,10 @@ #include #include +#include "zeek/NetVar.h" #include "zeek/Span.h" #include "zeek/telemetry/MetricFamily.h" #include "zeek/telemetry/Utils.h" -#include "zeek/telemetry/telemetry.bif.h" namespace zeek::telemetry { diff --git a/src/telemetry/Manager.cc b/src/telemetry/Manager.cc index 3272641882..af60fb59f4 100644 --- a/src/telemetry/Manager.cc +++ b/src/telemetry/Manager.cc @@ -17,14 +17,13 @@ #include "zeek/3rdparty/doctest.h" #include "zeek/ID.h" +#include "zeek/IPAddr.h" #include "zeek/RunState.h" #include "zeek/ZeekString.h" #include "zeek/broker/Manager.h" #include "zeek/iosource/Manager.h" #include "zeek/telemetry/ProcessStats.h" #include "zeek/telemetry/Timer.h" -#include "zeek/telemetry/consts.bif.h" -#include "zeek/telemetry/telemetry.bif.h" #include "zeek/threading/formatters/detail/json.h" namespace zeek::telemetry { diff --git a/src/telemetry/Utils.cc b/src/telemetry/Utils.cc index 3332861bb0..b17ee169ae 100644 --- a/src/telemetry/Utils.cc +++ b/src/telemetry/Utils.cc @@ -3,7 +3,6 @@ #include "zeek/ID.h" #include "zeek/Reporter.h" #include "zeek/Val.h" -#include "zeek/telemetry/telemetry.bif.h" #include "zeek/util.h" using namespace zeek; diff --git a/src/telemetry/consts.bif b/src/telemetry/telemetry_consts.bif similarity index 100% rename from src/telemetry/consts.bif rename to src/telemetry/telemetry_consts.bif diff --git a/src/telemetry/telemetry.bif b/src/telemetry/telemetry_functions.bif similarity index 99% rename from src/telemetry/telemetry.bif rename to src/telemetry/telemetry_functions.bif index 6042bae826..fc34edeaf8 100644 --- a/src/telemetry/telemetry.bif +++ b/src/telemetry/telemetry_functions.bif @@ -2,12 +2,6 @@ module Telemetry; -enum MetricType %{ - COUNTER, - GAUGE, - HISTOGRAM, -%} - %%{ #include "zeek/telemetry/Counter.h" diff --git a/src/telemetry/telemetry_types.bif b/src/telemetry/telemetry_types.bif new file mode 100644 index 0000000000..c7c7ee1d0d --- /dev/null +++ b/src/telemetry/telemetry_types.bif @@ -0,0 +1,8 @@ +module Telemetry; + +## An enum that specifies which type of metric you're operating on. +enum MetricType %{ + COUNTER, ##< Counters track entities that increment over time. + GAUGE, ##< Gauges track entities that fluctuate over time. + HISTOGRAM, ##< Histograms group observations into predefined bins. +%} diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 8bbbcdb3d6..38dbbc40f4 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -24,6 +24,8 @@ scripts/base/init-bare.zeek build/scripts/base/bif/plugins/Zeek_SNMP.types.bif.zeek build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek build/scripts/base/bif/event.bif.zeek + build/scripts/base/bif/telemetry_functions.bif.zeek + build/scripts/base/bif/telemetry_types.bif.zeek scripts/base/packet-protocols/__load__.zeek scripts/base/packet-protocols/main.zeek scripts/base/frameworks/analyzer/main.zeek @@ -149,8 +151,7 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/frameworks/files/magic/__load__.zeek scripts/base/frameworks/telemetry/options.zeek build/scripts/base/bif/__load__.zeek - build/scripts/base/bif/consts.bif.zeek - build/scripts/base/bif/telemetry.bif.zeek + build/scripts/base/bif/telemetry_consts.bif.zeek build/scripts/base/bif/zeekygen.bif.zeek build/scripts/base/bif/pcap.bif.zeek build/scripts/base/bif/bloom-filter.bif.zeek diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 247696f3a7..829f16e0e9 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -24,6 +24,8 @@ scripts/base/init-bare.zeek build/scripts/base/bif/plugins/Zeek_SNMP.types.bif.zeek build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek build/scripts/base/bif/event.bif.zeek + build/scripts/base/bif/telemetry_functions.bif.zeek + build/scripts/base/bif/telemetry_types.bif.zeek scripts/base/packet-protocols/__load__.zeek scripts/base/packet-protocols/main.zeek scripts/base/frameworks/analyzer/main.zeek @@ -149,8 +151,7 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/frameworks/files/magic/__load__.zeek scripts/base/frameworks/telemetry/options.zeek build/scripts/base/bif/__load__.zeek - build/scripts/base/bif/consts.bif.zeek - build/scripts/base/bif/telemetry.bif.zeek + build/scripts/base/bif/telemetry_consts.bif.zeek build/scripts/base/bif/zeekygen.bif.zeek build/scripts/base/bif/pcap.bif.zeek build/scripts/base/bif/bloom-filter.bif.zeek diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 653b174361..a4b099d2d6 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -465,7 +465,6 @@ 0.000000 MetaHookPost LoadFile(0, ./comm.bif.zeek, <...>/comm.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./communityid.bif.zeek, <...>/communityid.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./const.bif.zeek, <...>/const.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, ./consts.bif.zeek, <...>/consts.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./contents, <...>/contents.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./control, <...>/control.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./data.bif.zeek, <...>/data.bif.zeek) -> -1 @@ -503,7 +502,9 @@ 0.000000 MetaHookPost LoadFile(0, ./store.bif.zeek, <...>/store.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./strings.bif.zeek, <...>/strings.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./supervisor.bif.zeek, <...>/supervisor.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, ./telemetry.bif.zeek, <...>/telemetry.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, ./telemetry_consts.bif.zeek, <...>/telemetry_consts.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, ./telemetry_functions.bif.zeek, <...>/telemetry_functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, ./telemetry_types.bif.zeek, <...>/telemetry_types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./thresholds, <...>/thresholds.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./top-k.bif.zeek, <...>/top-k.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./types, <...>/types.zeek) -> -1 @@ -602,6 +603,8 @@ 0.000000 MetaHookPost LoadFile(0, base<...>/supervisor, <...>/supervisor) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/supervisor.bif, <...>/supervisor.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/tcp, <...>/tcp) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/telemetry_functions.bif, <...>/telemetry_functions.bif.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, base<...>/telemetry_types.bif, <...>/telemetry_types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/teredo, <...>/teredo) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/tunnels, <...>/tunnels) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/types.bif, <...>/types.bif.zeek) -> -1 @@ -763,7 +766,6 @@ 0.000000 MetaHookPost LoadFileExtended(0, ./comm.bif.zeek, <...>/comm.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./communityid.bif.zeek, <...>/communityid.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./const.bif.zeek, <...>/const.bif.zeek) -> (-1, ) -0.000000 MetaHookPost LoadFileExtended(0, ./consts.bif.zeek, <...>/consts.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./contents, <...>/contents.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./control, <...>/control.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./data.bif.zeek, <...>/data.bif.zeek) -> (-1, ) @@ -801,7 +803,9 @@ 0.000000 MetaHookPost LoadFileExtended(0, ./store.bif.zeek, <...>/store.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./strings.bif.zeek, <...>/strings.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./supervisor.bif.zeek, <...>/supervisor.bif.zeek) -> (-1, ) -0.000000 MetaHookPost LoadFileExtended(0, ./telemetry.bif.zeek, <...>/telemetry.bif.zeek) -> (-1, ) +0.000000 MetaHookPost LoadFileExtended(0, ./telemetry_consts.bif.zeek, <...>/telemetry_consts.bif.zeek) -> (-1, ) +0.000000 MetaHookPost LoadFileExtended(0, ./telemetry_functions.bif.zeek, <...>/telemetry_functions.bif.zeek) -> (-1, ) +0.000000 MetaHookPost LoadFileExtended(0, ./telemetry_types.bif.zeek, <...>/telemetry_types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./thresholds, <...>/thresholds.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./top-k.bif.zeek, <...>/top-k.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./types, <...>/types.zeek) -> (-1, ) @@ -900,6 +904,8 @@ 0.000000 MetaHookPost LoadFileExtended(0, base<...>/supervisor, <...>/supervisor) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/supervisor.bif, <...>/supervisor.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/tcp, <...>/tcp) -> (-1, ) +0.000000 MetaHookPost LoadFileExtended(0, base<...>/telemetry_functions.bif, <...>/telemetry_functions.bif.zeek) -> (-1, ) +0.000000 MetaHookPost LoadFileExtended(0, base<...>/telemetry_types.bif, <...>/telemetry_types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/teredo, <...>/teredo) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/tunnels, <...>/tunnels) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/types.bif, <...>/types.bif.zeek) -> (-1, ) @@ -1393,7 +1399,6 @@ 0.000000 MetaHookPre LoadFile(0, ./comm.bif.zeek, <...>/comm.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./communityid.bif.zeek, <...>/communityid.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./const.bif.zeek, <...>/const.bif.zeek) -0.000000 MetaHookPre LoadFile(0, ./consts.bif.zeek, <...>/consts.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./contents, <...>/contents.zeek) 0.000000 MetaHookPre LoadFile(0, ./control, <...>/control.zeek) 0.000000 MetaHookPre LoadFile(0, ./data.bif.zeek, <...>/data.bif.zeek) @@ -1431,7 +1436,9 @@ 0.000000 MetaHookPre LoadFile(0, ./store.bif.zeek, <...>/store.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./strings.bif.zeek, <...>/strings.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./supervisor.bif.zeek, <...>/supervisor.bif.zeek) -0.000000 MetaHookPre LoadFile(0, ./telemetry.bif.zeek, <...>/telemetry.bif.zeek) +0.000000 MetaHookPre LoadFile(0, ./telemetry_consts.bif.zeek, <...>/telemetry_consts.bif.zeek) +0.000000 MetaHookPre LoadFile(0, ./telemetry_functions.bif.zeek, <...>/telemetry_functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, ./telemetry_types.bif.zeek, <...>/telemetry_types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./thresholds, <...>/thresholds.zeek) 0.000000 MetaHookPre LoadFile(0, ./top-k.bif.zeek, <...>/top-k.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./types, <...>/types.zeek) @@ -1530,6 +1537,8 @@ 0.000000 MetaHookPre LoadFile(0, base<...>/supervisor, <...>/supervisor) 0.000000 MetaHookPre LoadFile(0, base<...>/supervisor.bif, <...>/supervisor.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/tcp, <...>/tcp) +0.000000 MetaHookPre LoadFile(0, base<...>/telemetry_functions.bif, <...>/telemetry_functions.bif.zeek) +0.000000 MetaHookPre LoadFile(0, base<...>/telemetry_types.bif, <...>/telemetry_types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/teredo, <...>/teredo) 0.000000 MetaHookPre LoadFile(0, base<...>/tunnels, <...>/tunnels) 0.000000 MetaHookPre LoadFile(0, base<...>/types.bif, <...>/types.bif.zeek) @@ -1691,7 +1700,6 @@ 0.000000 MetaHookPre LoadFileExtended(0, ./comm.bif.zeek, <...>/comm.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./communityid.bif.zeek, <...>/communityid.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./const.bif.zeek, <...>/const.bif.zeek) -0.000000 MetaHookPre LoadFileExtended(0, ./consts.bif.zeek, <...>/consts.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./contents, <...>/contents.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./control, <...>/control.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./data.bif.zeek, <...>/data.bif.zeek) @@ -1729,7 +1737,9 @@ 0.000000 MetaHookPre LoadFileExtended(0, ./store.bif.zeek, <...>/store.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./strings.bif.zeek, <...>/strings.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./supervisor.bif.zeek, <...>/supervisor.bif.zeek) -0.000000 MetaHookPre LoadFileExtended(0, ./telemetry.bif.zeek, <...>/telemetry.bif.zeek) +0.000000 MetaHookPre LoadFileExtended(0, ./telemetry_consts.bif.zeek, <...>/telemetry_consts.bif.zeek) +0.000000 MetaHookPre LoadFileExtended(0, ./telemetry_functions.bif.zeek, <...>/telemetry_functions.bif.zeek) +0.000000 MetaHookPre LoadFileExtended(0, ./telemetry_types.bif.zeek, <...>/telemetry_types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./thresholds, <...>/thresholds.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./top-k.bif.zeek, <...>/top-k.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./types, <...>/types.zeek) @@ -1828,6 +1838,8 @@ 0.000000 MetaHookPre LoadFileExtended(0, base<...>/supervisor, <...>/supervisor) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/supervisor.bif, <...>/supervisor.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/tcp, <...>/tcp) +0.000000 MetaHookPre LoadFileExtended(0, base<...>/telemetry_functions.bif, <...>/telemetry_functions.bif.zeek) +0.000000 MetaHookPre LoadFileExtended(0, base<...>/telemetry_types.bif, <...>/telemetry_types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/teredo, <...>/teredo) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/tunnels, <...>/tunnels) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/types.bif, <...>/types.bif.zeek) @@ -2322,7 +2334,6 @@ 0.000000 | HookLoadFile ./comm.bif.zeek <...>/comm.bif.zeek 0.000000 | HookLoadFile ./communityid.bif.zeek <...>/communityid.bif.zeek 0.000000 | HookLoadFile ./const.bif.zeek <...>/const.bif.zeek -0.000000 | HookLoadFile ./consts.bif.zeek <...>/consts.bif.zeek 0.000000 | HookLoadFile ./contents <...>/contents.zeek 0.000000 | HookLoadFile ./control <...>/control.zeek 0.000000 | HookLoadFile ./data.bif.zeek <...>/data.bif.zeek @@ -2369,7 +2380,9 @@ 0.000000 | HookLoadFile ./store.bif.zeek <...>/store.bif.zeek 0.000000 | HookLoadFile ./strings.bif.zeek <...>/strings.bif.zeek 0.000000 | HookLoadFile ./supervisor.bif.zeek <...>/supervisor.bif.zeek -0.000000 | HookLoadFile ./telemetry.bif.zeek <...>/telemetry.bif.zeek +0.000000 | HookLoadFile ./telemetry_consts.bif.zeek <...>/telemetry_consts.bif.zeek +0.000000 | HookLoadFile ./telemetry_functions.bif.zeek <...>/telemetry_functions.bif.zeek +0.000000 | HookLoadFile ./telemetry_types.bif.zeek <...>/telemetry_types.bif.zeek 0.000000 | HookLoadFile ./thresholds <...>/thresholds.zeek 0.000000 | HookLoadFile ./top-k.bif.zeek <...>/top-k.bif.zeek 0.000000 | HookLoadFile ./types <...>/types.zeek @@ -2469,6 +2482,8 @@ 0.000000 | HookLoadFile base<...>/supervisor <...>/supervisor 0.000000 | HookLoadFile base<...>/supervisor.bif <...>/supervisor.bif.zeek 0.000000 | HookLoadFile base<...>/tcp <...>/tcp +0.000000 | HookLoadFile base<...>/telemetry_functions.bif <...>/telemetry_functions.bif.zeek +0.000000 | HookLoadFile base<...>/telemetry_types.bif <...>/telemetry_types.bif.zeek 0.000000 | HookLoadFile base<...>/teredo <...>/teredo 0.000000 | HookLoadFile base<...>/tunnels <...>/tunnels 0.000000 | HookLoadFile base<...>/types.bif <...>/types.bif.zeek @@ -2620,7 +2635,6 @@ 0.000000 | HookLoadFileExtended ./comm.bif.zeek <...>/comm.bif.zeek 0.000000 | HookLoadFileExtended ./communityid.bif.zeek <...>/communityid.bif.zeek 0.000000 | HookLoadFileExtended ./const.bif.zeek <...>/const.bif.zeek -0.000000 | HookLoadFileExtended ./consts.bif.zeek <...>/consts.bif.zeek 0.000000 | HookLoadFileExtended ./contents <...>/contents.zeek 0.000000 | HookLoadFileExtended ./control <...>/control.zeek 0.000000 | HookLoadFileExtended ./data.bif.zeek <...>/data.bif.zeek @@ -2667,7 +2681,9 @@ 0.000000 | HookLoadFileExtended ./store.bif.zeek <...>/store.bif.zeek 0.000000 | HookLoadFileExtended ./strings.bif.zeek <...>/strings.bif.zeek 0.000000 | HookLoadFileExtended ./supervisor.bif.zeek <...>/supervisor.bif.zeek -0.000000 | HookLoadFileExtended ./telemetry.bif.zeek <...>/telemetry.bif.zeek +0.000000 | HookLoadFileExtended ./telemetry_consts.bif.zeek <...>/telemetry_consts.bif.zeek +0.000000 | HookLoadFileExtended ./telemetry_functions.bif.zeek <...>/telemetry_functions.bif.zeek +0.000000 | HookLoadFileExtended ./telemetry_types.bif.zeek <...>/telemetry_types.bif.zeek 0.000000 | HookLoadFileExtended ./thresholds <...>/thresholds.zeek 0.000000 | HookLoadFileExtended ./top-k.bif.zeek <...>/top-k.bif.zeek 0.000000 | HookLoadFileExtended ./types <...>/types.zeek @@ -2767,6 +2783,8 @@ 0.000000 | HookLoadFileExtended base<...>/supervisor <...>/supervisor 0.000000 | HookLoadFileExtended base<...>/supervisor.bif <...>/supervisor.bif.zeek 0.000000 | HookLoadFileExtended base<...>/tcp <...>/tcp +0.000000 | HookLoadFileExtended base<...>/telemetry_functions.bif <...>/telemetry_functions.bif.zeek +0.000000 | HookLoadFileExtended base<...>/telemetry_types.bif <...>/telemetry_types.bif.zeek 0.000000 | HookLoadFileExtended base<...>/teredo <...>/teredo 0.000000 | HookLoadFileExtended base<...>/tunnels <...>/tunnels 0.000000 | HookLoadFileExtended base<...>/types.bif <...>/types.bif.zeek