BTest baseline updates for minor Zeek differences (in one case, no difference)

testing/btest/Baseline.zam/bifs.disable_analyzer-early/out

@@ -0,0 +1,7 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+proto confirm, AllAnalyzers::ANALYZER_ANALYZER_HTTP
+T
+http_request, GET, /style/enhanced.css
+total http messages, {
+[[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp]] = 1
+}

testing/btest/Baseline.zam/bifs.disable_analyzer-hook/out

@@ -1,15 +1,15 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 proto confirm, AllAnalyzers::ANALYZER_ANALYZER_HTTP
 http_request, GET, /style/enhanced.css
-preventing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], Analyzer::ANALYZER_HTTP, 3, 1
+preventing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], AllAnalyzers::ANALYZER_ANALYZER_HTTP, 3, 1
 F
 http_reply, 200
 http_request, GET, /script/urchin.js
-preventing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], Analyzer::ANALYZER_HTTP, 3, 3
+preventing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], AllAnalyzers::ANALYZER_ANALYZER_HTTP, 3, 3
 F
 http_reply, 200
 http_request, GET, /images/template/screen/bullet_utility.png
-allowing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], Analyzer::ANALYZER_HTTP, 3, 5
+allowing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], AllAnalyzers::ANALYZER_ANALYZER_HTTP, 3, 5
 T
 total http messages, {
 [[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp]] = 5

testing/btest/Baseline.zam/bifs.from_json-10/.stderr

@@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

testing/btest/Baseline.zam/bifs.from_json-10/.stdout

@@ -0,0 +1,6 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[v={
+fe80::/64,
+192.168.0.0/16
+}, valid=T]
+[v=[1, 3, 4], valid=T]

testing/btest/Baseline.zam/bifs.from_json-11/.stderr

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/from_json.zeek, line 8: required field Foo$hello is missing in JSON (from_json({"t":null}, <internal>::#0))
+error in <...>/from_json.zeek, line 9: required field Foo$hello is null in JSON (from_json({"hello": null, "t": true}, <internal>::#2))

testing/btest/Baseline.zam/bifs.from_json-11/.stdout

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[v=<uninitialized>, valid=F]
+[v=<uninitialized>, valid=F]

testing/btest/Baseline.zam/bifs.from_json-12/.stderr

@@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

testing/btest/Baseline.zam/bifs.from_json-12/.stdout

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[v=[hello=Hello!], valid=T]

testing/btest/Baseline.zam/bifs.from_json-2/.stderr

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/from_json.zeek, line 4: from_json() requires a type argument (from_json([], 10))

testing/btest/Baseline.zam/bifs.from_json-2/.stdout

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[v=<uninitialized>, valid=F]

testing/btest/Baseline.zam/bifs.from_json-3/.stderr

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/from_json.zeek, line 4: JSON parse error: Missing a closing quotation mark in string. Offset: 5 (from_json({"hel, <internal>::#0))

testing/btest/Baseline.zam/bifs.from_json-3/.stdout

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[v=<uninitialized>, valid=F]

testing/btest/Baseline.zam/bifs.from_json-4/.stderr

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/from_json.zeek, line 9: cannot convert JSON type 'array' to Zeek type 'bool' (from_json([], <internal>::#0))
+error in <...>/from_json.zeek, line 10: cannot convert JSON type 'string' to Zeek type 'bool' (from_json({"a": "hello"}, <internal>::#2))

testing/btest/Baseline.zam/bifs.from_json-4/.stdout

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[v=<uninitialized>, valid=F]
+[v=<uninitialized>, valid=F]

testing/btest/Baseline.zam/bifs.from_json-5/.stderr

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/from_json.zeek, line 4: tables are not supported (from_json([], <internal>::#0))

testing/btest/Baseline.zam/bifs.from_json-5/.stdout

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[v=<uninitialized>, valid=F]

testing/btest/Baseline.zam/bifs.from_json-6/.stderr

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/from_json.zeek, line 5: wrong port format, must be <...>/(tcp|udp|icmp|unknown)/ (from_json("80", <internal>::#0))

testing/btest/Baseline.zam/bifs.from_json-6/.stdout

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[v=<uninitialized>, valid=F]

testing/btest/Baseline.zam/bifs.from_json-7/.stderr

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/from_json.zeek, line 5: index type doesn't match (from_json([[1, false], [2]], <internal>::#0))
+error in <...>/from_json.zeek, line 6: cannot convert JSON type 'number' to Zeek type 'bool' (from_json([[1, false], [2, 1]], <internal>::#2))

testing/btest/Baseline.zam/bifs.from_json-7/.stdout

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[v=<uninitialized>, valid=F]
+[v=<uninitialized>, valid=F]

testing/btest/Baseline.zam/bifs.from_json-8/.stderr

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error: error compiling pattern /^?(.|\n)*(([[:print:]]{-}[[:alnum:]]foo))/
+error in <...>/from_json.zeek, line 5: error compiling pattern (from_json("/([[:print:]]{-}[[:alnum:]]foo)/", <internal>::#0))

testing/btest/Baseline.zam/bifs.from_json-8/.stdout

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[v=<uninitialized>, valid=F]

testing/btest/Baseline.zam/bifs.from_json-9/.stderr

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/from_json.zeek, line 7: 'Yellow' is not a valid enum for 'Color'. (from_json("Yellow", <internal>::#0))

testing/btest/Baseline.zam/bifs.from_json-9/.stdout

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[v=<uninitialized>, valid=F]

testing/btest/Baseline.zam/bifs.from_json/.stderr

@@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

testing/btest/Baseline.zam/bifs.from_json/.stdout

@@ -0,0 +1,8 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+[v=[hello=world, t=T, f=F, n=<uninitialized>, m=<uninitialized>, def=123, i=123, pi=3.1416, a=[1, 2, 3, 4], c1=A::Blue, p=1500/tcp, ti=1681652265.042767, it=1.0 hr 23.0 mins 20.0 secs, ad=127.0.0.1, s=::1/128, re=/^?(a)$?/, su={
+aa:bb::/32,
+192.168.0.0/16
+}, se={
+[192.168.0.1, 80/tcp] ,
+[2001:db8::1, 8080/udp] 
+}], valid=T]

testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info-ftp/.stdout

@@ -1,5 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 analyzer_confirmation_info, AllAnalyzers::ANALYZER_ANALYZER_FTP, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3
-analyzer_confirmation, AllAnalyzers::ANALYZER_ANALYZER_FTP, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3
 analyzer_violation_info, AllAnalyzers::ANALYZER_ANALYZER_FTP, non-numeric reply code, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3, SSH-2.0-mod_sftp/0.9.7
-analyzer_violation, AllAnalyzers::ANALYZER_ANALYZER_FTP, non-numeric reply code [SSH-2.0-mod_sftp/0.9.7], [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3

testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info/.stdout

@@ -1,5 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 analyzer_confirmation_info, AllAnalyzers::ANALYZER_ANALYZER_SSL, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3
-analyzer_confirmation, AllAnalyzers::ANALYZER_ANALYZER_SSL, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3
 analyzer_violation_info, AllAnalyzers::ANALYZER_ANALYZER_SSL, Invalid version late in TLS connection. Packet reported version: 0, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3
-analyzer_violation, AllAnalyzers::ANALYZER_ANALYZER_SSL, Invalid version late in TLS connection. Packet reported version: 0, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3

testing/btest/Baseline.zam/scripts.base.frameworks.input.raw.rereadraw/out

@@ -1,97 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-q3r3057fdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-sdfs\d
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-dfsdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-sdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-3rw43wRRERLlL#RWERERERE.
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-q3r3057fdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-sdfs\d
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-dfsdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-sdf
-[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
-ZAM-code line , error_ev=<uninitialized>, config={
-
-}]
-Input::EVENT_NEW
-3rw43wRRERLlL#RWERERERE.

testing/btest/Baseline.zam/scripts.base.protocols.ssl.prevent-disable-analyzer/.stdout

@@ -2,10 +2,10 @@
 analyzer_confirmation, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], AllAnalyzers::ANALYZER_ANALYZER_SSL, 3
 encrypted_data, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], T, 22, 32, 1
 established, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp]
-disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], Analyzer::ANALYZER_SSL, 3
+disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], AllAnalyzers::ANALYZER_ANALYZER_SSL, 3
-preventing disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], Analyzer::ANALYZER_SSL, 3
+preventing disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], AllAnalyzers::ANALYZER_ANALYZER_SSL, 3
 encrypted_data, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], F, 22, 32, 2
 encrypted_data, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], T, 23, 31, 3
 encrypted_data, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], T, 23, 17, 4
-disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], Analyzer::ANALYZER_SSL, 3
+disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], AllAnalyzers::ANALYZER_ANALYZER_SSL, 3
-allowing disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], Analyzer::ANALYZER_SSL, 3
+allowing disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], AllAnalyzers::ANALYZER_ANALYZER_SSL, 3

testing/btest/Baseline.zam/spicy.analyzer-tag/output

@@ -0,0 +1,6 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+Have analyzer!
+tag: AllAnalyzers::ANALYZER_ANALYZER_SPICY_SSH
+name: SPICY_SSH
+
+Do not have analyzer!

testing/btest/Baseline.zam/spicy.replaces/output

@@ -0,0 +1,4 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+AllAnalyzers::ANALYZER_ANALYZER_SSH, 3
+SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], F, 1.99, OpenSSH_3.9p1
+SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], T, 2.0, OpenSSH_3.8.1p1

testing/btest/Baseline.zam/spicy.ssh-banner/analyzer.log

@@ -0,0 +1,12 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	analyzer
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	cause	analyzer_kind	analyzer_name	uid	fuid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	failure_reason	failure_data
+#types	time	string	string	string	string	string	addr	port	addr	port	string	string
+XXXXXXXXXX.XXXXXX	violation	protocol	SPICY_SSH	CHhAvVGS1DHFjwGM9	-	141.142.228.5	53595	54.243.55.129	80	protocol rejected	-
+XXXXXXXXXX.XXXXXX	violation	protocol	SPICY_SSH	CHhAvVGS1DHFjwGM9	-	141.142.228.5	53595	54.243.55.129	80	failed to match regular expression (<...>/ssh.spicy:7:15)	POST /post HTTP/1.1\x0d\x0aUser-Agent: curl/7.
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline.zam/spicy.ssh-banner/output

@@ -0,0 +1,10 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+=== confirmation
+SSH banner in Foo, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], F, 1.99, OpenSSH_3.9p1
+SSH banner in Foo, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], T, 2.0, OpenSSH_3.8.1p1
+SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], F, 1.99, OpenSSH_3.9p1
+SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], T, 2.0, OpenSSH_3.8.1p1
+confirm, AllAnalyzers::ANALYZER_ANALYZER_SPICY_SSH
+=== violation
+violation, AllAnalyzers::ANALYZER_ANALYZER_SPICY_SSH, failed to match regular expression (<...>/ssh.spicy:7:15)
+violation, AllAnalyzers::ANALYZER_ANALYZER_SPICY_SSH, protocol rejected

testing/btest/Baseline.zam/spicy.ssh-banner/weird.log

@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.150.186.169	49244	131.159.14.23	22	my_weird	OpenSSH_3.9p1	F	zeek	SPICY_SSH
+#close XXXX-XX-XX-XX-XX-XX