From 6dc4863d8150a4e8f48c58dd4284ca5b8ffd531e Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Fri, 26 Sep 2014 22:06:56 -0500 Subject: [PATCH] Add a test that detects changes in the list of all Bro log files --- .../btest/Baseline/coverage.find-bro-logs/out | 42 +++++++++++++++++ testing/btest/coverage/find-bro-logs.test | 45 +++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 testing/btest/Baseline/coverage.find-bro-logs/out create mode 100644 testing/btest/coverage/find-bro-logs.test diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out new file mode 100644 index 0000000000..090a93d655 --- /dev/null +++ b/testing/btest/Baseline/coverage.find-bro-logs/out @@ -0,0 +1,42 @@ +app_stats +barnyard2 +capture_loss +cluster +communication +conn +dhcp +dnp3 +dns +dpd +files +ftp +http +intel +irc +known_certs +known_devices +known_hosts +known_modbus +known_services +loaded_scripts +modbus +modbus_register_change +notice +notice_alarm +packet_filter +radius +reporter +signatures +smtp +snmp +socks +software +ssh +ssl +stats +syslog +traceroute +tunnel +unified2 +weird +x509 diff --git a/testing/btest/coverage/find-bro-logs.test b/testing/btest/coverage/find-bro-logs.test new file mode 100644 index 0000000000..ffde5b8225 --- /dev/null +++ b/testing/btest/coverage/find-bro-logs.test @@ -0,0 +1,45 @@ +# This test is intended to help keep Bro's reference documentation up-to-date. +# If this test fails, then it indicates that the set of all the log filenames +# that Bro could potentially create (with the scripts included with Bro) has +# changed. In that case, the reference documentation listing all Bro log files +# should be checked and updated if necessary. + +# @TEST-EXEC: bash %INPUT +# @TEST-EXEC: btest-diff out + +BROSCRIPTS=${DIST}/scripts + +# For a given Bro script, look for a call to "create_stream". If found, +# extract the log ID (adding the module name if necessary), and print the +# log ID and script filename. +cat << '_EOF_' > find_logid.awk +/module[ ]+[A-Za-z0-9_]/ { + mod = $2 + if ( substr(mod, length(mod), 1) == ";" ) { + mod = substr(mod, 1, length(mod)-1) + } +} + +/Log::create_stream/ { + if ( substr($1, 1, 1) != "#" ) { + x = index($1, "(") + logid = substr($1, x+1, length($1)-x-1) + if ( logid == "LOG" ) { + printf "%s::", mod + } + printf "%s", logid + printf " %s\n", FILENAME + } +} +_EOF_ + +find ${BROSCRIPTS} -type f -exec awk -f find_logid.awk {} \; > out.logid + +# For each log ID, have Bro convert it to the corresponding log filename +# using the default mechanism for generating a log filename (we must load +# all Bro scripts so that all log IDs are defined). +awk '{print $1}' out.logid | while read logid; do + bro ${BROSCRIPTS}/test-all-policy.bro -e "print Log::default_path_func(${logid}, \"\", 0);" >> out.tmp +done + +grep -v WARNING out.tmp | sort -u > out