Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add a test that detects changes in the list of all Bro log files

Browse source
This commit is contained in:
Daniel Thayer 2014-09-26 22:06:56 -05:00
parent 16c70a5179
commit 6dc4863d81
2 changed files with 87 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

42
testing/btest/Baseline/coverage.find-bro-logs/out Normal file
View file

@ -0,0 +1,42 @@
app_stats
barnyard2
capture_loss
cluster
communication
conn
dhcp
dnp3
dns
dpd
files
ftp
http
intel
irc
known_certs
known_devices
known_hosts
known_modbus
known_services
loaded_scripts
modbus
modbus_register_change
notice
notice_alarm
packet_filter
radius
reporter
signatures
smtp
snmp
socks
software
ssh
ssl
stats
syslog
traceroute
tunnel
unified2
weird
x509

45
testing/btest/coverage/find-bro-logs.test Normal file
View file

@ -0,0 +1,45 @@
# This test is intended to help keep Bro's reference documentation up-to-date.
# If this test fails, then it indicates that the set of all the log filenames
# that Bro could potentially create (with the scripts included with Bro) has
# changed. In that case, the reference documentation listing all Bro log files
# should be checked and updated if necessary.
# @TEST-EXEC: bash %INPUT
# @TEST-EXEC: btest-diff out
BROSCRIPTS=${DIST}/scripts
# For a given Bro script, look for a call to "create_stream". If found,
# extract the log ID (adding the module name if necessary), and print the
# log ID and script filename.
cat << '_EOF_' > find_logid.awk
/module[ ]+[A-Za-z0-9_]/ {
mod = $2
if ( substr(mod, length(mod), 1) == ";" ) {
mod = substr(mod, 1, length(mod)-1)
}
}
/Log::create_stream/ {
if ( substr($1, 1, 1) != "#" ) {
x = index($1, "(")
logid = substr($1, x+1, length($1)-x-1)
if ( logid == "LOG" ) {
printf "%s::", mod
}
printf "%s", logid
printf " %s\n", FILENAME
}
}
_EOF_
find ${BROSCRIPTS} -type f -exec awk -f find_logid.awk {} \; > out.logid
# For each log ID, have Bro convert it to the corresponding log filename
# using the default mechanism for generating a log filename (we must load
# all Bro scripts so that all log IDs are defined).
awk '{print $1}' out.logid | while read logid; do
bro ${BROSCRIPTS}/test-all-policy.bro -e "print Log::default_path_func(${logid}, \"\", 0);" >> out.tmp
done
grep -v WARNING out.tmp | sort -u > out