mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 03:58:20 +00:00
Update scripts.base.frameworks.analyzer.logging btest to use a different trace file
This commit is contained in:
Tim Wojtulewicz
parent
3d5918e6b3
commit
6ebfa02199
3 changed files with 21 additions and 43 deletions
|
|
@ -7,40 +7,14 @@
|
|||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts cause analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
|
||||
#types time string string string string string addr port addr port string string
|
||||
XXXXXXXXXX.XXXXXX violation packet TEREDO CHhAvVGS1DHFjwGM9 - 141.142.220.202 5353 224.0.0.251 5353 Bad Teredo encapsulation \x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x06gemini\x09_sftp-ssh\x04_tcp\x05lo
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CHhAvVGS1DHFjwGM9 - 141.142.220.202 5353 224.0.0.251 5353 - -
|
||||
XXXXXXXXXX.XXXXXX violation packet TEREDO ClEkJM2Vm5giqnMf4h - fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 Bad Teredo encapsulation \x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x04\x06gemini\x09_sftp-ssh\x04_tcp\x05local
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS ClEkJM2Vm5giqnMf4h - fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 - -
|
||||
XXXXXXXXXX.XXXXXX violation packet TEREDO C4J4Th3PJpwUYZZ6gc - 141.142.220.50 5353 224.0.0.251 5353 Bad Teredo encapsulation \x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x04\x06gemini\x09_sftp-ssh\x04_tcp\x05local
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS C4J4Th3PJpwUYZZ6gc - 141.142.220.50 5353 224.0.0.251 5353 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol HTTP CUM0KZ3MLUfNB0cl11 - 141.142.220.118 48649 208.80.152.118 80 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CmES5u32sYpV7JYN - 141.142.220.118 43927 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CP5puj4I8PtEU4qzYg - 141.142.220.118 37676 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS C37jN32gN3y3AZzyf6 - 141.142.220.118 40526 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS C0LAHyvtKSQHyJxIl - 141.142.220.118 32902 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CFLRIC3zaTU1loLGxh - 141.142.220.118 59816 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS C9rXSW3KSpTYvPrlI1 - 141.142.220.118 59714 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS C9mvWx3ezztgzcexV7 - 141.142.220.118 58206 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CNnMIj2QSd84NKf7U3 - 141.142.220.118 38911 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS C7fIlMZDuRiqjpYbb - 141.142.220.118 59746 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CpmdRlaUoJLN3uIRa - 141.142.220.118 45000 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS C1Xkzz2MaGtLrc1Tla - 141.142.220.118 48479 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CqlVyW1YwZ15RhTBc4 - 141.142.220.118 48128 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CBA8792iHmnhPLksKa - 141.142.220.118 56056 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CGLPPc35OzDQij1XX8 - 141.142.220.118 55092 141.142.2.2 53 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol HTTP CwjjYJ2WqgTbAqiHl6 - 141.142.220.118 49997 208.80.152.3 80 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol HTTP C3eiCBGOLw3VtHfOj - 141.142.220.118 49996 208.80.152.3 80 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol HTTP Ck51lg1bScffFj34Ri - 141.142.220.118 49998 208.80.152.3 80 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol HTTP CykQaM33ztNt0csB9a - 141.142.220.118 49999 208.80.152.3 80 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol HTTP CtxTCR2Yer0FR1tIBg - 141.142.220.118 50000 208.80.152.3 80 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol HTTP CLNN1k2QMum1aexUK7 - 141.142.220.118 50001 208.80.152.3 80 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol HTTP CiyBAq1bBLNaTiTAc - 141.142.220.118 35642 208.80.152.2 80 - -
|
||||
XXXXXXXXXX.XXXXXX violation packet TEREDO Cipfzj1BEnhejw8cGf - 141.142.220.44 5353 224.0.0.251 5353 Bad Teredo encapsulation \x00\x00\x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x05gomez\x09_sftp-ssh\x04_tcp\x05local\x00
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS Cipfzj1BEnhejw8cGf - 141.142.220.44 5353 224.0.0.251 5353 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CV5WJ42jPYbNW9JNWf - 141.142.220.226 137 141.142.220.255 137 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CPhDKt12KQPUVbQz06 - fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CAnFrb2Cvxr5T7quOc - 141.142.220.226 55131 224.0.0.252 5355 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS C8rquZ3DjgNW06JGLl - fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CzrZOtXqhwwndQva3 - 141.142.220.226 55671 224.0.0.252 5355 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol DNS CaGCc13FffXe6RkQl9 - 141.142.220.238 56641 141.142.220.255 137 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol SOCKS ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 - -
|
||||
XXXXXXXXXX.XXXXXX confirmation protocol HTTP ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 - -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: out_of_bound: DCE_RPC_PDU:frag: -2665 > 31 -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -7,8 +7,12 @@
|
|||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts cause analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
|
||||
#types time string string string string string addr port addr port string string
|
||||
XXXXXXXXXX.XXXXXX violation packet TEREDO CHhAvVGS1DHFjwGM9 - 141.142.220.202 5353 224.0.0.251 5353 Bad Teredo encapsulation \x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x06gemini\x09_sftp-ssh\x04_tcp\x05lo
|
||||
XXXXXXXXXX.XXXXXX violation packet TEREDO ClEkJM2Vm5giqnMf4h - fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 Bad Teredo encapsulation \x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x04\x06gemini\x09_sftp-ssh\x04_tcp\x05local
|
||||
XXXXXXXXXX.XXXXXX violation packet TEREDO C4J4Th3PJpwUYZZ6gc - 141.142.220.50 5353 224.0.0.251 5353 Bad Teredo encapsulation \x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x04\x06gemini\x09_sftp-ssh\x04_tcp\x05local
|
||||
XXXXXXXXXX.XXXXXX violation packet TEREDO Cipfzj1BEnhejw8cGf - 141.142.220.44 5353 224.0.0.251 5353 Bad Teredo encapsulation \x00\x00\x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x05gomez\x09_sftp-ssh\x04_tcp\x05local\x00
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: out_of_bound: DCE_RPC_PDU:frag: -2665 > 31 -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
XXXXXXXXXX.XXXXXX violation protocol DCE_RPC ClEkJM2Vm5giqnMf4h - 10.0.0.55 53994 60.190.189.214 8124 Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers -
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
# @TEST-EXEC: zeek -b -r ${TRACES}/wikipedia.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r ${TRACES}/socks.trace %INPUT
|
||||
# @TEST-EXEC: mv analyzer.log analyzer.log-no-confirmations
|
||||
# @TEST-EXEC: btest-diff analyzer.log-no-confirmations
|
||||
|
||||
# @TEST-EXEC: zeek -b -r ${TRACES}/wikipedia.trace %INPUT Analyzer::Logging::include_confirmations=T
|
||||
# @TEST-EXEC: zeek -r ${TRACES}/socks.trace %INPUT Analyzer::Logging::include_confirmations=T
|
||||
# @TEST-EXEC: mv analyzer.log analyzer.log-include-confirmations
|
||||
# @TEST-EXEC: btest-diff analyzer.log-include-confirmations
|
||||
|
||||
@load base/protocols/conn
|
||||
@load base/protocols/dns
|
||||
@load base/protocols/http
|
||||
@load base/protocols/socks
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue