GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev.

This also installs symlinks from "zeek" and "bro-config" to a wrapper script that prints a deprecation warning. The btests pass, but this is still WIP. broctl renaming is still missing. #239
2025-10-11 02:58:20 +00:00 · 2019-04-23 14:25:56 +02:00 · 2019-04-23 14:25:56 +02:00 · 789cb376fd
commit 789cb376fd
parent 375b151a4b
1119 changed files with 1686 additions and 1647 deletions
--- a/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek
@ -1,5 +1,5 @@

-# @TEST-EXEC: bro -b %INPUT 
+# @TEST-EXEC: zeek -b %INPUT 
 # @TEST-EXEC: btest-diff ssh-new-default.log
 # @TEST-EXEC: test '!' -e ssh.log

--- a/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-double.zeek
@ -1,8 +1,8 @@
 # @TEST-DOC: Test that the ASCII writer logs values of type "double" correctly.
 #
-# @TEST-EXEC: bro -b %INPUT test-json.zeek
+# @TEST-EXEC: zeek -b %INPUT test-json.zeek
 # @TEST-EXEC: mv test.log json.log
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff test.log
 # @TEST-EXEC: btest-diff json.log
 # 
--- a/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: cat ssh.log | grep -v PREFIX.*20..- >ssh-filtered.log
 # @TEST-EXEC: btest-diff ssh-filtered.log

--- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek
@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: zeek -b %INPUT >output
 # @TEST-EXEC: btest-diff test.log
 # @TEST-EXEC: btest-diff output

--- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT 
+# @TEST-EXEC: zeek -b %INPUT 
 # @TEST-EXEC: btest-diff test.log

 redef LogAscii::empty_field = "EMPTY";
--- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT 
+# @TEST-EXEC: zeek -b %INPUT 
 # @TEST-EXEC: btest-diff test.log

 module Test;
--- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek
@ -1,4 +1,4 @@
 #
-# @TEST-EXEC: bro -C -r $TRACES/www-odd-url.trace
+# @TEST-EXEC: zeek -C -r $TRACES/www-odd-url.trace
 # @TEST-EXEC: btest-diff http.log

--- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek
@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff test.log

 module Test;
--- a/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT 
+# @TEST-EXEC: zeek -b %INPUT 
 # @TEST-EXEC: cat ssh.log | egrep -v '#open|#close' >ssh.log.tmp && mv ssh.log.tmp ssh.log
 # @TEST-EXEC: btest-diff ssh.log

--- a/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek
@ -1,6 +1,6 @@
 # Test that log rotation works with compressed logs.
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: gunzip test.*.log.gz
 #

--- a/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: gunzip ssh.log.gz
 # @TEST-EXEC: btest-diff ssh.log
 # @TEST-EXEC: btest-diff ssh-uncompressed.log
--- a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log
 #
 # Testing all possible types.
--- a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff testing.log

@load tuning/json-logs
--- a/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-json.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log
 #
 # Testing all possible types.
--- a/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff test.log

 module Test;
--- a/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-options.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log

 redef LogAscii::output_to_stdout = F;
--- a/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff test.log

 module Test;
--- a/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: cat ssh.log | grep -v PREFIX.*20..- >ssh-filtered.log
 # @TEST-EXEC: btest-diff ssh-filtered.log

--- a/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/attr-extend.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/attr.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/attr.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/disable-stream.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: test '!' -e ssh.log

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/empty-event.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/empty-event.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/enable-stream.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/env-ext.test
+++ b/testing/btest/scripts/base/frameworks/logging/env-ext.test
@ -1,2 +1,2 @@
-# @TEST-EXEC: BRO_LOG_SUFFIX=txt bro -r $TRACES/wikipedia.trace
+# @TEST-EXEC: BRO_LOG_SUFFIX=txt zeek -r $TRACES/wikipedia.trace
 # @TEST-EXEC: test -f conn.txt
--- a/testing/btest/scripts/base/frameworks/logging/events.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/events.zeek
@ -1,5 +1,5 @@

-# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: zeek -b %INPUT >output
 # @TEST-EXEC: btest-diff output

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/exclude.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/exclude.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek
@ -1,8 +1,8 @@
 # @TEST-PORT: BROKER_PORT1
 # @TEST-PORT: BROKER_PORT2
 #
-# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT"
-# @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT"
+# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT"
+# @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT"
 # @TEST-EXEC: btest-bg-wait 20
 # @TEST-EXEC: grep qux manager-1/reporter.log   | sed 's#line ..#line XX#g'  > manager-reporter.log
 # @TEST-EXEC: grep qux manager-1/reporter-2.log | sed 's#line ..*#line XX#g' >> manager-reporter.log
--- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek
@ -1,8 +1,8 @@
 # @TEST-PORT: BROKER_PORT1
 # @TEST-PORT: BROKER_PORT2
 #
-# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 bro %INPUT"
-# @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT"
+# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT"
+# @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT"
 # @TEST-EXEC: btest-bg-wait 20
 # @TEST-EXEC: btest-diff manager-1/http.log

--- a/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/field-extension-complex.zeek
@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
+# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log

@load base/protocols/conn
--- a/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek
@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -b -r $TRACES/http/get.trace %INPUT
+# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff .stderr

--- a/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/field-extension-optional.zeek
@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
+# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log

@load base/protocols/conn
--- a/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek
@ -1,4 +1,4 @@
-# @TEST-EXEC-FAIL: bro -b -r $TRACES/wikipedia.trace %INPUT
+# @TEST-EXEC-FAIL: zeek -b -r $TRACES/wikipedia.trace %INPUT
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr

@load base/protocols/conn
--- a/testing/btest/scripts/base/frameworks/logging/field-extension.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/field-extension.zeek
@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
+# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log

@load base/protocols/conn
--- a/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/field-name-map.zeek
@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
+# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log

@load base/protocols/conn
--- a/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/field-name-map2.zeek
@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -b -r $TRACES/auth_change_session_keys.pcap %INPUT
+# @TEST-EXEC: zeek -b -r $TRACES/auth_change_session_keys.pcap %INPUT
 # @TEST-EXEC: btest-diff conn.log

 # The other tests of Log::default_field_name_map used to not catch an invalid
--- a/testing/btest/scripts/base/frameworks/logging/file.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/file.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/include.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/include.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/no-local.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/no-local.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: test '!' -e ssh.log

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/none-debug.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/none-debug.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: zeek -b %INPUT >output
 # @TEST-EXEC: btest-diff output

 redef Log::default_writer = Log::WRITER_NONE;
--- a/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek
@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
+# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT
 # @TEST-EXEC: btest-diff local.log
 # @TEST-EXEC: btest-diff remote.log
 #
--- a/testing/btest/scripts/base/frameworks/logging/path-func.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/path-func.zeek
@ -1,5 +1,5 @@

-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: ( ls static-*; cat static-* ) >output
 # @TEST-EXEC: btest-diff output

--- a/testing/btest/scripts/base/frameworks/logging/pred.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/pred.zeek
@ -1,5 +1,5 @@

-# @TEST-EXEC: bro -b %INPUT 
+# @TEST-EXEC: zeek -b %INPUT 
 # @TEST-EXEC: btest-diff test.success.log
 # @TEST-EXEC: btest-diff test.failure.log

--- a/testing/btest/scripts/base/frameworks/logging/remove.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/remove.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b -B logging %INPUT
+# @TEST-EXEC: zeek -b -B logging %INPUT
 # @TEST-EXEC: btest-diff ssh.log
 # @TEST-EXEC: btest-diff ssh.failure.log
 # @TEST-EXEC: btest-diff .stdout
--- a/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT | egrep "test|test2" | sort >out.tmp
+# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT | egrep "test|test2" | sort >out.tmp
 # @TEST-EXEC: cat out.tmp pp.log | sort >out
 # @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | $SCRIPTS/diff-remove-timestamps | uniq >>out
 # @TEST-EXEC: btest-diff out
--- a/testing/btest/scripts/base/frameworks/logging/rotate.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/rotate.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT >bro.out 2>&1
+# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT >bro.out 2>&1
 # @TEST-EXEC: grep "test" bro.out | sort >out
 # @TEST-EXEC: for i in `ls test.*.log | sort`; do printf '> %s\n' $i; cat $i; done >>out
 # @TEST-EXEC: btest-diff out
--- a/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/scope_sep.zeek
@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
+# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log

@load base/protocols/conn
--- a/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.zeek
@ -1,7 +1,7 @@
 # This tests the order in which the unrolling and field name 
 # renaming occurs.

-# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
+# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log

@load base/protocols/conn
--- a/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek
@ -4,7 +4,7 @@
 # @TEST-GROUP: sqlite
 #
 # @TEST-EXEC: cat ssh.sql | sqlite3 ssh.sqlite
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff .stderr
 #
 # Testing all possible types.
--- a/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek
@ -6,7 +6,7 @@
 # @TEST-REQUIRES: has-writer Bro::SQLiteWriter
 # @TEST-GROUP: sqlite
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select
 # @TEST-EXEC: btest-diff ssh.select
 #
--- a/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek
@ -4,7 +4,7 @@
 # @TEST-REQUIRES: has-writer Bro::SQLiteWriter
 # @TEST-GROUP: sqlite
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select
 # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from sshtwo' >> ssh.select
 # @TEST-EXEC: btest-diff ssh.select
--- a/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek
@ -3,7 +3,7 @@
 # @TEST-REQUIRES: has-writer Bro::SQLiteWriter
 # @TEST-GROUP: sqlite
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: sqlite3 ssh.sqlite 'select * from ssh' > ssh.select
 # @TEST-EXEC: btest-diff ssh.select
 #
--- a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek
@ -3,7 +3,7 @@
 # @TEST-REQUIRES: has-writer Bro::SQLiteWriter
 # @TEST-GROUP: sqlite
 #
-# @TEST-EXEC: bro -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_SQLITE
+# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_SQLITE
 # @TEST-EXEC: sqlite3 conn.sqlite 'select * from conn order by ts' | sort -n > conn.select
 # @TEST-EXEC: sqlite3 http.sqlite 'select * from http order by ts' | sort -n > http.select
 # @TEST-EXEC: btest-diff conn.select
--- a/testing/btest/scripts/base/frameworks/logging/stdout.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/stdout.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: zeek -b %INPUT >output
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: test '!' -e ssh.log

--- a/testing/btest/scripts/base/frameworks/logging/test-logging.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/test-logging.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/types.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/types.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log
 #
 # Testing all possible types.
--- a/testing/btest/scripts/base/frameworks/logging/unset-record.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/unset-record.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff testing.log

 redef enum Log::ID += { TESTING };
--- a/testing/btest/scripts/base/frameworks/logging/vec.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/vec.zeek
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: zeek -b %INPUT
 # @TEST-EXEC: btest-diff ssh.log

 module SSH;
--- a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek
@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT
+# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT
 # @TEST-EXEC: btest-diff reporter.log
 # @TEST-EXEC: btest-diff http.log
 # @TEST-EXEC: btest-diff http-2.log