Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

General btest cleanup

Browse source 
- Use `-b` most everywhere, it will save time.

- Start some intel tests upon the input file being fully read instead of
  at an arbitrary time.

- Improve termination condition for some sumstats/cluster tests.

- Filter uninteresting output from some supervisor tests.

- Test for `notice_policy.log` is no longer needed.
This commit is contained in:
Jon Siwek 2020-08-08 00:54:50 -07:00 committed by Tim Wojtulewicz
parent 670bf02c95
commit 7967a5b0aa
350 changed files with 1139 additions and 638 deletions
Download patch file Download diff file Expand all files Collapse all files

12
testing/btest/scripts/base/frameworks/intel/match-subnet.zeek
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT
# @TEST-EXEC: btest-bg-run zeekproc zeek -b %INPUT
# @TEST-EXEC: btest-bg-wait 15
# @TEST-EXEC: cat zeekproc/intel.log > output
# @TEST-EXEC: cat zeekproc/.stdout >> output
@ -14,6 +14,8 @@
192.168.128.0/18 Intel::SUBNET source1 this subnetwork might be baaad http://some-data-distributor.com/5
# @TEST-END-FILE
@load base/frameworks/intel
redef exit_only_after_terminate = T;
redef Intel::read_files += { "../intel.dat" };
@ -29,9 +31,13 @@ event do_it()
$where=SOMEWHERE]);
}
event zeek_init() &priority=-10
global read = 0;
event Intel::read_entry(desc: Input::EventDescription, tpe: Input::Event, item: Intel::Item)
{
schedule 4sec { do_it() };
++read;
if ( read == 6 )
event do_it();
}
global log_lines = 0;