diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro index 69fcff2936..c77f22a620 100644 --- a/scripts/base/frameworks/logging/main.bro +++ b/scripts/base/frameworks/logging/main.bro @@ -123,6 +123,19 @@ export { ## "id.orig_h" to turn into "id_orig_h". const default_scope_sep = "." &redef; + ## A prefix for extension fields which can be optionally prefixed + ## on all log lines by setting the `ext_func` field in the + ## log filter. + const Log::default_ext_prefix: string = "_" &redef; + + ## Default log extension function in the case that you would like to + ## apply the same extensions to all logs. The function *must* return + ## a record with all of the fields to be included in the log. The + ## default function included here returns F as a marker to indicate + ## that it has no implementation. + const Log::default_ext_func: function(path: string): any = + function(path: string): bool { return F; } &redef; + ## A filter type describes how to customize logging streams. type Filter: record { ## Descriptive name to reference this filter. @@ -205,6 +218,16 @@ export { ## for nested record types. scope_sep: string &default=default_scope_sep; + ## Default prefix for all extension fields. It's typically + ## prudent to set this to something that Bro's logging + ## framework can't normally write out in a field name. + ext_prefix: string &default=Log::default_ext_prefix; + + ## Function to collect a log extension value. If not specified, + ## no log extension will be provided for the log. + ## The return value from the function *must* be a record. + ext_func: function(path: string): any &default=Log::default_ext_func; + ## Rotation interval. Zero disables rotation. interv: interval &default=default_rotation_interval; @@ -218,33 +241,6 @@ export { config: table[string] of string &default=table(); }; - ## A prefix for extension fields which can be optionally prefixed - ## on all log lines by setting the `ext_func` field in the - ## log filter. - const Log::default_ext_prefix: string = "_" &redef; - - ## Default log extension function in the case that you would like to - ## apply the same extensions to all logs. The function *must* return - ## a record with all of the fields to be included in the log. The - ## default function included here returns F as a marker to indicate - ## that it has no implementation. - const Log::default_ext_func: function(filter: Log::Filter): any = - function(filter: Log::Filter): bool { return F; } &redef; - - # This is a hack for now since fields can't self-reference the - # record type they are contained within. - redef record Log::Filter += { - ## Default prefix for all extension fields. It's typically - ## prudent to set this to something that Bro's logging - ## framework can't normally write out in a field name. - ext_prefix: string &default=Log::default_ext_prefix; - - ## Function to collect a log extension value. If not specified, - ## no log extension will be provided for the log. - ## The return value from the function *must* be a record. - ext_func: function(filter: Log::Filter): any &default=Log::default_ext_func; - }; - ## Sentinel value for indicating that a filter was not found when looked up. const no_filter: Filter = [$name=""]; diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index fc967d8390..2791ed2333 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -1063,7 +1063,7 @@ threading::Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, if ( filter->num_ext_fields > 0 ) { val_list vl(1); - vl.append(filter->fval->AsRecordVal()->Ref()); + vl.append(filter->path_val->Ref()); ext_rec = filter->ext_func->Call(&vl)->AsRecordVal(); } @@ -1111,6 +1111,11 @@ threading::Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, } } + if ( ext_rec != 0 ) + { + Unref(ext_rec); + } + return vals; } diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension/conn.log new file mode 100644 index 0000000000..dd98eac209 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension/conn.log @@ -0,0 +1,43 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open 2016-08-10-17-45-11 +#fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +1300475173.475401 conn bro 1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty) +1300475173.475401 conn bro 1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty) +1300475173.475401 conn bro 1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty) +1300475173.475401 conn bro 1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty) +1300475173.475401 conn bro 1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty) +1300475173.475401 conn bro 1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty) +1300475173.475401 conn bro 1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty) +1300475173.475401 conn bro 1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty) +1300475173.475401 conn bro 1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty) +1300475173.475401 conn bro 1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty) +1300475173.475401 conn bro 1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty) +1300475173.475401 conn bro 1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty) +1300475173.475401 conn bro 1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty) +1300475173.475401 conn bro 1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475173.475401 conn bro 1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty) +1300475173.475401 conn bro 1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475173.475401 conn bro 1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475173.475401 conn bro 1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475173.475401 conn bro 1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty) +1300475173.475401 conn bro 1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty) +1300475173.475401 conn bro 1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475173.475401 conn bro 1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475173.475401 conn bro 1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty) +1300475173.475401 conn bro 1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty) +1300475173.475401 conn bro 1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty) +1300475173.475401 conn bro 1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475173.475401 conn bro 1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty) +1300475173.475401 conn bro 1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty) +1300475173.475401 conn bro 1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475173.475401 conn bro 1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty) +1300475173.475401 conn bro 1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty) +1300475173.475401 conn bro 1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty) +1300475173.475401 conn bro 1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty) +1300475173.475401 conn bro 1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty) +#close 2016-08-10-17-45-11 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map/conn.log index f5a9d1cdc7..a97fff59b2 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map/conn.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map/conn.log @@ -3,41 +3,41 @@ #empty_field (empty) #unset_field - #path conn -#open 2016-03-14-13-20-58 +#open 2016-08-10-16-51-09 #fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] -1300475169.780331 C7XEbhP654jzLoe3a 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty) -1300475168.859163 CsRx2w45OKnoww6xl4 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty) -1300475168.652003 CJ3xTn1c4Zw9TmAE05 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty) -1300475168.895267 C6pKV8GSxOnSLghOa 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty) -1300475168.902635 CIPOse170MGiRM1Qf4 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty) -1300475168.892936 CRJuHdVW0XPVINV8a 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty) -1300475168.855305 CCvvfg3TEfuqmmG4bh 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty) -1300475168.892913 CPbrpk1qSsw6ESzHV4 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty) -1300475168.724007 CXWv6p3arKYeMETxOg 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty) -1300475168.855330 CjhGID4nQcgTWjvg4c 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty) -1300475168.891644 CMXxB5GvmoxJFXdTa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty) -1300475170.862384 Caby8b1slFea8xwSmb 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty) -1300475168.853899 Che1bq3i2rO3KD1Syg 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty) -1300475168.854378 C3SfNE4BWaU4aSuwkc 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty) -1300475168.857956 CEle3f3zno26fFZkrh 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty) -1300475173.117362 CwSkQu4eWZCH7OONC1 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty) -1300475167.097012 CfTOmO0HKorjr8Zp7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty) -1300475168.858713 CzA03V1VcgagLjnO92 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty) -1300475171.675372 CyAhVIzHqb7t7kv28 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty) -1300475167.096535 Cab0vO1xNYSS2hJkle 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty) -1300475167.099816 Cx2FqO23omNawSNrxj 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty) -1300475168.892037 Cx3C534wEyF3OvvcQe 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty) -1300475168.893988 CkDsfG2YIeWJmXWNWj 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty) -1300475168.854837 CUKS0W3HFYOnBqSE5e 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty) -1300475169.899438 CRrfvP2lalMAYOCLhj 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty) -1300475173.116749 Cn78a440HlxuyZKs6f fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty) -1300475168.858306 CUof3F2yAIid8QS3dk 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty) -1300475168.894422 CojBOU3CXcLHl1r6x1 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty) -1300475173.153679 CJzVQRGJrX6V15ik7 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty) -1300475168.892414 ClAbxY1nmdjCuo0Le2 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty) -1300475171.677081 CwG0BF1VXE0gWgs78 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty) -1300475168.902195 CisNaL1Cm73CiNOmcg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty) -1300475168.894787 CBQnJn22qN8TOeeZil 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty) -1300475168.901749 CbEsuD3dgDDngdlbKf 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty) -#close 2016-03-14-13-20-58 +1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty) +1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty) +1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty) +1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty) +1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty) +1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty) +1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty) +1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty) +1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty) +1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty) +1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty) +1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty) +1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty) +1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty) +1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty) +1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty) +1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty) +1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty) +1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty) +1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty) +1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty) +1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty) +1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty) +1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty) +1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty) +1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty) +#close 2016-08-10-16-51-09 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep/conn.log new file mode 100644 index 0000000000..2347e0b3ce --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep/conn.log @@ -0,0 +1,43 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open 2016-08-10-16-53-04 +#fields ts uid id_orig_h id_orig_p id_resp_h id_resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty) +1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty) +1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty) +1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty) +1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty) +1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty) +1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty) +1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty) +1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty) +1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty) +1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty) +1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty) +1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty) +1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty) +1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty) +1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty) +1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty) +1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty) +1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty) +1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty) +1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty) +1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty) +1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty) +1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty) +1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty) +1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty) +#close 2016-08-10-16-53-04 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep_and_field_name_map/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep_and_field_name_map/conn.log new file mode 100644 index 0000000000..e52c0ce6bd --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep_and_field_name_map/conn.log @@ -0,0 +1,43 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open 2016-08-10-16-53-37 +#fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +1300475169.780331 C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty) +1300475168.892913 CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty) +1300475168.724007 CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty) +1300475168.855330 ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty) +1300475168.855305 C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty) +1300475168.652003 CwjjYJ2WqgTbAqiHl6 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty) +1300475168.902635 C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty) +1300475168.859163 CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty) +1300475168.892936 CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty) +1300475168.895267 CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty) +1300475168.853899 C0LAHyvtKSQHyJxIl 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty) +1300475168.901749 CFLRIC3zaTU1loLGxh 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty) +1300475168.902195 C9rXSW3KSpTYvPrlI1 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty) +1300475168.858713 Ck51lg1bScffFj34Ri 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475167.099816 C9mvWx3ezztgzcexV7 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty) +1300475168.854837 CNnMIj2QSd84NKf7U3 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475168.894787 C7fIlMZDuRiqjpYbb 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475168.894422 CykQaM33ztNt0csB9a 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475169.899438 CtxTCR2Yer0FR1tIBg 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty) +1300475170.862384 CpmdRlaUoJLN3uIRa 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty) +1300475168.892414 C1Xkzz2MaGtLrc1Tla 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty) +1300475168.858306 CqlVyW1YwZ15RhTBc4 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475167.097012 CLNN1k2QMum1aexUK7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty) +1300475173.117362 CBA8792iHmnhPLksKa 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty) +1300475173.153679 CGLPPc35OzDQij1XX8 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty) +1300475168.892037 CiyBAq1bBLNaTiTAc 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475171.675372 CFSwNi4CNGxcuffo49 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty) +1300475167.096535 Cipfzj1BEnhejw8cGf 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty) +1300475168.854378 CV5WJ42jPYbNW9JNWf 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty) +1300475171.677081 CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty) +1300475173.116749 CAnFrb2Cvxr5T7quOc fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty) +1300475168.893988 C8rquZ3DjgNW06JGLl 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty) +1300475168.857956 CzrZOtXqhwwndQva3 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty) +1300475168.891644 CaGCc13FffXe6RkQl9 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty) +#close 2016-08-10-16-53-37 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.unrolling_sep/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.unrolling_sep/conn.log deleted file mode 100644 index a80425acac..0000000000 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.unrolling_sep/conn.log +++ /dev/null @@ -1,43 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path conn -#open 2016-03-17-21-02-03 -#fields ts uid id_orig_h id_orig_p id_resp_h id_resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents -#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] -1300475169.780331 C7XEbhP654jzLoe3a 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty) -1300475168.859163 CsRx2w45OKnoww6xl4 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty) -1300475168.652003 CJ3xTn1c4Zw9TmAE05 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty) -1300475168.895267 C6pKV8GSxOnSLghOa 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty) -1300475168.902635 CIPOse170MGiRM1Qf4 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty) -1300475168.892936 CRJuHdVW0XPVINV8a 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty) -1300475168.855305 CCvvfg3TEfuqmmG4bh 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty) -1300475168.892913 CPbrpk1qSsw6ESzHV4 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty) -1300475168.724007 CXWv6p3arKYeMETxOg 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty) -1300475168.855330 CjhGID4nQcgTWjvg4c 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty) -1300475168.891644 CMXxB5GvmoxJFXdTa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty) -1300475170.862384 Caby8b1slFea8xwSmb 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty) -1300475168.853899 Che1bq3i2rO3KD1Syg 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty) -1300475168.854378 C3SfNE4BWaU4aSuwkc 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty) -1300475168.857956 CEle3f3zno26fFZkrh 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty) -1300475173.117362 CwSkQu4eWZCH7OONC1 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty) -1300475167.097012 CfTOmO0HKorjr8Zp7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty) -1300475168.858713 CzA03V1VcgagLjnO92 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty) -1300475171.675372 CyAhVIzHqb7t7kv28 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty) -1300475167.096535 Cab0vO1xNYSS2hJkle 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty) -1300475167.099816 Cx2FqO23omNawSNrxj 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty) -1300475168.892037 Cx3C534wEyF3OvvcQe 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty) -1300475168.893988 CkDsfG2YIeWJmXWNWj 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty) -1300475168.854837 CUKS0W3HFYOnBqSE5e 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty) -1300475169.899438 CRrfvP2lalMAYOCLhj 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty) -1300475173.116749 Cn78a440HlxuyZKs6f fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty) -1300475168.858306 CUof3F2yAIid8QS3dk 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty) -1300475168.894422 CojBOU3CXcLHl1r6x1 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty) -1300475173.153679 CJzVQRGJrX6V15ik7 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty) -1300475168.892414 ClAbxY1nmdjCuo0Le2 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty) -1300475171.677081 CwG0BF1VXE0gWgs78 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty) -1300475168.902195 CisNaL1Cm73CiNOmcg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty) -1300475168.894787 CBQnJn22qN8TOeeZil 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty) -1300475168.901749 CbEsuD3dgDDngdlbKf 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty) -#close 2016-03-17-21-02-03 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.unrolling_sep_and_field_name_map/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.unrolling_sep_and_field_name_map/conn.log deleted file mode 100644 index 4063ded264..0000000000 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.unrolling_sep_and_field_name_map/conn.log +++ /dev/null @@ -1,43 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path conn -#open 2016-05-16-16-26-15 -#fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents -#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] -1300475169.780331 C7XEbhP654jzLoe3a 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 (empty) -1300475168.859163 CsRx2w45OKnoww6xl4 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 (empty) -1300475168.652003 CJ3xTn1c4Zw9TmAE05 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 (empty) -1300475168.895267 C6pKV8GSxOnSLghOa 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 (empty) -1300475168.902635 CIPOse170MGiRM1Qf4 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 (empty) -1300475168.892936 CRJuHdVW0XPVINV8a 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty) -1300475168.855305 CCvvfg3TEfuqmmG4bh 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 (empty) -1300475168.892913 CPbrpk1qSsw6ESzHV4 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 (empty) -1300475168.724007 CXWv6p3arKYeMETxOg 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 (empty) -1300475168.855330 CjhGID4nQcgTWjvg4c 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 (empty) -1300475168.891644 CMXxB5GvmoxJFXdTa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty) -1300475170.862384 Caby8b1slFea8xwSmb 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 (empty) -1300475168.853899 Che1bq3i2rO3KD1Syg 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty) -1300475168.854378 C3SfNE4BWaU4aSuwkc 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty) -1300475168.857956 CEle3f3zno26fFZkrh 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty) -1300475173.117362 CwSkQu4eWZCH7OONC1 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 (empty) -1300475167.097012 CfTOmO0HKorjr8Zp7 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 (empty) -1300475168.858713 CzA03V1VcgagLjnO92 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty) -1300475171.675372 CyAhVIzHqb7t7kv28 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 (empty) -1300475167.096535 Cab0vO1xNYSS2hJkle 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 (empty) -1300475167.099816 Cx2FqO23omNawSNrxj 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 (empty) -1300475168.892037 Cx3C534wEyF3OvvcQe 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty) -1300475168.893988 CkDsfG2YIeWJmXWNWj 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty) -1300475168.854837 CUKS0W3HFYOnBqSE5e 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty) -1300475169.899438 CRrfvP2lalMAYOCLhj 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 (empty) -1300475173.116749 Cn78a440HlxuyZKs6f fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 (empty) -1300475168.858306 CUof3F2yAIid8QS3dk 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty) -1300475168.894422 CojBOU3CXcLHl1r6x1 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty) -1300475173.153679 CJzVQRGJrX6V15ik7 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 (empty) -1300475168.892414 ClAbxY1nmdjCuo0Le2 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty) -1300475171.677081 CwG0BF1VXE0gWgs78 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 (empty) -1300475168.902195 CisNaL1Cm73CiNOmcg 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty) -1300475168.894787 CBQnJn22qN8TOeeZil 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty) -1300475168.901749 CbEsuD3dgDDngdlbKf 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty) -#close 2016-05-16-16-26-15 diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension.bro b/testing/btest/scripts/base/frameworks/logging/field-extension.bro new file mode 100644 index 0000000000..609df1b467 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/logging/field-extension.bro @@ -0,0 +1,19 @@ +# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: btest-diff conn.log + +@load base/protocols/conn + +type Extension: record { + write_ts: time &log; + stream: string &log; + system_name: string &log; +}; + +function add_extension(path: string): Extension + { + return Extension($write_ts = network_time(), + $stream = path, + $system_name = peer_description); + } + +redef Log::default_ext_func = add_extension; \ No newline at end of file diff --git a/testing/btest/scripts/base/frameworks/logging/unrolling_sep.bro b/testing/btest/scripts/base/frameworks/logging/scope_sep.bro similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/unrolling_sep.bro rename to testing/btest/scripts/base/frameworks/logging/scope_sep.bro diff --git a/testing/btest/scripts/base/frameworks/logging/unrolling_sep_and_field_name_map.bro b/testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.bro similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/unrolling_sep_and_field_name_map.bro rename to testing/btest/scripts/base/frameworks/logging/scope_sep_and_field_name_map.bro