From 7a748526c05f473dd9a1f03db14421c88bf16cb4 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@corelight.com>
Date: Wed, 22 Jan 2020 13:58:20 -0800
Subject: [PATCH] Use consistent zeek_init priority for Log::create_stream
 calls

Typically in base scripts, Log::create_stream() is called in zeek_init()
handler with &priority=5 such that it will have already been created
in the default zeek_init() &priority=0.
---
 scripts/base/frameworks/signatures/main.zeek   | 2 +-
 scripts/policy/files/x509/log-ocsp.zeek        | 2 +-
 scripts/policy/protocols/conn/known-hosts.zeek | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/base/frameworks/signatures/main.zeek b/scripts/base/frameworks/signatures/main.zeek
index eb2143d4ec..9a301d520a 100644
--- a/scripts/base/frameworks/signatures/main.zeek
+++ b/scripts/base/frameworks/signatures/main.zeek
@@ -140,7 +140,7 @@ global count_per_orig: table[addr, string] of count
 global did_sig_log: set[string] &read_expire = 1 hr;
 
 
-event zeek_init()
+event zeek_init() &priority=5
 	{
 	Log::create_stream(Signatures::LOG, [$columns=Info, $ev=log_signature, $path="signatures"]);
 	}
diff --git a/scripts/policy/files/x509/log-ocsp.zeek b/scripts/policy/files/x509/log-ocsp.zeek
index 8cc9d5aef3..a677b38055 100644
--- a/scripts/policy/files/x509/log-ocsp.zeek
+++ b/scripts/policy/files/x509/log-ocsp.zeek
@@ -39,7 +39,7 @@ export {
 	global log_ocsp: event(rec: Info);
 }
 
-event zeek_init()
+event zeek_init() &priority=5
 	{
 	Log::create_stream(LOG, [$columns=Info, $ev=log_ocsp, $path="ocsp"]);
 	Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response");
diff --git a/scripts/policy/protocols/conn/known-hosts.zeek b/scripts/policy/protocols/conn/known-hosts.zeek
index 8a3383e1b2..e95f0cec16 100644
--- a/scripts/policy/protocols/conn/known-hosts.zeek
+++ b/scripts/policy/protocols/conn/known-hosts.zeek
@@ -145,7 +145,7 @@ event Known::host_found(info: HostsInfo)
 	event known_host_add(info);
 	}
 
-event zeek_init()
+event zeek_init() &priority=5
 	{
 	Log::create_stream(Known::HOSTS_LOG, [$columns=HostsInfo, $ev=log_known_hosts, $path="known_hosts"]);
 	}