Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 11:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/master' into topic/johanna/ocsp-new

Browse source
This commit is contained in:
Johanna Amann 2017-03-16 12:28:08 -07:00
commit 7aa219758c
99 changed files with 2110 additions and 795 deletions
Download patch file Download diff file Expand all files Collapse all files

6
testing/btest/Baseline/broker.remote_log/recv.recv.out
View file

@ -1,6 +0,0 @@
wrote log, [msg=ping, nolog=no, num=0]
wrote log, [msg=ping, nolog=no, num=1]
wrote log, [msg=ping, nolog=no, num=2]
wrote log, [msg=ping, nolog=no, num=3]
wrote log, [msg=ping, nolog=no, num=4]
wrote log, [msg=ping, nolog=no, num=5]

4
testing/btest/Baseline/broker.remote_log/recv.test.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path test
#open 2015-01-26-22-47-11
#open 2017-02-27-16-21-20
#fields msg num
#types string count
ping 0
@ -12,4 +12,4 @@ ping 2
ping 3
ping 4
ping 5
#close 2015-01-26-22-47-11
#close 2017-02-27-16-21-20

4
testing/btest/Baseline/broker.remote_log/send.test.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path test
#open 2015-01-26-22-47-11
#open 2017-02-27-16-21-19
#fields msg num
#types string count
ping 0
@ -12,4 +12,4 @@ ping 2
ping 3
ping 4
ping 5
#close 2015-01-26-22-47-11
#close 2017-02-27-16-21-20

0
testing/btest/Baseline/broker.remote_log_types/recv.recv.out Normal file
View file

10
testing/btest/Baseline/broker.remote_log_types/recv.test.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path test
#open 2017-02-11-02-17-35
#fields b i e c p sn a d t iv s sc ss se vc ve f
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1486779455.703438 100.000000 hurz 1 AA (empty) 10,20,30 (empty) foo\x0a{ \x0aif (0 < i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
#close 2017-02-11-02-17-35

1
testing/btest/Baseline/broker.remote_log_types/send.send.out Normal file
View file

@ -0,0 +1 @@
Broker::outgoing_connection_established, 127.0.0.1, 9999/tcp

10
testing/btest/Baseline/broker.remote_log_types/send.test.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path test
#open 2017-02-11-02-17-35
#fields b i e c p sn a d t iv s sc ss se vc ve f
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1486779455.703438 100.000000 hurz 1 AA (empty) 10,20,30 (empty) foo\x0a{ \x0aif (0 < i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
#close 2017-02-11-02-17-36

10
testing/btest/Baseline/core.erspan/tunnel.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path tunnel
#open 2017-02-03-20-27-11
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
#types time string addr port addr port enum enum
1442309933.472798 CHhAvVGS1DHFjwGM9 10.200.0.3 0 10.200.0.224 0 Tunnel::GRE Tunnel::DISCOVER
#close 2017-02-03-20-27-11

8
testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
#open 2016-11-02-17-25-26
#open 2017-02-28-17-15-30
#fields name
#types string
scripts/base/init-bare.bro
@ -58,7 +58,6 @@ scripts/base/init-bare.bro
build/scripts/base/bif/top-k.bif.bro
build/scripts/base/bif/plugins/__load__.bro
build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
build/scripts/base/bif/plugins/Bro_AYIYA.events.bif.bro
build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.bro
build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.bro
build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro
@ -74,7 +73,6 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_FTP.events.bif.bro
build/scripts/base/bif/plugins/Bro_FTP.functions.bif.bro
build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.bro
build/scripts/base/bif/plugins/Bro_GSSAPI.types.bif.bro
build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.bro
build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.bro
build/scripts/base/bif/plugins/Bro_HTTP.events.bif.bro
@ -96,7 +94,6 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_NTLM.types.bif.bro
build/scripts/base/bif/plugins/Bro_NTLM.events.bif.bro
build/scripts/base/bif/plugins/Bro_NTP.events.bif.bro
build/scripts/base/bif/plugins/Bro_PIA.events.bif.bro
build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro
build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro
build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro
@ -150,7 +147,6 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro
build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro
build/scripts/base/bif/plugins/Bro_XMPP.events.bif.bro
build/scripts/base/bif/plugins/Bro_ZIP.events.bif.bro
build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.bro
build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro
build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro
@ -171,4 +167,4 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
scripts/policy/misc/loaded-scripts.bro
scripts/base/utils/paths.bro
#close 2016-11-02-17-25-26
#close 2017-02-28-17-15-30

8
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
#open 2016-11-02-17-25-18
#open 2017-02-28-17-19-41
#fields name
#types string
scripts/base/init-bare.bro
@ -58,7 +58,6 @@ scripts/base/init-bare.bro
build/scripts/base/bif/top-k.bif.bro
build/scripts/base/bif/plugins/__load__.bro
build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
build/scripts/base/bif/plugins/Bro_AYIYA.events.bif.bro
build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.bro
build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.bro
build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro
@ -74,7 +73,6 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_FTP.events.bif.bro
build/scripts/base/bif/plugins/Bro_FTP.functions.bif.bro
build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.bro
build/scripts/base/bif/plugins/Bro_GSSAPI.types.bif.bro
build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.bro
build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.bro
build/scripts/base/bif/plugins/Bro_HTTP.events.bif.bro
@ -96,7 +94,6 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_NTLM.types.bif.bro
build/scripts/base/bif/plugins/Bro_NTLM.events.bif.bro
build/scripts/base/bif/plugins/Bro_NTP.events.bif.bro
build/scripts/base/bif/plugins/Bro_PIA.events.bif.bro
build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro
build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro
build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro
@ -150,7 +147,6 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro
build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro
build/scripts/base/bif/plugins/Bro_XMPP.events.bif.bro
build/scripts/base/bif/plugins/Bro_ZIP.events.bif.bro
build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.bro
build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro
build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro
@ -359,4 +355,4 @@ scripts/base/init-default.bro
scripts/base/misc/find-filtered-trace.bro
scripts/base/misc/version.bro
scripts/policy/misc/loaded-scripts.bro
#close 2016-11-02-17-25-18
#close 2017-02-28-17-19-41

2
testing/btest/Baseline/language.uninitialized-local2/out Normal file
View file

@ -0,0 +1,2 @@
error in /home/jon/projects/bro/bro/testing/btest/.tmp/language.uninitialized-local2/uninitialized-local2.bro, line 19: value used but not set (var_b)
var_a is, baz

23
testing/btest/Baseline/plugins.hooks/output
View file

@ -247,7 +247,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1485327769.512366, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1488302456.440387, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Communication::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Conn::LOG)) -> <no result>
@ -377,7 +377,7 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1485327769.512366, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1488302456.440387, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@ -416,7 +416,6 @@
0.000000 MetaHookPost LoadFile(../main) -> -1
0.000000 MetaHookPost LoadFile(../plugin) -> -1
0.000000 MetaHookPost LoadFile(./Bro_ARP.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_AYIYA.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_AsciiReader.ascii.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_AsciiWriter.ascii.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_BackDoor.events.bif.bro) -> -1
@ -440,7 +439,6 @@
0.000000 MetaHookPost LoadFile(./Bro_FileHash.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_Finger.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_GSSAPI.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_GSSAPI.types.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_GTPv1.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_Gnutella.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_HTTP.events.bif.bro) -> -1
@ -465,7 +463,6 @@
0.000000 MetaHookPost LoadFile(./Bro_NetBIOS.functions.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_NoneWriter.none.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_PE.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_PIA.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_POP3.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_RADIUS.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_RDP.events.bif.bro) -> -1
@ -528,7 +525,6 @@
0.000000 MetaHookPost LoadFile(./Bro_X509.functions.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_X509.types.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_XMPP.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./Bro_ZIP.events.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(./acld) -> -1
0.000000 MetaHookPost LoadFile(./addrs) -> -1
0.000000 MetaHookPost LoadFile(./analyzer.bif.bro) -> -1
@ -968,7 +964,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1485327769.512366, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1488302456.440387, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Communication::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Conn::LOG))
@ -1098,7 +1094,7 @@
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1485327769.512366, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1488302456.440387, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
@ -1137,7 +1133,6 @@
0.000000 MetaHookPre LoadFile(../main)
0.000000 MetaHookPre LoadFile(../plugin)
0.000000 MetaHookPre LoadFile(./Bro_ARP.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_AYIYA.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_AsciiReader.ascii.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_AsciiWriter.ascii.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_BackDoor.events.bif.bro)
@ -1161,7 +1156,6 @@
0.000000 MetaHookPre LoadFile(./Bro_FileHash.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_Finger.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_GSSAPI.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_GSSAPI.types.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_GTPv1.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_Gnutella.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_HTTP.events.bif.bro)
@ -1186,7 +1180,6 @@
0.000000 MetaHookPre LoadFile(./Bro_NetBIOS.functions.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_NoneWriter.none.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_PE.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_PIA.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_POP3.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_RADIUS.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_RDP.events.bif.bro)
@ -1249,7 +1242,6 @@
0.000000 MetaHookPre LoadFile(./Bro_X509.functions.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_X509.types.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_XMPP.events.bif.bro)
0.000000 MetaHookPre LoadFile(./Bro_ZIP.events.bif.bro)
0.000000 MetaHookPre LoadFile(./acld)
0.000000 MetaHookPre LoadFile(./addrs)
0.000000 MetaHookPre LoadFile(./analyzer.bif.bro)
@ -1688,7 +1680,7 @@
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1485327769.512366, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1488302456.440387, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG)
@ -1818,7 +1810,7 @@
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1485327769.512366, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1488302456.440387, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction NetControl::check_plugins()
0.000000 | HookCallFunction NetControl::init()
0.000000 | HookCallFunction Notice::want_pp()
@ -2297,6 +2289,7 @@
1362692527.080972 MetaHookPost CallFunction(Conn::determine_service, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
1362692527.080972 MetaHookPost CallFunction(Conn::set_conn, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
1362692527.080972 MetaHookPost CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <no result>
1362692527.080972 MetaHookPost CallFunction(KRB::do_log, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
1362692527.080972 MetaHookPost CallFunction(KRB::fill_in_subjects, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
1362692527.080972 MetaHookPost CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <no result>
1362692527.080972 MetaHookPost CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <no result>
@ -2327,6 +2320,7 @@
1362692527.080972 MetaHookPre CallFunction(Conn::determine_service, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
1362692527.080972 MetaHookPre CallFunction(Conn::set_conn, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692527.080972 MetaHookPre CallFunction(HTTP::get_file_handle, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692527.080972 MetaHookPre CallFunction(KRB::do_log, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
1362692527.080972 MetaHookPre CallFunction(KRB::fill_in_subjects, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
1362692527.080972 MetaHookPre CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
1362692527.080972 MetaHookPre CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
@ -2358,6 +2352,7 @@
1362692527.080972 | HookCallFunction Conn::determine_service([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692527.080972 | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692527.080972 | HookCallFunction KRB::do_log([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692527.080972 | HookCallFunction KRB::fill_in_subjects([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])
1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])

26
testing/btest/Baseline/scripts.base.frameworks.input.invalid-lines/out Normal file
View file

@ -0,0 +1,26 @@
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242 HOHOHO, sc={
2,
4,
1,
3
}, ss={
BB,
AA,
CC
}, se={
}, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242, sc={
2,
4,
1,
3
}, ss={
BB,
AA,
CC
}, se={
}, vc=[10, 20, 30], ve=[]]
}

2
testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr
View file

@ -1,2 +1,2 @@
warning: Value not 'IdoNot::Exist' for stream 'enum' is not a valid enum.
warning: Value 'IdoNot::Exist' for stream 'enum' is not a valid enum.
received termination signal

8
testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stderr Normal file
View file

@ -0,0 +1,8 @@
warning: ../does-not-exist.dat/Input::READER_ASCII: Init: cannot open ../does-not-exist.dat
warning: ../does-not-exist.dat/Input::READER_ASCII: Init: cannot open ../does-not-exist.dat
warning: ../does-not-exist.dat/Input::READER_ASCII: Init: cannot open ../does-not-exist.dat
error: ../does-not-exist.dat/Input::READER_ASCII: Init: cannot open ../does-not-exist.dat
error: ../does-not-exist.dat/Input::READER_ASCII: Init failed
error: ../does-not-exist.dat/Input::READER_ASCII: terminating thread
warning: ../does-not-exist.dat/Input::READER_ASCII: Could not get stat for ../does-not-exist.dat
received termination signal

5
testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/bro..stdout Normal file
View file

@ -0,0 +1,5 @@
now it does
and more!
now it does
and more!
Streaming still works

25
testing/btest/Baseline/scripts.base.frameworks.intel.expire-item/output
View file

@ -3,20 +3,31 @@
#empty_field (empty)
#unset_field -
#path intel
#open 2016-06-15-19-11-06
#open 2017-02-09-18-29-44
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.indicator seen.indicator_type seen.where seen.node matched sources fuid file_mime_type file_desc
#types time string addr port addr port string enum enum string set[enum] set[string] string string string
1466017866.348490 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1 - - -
1466017867.349583 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1 - - -
1466017868.349656 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1 - - -
#close 2016-06-15-19-11-12
1486664984.510411 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1 - - -
1486664987.510937 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1 - - -
1486664990.511265 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1,source2 - - -
1486664993.512024 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1,source2 - - -
1486664996.512265 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE bro Intel::ADDR source1,source2 - - -
#close 2017-02-09-18-30-03
-- Run 1 --
Trigger: 1.2.3.4
Seen: 1.2.3.4
-- Run 2 --
Trigger: 1.2.3.4
Reinsert: 1.2.3.4
Seen: 1.2.3.4
-- Run 3 --
Trigger: 1.2.3.4
Seen: 1.2.3.4
-- Run 4 --
Trigger: 1.2.3.4
Seen: 1.2.3.4
-- Run 5 --
Trigger: 1.2.3.4
Seen: 1.2.3.4
Expired: 1.2.3.4
Trigger: 1.2.3.4
Trigger: 1.2.3.4
-- Run 6 --
Trigger: 1.2.3.4

6
testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path reporter
#open 2016-09-20-22-35-58
#open 2017-02-11-16-36-40
#fields ts level message location
#types time enum string string
0.000000 Reporter::INFO Tried to remove non-existing item '192.168.1.1' (Intel::ADDR). /home/jgras/devel/bro/scripts/base/frameworks/intel/./main.bro, lines 507-508
0.000000 Reporter::INFO Tried to remove non-existing item '192.168.1.1' (Intel::ADDR). /home/johanna/bro/master/scripts/base/frameworks/intel/./main.bro, lines 520-521
0.000000 Reporter::INFO received termination signal (empty)
#close 2016-09-20-22-35-59
#close 2017-02-11-16-36-40

23
testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol.log
View file

@ -1,23 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path netcontrol
#open 2016-08-12-17-38-49
#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin
#types time string enum string enum string enum string string string string int interval string string
1471023529.752740 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All
1471023529.752740 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All
1471023529.752740 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
1471023532.819263 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 connection drop worker-1 Debug-All
1471023532.819263 worker-1:2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 direct drop worker-1 Debug-All
1471023532.819263 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 connection drop worker-1 Debug-All
1471023532.819263 worker-1:2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 direct drop worker-1 Debug-All
1471023532.920126 worker-1:2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 direct drop worker-1 Debug-All
1471023532.920126 worker-1:2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 direct drop worker-1 Debug-All
1471023532.921768 worker-1:2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 direct drop worker-1 Debug-All
1471023534.308087 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - worker-2 0 600.000000 connection drop worker-1 Debug-All
1471023534.308087 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 connection drop worker-1 Debug-All
1471023534.308087 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: direct cr worker-1 Debug-All
1471023534.308087 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: direct cr worker-1 Debug-All
#close 2016-08-12-17-38-54

18
testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol_catch_release.log
View file

@ -1,18 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path netcontrol_catch_release
#open 2016-08-12-17-38-52
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message
#types time string addr enum interval interval time time count string string
1471023532.819263 2 192.168.18.50 NetControl::DROP 600.000000 3600.000000 1471024132.819263 1471027132.819263 1 connection drop worker-1 -
1471023532.819263 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 1471024132.819263 1471027132.819263 1 connection drop worker-1 -
1471023532.819263 worker-1:2 8.8.8.8 NetControl::ADDED 600.000000 3600.000000 - 1471027132.819263 1 direct cr worker-1 Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.
1471023532.920126 worker-1:2 8.8.8.8 NetControl::UNBLOCK 600.000000 3600.000000 - 1471027132.819263 1 direct cr worker-1 -
1471023534.308087 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1471024132.819263 1471027132.819263 1 connection drop worker-1 Block seen while in rule_entities. No action taken.
1471023534.308087 2 192.168.18.50 NetControl::UNBLOCK 600.000000 3600.000000 1471024132.819263 1471027132.819263 1 connection drop worker-1 worker-2
1471023534.308087 4 8.8.8.8 NetControl::SEEN_AGAIN 3600.000000 86400.000000 1471027134.308087 1471109934.308087 2 direct cr worker-1 -
1471023534.308087 4 8.8.8.8 NetControl::DROPPED 3600.000000 86400.000000 1471027134.308087 1471109934.308087 2 direct cr worker-1 -
1471023532.239980 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1471024132.819263 1471027132.819263 1 connection drop worker-1 Already blocked using catch-and-release - ignoring duplicate
#close 2016-08-12-17-38-54

9
testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/worker-2..stdout
View file

@ -1,9 +0,0 @@
Suspend, worker-2
New block, 192.168.18.50, [block_until=1471027194.791177, watch_until=1471030194.791177, num_reblocked=0, current_interval=0, current_block_id=2, location=connection drop worker-1]
New block, 8.8.8.8, [block_until=<uninitialized>, watch_until=1471030194.791177, num_reblocked=0, current_interval=0, current_block_id=worker-1:2, location=direct cr worker-1]
Resume, worker-2
Connection established
Info, [block_until=1471027194.791177, watch_until=1471030194.791177, num_reblocked=0, current_interval=0, current_block_id=2, location=connection drop worker-1]
Delete block, 192.168.18.50
New block, 8.8.8.8, [block_until=1471030196.295249, watch_until=1471112996.295249, num_reblocked=1, current_interval=1, current_block_id=4, location=direct cr worker-1]
remote connection closed

2
testing/btest/Baseline/scripts.base.protocols.krb.kinit/output
View file

@ -1,3 +1,3 @@
KRB_AP_REQUEST
[pvno=5, realm=VLADG.NET, service_name=krbtgt/VLADG.NET, cipher=18]
[pvno=5, realm=VLADG.NET, service_name=krbtgt/VLADG.NET, cipher=18, ciphertext={\x9fY\xd0f\x8dS\xf4I\x88\x04\xfa\xc1\xd8m\xa2\xb7+\xbb\x19\xcag\x0c\x13\xd1g*\xfc\x18\xd1\xb1\x80!\xbd\x85\xec\xf9\x9b\xfa-\x18\xb6\xf5h\x91\xe7\x99\xf4\xdb\x93\xa0\xc7\x90\x1e\xa9\x95v\xd3\x12\xfa,9\x1d\x0b\xd0\xa1\xd25\x0f\x1f[G\xdf\xd0\xbbd\x06$2\xd1\xae\x130qZiY\x07@\xe9\xf9\xff\xa4\x9a\xd4\x09\xf0\x0d\xc1R\x10M\xbdKOV\xfd\xf6\x13\xf6\x9a\x95N\xdf!\xf6x\x94\xd8j\xa5\xdcp\xa8\x04\x99\x02x\xdb$\xd8\xfa_o\x8dV\xc8\x0a\xfe\x00\xf3&c\x0c8\xd1\xd0\xe9\x8e\xab\xfe&\xfe\x00\x8d$\x98I\xe5\x8d\x94rM4%\xd8\xfe\xa9\x08\x06\xc6\x95H7\xf7HCq\xb9\x0d$\x95?\x83B\x82\xdd\xea\xc3f3\xcc\xbb\x09\x0d-\x09;\xa6i%\xcd\xba\x11\xd4\xe0\x12w\xd0G&\xdaj\x82\x7f;\xf3\x1d\x10\xa4l\x06\x16l\x1bc\xa1\xd1\x15!\x00\x8a\xff\x8a\x06\xe7U^:<d\xba"\x02I\xf0\xce\xc7\xad\xb2]
[use_session_key=F, mutual_required=F]

10
testing/btest/Baseline/scripts.base.protocols.radius.auth/radius.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path radius
#open 2016-07-13-16-16-47
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p username mac remote_ip connect_info result
#types time string addr port addr port string string addr string string
1217631137.916736 CHhAvVGS1DHFjwGM9 10.0.0.1 1645 10.0.0.100 1812 John.McGuirk 00:14:22:e9:54:5e - - success
#close 2016-07-13-16-16-47
#open 2017-02-20-04-53-55
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p username mac framed_addr remote_ip connect_info reply_msg result ttl
#types time string addr port addr port string string addr addr string string string interval
1217631137.872968 CHhAvVGS1DHFjwGM9 10.0.0.1 1645 10.0.0.100 1812 John.McGuirk 00:14:22:e9:54:5e 255.255.255.254 - - Hello, %u success 0.043882
#close 2017-02-20-04-53-55

16
testing/btest/Baseline/scripts.base.protocols.radius.radius-multiple-attempts/radius.log Normal file
View file

@ -0,0 +1,16 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path radius
#open 2017-02-20-04-56-31
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p username mac framed_addr remote_ip connect_info reply_msg result ttl
#types time string addr port addr port string string addr addr string string string interval
1440447766.440305 CHhAvVGS1DHFjwGM9 127.0.0.1 53031 127.0.0.1 1812 steve - 172.16.3.33 - - - failed 1.005906
1440447839.947454 ClEkJM2Vm5giqnMf4h 127.0.0.1 65443 127.0.0.1 1812 steve - 172.16.3.33 - - - success 0.000779
1440447848.196115 C4J4Th3PJpwUYZZ6gc 127.0.0.1 57717 127.0.0.1 1812 steve - - - - - success 0.000275
1440447860.613743 CtPZjS20MLrsMUOJi2 127.0.0.1 64691 127.0.0.1 1812 steve - - - - - success 0.000273
1440447880.931272 CUM0KZ3MLUfNB0cl11 127.0.0.1 52178 127.0.0.1 1812 steve - - - - - failed 1.001459
1440447904.122012 CmES5u32sYpV7JYN 127.0.0.1 62956 127.0.0.1 1812 steve - - - - - unknown -
1440448190.335333 CP5puj4I8PtEU4qzYg 127.0.0.1 53127 127.0.0.1 1812 steve - - - - - success 0.000517
#close 2017-02-20-04-56-31

10
testing/btest/Baseline/scripts.policy.protocols.krb.ticket-logging/kerberos.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path kerberos
#open 2017-02-22-05-02-14
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p request_type client service success error_msg from till cipher forwardable renewable client_cert_subject client_cert_fuid server_cert_subject server_cert_fuid auth_ticket new_ticket
#types time string addr port addr port string string string bool string time time string bool bool string string string string string string
1429583645.478441 CHhAvVGS1DHFjwGM9 192.168.1.31 64889 192.168.1.32 88 TGS vladg/VLADG.NET krbtgt/VLADG.NET T - - 0.000000 aes256-cts-hmac-sha1-96 T F - - - - a09fbd89918320cc12a26d4f0c4e6aa2 396a9d9e8975cc5024a83c6e86101f06
#close 2017-02-22-05-02-14

BIN
testing/btest/Traces/erspan.trace Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/radius/radius_localhost.pcapng Normal file
View file

Binary file not shown.

100
testing/btest/broker/remote_log.test
View file

@ -12,25 +12,28 @@
@TEST-START-FILE common.bro
global quit_receiver: event();
global quit_sender: event();
module Test;
export {
redef enum Log::ID += { LOG };
redef enum Log::ID += { LOG };
type Info: record {
msg: string &log;
nolog: string &default="no";
num: count &log;
};
global log_test: event(rec: Test::Info);
type Info: record {
msg: string &log;
nolog: string &default="no";
num: count &log;
};
}
event bro_init() &priority=5
{
Broker::enable();
Log::create_stream(Test::LOG, [$columns=Test::Info, $ev=log_test]);
}
{
Broker::enable();
Log::create_stream(Test::LOG, [$columns=Test::Info]);
}
@TEST-END-FILE
@ -40,58 +43,67 @@ const broker_port: port &redef;
redef exit_only_after_terminate = T;
event bro_init()
{
Broker::subscribe_to_logs("bro/log/");
Broker::listen(broker_port, "127.0.0.1");
}
{
Broker::subscribe_to_logs("bro/log/");
Broker::subscribe_to_events("bro/event/");
Broker::listen(broker_port, "127.0.0.1");
}
event Test::log_test(rec: Test::Info)
{
print "wrote log", rec;
if ( rec$num == 5 )
terminate();
}
event quit_receiver()
{
terminate();
}
@TEST-END-FILE
@TEST-START-FILE send.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
event bro_init()
{
Broker::enable_remote_logs(Test::LOG);
Broker::connect("127.0.0.1", broker_port, 1secs);
}
{
Broker::enable_remote_logs(Test::LOG);
Broker::publish_topic("bro/event/");
Broker::connect("127.0.0.1", broker_port, 1secs);
}
global n = 0;
event do_write()
{
if ( n == 6 )
return;
else
{
Log::write(Test::LOG, [$msg = "ping", $num = n]);
++n;
event do_write();
}
}
{
if ( n == 6 )
{
local args = Broker::event_args(quit_receiver);
Broker::send_event("bro/event/", args);
schedule 1sec { quit_sender() };
}
else
{
Log::write(Test::LOG, [$msg = "ping", $num = n]);
++n;
event do_write();
}
}
event quit_sender()
{
terminate();
}
event Broker::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
print "Broker::outgoing_connection_established", peer_address, peer_port;
event do_write();
}
{
print "Broker::outgoing_connection_established", peer_address, peer_port;
event do_write();
}
event Broker::outgoing_connection_broken(peer_address: string,
peer_port: port)
{
terminate();
}
{
terminate();
}
@TEST-END-FILE

134
testing/btest/broker/remote_log_types.test Normal file
View file

@ -0,0 +1,134 @@
# @TEST-SERIALIZE: brokercomm
# @TEST-REQUIRES: grep -q ENABLE_BROKER:BOOL=true $BUILD/CMakeCache.txt
# @TEST-EXEC: btest-bg-run recv "bro -b ../common.bro ../recv.bro broker_port=$BROKER_PORT >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -b ../common.bro ../send.bro broker_port=$BROKER_PORT >send.out"
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff recv/test.log
# @TEST-EXEC: btest-diff send/send.out
# @TEST-EXEC: btest-diff send/test.log
@TEST-START-FILE common.bro
global quit_receiver: event();
global quit_sender: event();
module Test;
export {
redef enum Log::ID += { LOG };
type Info: record {
b: bool;
i: int;
e: Log::ID;
c: count;
p: port;
sn: subnet;
a: addr;
d: double;
t: time;
iv: interval;
s: string;
sc: set[count];
ss: set[string];
se: set[string];
vc: vector of count;
ve: vector of string;
f: function(i: count) : string;
} &log;
}
event bro_init() &priority=5
{
Broker::enable();
Log::create_stream(Test::LOG, [$columns=Test::Info]);
}
@TEST-END-FILE
@TEST-START-FILE recv.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
event bro_init()
{
Broker::subscribe_to_logs("bro/log/");
Broker::subscribe_to_events("bro/event/");
Broker::listen(broker_port, "127.0.0.1");
}
event quit_receiver()
{
terminate();
}
@TEST-END-FILE
@TEST-START-FILE send.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
event bro_init()
{
Broker::enable_remote_logs(Test::LOG);
Broker::publish_topic("bro/event/");
Broker::connect("127.0.0.1", broker_port, 1secs);
}
event quit_sender()
{
terminate();
}
function foo(i : count) : string
{
if ( i > 0 )
return "Foo";
else
return "Bar";
}
event Broker::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
print "Broker::outgoing_connection_established", peer_address, peer_port;
local empty_set: set[string];
local empty_vector: vector of string;
Log::write(Test::LOG, [
$b=T,
$i=-42,
$e=Test::LOG,
$c=21,
$p=123/tcp,
$sn=10.0.0.1/24,
$a=1.2.3.4,
$d=3.14,
$t=network_time(),
$iv=100secs,
$s="hurz",
$sc=set(1), # set(1,2,3,4), # Output not stable for multi-element sets.
$ss=set("AA"), # set("AA", "BB", "CC") # Output not stable for multi-element sets.
$se=empty_set,
$vc=vector(10, 20, 30),
$ve=empty_vector,
$f=foo
]);
local args = Broker::event_args(quit_receiver);
Broker::send_event("bro/event/", args);
schedule 1sec { quit_sender() };
}
@TEST-END-FILE

4
testing/btest/core/erspan.bro Normal file
View file

@ -0,0 +1,4 @@
# @TEST-EXEC: bro -C -b -r $TRACES/erspan.trace %INPUT
# @TEST-EXEC: btest-diff tunnel.log
@load base/frameworks/tunnels

1
testing/btest/istate/pybroccoli.py
View file

@ -4,6 +4,7 @@
# @TEST-REQUIRES: test -e $BUILD/aux/broccoli/bindings/broccoli-python/_broccoli_intern.so
#
# @TEST-EXEC: btest-bg-run bro bro %INPUT $DIST/aux/broccoli/bindings/broccoli-python/tests/test.bro
# @TEST-EXEC: sleep 2
# @TEST-EXEC: btest-bg-run python PYTHONPATH=$DIST/aux/broccoli/bindings/broccoli-python/:$BUILD/aux/broccoli/bindings/broccoli-python python $DIST/aux/broccoli/bindings/broccoli-python/tests/test.py
# @TEST-EXEC: btest-bg-wait -k 20
# @TEST-EXEC: btest-diff bro/.stdout

25
testing/btest/language/uninitialized-local2.bro Normal file
View file

@ -0,0 +1,25 @@
# @TEST-EXEC: bro -b %INPUT >out 2>&1
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
event test()
{
local var_a: string = "foo";
}
event test()
{
if ( F )
{
local var_b: string = "bar";
}
local var_a: string = "baz";
print "var_a is", var_a;
print "var_b is", var_b;
}
event bro_init()
{
event test();
}

67
testing/btest/scripts/base/frameworks/input/invalid-lines.bro Normal file
View file

@ -0,0 +1,67 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
redef exit_only_after_terminate = T;
redef InputAscii::fail_on_invalid_lines = F;
@TEST-START-FILE input.log
#separator \x09
#path ssh
#fields b i e c p sn a d t iv s sc ss se vc ve ns
#types bool int enum count port subnet addr double time interval string table table table vector vector string
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242
T -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242 HOHOHO
T -41
@TEST-END-FILE
@load base/protocols/ssh
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
type Idx: record {
i: int;
};
type Val: record {
b: bool;
e: Log::ID;
c: count;
p: port;
sn: subnet;
a: addr;
d: double;
t: time;
iv: interval;
s: string;
ns: string;
sc: set[count];
ss: set[string];
se: set[string];
vc: vector of int;
ve: vector of int;
};
global servers: table[int] of Val = table();
global servers2: table[int] of Val = table();
event bro_init()
{
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::add_table([$source="../input.log", $name="ssh2", $idx=Idx, $val=Val, $destination=servers2, $config=table(["fail_on_invalid_lines"] = "T")]);
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
close(outfile);
terminate();
}

1
testing/btest/scripts/base/frameworks/input/invalidtext.bro
View file

@ -13,6 +13,7 @@
@TEST-END-FILE
redef exit_only_after_terminate = T;
redef InputAscii::fail_on_invalid_lines = T;
global outfile: file;

49
testing/btest/scripts/base/frameworks/input/missing-file-initially.bro Normal file
View file

@ -0,0 +1,49 @@
# This tests files that don't exist initially and then do later during
# runtime to make sure the ascii reader is resilient to files missing.
# It does a second test at the same time which configures the old
# failing behavior.
# @TEST-EXEC: btest-bg-run bro bro %INPUT
# @TEST-EXEC: sleep 2; cp does-exist.dat does-not-exist.dat
# @TEST-EXEC: sleep 2; mv does-not-exist.dat does-not-exist-again.dat; echo "Streaming still works" >> does-not-exist-again.dat
# @TEST-EXEC: btest-bg-wait -k 3
# @TEST-EXEC: btest-diff bro/.stdout
# @TEST-EXEC: btest-diff bro/.stderr
@TEST-START-FILE does-exist.dat
#separator \x09
#fields line
#types string
now it does
and more!
@TEST-END-FILE
redef exit_only_after_terminate = T;
@load base/frameworks/input
module A;
type Val: record {
line: string;
};
event line(description: Input::EventDescription, tpe: Input::Event, v: Val)
{
print v$line;
}
event line2(description: Input::EventDescription, tpe: Input::Event, v: Val)
{
print "DONT PRINT THIS LINE";
}
event bro_init()
{
Input::add_event([$source="../does-not-exist.dat", $name="input", $reader=Input::READER_ASCII, $mode=Input::REREAD, $fields=Val, $ev=line, $want_record=T]);
Input::add_event([$source="../does-not-exist.dat", $name="inputstream", $reader=Input::READER_ASCII, $mode=Input::STREAM, $fields=Val, $ev=line, $want_record=T]);
Input::add_event([$source="../does-not-exist.dat", $name="inputmanual", $reader=Input::READER_ASCII, $mode=Input::MANUAL, $fields=Val, $ev=line, $want_record=T]);
Input::add_event([$source="../does-not-exist.dat", $name="input2", $reader=Input::READER_ASCII, $mode=Input::REREAD, $fields=Val, $ev=line2, $want_record=T,
$config=table(["fail_on_file_problem"] = "T")]);
}

1
testing/btest/scripts/base/frameworks/input/missing-file.bro
View file

@ -3,6 +3,7 @@
# @TEST-EXEC: btest-diff bro/.stderr
redef exit_only_after_terminate = T;
redef InputAscii::fail_on_file_problem = T;
global outfile: file;
global try: count;

19
testing/btest/scripts/base/frameworks/intel/expire-item.bro
View file

@ -20,11 +20,28 @@ redef table_expire_interval = 3sec;
global runs = 0;
event do_it()
{
++runs;
print fmt("-- Run %s --", runs);
print "Trigger: 1.2.3.4";
Intel::seen([$host=1.2.3.4,
$where=SOMEWHERE]);
++runs;
if ( runs == 2 )
{
# Reinserting the indicator should reset the expiration
print "Reinsert: 1.2.3.4";
local item = [
$indicator="1.2.3.4",
$indicator_type=Intel::ADDR,
$meta=[
$source="source2",
$desc="this host is still bad",
$url="http://some-data-distributor.com/2"]
];
Intel::insert(item);
}
if ( runs < 6 )
schedule 3sec { do_it() };
}

132
testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-cluster.bro
View file

@ -1,132 +0,0 @@
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
# @TEST-EXEC: sleep 1
# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT"
# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT"
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff manager-1/netcontrol.log
# @TEST-EXEC: btest-diff manager-1/netcontrol_catch_release.log
# @TEST-EXEC: btest-diff worker-2/.stdout
@TEST-START-FILE cluster-layout.bro
redef Cluster::nodes = {
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
["worker-2"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth0"],
};
@TEST-END-FILE
redef exit_only_after_terminate = T;
redef Log::default_rotation_interval = 0secs;
@load base/frameworks/netcontrol
redef NetControl::catch_release_warn_blocked_ip_encountered = T;
global ready_for_data_1: event();
global ready_for_data_2: event();
redef Cluster::manager2worker_events += /^ready_for_data_(1|2)$/;
@if ( Cluster::local_node_type() == Cluster::MANAGER )
global peer_count = 0;
event remote_connection_handshake_done(p: event_peer) &priority=-5
{
++peer_count;
print "remote_connection_handshake_done", peer_count;
if ( peer_count == 2 )
{
event ready_for_data_1();
schedule 1.5sec { ready_for_data_2() };
}
}
@endif
@if ( Cluster::local_node_type() == Cluster::WORKER )
event bro_init()
{
print "Suspend", Cluster::node;
suspend_processing();
}
event remote_connection_closed(p: event_peer) {
print "remote connection closed";
terminate();
}
@endif
@if ( Cluster::node == "worker-1" )
event ready_for_data_1()
{
print "Resume", Cluster::node;
continue_processing();
}
@endif
@if ( Cluster::node == "worker-2" )
event ready_for_data_2()
{
print "Resume", Cluster::node;
continue_processing();
}
@endif
event NetControl::init()
{
local netcontrol_debug = NetControl::create_debug(T);
NetControl::activate(netcontrol_debug, 0);
}
global i: count = 0;
event connection_established(c: connection)
{
print "Connection established";
local id = c$id;
local info = NetControl::get_catch_release_info(id$orig_h);
print "Info", info;
NetControl::drop_address_catch_release(id$orig_h, cat("connection drop ", Cluster::node));
if ( info$current_block_id != "" )
{
NetControl::unblock_address_catch_release(id$orig_h, Cluster::node);
}
}
@if ( Cluster::node == "worker-1" )
event connection_established(c: connection)
{
NetControl::drop_address(8.8.8.8, 0.1secs, cat("direct drop ", Cluster::node));
NetControl::drop_address_catch_release(8.8.8.8, cat("direct cr ", Cluster::node));
}
@endif
@if ( Cluster::node == "worker-2" )
event connection_established(c: connection)
{
NetControl::catch_release_seen(8.8.8.8);
}
@endif
event NetControl::catch_release_block_new(a: addr, b: NetControl::BlockInfo)
{
print "New block", a, b;
}
event NetControl::catch_release_block_delete(a: addr)
{
print "Delete block", a;
}
event terminate_me() {
terminate();
}
@if ( Cluster::local_node_type() == Cluster::MANAGER )
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
{
print "Scheduling terminate";
schedule 3sec { terminate_me() };
}
@endif

6
testing/btest/scripts/base/protocols/radius/radius-multiple-attempts.test Normal file
View file

@ -0,0 +1,6 @@
# Test a more complicated radius session with multiple attempts
# @TEST-EXEC: bro -b -C -r $TRACES/radius/radius_localhost.pcapng %INPUT
# @TEST-EXEC: btest-diff radius.log
@load base/protocols/radius

6
testing/btest/scripts/policy/protocols/krb/ticket-logging.bro Normal file
View file

@ -0,0 +1,6 @@
# This test makes sure that krb ticket hashes are logged correctly.
# @TEST-EXEC: bro -b -r $TRACES/krb/auth.trace %INPUT
# @TEST-EXEC: btest-diff kerberos.log
@load protocols/krb/ticket-logging