diff --git a/src/analyzer/protocol/mqtt/CMakeLists.txt b/src/analyzer/protocol/mqtt/CMakeLists.txt
index 5b3a7d5066..bcb25ad1c6 100644
--- a/src/analyzer/protocol/mqtt/CMakeLists.txt
+++ b/src/analyzer/protocol/mqtt/CMakeLists.txt
@@ -1,27 +1,27 @@
-include(BroPlugin)
+include(ZeekPlugin)
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
-bro_plugin_begin(Bro MQTT)
-bro_plugin_cc(MQTT.cc Plugin.cc)
-bro_plugin_bif(types.bif events.bif)
-bro_plugin_pac(mqtt.pac
- mqtt-protocol.pac
- commands/connect.pac
- commands/connack.pac
- commands/publish.pac
- commands/puback.pac
- commands/pubrec.pac
- commands/pubrel.pac
- commands/pubcomp.pac
- commands/subscribe.pac
- commands/suback.pac
- commands/unsuback.pac
- commands/unsubscribe.pac
- commands/disconnect.pac
- commands/pingreq.pac
- commands/pingresp.pac
- )
+zeek_plugin_begin(Zeek MQTT)
+zeek_plugin_cc(MQTT.cc Plugin.cc)
+zeek_plugin_bif(types.bif events.bif)
+zeek_plugin_pac(mqtt.pac
+ mqtt-protocol.pac
+ commands/connect.pac
+ commands/connack.pac
+ commands/publish.pac
+ commands/puback.pac
+ commands/pubrec.pac
+ commands/pubrel.pac
+ commands/pubcomp.pac
+ commands/subscribe.pac
+ commands/suback.pac
+ commands/unsuback.pac
+ commands/unsubscribe.pac
+ commands/disconnect.pac
+ commands/pingreq.pac
+ commands/pingresp.pac
+ )
-bro_plugin_end()
+zeek_plugin_end()
diff --git a/src/analyzer/protocol/mqtt/Plugin.cc b/src/analyzer/protocol/mqtt/Plugin.cc
index f428344222..6ebcbb89ba 100644
--- a/src/analyzer/protocol/mqtt/Plugin.cc
+++ b/src/analyzer/protocol/mqtt/Plugin.cc
@@ -5,7 +5,7 @@
#include "MQTT.h"
namespace plugin {
-namespace Bro_MQTT {
+namespace Zeek_MQTT {
class Plugin : public plugin::Plugin {
public:
@@ -15,7 +15,7 @@ public:
::analyzer::MQTT::MQTT_Analyzer::InstantiateAnalyzer));
plugin::Configuration config;
- config.name = "Bro::MQTT";
+ config.name = "Zeek::MQTT";
config.description = "Message Queuing Telemetry Transport v3.1.1 Protocol analyzer";
return config;
}
diff --git a/src/analyzer/protocol/mqtt/commands/connack.pac b/src/analyzer/protocol/mqtt/commands/connack.pac
index 49b8eb131e..ad641b8468 100644
--- a/src/analyzer/protocol/mqtt/commands/connack.pac
+++ b/src/analyzer/protocol/mqtt/commands/connack.pac
@@ -16,7 +16,7 @@ refine flow MQTT_Flow += {
if ( mqtt_connack )
{
auto m = new RecordVal(BifType::Record::MQTT::ConnectAckMsg);
- m->Assign(0, val_mgr->GetBool(${msg.return_code}));
+ m->Assign(0, val_mgr->GetCount(${msg.return_code}));
m->Assign(1, val_mgr->GetBool(${msg.session_present}));
BifEvent::generate_mqtt_connack(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
diff --git a/testing/btest/Baseline/core.print-bpf-filters/output2 b/testing/btest/Baseline/core.print-bpf-filters/output2
index 9f2e8a5002..290623f7ed 100644
--- a/testing/btest/Baseline/core.print-bpf-filters/output2
+++ b/testing/btest/Baseline/core.print-bpf-filters/output2
@@ -8,6 +8,7 @@
1 161
1 162
1 1812
+1 1883
2 20000
1 21
1 2123
@@ -56,8 +57,8 @@
1 992
1 993
1 995
-63 and
-62 or
-63 port
-42 tcp
+64 and
+63 or
+64 port
+43 tcp
21 udp
diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
index 0169c3b838..072b83ffe0 100644
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
-#open 2019-06-15-20-36-48
+#open 2019-07-29-19-05-26
#fields name
#types string
scripts/base/init-bare.zeek
@@ -90,6 +90,8 @@ scripts/base/init-frameworks-and-bifs.zeek
build/scripts/base/bif/plugins/Zeek_Login.functions.bif.zeek
build/scripts/base/bif/plugins/Zeek_MIME.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_Modbus.events.bif.zeek
+ build/scripts/base/bif/plugins/Zeek_MQTT.types.bif.zeek
+ build/scripts/base/bif/plugins/Zeek_MQTT.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_MySQL.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_NCP.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_NCP.consts.bif.zeek
@@ -179,4 +181,4 @@ scripts/base/init-frameworks-and-bifs.zeek
build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
scripts/policy/misc/loaded-scripts.zeek
scripts/base/utils/paths.zeek
-#close 2019-06-15-20-36-48
+#close 2019-07-29-19-05-26
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index b78d8a2480..8bf14ff9ab 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
-#open 2019-06-15-20-54-48
+#open 2019-07-29-19-05-51
#fields name
#types string
scripts/base/init-bare.zeek
@@ -90,6 +90,8 @@ scripts/base/init-frameworks-and-bifs.zeek
build/scripts/base/bif/plugins/Zeek_Login.functions.bif.zeek
build/scripts/base/bif/plugins/Zeek_MIME.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_Modbus.events.bif.zeek
+ build/scripts/base/bif/plugins/Zeek_MQTT.types.bif.zeek
+ build/scripts/base/bif/plugins/Zeek_MQTT.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_MySQL.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_NCP.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_NCP.consts.bif.zeek
@@ -318,6 +320,9 @@ scripts/base/init-default.zeek
scripts/base/protocols/modbus/__load__.zeek
scripts/base/protocols/modbus/consts.zeek
scripts/base/protocols/modbus/main.zeek
+ scripts/base/protocols/mqtt/__load__.bro
+ scripts/base/protocols/mqtt/main.bro
+ scripts/base/protocols/mqtt/consts.bro
scripts/base/protocols/mysql/__load__.zeek
scripts/base/protocols/mysql/main.zeek
scripts/base/protocols/mysql/consts.zeek
@@ -371,4 +376,4 @@ scripts/base/init-default.zeek
scripts/base/misc/find-filtered-trace.zeek
scripts/base/misc/version.zeek
scripts/policy/misc/loaded-scripts.zeek
-#close 2019-06-15-20-54-48
+#close 2019-07-29-19-05-51
diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out
index 79409eb0e0..109fcf8a36 100644
--- a/testing/btest/Baseline/coverage.find-bro-logs/out
+++ b/testing/btest/Baseline/coverage.find-bro-logs/out
@@ -22,6 +22,9 @@ known_services
loaded_scripts
modbus
modbus_register_change
+mqtt_connect
+mqtt_publish
+mqtt_subscribe
mysql
netcontrol
netcontrol_catch_release
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index d3e4438d0b..48bab0cae1 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -33,6 +33,7 @@
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) ->
+0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MQTT, 1883/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) ->
@@ -98,6 +99,7 @@
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) ->
+0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MQTT, 1883/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) ->
@@ -142,6 +144,7 @@
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB, {88/udp})) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB_TCP, {88/tcp})) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MODBUS, {502/tcp})) ->
+0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MQTT, {1883/tcp})) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MYSQL, {1434<...>/tcp})) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_NTP, {123/udp})) ->
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RADIUS, {1812/udp})) ->
@@ -199,6 +202,9 @@
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=kerberos, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
+0.000000 MetaHookPost CallFunction(Log::__add_filter, , (MQTT::CONNECT_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mqtt_connect, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
+0.000000 MetaHookPost CallFunction(Log::__add_filter, , (MQTT::PUBLISH_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mqtt_publish, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
+0.000000 MetaHookPost CallFunction(Log::__add_filter, , (MQTT::SUBSCRIBE_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mqtt_subscribe, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntlm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::__add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
@@ -244,6 +250,9 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])) ->
+0.000000 MetaHookPost CallFunction(Log::__create_stream, , (MQTT::CONNECT_LOG, [columns=MQTT::ConnectInfo, ev=MQTT::log_mqtt, path=mqtt_connect])) ->
+0.000000 MetaHookPost CallFunction(Log::__create_stream, , (MQTT::PUBLISH_LOG, [columns=MQTT::PublishInfo, ev=, path=mqtt_publish])) ->
+0.000000 MetaHookPost CallFunction(Log::__create_stream, , (MQTT::SUBSCRIBE_LOG, [columns=MQTT::SubscribeInfo, ev=, path=mqtt_subscribe])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=])) ->
@@ -274,7 +283,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) ->
-0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1563566264.47166, node=zeek, filter=ip or not ip, init=T, success=T])) ->
+0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1564427205.334561, node=zeek, filter=ip or not ip, init=T, success=T])) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) ->
@@ -290,6 +299,9 @@
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (IRC::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Intel::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (KRB::LOG)) ->
+0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (MQTT::CONNECT_LOG)) ->
+0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (MQTT::PUBLISH_LOG)) ->
+0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (MQTT::SUBSCRIBE_LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Modbus::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (NTLM::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (NTP::LOG)) ->
@@ -335,6 +347,9 @@
0.000000 MetaHookPost CallFunction(Log::add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
+0.000000 MetaHookPost CallFunction(Log::add_filter, , (MQTT::CONNECT_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
+0.000000 MetaHookPost CallFunction(Log::add_filter, , (MQTT::PUBLISH_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
+0.000000 MetaHookPost CallFunction(Log::add_filter, , (MQTT::SUBSCRIBE_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
0.000000 MetaHookPost CallFunction(Log::add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}])) ->
@@ -380,6 +395,9 @@
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (IRC::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Intel::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (KRB::LOG, default)) ->
+0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (MQTT::CONNECT_LOG, default)) ->
+0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (MQTT::PUBLISH_LOG, default)) ->
+0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (MQTT::SUBSCRIBE_LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Modbus::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (NTLM::LOG, default)) ->
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (NTP::LOG, default)) ->
@@ -425,6 +443,9 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])) ->
+0.000000 MetaHookPost CallFunction(Log::create_stream, , (MQTT::CONNECT_LOG, [columns=MQTT::ConnectInfo, ev=MQTT::log_mqtt, path=mqtt_connect])) ->
+0.000000 MetaHookPost CallFunction(Log::create_stream, , (MQTT::PUBLISH_LOG, [columns=MQTT::PublishInfo, ev=, path=mqtt_publish])) ->
+0.000000 MetaHookPost CallFunction(Log::create_stream, , (MQTT::SUBSCRIBE_LOG, [columns=MQTT::SubscribeInfo, ev=, path=mqtt_subscribe])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=])) ->
@@ -455,7 +476,7 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) ->
-0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1563566264.47166, node=zeek, filter=ip or not ip, init=T, success=T])) ->
+0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1564427205.334561, node=zeek, filter=ip or not ip, init=T, success=T])) ->
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) ->
0.000000 MetaHookPost CallFunction(NetControl::init, , ()) ->
0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) ->
@@ -606,6 +627,8 @@
0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Login.events.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Login.functions.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_MIME.events.bif.zeek) -> -1
+0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_MQTT.events.bif.zeek) -> -1
+0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_MQTT.types.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Modbus.events.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_MySQL.events.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NCP.consts.bif.zeek) -> -1
@@ -702,6 +725,7 @@
0.000000 MetaHookPost LoadFile(0, .<...>/const-dos-error.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/const-nt-status.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/const.bif.zeek) -> -1
+0.000000 MetaHookPost LoadFile(0, .<...>/consts.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/consts.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/contents.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/ct-list.zeek) -> -1
@@ -726,6 +750,7 @@
0.000000 MetaHookPost LoadFile(0, .<...>/log.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/logging.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/magic) -> -1
+0.000000 MetaHookPost LoadFile(0, .<...>/main.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/main.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/max.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/messaging.bif.zeek) -> -1
@@ -828,6 +853,7 @@
0.000000 MetaHookPost LoadFile(0, base<...>/main.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/messaging.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/modbus) -> -1
+0.000000 MetaHookPost LoadFile(0, base<...>/mqtt) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/mysql) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/netcontrol) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/notice) -> -1
@@ -924,6 +950,7 @@
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp))
+0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MQTT, 1883/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp))
@@ -989,6 +1016,7 @@
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp))
+0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MQTT, 1883/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp))
@@ -1033,6 +1061,7 @@
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB, {88/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB_TCP, {88/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MODBUS, {502/tcp}))
+0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MQTT, {1883/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MYSQL, {1434<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_NTP, {123/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RADIUS, {1812/udp}))
@@ -1090,6 +1119,9 @@
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=kerberos, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}]))
+0.000000 MetaHookPre CallFunction(Log::__add_filter, , (MQTT::CONNECT_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mqtt_connect, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}]))
+0.000000 MetaHookPre CallFunction(Log::__add_filter, , (MQTT::PUBLISH_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mqtt_publish, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}]))
+0.000000 MetaHookPre CallFunction(Log::__add_filter, , (MQTT::SUBSCRIBE_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mqtt_subscribe, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntlm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=, config={}]))
@@ -1135,6 +1167,9 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos]))
+0.000000 MetaHookPre CallFunction(Log::__create_stream, , (MQTT::CONNECT_LOG, [columns=MQTT::ConnectInfo, ev=MQTT::log_mqtt, path=mqtt_connect]))
+0.000000 MetaHookPre CallFunction(Log::__create_stream, , (MQTT::PUBLISH_LOG, [columns=MQTT::PublishInfo, ev=, path=mqtt_publish]))
+0.000000 MetaHookPre CallFunction(Log::__create_stream, , (MQTT::SUBSCRIBE_LOG, [columns=MQTT::SubscribeInfo, ev=, path=mqtt_subscribe]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=]))
@@ -1165,7 +1200,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1563566264.47166, node=zeek, filter=ip or not ip, init=T, success=T]))
+0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1564427205.334561, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG))
@@ -1181,6 +1216,9 @@
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (IRC::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Intel::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (KRB::LOG))
+0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (MQTT::CONNECT_LOG))
+0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (MQTT::PUBLISH_LOG))
+0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (MQTT::SUBSCRIBE_LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Modbus::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (NTLM::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (NTP::LOG))
@@ -1226,6 +1264,9 @@
0.000000 MetaHookPre CallFunction(Log::add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=