diff --git a/NEWS b/NEWS index ec00ae921a..4377049813 100644 --- a/NEWS +++ b/NEWS @@ -38,14 +38,14 @@ New Functionality - Bro now decapsulates tunnels via its new tunnel framework located in scripts/base/frameworks/tunnels. It currently supports Teredo, AYIYA, IP-in-IP (both IPv4 and IPv6), and SOCKS. For all these, it - logs the outher tunnel connections in both conn.log and tunnel.log, + logs the outer tunnel connections in both conn.log and tunnel.log, and then proceeds to analyze the inner payload as if it were not tunneled, including also logging that session in conn.log. For SOCKS, it generates a new socks.log in addition with more information. - Bro now features a flexible input framework that allows users to - integrate external information in real-time into Bro while it + integrate external information in real-time into Bro while it's processing network traffic. The most direct use-case at the moment is reading data from ASCII files into Bro tables, with updates picked up automatically when the file changes during runtime. See @@ -57,7 +57,7 @@ New Functionality - Bro's default ASCII log format is not exactly the most efficient way for storing and searching large volumes of data. An an alternative, - Bro nows comes with experimental support for DataSeries output, an + Bro now comes with experimental support for DataSeries output, an efficient binary format for recording structured bulk data. DataSeries is developed and maintained at HP Labs. See doc/logging-dataseries for more information. @@ -66,7 +66,7 @@ New Functionality Changed Functionality ~~~~~~~~~~~~~~~~~~~~~ -The following summarized the most important differences in existing +The following summarizes the most important differences in existing functionality. Note that this list is not complete, see CHANGES for the full set. @@ -100,7 +100,7 @@ the full set. a bunch of Bro threads. - We renamed the configure option --enable-perftools to - --enable-perftool-debug to indicate that the switch is only relevant + --enable-perftools-debug to indicate that the switch is only relevant for debugging the heap. - Bro's ICMP analyzer now handles both IPv4 and IPv6 messages with a @@ -110,8 +110,8 @@ the full set. - Log postprocessor scripts get an additional argument indicating the type of the log writer in use (e.g., "ascii"). -- BroControl's make-archive-name scripts also receives the writer - type, but as it's 2nd(!) argument. If you're using a custom version +- BroControl's make-archive-name script also receives the writer + type, but as its 2nd(!) argument. If you're using a custom version of that script, you need to adapt it. See the shipped version for details. diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 6a73bae553..fcd299b4f1 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -4208,32 +4208,37 @@ bool SocketComm::Listen() bool SocketComm::AcceptConnection(int fd) { - sockaddr_storage client; - socklen_t len = sizeof(client); + union { + sockaddr_storage ss; + sockaddr_in s4; + sockaddr_in6 s6; + } client; + socklen_t len = sizeof(client.ss); - int clientfd = accept(fd, (sockaddr*) &client, &len); + int clientfd = accept(fd, (sockaddr*) &client.ss, &len); if ( clientfd < 0 ) { Error(fmt("accept failed, %s %d", strerror(errno), errno)); return false; } - if ( client.ss_family != AF_INET && client.ss_family != AF_INET6 ) + if ( client.ss.ss_family != AF_INET && client.ss.ss_family != AF_INET6 ) { - Error(fmt("accept fail, unknown address family %d", client.ss_family)); + Error(fmt("accept fail, unknown address family %d", + client.ss.ss_family)); close(clientfd); return false; } Peer* peer = new Peer; peer->id = id_counter++; - peer->ip = client.ss_family == AF_INET ? - IPAddr(((sockaddr_in*)&client)->sin_addr) : - IPAddr(((sockaddr_in6*)&client)->sin6_addr); + peer->ip = client.ss.ss_family == AF_INET ? + IPAddr(client.s4.sin_addr) : + IPAddr(client.s6.sin6_addr); - peer->port = client.ss_family == AF_INET ? - ntohs(((sockaddr_in*)&client)->sin_port) : - ntohs(((sockaddr_in6*)&client)->sin6_port); + peer->port = client.ss.ss_family == AF_INET ? + ntohs(client.s4.sin_port) : + ntohs(client.s6.sin6_port); peer->connected = true; peer->ssl = listen_ssl; diff --git a/src/bro.bif b/src/bro.bif index b1f33c9c46..542f60083e 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -972,12 +972,12 @@ function sha256_hash_finish%(index: any%): string ## ## .. note:: ## -## This function is a wrapper about the function ``rand`` provided by -## the OS. +## This function is a wrapper about the function ``random`` +## provided by the OS. function rand%(max: count%): count %{ int result; - result = bro_uint_t(double(max) * double(rand()) / (RAND_MAX + 1.0)); + result = bro_uint_t(double(max) * double(bro_random()) / (RAND_MAX + 1.0)); return new Val(result, TYPE_COUNT); %} @@ -989,11 +989,11 @@ function rand%(max: count%): count ## ## .. note:: ## -## This function is a wrapper about the function ``srand`` provided -## by the OS. +## This function is a wrapper about the function ``srandom`` +## provided by the OS. function srand%(seed: count%): any %{ - srand(seed); + bro_srandom(seed); return 0; %} diff --git a/src/event.bif b/src/event.bif index a924bf4888..705c66aa6b 100644 --- a/src/event.bif +++ b/src/event.bif @@ -157,7 +157,7 @@ event new_connection%(c: connection%); ## e: The new encapsulation. event tunnel_changed%(c: connection, e: EncapsulatingConnVector%); -## Generated when reassembly starts for a TCP connection. The event is raised +## Generated when reassembly starts for a TCP connection. This event is raised ## at the moment when Bro's TCP analyzer enables stream reassembly for a ## connection. ## @@ -522,7 +522,7 @@ event esp_packet%(p: pkt_hdr%); ## .. bro:see:: new_packet tcp_packet ipv6_ext_headers event mobile_ipv6_message%(p: pkt_hdr%); -## Genereated for any IPv6 packet encapsulated in a Teredo tunnel. +## Generated for any IPv6 packet encapsulated in a Teredo tunnel. ## See :rfc:`4380` for more information about the Teredo protocol. ## ## outer: The Teredo tunnel connection. @@ -532,10 +532,10 @@ event mobile_ipv6_message%(p: pkt_hdr%); ## .. bro:see:: teredo_authentication teredo_origin_indication teredo_bubble ## ## .. note:: Since this event may be raised on a per-packet basis, handling -## it may become particular expensive for real-time analysis. +## it may become particularly expensive for real-time analysis. event teredo_packet%(outer: connection, inner: teredo_hdr%); -## Genereated for IPv6 packets encapsulated in a Teredo tunnel that +## Generated for IPv6 packets encapsulated in a Teredo tunnel that ## use the Teredo authentication encapsulation method. ## See :rfc:`4380` for more information about the Teredo protocol. ## @@ -546,10 +546,10 @@ event teredo_packet%(outer: connection, inner: teredo_hdr%); ## .. bro:see:: teredo_packet teredo_origin_indication teredo_bubble ## ## .. note:: Since this event may be raised on a per-packet basis, handling -## it may become particular expensive for real-time analysis. +## it may become particularly expensive for real-time analysis. event teredo_authentication%(outer: connection, inner: teredo_hdr%); -## Genereated for IPv6 packets encapsulated in a Teredo tunnel that +## Generated for IPv6 packets encapsulated in a Teredo tunnel that ## use the Teredo origin indication encapsulation method. ## See :rfc:`4380` for more information about the Teredo protocol. ## @@ -560,10 +560,10 @@ event teredo_authentication%(outer: connection, inner: teredo_hdr%); ## .. bro:see:: teredo_packet teredo_authentication teredo_bubble ## ## .. note:: Since this event may be raised on a per-packet basis, handling -## it may become particular expensive for real-time analysis. +## it may become particularly expensive for real-time analysis. event teredo_origin_indication%(outer: connection, inner: teredo_hdr%); -## Genereated for Teredo bubble packets. That is, IPv6 packets encapsulated +## Generated for Teredo bubble packets. That is, IPv6 packets encapsulated ## in a Teredo tunnel that have a Next Header value of :bro:id:`IPPROTO_NONE`. ## See :rfc:`4380` for more information about the Teredo protocol. ## @@ -574,15 +574,15 @@ event teredo_origin_indication%(outer: connection, inner: teredo_hdr%); ## .. bro:see:: teredo_packet teredo_authentication teredo_origin_indication ## ## .. note:: Since this event may be raised on a per-packet basis, handling -## it may become particular expensive for real-time analysis. +## it may become particularly expensive for real-time analysis. event teredo_bubble%(outer: connection, inner: teredo_hdr%); -## Generated for every packet that has non-empty transport-layer payload. This is a -## very low-level and expensive event that should be avoided when at all possible. -## It's usually infeasible to handle when processing even medium volumes of -## traffic in real-time. It's even worse than :bro:id:`new_packet`. That said, if -## you work from a trace and want to do some packet-level analysis, it may come in -## handy. +## Generated for every packet that has a non-empty transport-layer payload. +## This is a very low-level and expensive event that should be avoided when +## at all possible. It's usually infeasible to handle when processing even +## medium volumes of traffic in real-time. It's even worse than +## :bro:id:`new_packet`. That said, if you work from a trace and want to +## do some packet-level analysis, it may come in handy. ## ## c: The connection the packet is part of. ## @@ -6216,13 +6216,12 @@ event signature_match%(state: signature_state, msg: string, data: string%); ## ## request_type: The type of the request. ## -## dstaddr: Address that the tunneled traffic should be sent to. -## -## dstname: DNS name of the host that the tunneled traffic should be sent to. +## sa: Address that the tunneled traffic should be sent to. ## ## p: The destination port for the proxied traffic. ## -## user: Username given for the SOCKS connection. This is not yet implemented for SOCKSv5. +## user: Username given for the SOCKS connection. This is not yet implemented +## for SOCKSv5. event socks_request%(c: connection, version: count, request_type: count, sa: SOCKS::Address, p: port, user: string%); ## Generated when a SOCKS reply is analyzed. @@ -6233,9 +6232,7 @@ event socks_request%(c: connection, version: count, request_type: count, sa: SOC ## ## reply: The status reply from the server. ## -## dstaddr: The address that the server sent the traffic to. -## -## dstname: The name the server sent the traffic to. Only applicable for SOCKSv5. +## sa: The address that the server sent the traffic to. ## ## p: The destination port for the proxied traffic. event socks_reply%(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port%); diff --git a/src/input/readers/Benchmark.cc b/src/input/readers/Benchmark.cc index d8dcb543f4..57d5bae700 100644 --- a/src/input/readers/Benchmark.cc +++ b/src/input/readers/Benchmark.cc @@ -59,7 +59,7 @@ string Benchmark::RandomString(const int len) "abcdefghijklmnopqrstuvwxyz"; for (int i = 0; i < len; ++i) - s[i] = values[rand() / (RAND_MAX / sizeof(values))]; + s[i] = values[random() / (RAND_MAX / sizeof(values))]; return s; } @@ -134,7 +134,7 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype) break; case TYPE_INT: - val->val.int_val = rand(); + val->val.int_val = random(); break; case TYPE_TIME: @@ -148,11 +148,11 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype) case TYPE_COUNT: case TYPE_COUNTER: - val->val.uint_val = rand(); + val->val.uint_val = random(); break; case TYPE_PORT: - val->val.port_val.port = rand() / (RAND_MAX / 60000); + val->val.port_val.port = random() / (RAND_MAX / 60000); val->val.port_val.proto = TRANSPORT_UNKNOWN; break; @@ -175,7 +175,7 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype) // Then - common stuff { // how many entries do we have... - unsigned int length = rand() / (RAND_MAX / 15); + unsigned int length = random() / (RAND_MAX / 15); Value** lvals = new Value* [length]; diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index 84c43818a6..aced2bd18b 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -91,6 +91,8 @@ public: * @param fields An array of size \a num_fields with the log fields. * The methods takes ownership of the array. * + * @param frontend_name The name of the front-end writer implementation. + * * @return False if an error occured. */ bool Init(const WriterInfo& info, int num_fields, const threading::Field* const* fields); diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index 6ad40757d6..ec4f948960 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -26,6 +26,7 @@ private: WriterBackend::WriterInfo info; const int num_fields; const Field * const* fields; + const string frontend_name; }; class RotateMessage : public threading::InputMessage diff --git a/src/main.cc b/src/main.cc index b1d0a4d723..d94a32df63 100644 --- a/src/main.cc +++ b/src/main.cc @@ -313,6 +313,8 @@ void terminate_bro() if ( remote_serializer ) remote_serializer->LogStats(); + mgr.Drain(); + log_mgr->Terminate(); thread_mgr->Terminate(); diff --git a/src/util.cc b/src/util.cc index 16df52b987..3cfa5fca1c 100644 --- a/src/util.cc +++ b/src/util.cc @@ -633,12 +633,20 @@ static bool write_random_seeds(const char* write_file, uint32 seed, static bool bro_rand_determistic = false; static unsigned int bro_rand_state = 0; -static void bro_srand(unsigned int seed, bool deterministic) +static void bro_srandom(unsigned int seed, bool deterministic) { bro_rand_state = seed; bro_rand_determistic = deterministic; - srand(seed); + srandom(seed); + } + +void bro_srandom(unsigned int seed) + { + if ( bro_rand_determistic ) + bro_rand_state = seed; + else + srandom(seed); } void init_random_seed(uint32 seed, const char* read_file, const char* write_file) @@ -705,7 +713,7 @@ void init_random_seed(uint32 seed, const char* read_file, const char* write_file seeds_done = true; } - bro_srand(seed, seeds_done); + bro_srandom(seed, seeds_done); if ( ! hmac_key_set ) { diff --git a/src/util.h b/src/util.h index 6ca584900c..1ff42ce43f 100644 --- a/src/util.h +++ b/src/util.h @@ -159,6 +159,10 @@ extern bool have_random_seed(); // predictable PRNG. long int bro_random(); +// Calls the system srandom() function with the given seed if not running +// in deterministic mode, else it updates the state of the deterministic PRNG +void bro_srandom(unsigned int seed); + extern uint64 rand64bit(); // Each event source that may generate events gets an internally unique ID. diff --git a/testing/btest/Baseline/bifs.rand/out b/testing/btest/Baseline/bifs.rand/out index 367833f80a..a016eb6f15 100644 --- a/testing/btest/Baseline/bifs.rand/out +++ b/testing/btest/Baseline/bifs.rand/out @@ -1,6 +1,6 @@ -185 -236 -805 -47 -996 -498 +985 +474 +738 +4 +634 +473 diff --git a/testing/btest/Baseline/bifs.rand/out.2 b/testing/btest/Baseline/bifs.rand/out.2 new file mode 100644 index 0000000000..2cd43d985c --- /dev/null +++ b/testing/btest/Baseline/bifs.rand/out.2 @@ -0,0 +1,6 @@ +985 +474 +738 +974 +371 +638 diff --git a/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log b/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log index d3c14c8603..94e0403238 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log +++ b/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log @@ -5,17 +5,18 @@ #path communication #fields ts peer src_name connected_peer_desc connected_peer_addr connected_peer_port level message #types time string string string addr port string string -1326492291.485390 bro parent - - - info [#1/127.0.0.1:47757] added peer -1326492291.491731 bro child - - - info [#1/127.0.0.1:47757] connected -1326492291.492024 bro parent - - - info [#1/127.0.0.1:47757] peer connected -1326492291.492024 bro parent - - - info [#1/127.0.0.1:47757] phase: version -1326492291.492740 bro script - - - info connection established -1326492291.492740 bro script - - - info requesting events matching /^?(NOTHING)$?/ -1326492291.492740 bro script - - - info accepting state -1326492291.493800 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake -1326492291.493800 bro parent - - - info warning: no events to request -1326492291.494161 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro -1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] peer supports keep-in-cache; using that -1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] phase: running -1326492291.494404 bro parent - - - info terminating... -1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] closing connection +1340904724.781527 bro parent - - - info [#1/127.0.0.1:47757] added peer +1340904724.784954 bro child - - - info [#1/127.0.0.1:47757] connected +1340904724.786168 bro parent - - - info [#1/127.0.0.1:47757] peer connected +1340904724.786168 bro parent - - - info [#1/127.0.0.1:47757] phase: version +1340904724.786168 bro script - - - info connection established +1340904724.786168 bro script - - - info requesting events matching /^?(NOTHING)$?/ +1340904724.786168 bro script - - - info accepting state +1340904724.787645 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake +1340904724.787645 bro parent - - - info warning: no events to request +1340904724.788857 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro +1340904724.829480 bro parent - - - info [#1/127.0.0.1:47757] peer supports keep-in-cache; using that +1340904724.829480 bro parent - - - info [#1/127.0.0.1:47757] phase: running +1340904724.829480 bro parent - - - info terminating... +1340904724.832952 bro child - - - info terminating +1340904724.834082 bro parent - - - info [#1/127.0.0.1:47757] closing connection diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.event/out b/testing/btest/Baseline/scripts.base.frameworks.input.event/out index 5ccc9c0d1e..49c1015198 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.event/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.event/out @@ -1,81 +1,130 @@ -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW 1 T -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW 2 T -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW 3 F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW 4 F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW 5 F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW 6 F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::i; -print A::b; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::i; +print outfile, A::b; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out b/testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out index 51543e143c..e08ca8ba08 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out @@ -4,6 +4,7 @@ print outfile, description; print outfile, tpe; print outfile, s; close(outfile); +terminate(); }, config={ }] diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.raw/out b/testing/btest/Baseline/scripts.base.frameworks.input.raw/out index 611e5ec378..fa3625ca74 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.raw/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.raw/out @@ -1,78 +1,134 @@ -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW q3r3057fdf -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW sdfs\d -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW dfsdf -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW sdf -[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (8 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.repeat/out b/testing/btest/Baseline/scripts.base.frameworks.input.repeat/out index 71de0d2570..12a8c5f581 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.repeat/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.repeat/out @@ -1,160 +1,160 @@ input0 -input.log +../input.log { [1] = T } input1 -input.log +../input.log { [1] = T } input2 -input.log +../input.log { [1] = T } input3 -input.log +../input.log { [1] = T } input4 -input.log +../input.log { [1] = T } input5 -input.log +../input.log { [1] = T } input6 -input.log +../input.log { [1] = T } input7 -input.log +../input.log { [1] = T } input8 -input.log +../input.log { [1] = T } input9 -input.log +../input.log { [1] = T } input10 -input.log +../input.log { [1] = T } input11 -input.log +../input.log { [1] = T } input12 -input.log +../input.log { [1] = T } input13 -input.log +../input.log { [1] = T } input14 -input.log +../input.log { [1] = T } input15 -input.log +../input.log { [1] = T } input16 -input.log +../input.log { [1] = T } input17 -input.log +../input.log { [1] = T } input18 -input.log +../input.log { [1] = T } input19 -input.log +../input.log { [1] = T } input20 -input.log +../input.log { [1] = T } input21 -input.log +../input.log { [1] = T } input22 -input.log +../input.log { [1] = T } input23 -input.log +../input.log { [1] = T } input24 -input.log +../input.log { [1] = T } input25 -input.log +../input.log { [1] = T } input26 -input.log +../input.log { [1] = T } input27 -input.log +../input.log { [1] = T } input28 -input.log +../input.log { [1] = T } input29 -input.log +../input.log { [1] = T } input30 -input.log +../input.log { [1] = T } input31 -input.log +../input.log { [1] = T } diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out b/testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out index 7dc81ba80d..b7f79e5754 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out @@ -1,158 +1,270 @@ -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW q3r3057fdf -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW sdfs\d -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW dfsdf -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW sdf -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW 3rw43wRRERLlL#RWERERERE. -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW q3r3057fdf -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW sdfs\d -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW dfsdf -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] Input::EVENT_NEW sdf -[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line +[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=, want_record=F, ev=line { -print A::description; -print A::tpe; -print A::s; +print outfile, A::description; +print outfile, A::tpe; +print outfile, A::s; +try = try + 1; +if (16 == try) +{ +close(outfile); +terminate(); +} + }, config={ }] diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.streamraw/out b/testing/btest/Baseline/scripts.base.frameworks.input.streamraw/out index 1bf8d4cfef..d97e09adfa 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.streamraw/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.streamraw/out @@ -3,11 +3,13 @@ print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }, config={ @@ -20,11 +22,13 @@ sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }, config={ @@ -37,11 +41,13 @@ DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }, config={ @@ -54,11 +60,13 @@ q3r3057fdf print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }, config={ @@ -71,11 +79,13 @@ sdfs\d print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }, config={ @@ -88,11 +98,13 @@ Input::EVENT_NEW print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }, config={ @@ -105,11 +117,13 @@ dfsdf print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }, config={ @@ -122,11 +136,13 @@ sdf print A::outfile, A::description; print A::outfile, A::tpe; print A::outfile, A::s; -if (3 == A::try) +A::try = A::try + 1; +if (8 == A::try) { print A::outfile, done; close(A::outfile); Input::remove(input); +terminate(); } }, config={ @@ -134,3 +150,4 @@ Input::remove(input); }] Input::EVENT_NEW 3rw43wRRERLlL#RWERERERE. +done diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out b/testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out index 28bf77f057..d76c63ef31 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out @@ -1,4 +1,4 @@ -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -8,17 +8,24 @@ [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=, config={ }] Input::EVENT_NEW [i=1] T -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -28,17 +35,24 @@ T [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=, config={ }] Input::EVENT_NEW [i=2] T -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -48,17 +62,24 @@ T [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=, config={ }] Input::EVENT_NEW [i=3] F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -68,17 +89,24 @@ F [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=, config={ }] Input::EVENT_NEW [i=4] F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -88,17 +116,24 @@ F [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=, config={ }] Input::EVENT_NEW [i=5] F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -108,17 +143,24 @@ F [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=, config={ }] Input::EVENT_NEW [i=6] F -[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ +[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [2] = T, [4] = F, [6] = F, @@ -128,10 +170,17 @@ F [3] = F }, idx=, val=, want_record=F, ev=line { -print description; -print tpe; -print left; -print right; +print outfile, description; +print outfile, tpe; +print outfile, left; +print outfile, right; +try = try + 1; +if (7 == try) +{ +close(outfile); +terminate(); +} + }, pred=, config={ }] diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.twotables/event.out b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/event.out new file mode 100644 index 0000000000..ebf210031f --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/event.out @@ -0,0 +1,4 @@ +============EVENT============ +============EVENT============ +============EVENT============ +============EVENT============ diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out new file mode 100644 index 0000000000..b7e1031867 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out @@ -0,0 +1,30 @@ +==========SERVERS============ +==========SERVERS============ +==========SERVERS============ +done +{ +[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +2, +4, +1, +3 +}, ss={ +CC, +AA, +BB +}, se={ + +}, vc=[10, 20, 30], ve=[]], +[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +2, +4, +1, +3 +}, ss={ +CC, +AA, +BB +}, se={ + +}, vc=[10, 20, 30], ve=[]] +} diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.twotables/out b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/out deleted file mode 100644 index e9e03add3a..0000000000 --- a/testing/btest/Baseline/scripts.base.frameworks.input.twotables/out +++ /dev/null @@ -1,172 +0,0 @@ -============PREDICATE============ -Input::EVENT_NEW -[i=-42] -[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -============PREDICATE 2============ -Input::EVENT_NEW -[i=-43] -[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -============EVENT============ -==========SERVERS============ -{ -[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]], -[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -} -============EVENT============ -==========SERVERS============ -{ -[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]], -[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -} -============PREDICATE============ -Input::EVENT_NEW -[i=-44] -[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -============PREDICATE============ -Input::EVENT_REMOVED -[i=-42] -[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -============EVENT============ -============EVENT============ -==========SERVERS============ -{ -[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]], -[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -} -done -{ -[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]], -[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ -2, -4, -1, -3 -}, ss={ -CC, -AA, -BB -}, se={ - -}, vc=[10, 20, 30], ve=[]] -} diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out new file mode 100644 index 0000000000..84d1465428 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out @@ -0,0 +1,45 @@ +============PREDICATE============ +Input::EVENT_NEW +[i=-42] +[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +2, +4, +1, +3 +}, ss={ +CC, +AA, +BB +}, se={ + +}, vc=[10, 20, 30], ve=[]] +============PREDICATE============ +Input::EVENT_NEW +[i=-44] +[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +2, +4, +1, +3 +}, ss={ +CC, +AA, +BB +}, se={ + +}, vc=[10, 20, 30], ve=[]] +============PREDICATE============ +Input::EVENT_REMOVED +[i=-42] +[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +2, +4, +1, +3 +}, ss={ +CC, +AA, +BB +}, se={ + +}, vc=[10, 20, 30], ve=[]] diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out new file mode 100644 index 0000000000..ef38fa3210 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out @@ -0,0 +1,15 @@ +============PREDICATE 2============ +Input::EVENT_NEW +[i=-43] +[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +2, +4, +1, +3 +}, ss={ +CC, +AA, +BB +}, se={ + +}, vc=[10, 20, 30], ve=[]] diff --git a/testing/btest/bifs/rand.bro b/testing/btest/bifs/rand.bro index 229645944e..caf3f16031 100644 --- a/testing/btest/bifs/rand.bro +++ b/testing/btest/bifs/rand.bro @@ -1,6 +1,10 @@ # -# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: bro -b %INPUT do_seed=F >out.2 # @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-diff out.2 + +const do_seed = T &redef; event bro_init() { @@ -12,7 +16,8 @@ event bro_init() print b; print c; - srand(575); + if ( do_seed ) + srand(575); local d = rand(1000); local e = rand(1000); diff --git a/testing/btest/coverage/bare-mode-errors.test b/testing/btest/coverage/bare-mode-errors.test index 9fd18308ce..21e7d4f4a9 100644 --- a/testing/btest/coverage/bare-mode-errors.test +++ b/testing/btest/coverage/bare-mode-errors.test @@ -5,6 +5,8 @@ # Commonly, this test may fail if one forgets to @load some base/ scripts # when writing a new bro scripts. # +# @TEST-SERIALIZE: comm +# # @TEST-EXEC: test -d $DIST/scripts # @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro -not -path '*/site/*'`; do echo $script; if echo "$script" | egrep -q 'communication/listen|controllee'; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0 # @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors diff --git a/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro b/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro index 3d80ef7777..4a2ed735ef 100644 --- a/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro +++ b/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro @@ -5,7 +5,7 @@ # @TEST-EXEC: btest-bg-wait -k 10 # # Don't diff the receiver log just because port is always going to change -# @TEST-EXEC: egrep -v 'pid|socket buffer size' sender/communication.log >send.log +# @TEST-EXEC: egrep -v 'CPU|bytes|pid|socket buffer size' sender/communication.log >send.log # @TEST-EXEC: btest-diff send.log @TEST-START-FILE sender.bro @@ -19,6 +19,10 @@ redef Communication::nodes += { event remote_connection_handshake_done(p: event_peer) { terminate_communication(); + } + +event remote_connection_closed(p: event_peer) + { terminate(); } @@ -30,9 +34,8 @@ event remote_connection_handshake_done(p: event_peer) @load frameworks/communication/listen -event remote_connection_handshake_done(p: event_peer) +event remote_connection_closed(p: event_peer) { - terminate_communication(); terminate(); } diff --git a/testing/btest/scripts/base/frameworks/control/id_value.bro b/testing/btest/scripts/base/frameworks/control/id_value.bro index c5d1d063f5..ffbb9a10cf 100644 --- a/testing/btest/scripts/base/frameworks/control/id_value.bro +++ b/testing/btest/scripts/base/frameworks/control/id_value.bro @@ -22,4 +22,5 @@ redef test_var = "This is the value from the controllee"; event Control::id_value_response(id: string, val: string) { print fmt("Got an id_value_response(%s, %s) event", id, val); + terminate(); } diff --git a/testing/btest/scripts/base/frameworks/input/basic.bro b/testing/btest/scripts/base/frameworks/input/basic.bro index 8d4028a12e..df2ab676b8 100644 --- a/testing/btest/scripts/base/frameworks/input/basic.bro +++ b/testing/btest/scripts/base/frameworks/input/basic.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -10,6 +13,11 @@ T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} @TEST-END-FILE +@load base/protocols/ssh +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -39,12 +47,16 @@ type Val: record { global servers: table[int] of Val = table(); event bro_init() -{ + { + outfile = open("../out"); # first read in the old stuff into the table... - Input::add_table([$source="input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]); + Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]); Input::remove("ssh"); -} + } -event Input::update_finished(name: string, source:string) { - print servers; -} +event Input::update_finished(name: string, source:string) + { + print outfile, servers; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/emptyvals.bro b/testing/btest/scripts/base/frameworks/input/emptyvals.bro index 77659d13ec..a2a9ba3070 100644 --- a/testing/btest/scripts/base/frameworks/input/emptyvals.bro +++ b/testing/btest/scripts/base/frameworks/input/emptyvals.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -11,6 +14,10 @@ T 1 - 2 @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -26,12 +33,16 @@ type Val: record { global servers: table[int] of Val = table(); event bro_init() -{ + { + outfile = open("../out"); # first read in the old stuff into the table... - Input::add_table([$source="input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]); + Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]); Input::remove("ssh"); -} + } -event Input::update_finished(name: string, source:string) { - print servers; -} +event Input::update_finished(name: string, source:string) + { + print outfile, servers; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/event.bro b/testing/btest/scripts/base/frameworks/input/event.bro index dca75334d0..d275cee59c 100644 --- a/testing/btest/scripts/base/frameworks/input/event.bro +++ b/testing/btest/scripts/base/frameworks/input/event.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -16,6 +19,10 @@ 7 T @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; +global try: count; module A; @@ -24,15 +31,24 @@ type Val: record { b: bool; }; -event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: bool) { - print description; - print tpe; - print i; - print b; -} +event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: bool) + { + print outfile, description; + print outfile, tpe; + print outfile, i; + print outfile, b; + try = try + 1; + if ( try == 7 ) + { + close(outfile); + terminate(); + } + } event bro_init() -{ - Input::add_event([$source="input.log", $name="input", $fields=Val, $ev=line]); + { + try = 0; + outfile = open("../out"); + Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line]); Input::remove("input"); -} + } diff --git a/testing/btest/scripts/base/frameworks/input/executeraw.bro b/testing/btest/scripts/base/frameworks/input/executeraw.bro index 6df28d08ea..222b4256d1 100644 --- a/testing/btest/scripts/base/frameworks/input/executeraw.bro +++ b/testing/btest/scripts/base/frameworks/input/executeraw.bro @@ -1,6 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run bro bro -b %INPUT -# @TEST-EXEC: btest-bg-wait -k 1 +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: cat out.tmp | sed 's/^ *//g' >out # @TEST-EXEC: btest-diff out @@ -23,16 +25,18 @@ type Val: record { s: string; }; -event line(description: Input::EventDescription, tpe: Input::Event, s: string) { +event line(description: Input::EventDescription, tpe: Input::Event, s: string) + { print outfile, description; print outfile, tpe; print outfile, s; close(outfile); -} + terminate(); + } event bro_init() -{ - outfile = open ("../out.tmp"); + { + outfile = open("../out.tmp"); Input::add_event([$source="wc -l ../input.log |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line]); Input::remove("input"); -} + } diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro index d6c81cb2db..9707af7f94 100644 --- a/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro +++ b/testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -10,6 +13,10 @@ T -42 @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -25,12 +32,16 @@ type Val: record { global servers: table[int] of Val = table(); event bro_init() -{ - Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]); + { + outfile = open("../out"); + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]); Input::remove("input"); -} + } -event Input::update_finished(name: string, source: string) { - print servers; -} +event Input::update_finished(name: string, source: string) + { + print outfile, servers; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro b/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro index ca1e956f35..18349f1515 100644 --- a/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro +++ b/testing/btest/scripts/base/frameworks/input/onecolumn-record.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -10,6 +13,10 @@ T -42 @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -25,12 +32,16 @@ type Val: record { global servers: table[int] of Val = table(); event bro_init() -{ - Input::add_table([$name="input", $source="input.log", $idx=Idx, $val=Val, $destination=servers]); + { + outfile = open("../out"); + Input::add_table([$name="input", $source="../input.log", $idx=Idx, $val=Val, $destination=servers]); Input::remove("input"); -} + } -event Input::update_finished(name: string, source: string) { - print servers; -} +event Input::update_finished(name: string, source: string) + { + print outfile, servers; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/optional.bro b/testing/btest/scripts/base/frameworks/input/optional.bro index c354f7c3ab..23e0b1e4d1 100644 --- a/testing/btest/scripts/base/frameworks/input/optional.bro +++ b/testing/btest/scripts/base/frameworks/input/optional.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -16,6 +19,10 @@ 7 T @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -32,14 +39,18 @@ type Val: record { global servers: table[int] of Val = table(); event bro_init() -{ + { + outfile = open("../out"); # first read in the old stuff into the table... - Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $pred(typ: Input::Event, left: Idx, right: Val) = { right$notb = !right$b; return T; } ]); Input::remove("input"); -} + } -event Input::update_finished(name: string, source: string) { - print servers; -} +event Input::update_finished(name: string, source: string) + { + print outfile, servers; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/port.bro b/testing/btest/scripts/base/frameworks/input/port.bro index 88e86eb5dc..2f061e9507 100644 --- a/testing/btest/scripts/base/frameworks/input/port.bro +++ b/testing/btest/scripts/base/frameworks/input/port.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -9,6 +12,10 @@ 1.2.3.6 30 unknown @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -24,17 +31,23 @@ type Val: record { global servers: table[addr] of Val = table(); event bro_init() -{ - Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]); - print servers[1.2.3.4]; - print servers[1.2.3.5]; - print servers[1.2.3.6]; + { + outfile = open("../out"); + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]); + if ( 1.2.3.4 in servers ) + print outfile, servers[1.2.3.4]; + if ( 1.2.3.5 in servers ) + print outfile, servers[1.2.3.5]; + if ( 1.2.3.6 in servers ) + print outfile, servers[1.2.3.6]; Input::remove("input"); -} - -event Input::update_finished(name: string, source: string) { - print servers[1.2.3.4]; - print servers[1.2.3.5]; - print servers[1.2.3.6]; -} + } +event Input::update_finished(name: string, source: string) + { + print outfile, servers[1.2.3.4]; + print outfile, servers[1.2.3.5]; + print outfile, servers[1.2.3.6]; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/predicate-stream.bro b/testing/btest/scripts/base/frameworks/input/predicate-stream.bro index 20c69131cb..8cf927e346 100644 --- a/testing/btest/scripts/base/frameworks/input/predicate-stream.bro +++ b/testing/btest/scripts/base/frameworks/input/predicate-stream.bro @@ -1,9 +1,13 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out # # only difference from predicate.bro is, that this one uses a stream source. -# the reason is, that the code-paths are quite different, because then the ascii reader uses the put and not the sendevent interface +# the reason is, that the code-paths are quite different, because then the +# ascii reader uses the put and not the sendevent interface @TEST-START-FILE input.log #separator \x09 @@ -19,6 +23,10 @@ 7 T @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -34,47 +42,38 @@ type Val: record { global servers: table[int] of Val = table(); global ct: int; -event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) { +event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) + { ct = ct + 1; - if ( ct < 3 ) { + if ( ct < 3 ) return; - } - if ( ct > 3 ) { - print "Too many events"; - return; - } - if ( 1 in servers ) { - print "VALID"; + if ( 1 in servers ) + print outfile, "VALID"; + if ( 2 in servers ) + print outfile, "VALID"; + if ( !(3 in servers) ) + print outfile, "VALID"; + if ( !(4 in servers) ) + print outfile, "VALID"; + if ( !(5 in servers) ) + print outfile, "VALID"; + if ( !(6 in servers) ) + print outfile, "VALID"; + if ( 7 in servers ) + print outfile, "VALID"; + close(outfile); + terminate(); } - if ( 2 in servers ) { - print "VALID"; - } - if ( !(3 in servers) ) { - print "VALID"; - } - if ( !(4 in servers) ) { - print "VALID"; - } - if ( !(5 in servers) ) { - print "VALID"; - } - if ( !(6 in servers) ) { - print "VALID"; - } - if ( 7 in servers ) { - print "VALID"; - } -} event bro_init() -{ + { + outfile = open("../out"); ct = 0; # first read in the old stuff into the table... - Input::add_table([$source="input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line, + Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line, $pred(typ: Input::Event, left: Idx, right: bool) = { return right; } ]); Input::remove("input"); - -} + } diff --git a/testing/btest/scripts/base/frameworks/input/predicate.bro b/testing/btest/scripts/base/frameworks/input/predicate.bro index 278ac7418e..2cda6f5fb9 100644 --- a/testing/btest/scripts/base/frameworks/input/predicate.bro +++ b/testing/btest/scripts/base/frameworks/input/predicate.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -16,6 +19,10 @@ 7 T @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -31,34 +38,31 @@ type Val: record { global servers: table[int] of Val = table(); event bro_init() -{ + { + outfile = open("../out"); # first read in the old stuff into the table... - Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $pred(typ: Input::Event, left: Idx, right: bool) = { return right; } ]); Input::remove("input"); -} + } -event Input::update_finished(name: string, source: string) { - if ( 1 in servers ) { - print "VALID"; +event Input::update_finished(name: string, source: string) + { + if ( 1 in servers ) + print outfile, "VALID"; + if ( 2 in servers ) + print outfile, "VALID"; + if ( !(3 in servers) ) + print outfile, "VALID"; + if ( !(4 in servers) ) + print outfile, "VALID"; + if ( !(5 in servers) ) + print outfile, "VALID"; + if ( !(6 in servers) ) + print outfile, "VALID"; + if ( 7 in servers ) + print outfile, "VALID"; + close(outfile); + terminate(); } - if ( 2 in servers ) { - print "VALID"; - } - if ( !(3 in servers) ) { - print "VALID"; - } - if ( !(4 in servers) ) { - print "VALID"; - } - if ( !(5 in servers) ) { - print "VALID"; - } - if ( !(6 in servers) ) { - print "VALID"; - } - if ( 7 in servers ) { - print "VALID"; - } -} diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodify.bro b/testing/btest/scripts/base/frameworks/input/predicatemodify.bro index c3198d8483..1d6a54fe38 100644 --- a/testing/btest/scripts/base/frameworks/input/predicatemodify.bro +++ b/testing/btest/scripts/base/frameworks/input/predicatemodify.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -11,6 +14,10 @@ 2 T test2 idx2 @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -28,23 +35,25 @@ type Val: record { global servers: table[int, string] of Val = table(); event bro_init() -{ - # first read in the old stuff into the table... - Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, - $pred(typ: Input::Event, left: Idx, right: Val) = { - if ( left$i == 1 ) { - right$s = "testmodified"; - } + { + outfile = open("../out"); - if ( left$i == 2 ) { + # first read in the old stuff into the table... + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, + $pred(typ: Input::Event, left: Idx, right: Val) = { + if ( left$i == 1 ) + right$s = "testmodified"; + if ( left$i == 2 ) left$ss = "idxmodified"; - } return T; } ]); Input::remove("input"); -} + } -event Input::update_finished(name: string, source: string) { - print servers; -} +event Input::update_finished(name: string, source: string) + { + print outfile, servers; + close(outfile); + terminate(); + } diff --git a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro index 1606ff6a27..9b8758bf3f 100644 --- a/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro +++ b/testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro @@ -1,6 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro %INPUT +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT # @TEST-EXEC: sleep 2 # @TEST-EXEC: cp input2.log input.log # @TEST-EXEC: sleep 2 @@ -9,7 +11,7 @@ # @TEST-EXEC: cp input4.log input.log # @TEST-EXEC: sleep 2 # @TEST-EXEC: cp input5.log input.log -# @TEST-EXEC: btest-bg-wait -k 3 +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out # @@ -77,31 +79,31 @@ global outfile: file; global try: count; event bro_init() -{ + { try = 0; - outfile = open ("../out"); + outfile = open("../out"); # first read in the old stuff into the table... Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $mode=Input::REREAD, $pred(typ: Input::Event, left: Idx, right: Val) = { - if ( left$i == 1 ) { + if ( left$i == 1 ) right$s = "testmodified"; - } - - if ( left$i == 2 ) { + if ( left$i == 2 ) left$ss = "idxmodified"; - } return T; } ]); -} + } -event Input::update_finished(name: string, source: string) { +event Input::update_finished(name: string, source: string) + { try = try + 1; print outfile, fmt("Update_finished for %s, try %d", name, try); print outfile, servers; - if ( try == 5 ) { - close (outfile); + if ( try == 5 ) + { + close(outfile); Input::remove("input"); + terminate(); + } } -} diff --git a/testing/btest/scripts/base/frameworks/input/raw.bro b/testing/btest/scripts/base/frameworks/input/raw.bro index 8ec6c12a78..cb19213173 100644 --- a/testing/btest/scripts/base/frameworks/input/raw.bro +++ b/testing/btest/scripts/base/frameworks/input/raw.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -13,6 +16,10 @@ sdf 3rw43wRRERLlL#RWERERERE. @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; +global try: count; module A; @@ -20,14 +27,23 @@ type Val: record { s: string; }; -event line(description: Input::EventDescription, tpe: Input::Event, s: string) { - print description; - print tpe; - print s; -} +event line(description: Input::EventDescription, tpe: Input::Event, s: string) + { + print outfile, description; + print outfile, tpe; + print outfile, s; + try = try + 1; + if ( try == 8 ) + { + close(outfile); + terminate(); + } + } event bro_init() -{ - Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]); + { + try = 0; + outfile = open("../out"); + Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]); Input::remove("input"); -} + } diff --git a/testing/btest/scripts/base/frameworks/input/repeat.bro b/testing/btest/scripts/base/frameworks/input/repeat.bro index 58ce9a1675..a5a914932c 100644 --- a/testing/btest/scripts/base/frameworks/input/repeat.bro +++ b/testing/btest/scripts/base/frameworks/input/repeat.bro @@ -1,6 +1,9 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out @TEST-START-FILE input.log #separator \x09 @@ -10,6 +13,11 @@ 1 T @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; +global try: count; + redef InputAscii::empty_field = "EMPTY"; module A; @@ -27,15 +35,25 @@ global destination: table[int] of Val = table(); const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32}; event bro_init() -{ - for ( i in one_to_32 ) { - Input::add_table([$source="input.log", $name=fmt("input%d", i), $idx=Idx, $val=Val, $destination=destination, $want_record=F]); + { + try = 0; + outfile = open("../out"); + for ( i in one_to_32 ) + { + Input::add_table([$source="../input.log", $name=fmt("input%d", i), $idx=Idx, $val=Val, $destination=destination, $want_record=F]); Input::remove(fmt("input%d", i)); + } } -} -event Input::update_finished(name: string, source: string) { - print name; - print source; - print destination; -} +event Input::update_finished(name: string, source: string) + { + print outfile, name; + print outfile, source; + print outfile, destination; + try = try + 1; + if ( try == 32 ) + { + close(outfile); + terminate(); + } + } diff --git a/testing/btest/scripts/base/frameworks/input/reread.bro b/testing/btest/scripts/base/frameworks/input/reread.bro index f33b060fe0..2db58fc6b0 100644 --- a/testing/btest/scripts/base/frameworks/input/reread.bro +++ b/testing/btest/scripts/base/frameworks/input/reread.bro @@ -1,6 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro %INPUT +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT # @TEST-EXEC: sleep 2 # @TEST-EXEC: cp input2.log input.log # @TEST-EXEC: sleep 2 @@ -9,7 +11,7 @@ # @TEST-EXEC: cp input4.log input.log # @TEST-EXEC: sleep 2 # @TEST-EXEC: cp input5.log input.log -# @TEST-EXEC: btest-bg-wait -k 2 +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input1.log @@ -56,6 +58,7 @@ F -48 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz F -48 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} @TEST-END-FILE +@load base/protocols/ssh @load frameworks/communication/listen redef InputAscii::empty_field = "EMPTY"; @@ -90,7 +93,8 @@ global outfile: file; global try: count; -event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) { +event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) + { print outfile, "============EVENT============"; print outfile, "Description"; print outfile, description; @@ -100,11 +104,11 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r print outfile, left; print outfile, "Right"; print outfile, right; -} + } event bro_init() -{ - outfile = open ("../out"); + { + outfile = open("../out"); try = 0; # first read in the old stuff into the table... Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line, @@ -116,17 +120,20 @@ event bro_init() return T; } ]); -} + } -event Input::update_finished(name: string, source: string) { +event Input::update_finished(name: string, source: string) + { print outfile, "==========SERVERS============"; print outfile, servers; try = try + 1; - if ( try == 5 ) { + if ( try == 5 ) + { print outfile, "done"; close(outfile); Input::remove("input"); + terminate(); + } } -} diff --git a/testing/btest/scripts/base/frameworks/input/rereadraw.bro b/testing/btest/scripts/base/frameworks/input/rereadraw.bro index 33361ad27e..1051351c2b 100644 --- a/testing/btest/scripts/base/frameworks/input/rereadraw.bro +++ b/testing/btest/scripts/base/frameworks/input/rereadraw.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -13,6 +16,10 @@ sdf 3rw43wRRERLlL#RWERERERE. @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; +global try: count; module A; @@ -20,15 +27,24 @@ type Val: record { s: string; }; -event line(description: Input::EventDescription, tpe: Input::Event, s: string) { - print description; - print tpe; - print s; -} +event line(description: Input::EventDescription, tpe: Input::Event, s: string) + { + print outfile, description; + print outfile, tpe; + print outfile, s; + try = try + 1; + if ( try == 16 ) + { + close(outfile); + terminate(); + } + } event bro_init() -{ - Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line]); + { + try = 0; + outfile = open("../out"); + Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line]); Input::force_update("input"); Input::remove("input"); -} + } diff --git a/testing/btest/scripts/base/frameworks/input/stream.bro b/testing/btest/scripts/base/frameworks/input/stream.bro index 571a2273c1..1ecd8a2eb0 100644 --- a/testing/btest/scripts/base/frameworks/input/stream.bro +++ b/testing/btest/scripts/base/frameworks/input/stream.bro @@ -1,11 +1,13 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro %INPUT +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT # @TEST-EXEC: sleep 3 # @TEST-EXEC: cat input2.log >> input.log # @TEST-EXEC: sleep 3 # @TEST-EXEC: cat input3.log >> input.log -# @TEST-EXEC: btest-bg-wait -k 3 +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input1.log @@ -22,6 +24,7 @@ T -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz F -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} @TEST-END-FILE +@load base/protocols/ssh @load frameworks/communication/listen redef InputAscii::empty_field = "EMPTY"; @@ -56,7 +59,8 @@ global outfile: file; global try: count; -event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) { +event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) + { print outfile, "============EVENT============"; print outfile, tpe; print outfile, left; @@ -66,18 +70,19 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r try = try + 1; - if ( try == 3 ) { + if ( try == 3 ) + { print outfile, "done"; close(outfile); Input::remove("input"); + terminate(); + } } -} event bro_init() -{ - outfile = open ("../out"); + { + outfile = open("../out"); try = 0; # first read in the old stuff into the table... Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line]); -} - + } diff --git a/testing/btest/scripts/base/frameworks/input/streamraw.bro b/testing/btest/scripts/base/frameworks/input/streamraw.bro index cc0afd5ae8..a6aba88c5f 100644 --- a/testing/btest/scripts/base/frameworks/input/streamraw.bro +++ b/testing/btest/scripts/base/frameworks/input/streamraw.bro @@ -1,3 +1,5 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # # @TEST-EXEC: cp input1.log input.log # @TEST-EXEC: btest-bg-run bro bro -b %INPUT @@ -5,7 +7,7 @@ # @TEST-EXEC: cat input2.log >> input.log # @TEST-EXEC: sleep 3 # @TEST-EXEC: cat input3.log >> input.log -# @TEST-EXEC: btest-bg-wait -k 3 +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input1.log @@ -36,21 +38,25 @@ type Val: record { global try: count; global outfile: file; -event line(description: Input::EventDescription, tpe: Input::Event, s: string) { +event line(description: Input::EventDescription, tpe: Input::Event, s: string) + { print outfile, description; print outfile, tpe; print outfile, s; - - if ( try == 3 ) { + + try = try + 1; + if ( try == 8 ) + { print outfile, "done"; close(outfile); Input::remove("input"); + terminate(); + } } -} event bro_init() -{ - outfile = open ("../out"); + { + outfile = open("../out"); try = 0; Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]); -} + } diff --git a/testing/btest/scripts/base/frameworks/input/tableevent.bro b/testing/btest/scripts/base/frameworks/input/tableevent.bro index e40485dd12..723e519237 100644 --- a/testing/btest/scripts/base/frameworks/input/tableevent.bro +++ b/testing/btest/scripts/base/frameworks/input/tableevent.bro @@ -1,5 +1,8 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 # @TEST-EXEC: btest-diff out @TEST-START-FILE input.log @@ -16,6 +19,11 @@ 7 T @TEST-END-FILE +@load frameworks/communication/listen + +global outfile: file; +global try: count; + redef InputAscii::empty_field = "EMPTY"; type Idx: record { @@ -28,15 +36,24 @@ type Val: record { global destination: table[int] of Val = table(); -event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) { - print description; - print tpe; - print left; - print right; -} +event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) + { + print outfile, description; + print outfile, tpe; + print outfile, left; + print outfile, right; + try = try + 1; + if ( try == 7 ) + { + close(outfile); + terminate(); + } + } event bro_init() -{ - Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]); + { + try = 0; + outfile = open("../out"); + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]); Input::remove("input"); -} + } diff --git a/testing/btest/scripts/base/frameworks/input/twotables.bro b/testing/btest/scripts/base/frameworks/input/twotables.bro index 1413275e63..f404416049 100644 --- a/testing/btest/scripts/base/frameworks/input/twotables.bro +++ b/testing/btest/scripts/base/frameworks/input/twotables.bro @@ -1,10 +1,15 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm # # @TEST-EXEC: cp input1.log input.log -# @TEST-EXEC: btest-bg-run bro bro %INPUT -# @TEST-EXEC: sleep 2 +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: sleep 5 # @TEST-EXEC: cp input3.log input.log -# @TEST-EXEC: btest-bg-wait -k 2 -# @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-bg-wait -k 10 +# @TEST-EXEC: btest-diff event.out +# @TEST-EXEC: btest-diff pred1.out +# @TEST-EXEC: btest-diff pred2.out +# @TEST-EXEC: btest-diff fin.out @TEST-START-FILE input1.log #separator \x09 @@ -28,6 +33,7 @@ T -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz F -44 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} @TEST-END-FILE +@load base/protocols/ssh @load frameworks/communication/listen redef InputAscii::empty_field = "EMPTY"; @@ -58,59 +64,71 @@ type Val: record { global servers: table[int] of Val = table(); -global outfile: file; +global event_out: file; +global pred1_out: file; +global pred2_out: file; +global fin_out: file; global try: count; -event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) { - print outfile, "============EVENT============"; -# print outfile, "Description"; -# print outfile, description; -# print outfile, "Type"; -# print outfile, tpe; -# print outfile, "Left"; -# print outfile, left; -# print outfile, "Right"; -# print outfile, right; -} +event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) + { + print event_out, "============EVENT============"; +# print event_out, "Description"; +# print event_out, description; +# print event_out, "Type"; +# print event_out, tpe; +# print event_out, "Left"; +# print event_out, left; +# print event_out, "Right"; +# print event_out, right; + } event bro_init() -{ - outfile = open ("../out"); + { + event_out = open ("../event.out"); + pred1_out = open ("../pred1.out"); + pred2_out = open ("../pred2.out"); + fin_out = open ("../fin.out"); try = 0; # first read in the old stuff into the table... Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line, $pred(typ: Input::Event, left: Idx, right: Val) = { - print outfile, "============PREDICATE============"; - print outfile, typ; - print outfile, left; - print outfile, right; + print pred1_out, "============PREDICATE============"; + print pred1_out, typ; + print pred1_out, left; + print pred1_out, right; return T; } ]); Input::add_table([$source="../input2.log", $mode=Input::REREAD, $name="ssh2", $idx=Idx, $val=Val, $destination=servers, $ev=line, $pred(typ: Input::Event, left: Idx, right: Val) = { - print outfile, "============PREDICATE 2============"; - print outfile, typ; - print outfile, left; - print outfile, right; + print pred2_out, "============PREDICATE 2============"; + print pred2_out, typ; + print pred2_out, left; + print pred2_out, right; return T; } ]); -} + } -event Input::update_finished(name: string, source: string) { - print outfile, "==========SERVERS============"; - print outfile, servers; +event Input::update_finished(name: string, source: string) + { + print fin_out, "==========SERVERS============"; + #print fin_out, servers; try = try + 1; - if ( try == 3 ) { - print outfile, "done"; - print outfile, servers; - close(outfile); + if ( try == 3 ) + { + print fin_out, "done"; + print fin_out, servers; + close(event_out); + close(pred1_out); + close(pred2_out); + close(fin_out); Input::remove("input"); Input::remove("input2"); terminate(); + } } -}