mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
baselines for the autostart removal.
This commit is contained in:
Bernhard Amann
parent
2e452dc29f
commit
96a7e068f0
8 changed files with 66 additions and 66 deletions
|
|
@ -1,4 +1,4 @@
|
|||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -8,7 +8,7 @@ print A::b;
|
|||
Input::EVENT_NEW
|
||||
1
|
||||
T
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -18,7 +18,7 @@ print A::b;
|
|||
Input::EVENT_NEW
|
||||
2
|
||||
T
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -28,7 +28,7 @@ print A::b;
|
|||
Input::EVENT_NEW
|
||||
3
|
||||
F
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -38,7 +38,7 @@ print A::b;
|
|||
Input::EVENT_NEW
|
||||
4
|
||||
F
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -48,7 +48,7 @@ print A::b;
|
|||
Input::EVENT_NEW
|
||||
5
|
||||
F
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -58,7 +58,7 @@ print A::b;
|
|||
Input::EVENT_NEW
|
||||
6
|
||||
F
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -14,7 +14,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -30,7 +30,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -46,7 +46,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
q3r3057fdf
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -62,7 +62,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdfs\d
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -78,7 +78,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -94,7 +94,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
dfsdf
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -110,7 +110,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdf
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -126,7 +126,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
3rw43wRRERLlL#RWERERERE.
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=tail -f ../input.log |, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -6,7 +6,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -14,7 +14,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -22,7 +22,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
q3r3057fdf
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -30,7 +30,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdfs\d
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -38,7 +38,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -46,7 +46,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
dfsdf
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -54,7 +54,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdf
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ BB
|
|||
}, vc=[10, 20, 30], ve=[]]
|
||||
============EVENT============
|
||||
Description
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, autostart=T, name=ssh, destination={
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
|
||||
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
|
||||
2,
|
||||
4,
|
||||
|
|
@ -96,7 +96,7 @@ BB
|
|||
}, vc=[10, 20, 30], ve=[]]
|
||||
============EVENT============
|
||||
Description
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, autostart=T, name=ssh, destination={
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
|
||||
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
|
||||
2,
|
||||
4,
|
||||
|
|
@ -201,7 +201,7 @@ BB
|
|||
}, vc=[10, 20, 30], ve=[]]
|
||||
============EVENT============
|
||||
Description
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, autostart=T, name=ssh, destination={
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
|
||||
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
|
||||
2,
|
||||
4,
|
||||
|
|
@ -366,7 +366,7 @@ BB
|
|||
}, vc=[10, 20, 30], ve=[]]
|
||||
============EVENT============
|
||||
Description
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, autostart=T, name=ssh, destination={
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
|
||||
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
|
||||
2,
|
||||
4,
|
||||
|
|
@ -489,7 +489,7 @@ BB
|
|||
}, vc=[10, 20, 30], ve=[]]
|
||||
============EVENT============
|
||||
Description
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, autostart=T, name=ssh, destination={
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
|
||||
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
|
||||
2,
|
||||
4,
|
||||
|
|
@ -612,7 +612,7 @@ BB
|
|||
}, vc=[10, 20, 30], ve=[]]
|
||||
============EVENT============
|
||||
Description
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, autostart=T, name=ssh, destination={
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
|
||||
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
|
||||
2,
|
||||
4,
|
||||
|
|
@ -735,7 +735,7 @@ BB
|
|||
}, vc=[10, 20, 30], ve=[]]
|
||||
============EVENT============
|
||||
Description
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, autostart=T, name=ssh, destination={
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
|
||||
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
|
||||
2,
|
||||
4,
|
||||
|
|
@ -858,7 +858,7 @@ BB
|
|||
}, vc=[10, 20, 30], ve=[]]
|
||||
============EVENT============
|
||||
Description
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, autostart=T, name=ssh, destination={
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
|
||||
[-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
|
||||
2,
|
||||
4,
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -6,7 +6,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -14,7 +14,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -22,7 +22,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
q3r3057fdf
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -30,7 +30,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdfs\d
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -38,7 +38,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -46,7 +46,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
dfsdf
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -54,7 +54,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdf
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -62,7 +62,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
3rw43wRRERLlL#RWERERERE.
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -70,7 +70,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -78,7 +78,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -86,7 +86,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
q3r3057fdf
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -94,7 +94,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdfs\d
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -102,7 +102,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -110,7 +110,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
dfsdf
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
@ -118,7 +118,7 @@ print A::s;
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdf
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::description;
|
||||
print A::tpe;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -13,7 +13,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -28,7 +28,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -43,7 +43,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
q3r3057fdf
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -58,7 +58,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdfs\d
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -73,7 +73,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -88,7 +88,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
dfsdf
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
@ -103,7 +103,7 @@ Input::remove(input);
|
|||
}]
|
||||
Input::EVENT_NEW
|
||||
sdf
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, autostart=T, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
|
||||
{
|
||||
print A::outfile, A::description;
|
||||
print A::outfile, A::tpe;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
|
||||
[2] = T,
|
||||
[4] = F,
|
||||
[6] = F,
|
||||
|
|
@ -16,7 +16,7 @@ print right;
|
|||
Input::EVENT_NEW
|
||||
[i=1]
|
||||
T
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
|
||||
[2] = T,
|
||||
[4] = F,
|
||||
[6] = F,
|
||||
|
|
@ -34,7 +34,7 @@ print right;
|
|||
Input::EVENT_NEW
|
||||
[i=2]
|
||||
T
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
|
||||
[2] = T,
|
||||
[4] = F,
|
||||
[6] = F,
|
||||
|
|
@ -52,7 +52,7 @@ print right;
|
|||
Input::EVENT_NEW
|
||||
[i=3]
|
||||
F
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
|
||||
[2] = T,
|
||||
[4] = F,
|
||||
[6] = F,
|
||||
|
|
@ -70,7 +70,7 @@ print right;
|
|||
Input::EVENT_NEW
|
||||
[i=4]
|
||||
F
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
|
||||
[2] = T,
|
||||
[4] = F,
|
||||
[6] = F,
|
||||
|
|
@ -88,7 +88,7 @@ print right;
|
|||
Input::EVENT_NEW
|
||||
[i=5]
|
||||
F
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
|
||||
[2] = T,
|
||||
[4] = F,
|
||||
[6] = F,
|
||||
|
|
@ -106,7 +106,7 @@ print right;
|
|||
Input::EVENT_NEW
|
||||
[i=6]
|
||||
F
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, autostart=T, name=input, destination={
|
||||
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
|
||||
[2] = T,
|
||||
[4] = F,
|
||||
[6] = F,
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ BB
|
|||
}, vc=[10, 20, 30], ve=[]]
|
||||
============EVENT============
|
||||
Description
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, autostart=T, name=ssh, destination={
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
|
||||
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
|
||||
2,
|
||||
4,
|
||||
|
|
@ -120,7 +120,7 @@ BB
|
|||
}
|
||||
============EVENT============
|
||||
Description
|
||||
[source=../input2.log, reader=Input::READER_ASCII, mode=Input::REREAD, autostart=T, name=ssh2, destination={
|
||||
[source=../input2.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh2, destination={
|
||||
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
|
||||
2,
|
||||
4,
|
||||
|
|
@ -240,7 +240,7 @@ BB
|
|||
}, vc=[10, 20, 30], ve=[]]
|
||||
============EVENT============
|
||||
Description
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, autostart=T, name=ssh, destination={
|
||||
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
|
||||
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
|
||||
2,
|
||||
4,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue