Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 11:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Revert "Workaround race condition in unified2 file module."

Browse source 
This reverts commit 1a03a95f35.
This commit is contained in:
Jon Siwek 2015-01-05 14:51:58 -06:00
parent 1a03a95f35
commit a3d78cc830
1 changed files with 2 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

32
testing/btest/scripts/base/files/unified2/alert.bro
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: bro -b %INPUT test_watch_file=$FILES/unified2.u2 # @TEST-EXEC: bro -b %INPUT Unified2::watch_file=$FILES/unified2.u2
# @TEST-EXEC: btest-diff unified2.log # @TEST-EXEC: btest-diff unified2.log
@TEST-START-FILE sid_msg.map @TEST-START-FILE sid_msg.map
@ -68,36 +68,6 @@ redef Unified2::gen_msg = @DIR+"/gen_msg.map";
redef Unified2::classification_config = @DIR+"/classification.config"; redef Unified2::classification_config = @DIR+"/classification.config";
global i = 0; global i = 0;
# TODO: can't currently use Unified2::watch_file directly for the test as
# there's a race between reading that file and the map/classification
# config files, which leads to not all fields of the unified2.log being
# populated on occassion.
const test_watch_file: string = "" &redef;
event start_test()
{
Input::add_analysis([$source=test_watch_file,
$reader=Input::READER_BINARY,
$mode=Input::STREAM,
$name=test_watch_file]);
}
# TODO: this should be handled by unified2 module, but it's here for
# working around the issue mentioned in comment above.
event file_new(f: fa_file)
{
if ( f$source == test_watch_file )
{
Files::add_analyzer(f, Files::ANALYZER_UNIFIED2);
f$u2_events = table();
}
}
event bro_init()
{
schedule 2sec { start_test() };
}
event Unified2::alert(f: fa_file, ev: Unified2::IDSEvent, pkt: Unified2::Packet) event Unified2::alert(f: fa_file, ev: Unified2::IDSEvent, pkt: Unified2::Packet)
{ {
++i; ++i;