Merge remote-tracking branch 'origin/topic/seth/zeek_init'

* origin/topic/seth/zeek_init: Some more testing fixes. Update docs and tests for bro_(init|done) -> zeek_(init|done) Implement the zeek_init handler.
2025-10-08 01:28:20 +00:00 · 2019-04-19 11:16:35 -07:00 · 2019-04-19 11:16:35 -07:00 · a994be9eeb
commit a994be9eeb
parent 9421ee0293 9d676d368b
628 changed files with 868 additions and 1082 deletions
--- a/testing/btest/Baseline/bifs.global_sizes/out
+++ b/testing/btest/Baseline/bifs.global_sizes/out
@ -1 +1 @@
-found bro_init
+found zeek_init
--- a/testing/btest/Baseline/core.plugins.hooks/output
+++ b/testing/btest/Baseline/core.plugins.hooks/output
@ -188,7 +188,7 @@
 0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::UNIQUE, anonymous-function{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || flattenSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = flattenSumStats::rv$unique_vals})) -> <null>
 0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, (SumStats::VARIANCE, anonymous-function{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})) -> <null>
 0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugins, ()) -> <null>
-0.000000   MetaHookPost  CallFunction(bro_init, ()) -> <null>
+0.000000   MetaHookPost  CallFunction(zeek_init, ()) -> <null>
 0.000000   MetaHookPost  CallFunction(filter_change_tracking, ()) -> <null>
 0.000000   MetaHookPost  CallFunction(set_to_regex, ({}, (^\.?|\.)(~~)$)) -> <null>
 0.000000   MetaHookPost  CallFunction(set_to_regex, ({}, (^\.?|\.)(~~)$)) -> <null>
@ -576,7 +576,7 @@
 0.000000   MetaHookPost  LoadFile(base/utils/thresholds) -> -1
 0.000000   MetaHookPost  LoadFile(base/utils/time) -> -1
 0.000000   MetaHookPost  LoadFile(base/utils/urls) -> -1
-0.000000   MetaHookPost  QueueEvent(bro_init()) -> false
+0.000000   MetaHookPost  QueueEvent(zeek_init()) -> false
 0.000000   MetaHookPost  QueueEvent(filter_change_tracking()) -> false
 0.000000   MetaHookPre   CallFunction(Analyzer::disable_analyzer, (Analyzer::ANALYZER_BACKDOOR))
 0.000000   MetaHookPre   CallFunction(Analyzer::disable_analyzer, (Analyzer::ANALYZER_INTERCONN))
@ -768,7 +768,7 @@
 0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::UNIQUE, anonymous-function{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || flattenSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = flattenSumStats::rv$unique_vals}))
 0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, (SumStats::VARIANCE, anonymous-function{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average}))
 0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugins, ())
-0.000000   MetaHookPre   CallFunction(bro_init, ())
+0.000000   MetaHookPre   CallFunction(zeek_init, ())
 0.000000   MetaHookPre   CallFunction(filter_change_tracking, ())
 0.000000   MetaHookPre   CallFunction(set_to_regex, ({}, (^\.?|\.)(~~)$))
 0.000000   MetaHookPre   CallFunction(set_to_regex, ({}, (^\.?|\.)(~~)$))
@ -1156,7 +1156,7 @@
 0.000000   MetaHookPre   LoadFile(base/utils/thresholds)
 0.000000   MetaHookPre   LoadFile(base/utils/time)
 0.000000   MetaHookPre   LoadFile(base/utils/urls)
-0.000000   MetaHookPre   QueueEvent(bro_init())
+0.000000   MetaHookPre   QueueEvent(zeek_init())
 0.000000   MetaHookPre   QueueEvent(filter_change_tracking())
 0.000000 | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_BACKDOOR)
 0.000000 | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_INTERCONN)
@ -1348,7 +1348,7 @@
 0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::UNIQUE, anonymous-function{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || flattenSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = flattenSumStats::rv$unique_vals})
 0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::VARIANCE, anonymous-function{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})
 0.000000 | HookCallFunction SumStats::register_observe_plugins()
-0.000000 | HookCallFunction bro_init()
+0.000000 | HookCallFunction zeek_init()
 0.000000 | HookCallFunction filter_change_tracking()
 0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$)
 0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$)
@ -1736,7 +1736,7 @@
 0.000000 | HookLoadFile  base/utils/thresholds.bro/bro
 0.000000 | HookLoadFile  base/utils/time.bro/bro
 0.000000 | HookLoadFile  base/utils/urls.bro/bro
-0.000000 | HookQueueEvent bro_init()
+0.000000 | HookQueueEvent zeek_init()
 0.000000 | HookQueueEvent filter_change_tracking()
 1362692526.869344   MetaHookPost  CallFunction(ChecksumOffloading::check, ()) -> <null>
 1362692526.869344   MetaHookPost  CallFunction(filter_change_tracking, ()) -> <null>
@ -2193,7 +2193,7 @@
 1362692527.080972   MetaHookPost  CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null>
 1362692527.080972   MetaHookPost  CallFunction(Log::default_path_func, (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <null>
 1362692527.080972   MetaHookPost  CallFunction(Log::write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <null>
-1362692527.080972   MetaHookPost  CallFunction(bro_done, ()) -> <null>
+1362692527.080972   MetaHookPost  CallFunction(zeek_done, ()) -> <null>
 1362692527.080972   MetaHookPost  CallFunction(connection_state_remove, ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <null>
 1362692527.080972   MetaHookPost  CallFunction(filter_change_tracking, ()) -> <null>
 1362692527.080972   MetaHookPost  CallFunction(get_file_handle, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null>
@ -2214,7 +2214,7 @@
 1362692527.080972   MetaHookPost  DrainEvents() -> <void>
 1362692527.080972   MetaHookPost  QueueEvent(ChecksumOffloading::check()) -> false
 1362692527.080972   MetaHookPost  QueueEvent(ChecksumOffloading::check()) -> false
-1362692527.080972   MetaHookPost  QueueEvent(bro_done()) -> false
+1362692527.080972   MetaHookPost  QueueEvent(zeek_done()) -> false
 1362692527.080972   MetaHookPost  QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> false
 1362692527.080972   MetaHookPost  QueueEvent(filter_change_tracking()) -> false
 1362692527.080972   MetaHookPost  QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
@ -2227,7 +2227,7 @@
 1362692527.080972   MetaHookPre   CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
 1362692527.080972   MetaHookPre   CallFunction(Log::default_path_func, (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
 1362692527.080972   MetaHookPre   CallFunction(Log::write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
-1362692527.080972   MetaHookPre   CallFunction(bro_done, ())
+1362692527.080972   MetaHookPre   CallFunction(zeek_done, ())
 1362692527.080972   MetaHookPre   CallFunction(connection_state_remove, ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
 1362692527.080972   MetaHookPre   CallFunction(filter_change_tracking, ())
 1362692527.080972   MetaHookPre   CallFunction(get_file_handle, (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
@ -2248,7 +2248,7 @@
 1362692527.080972   MetaHookPre   DrainEvents()
 1362692527.080972   MetaHookPre   QueueEvent(ChecksumOffloading::check())
 1362692527.080972   MetaHookPre   QueueEvent(ChecksumOffloading::check())
-1362692527.080972   MetaHookPre   QueueEvent(bro_done())
+1362692527.080972   MetaHookPre   QueueEvent(zeek_done())
 1362692527.080972   MetaHookPre   QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
 1362692527.080972   MetaHookPre   QueueEvent(filter_change_tracking())
 1362692527.080972   MetaHookPre   QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
@ -2262,7 +2262,7 @@
 1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
 1362692527.080972 | HookCallFunction Log::default_path_func(Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])
 1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])
-1362692527.080972 | HookCallFunction bro_done()
+1362692527.080972 | HookCallFunction zeek_done()
 1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
 1362692527.080972 | HookCallFunction filter_change_tracking()
 1362692527.080972 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
@ -2283,7 +2283,7 @@
 1362692527.080972 | HookDrainEvents
 1362692527.080972 | HookQueueEvent ChecksumOffloading::check()
 1362692527.080972 | HookQueueEvent ChecksumOffloading::check()
-1362692527.080972 | HookQueueEvent bro_done()
+1362692527.080972 | HookQueueEvent zeek_done()
 1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
 1362692527.080972 | HookQueueEvent filter_change_tracking()
 1362692527.080972 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={HTTP}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
--- a/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output
+++ b/testing/btest/Baseline/core.when-interpreter-exceptions/bro.output
@ -6,7 +6,7 @@ received termination signal
 [f(F)]
 f() done, no exception, T
 [f(T)]
-[bro_init()]
+[zeek_init()]
 timeout g(), T
 timeout
 timeout g(), F
--- a/testing/btest/Baseline/doc.manual.connection_record_01/.stdout
+++ b/testing/btest/Baseline/doc.manual.connection_record_01/.stdout
@ -1,5 +0,0 @@
-[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={
-
-}, addl=, hot=0, history=ShADadFf, uid=UWkUyAuUGXf, tunnel=<uninitialized>, conn=[ts=930613226.067666, uid=UWkUyAuUGXf, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=<uninitialized>, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={
-
-}], extract_orig=F, extract_resp=F]
--- a/testing/btest/Baseline/doc.manual.connection_record_02/.stdout
+++ b/testing/btest/Baseline/doc.manual.connection_record_02/.stdout
@ -1,9 +0,0 @@
-[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={
-
-}, addl=, hot=0, history=ShADadFf, uid=UWkUyAuUGXf, tunnel=<uninitialized>, conn=[ts=930613226.067666, uid=UWkUyAuUGXf, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=<uninitialized>, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={
-
-}], extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=[pending={
-
-}, finished_answers={
-34798
-}]]
--- a/testing/btest/Baseline/doc.manual.data_struct_record_01/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_struct_record_01/.stdout
@ -1,6 +0,0 @@
-Service: dns(RFC1035)
-  port: 53/tcp
-  port: 53/udp
-Service: http(RFC2616)
-  port: 80/tcp
-  port: 8080/tcp
--- a/testing/btest/Baseline/doc.manual.data_struct_record_02/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_struct_record_02/.stdout
@ -1,7 +0,0 @@
-System: morlock
-  Service: dns(RFC1035)
-    port: 53/tcp
-    port: 53/udp
-  Service: http(RFC2616)
-    port: 80/tcp
-    port: 8080/tcp
--- a/testing/btest/Baseline/doc.manual.data_struct_set_declaration/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_struct_set_declaration/.stdout
@ -1,8 +0,0 @@
-SSL Port: 993/tcp
-SSL Port: 22/tcp
-SSL Port: 587/tcp
-SSL Port: 443/tcp
-Non-SSL Port: 143/tcp
-Non-SSL Port: 25/tcp
-Non-SSL Port: 80/tcp
-Non-SSL Port: 23/tcp
--- a/testing/btest/Baseline/doc.manual.data_struct_table_complex/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_struct_table_complex/.stdout
@ -1,4 +0,0 @@
-Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai
-Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai
-Harakiri was released in 1962 by Shochiku Eiga studios, directed by Masaki Kobayashi and starring Tatsuya Nakadai
-Tasogare Seibei was released in 2002 by Eisei Gekijo studios, directed by Yoji Yamada and starring Hiroyuki Sanada
--- a/testing/btest/Baseline/doc.manual.data_struct_table_declaration/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_struct_table_declaration/.stdout
@ -1,4 +0,0 @@
-Service Name:  IMAPS - Common Port: 993/tcp
-Service Name:  HTTPS - Common Port: 443/tcp
-Service Name:  SSH - Common Port: 22/tcp
-Service Name:  SMTPS - Common Port: 587/tcp
--- a/testing/btest/Baseline/doc.manual.data_struct_vector/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_struct_vector/.stdout
@ -1,2 +0,0 @@
-[1, 2, 3, 4]
-[1, 2, 3, 4]
--- a/testing/btest/Baseline/doc.manual.data_struct_vector_declaration/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_struct_vector_declaration/.stdout
@ -1,4 +0,0 @@
-contents of v1: [1, 2, 3, 4]
-length of v1: 4
-contents of v1: [1, 2, 3, 4]
-length of v2: 4
--- a/testing/btest/Baseline/doc.manual.data_struct_vector_iter/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_struct_vector_iter/.stdout
@ -1,3 +0,0 @@
-1.2.0.0/18
-2.3.0.0/18
-3.4.0.0/18
--- a/testing/btest/Baseline/doc.manual.data_type_const/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_const/.stdout
@ -1,4 +0,0 @@
-{
-[6666/tcp] = IRC,
-[80/tcp] = WWW
-}
--- a/testing/btest/Baseline/doc.manual.data_type_const_simple/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_const_simple/.stdout
--- a/testing/btest/Baseline/doc.manual.data_type_declaration/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_declaration/.stdout
@ -1 +0,0 @@
-A: 10, B: 10
--- a/testing/btest/Baseline/doc.manual.data_type_interval/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_interval/.stdout
@ -1,15 +0,0 @@
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.118
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3
-     Time since last connection: 132.0 msecs 97.0 usecs
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3
-     Time since last connection: 177.0 usecs
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3
-     Time since last connection: 2.0 msecs 177.0 usecs
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3
-     Time since last connection: 33.0 msecs 898.0 usecs
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3
-     Time since last connection: 35.0 usecs
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3
-     Time since last connection: 2.0 msecs 532.0 usecs
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.2
-     Time since last connection: 7.0 msecs 866.0 usecs
--- a/testing/btest/Baseline/doc.manual.data_type_local/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_local/.stdout
@ -1 +0,0 @@
-i + 2 = 12
--- a/testing/btest/Baseline/doc.manual.data_type_pattern_01/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_pattern_01/.stdout
@ -1,3 +0,0 @@
-The 
- brown fox jumped over the 
- dog.
--- a/testing/btest/Baseline/doc.manual.data_type_pattern_02/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_pattern_02/.stdout
@ -1,2 +0,0 @@
-equality and /^?(equal)$?/ are not equal
-equality and /^?(equality)$?/ are equal
--- a/testing/btest/Baseline/doc.manual.data_type_subnets/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_subnets/.stdout
@ -1,4 +0,0 @@
-172.16.4.56 belongs to subnet 172.16.0.0/20
-172.16.47.254 belongs to subnet 172.16.32.0/20
-172.16.22.45 belongs to subnet 172.16.16.0/20
-172.16.1.1 belongs to subnet 172.16.0.0/20
--- a/testing/btest/Baseline/doc.manual.data_type_time/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_time/.stdout
@ -1,8 +0,0 @@
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.118^J
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
-2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.2^J
--- a/testing/btest/Baseline/doc.manual.framework_logging_factorial_01/.stdout
+++ b/testing/btest/Baseline/doc.manual.framework_logging_factorial_01/.stdout
@ -1,10 +0,0 @@
-1
-2
-6
-24
-120
-720
-5040
-40320
-362880
-3628800
--- a/testing/btest/Baseline/doc.manual.framework_logging_factorial_02/factor.log
+++ b/testing/btest/Baseline/doc.manual.framework_logging_factorial_02/factor.log
@ -1,19 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	factor
-#open	2013-03-19-03-25-33
-#fields	num	factorial_num
-#types	count	count
-1	1
-2	2
-3	6
-4	24
-5	120
-6	720
-7	5040
-8	40320
-9	362880
-10	3628800
-#close	2013-03-19-03-25-33
--- a/testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-mod5.log
+++ b/testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-mod5.log
@ -1,15 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	factor-mod5
-#open	2013-03-20-03-22-52
-#fields	num	factorial_num
-#types	count	count
-5	120
-6	720
-7	5040
-8	40320
-9	362880
-10	3628800
-#close	2013-03-20-03-22-52
--- a/testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-non5.log
+++ b/testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-non5.log
@ -1,13 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	factor-non5
-#open	2013-03-20-03-22-52
-#fields	num	factorial_num
-#types	count	count
-1	1
-2	2
-3	6
-4	24
-#close	2013-03-20-03-22-52
--- a/testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-mod5.log
+++ b/testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-mod5.log
@ -1,15 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	factor-mod5
-#open	2013-03-25-02-00-12
-#fields	num	factorial_num
-#types	count	count
-5	120
-6	720
-7	5040
-8	40320
-9	362880
-10	3628800
-#close	2013-03-25-02-00-12
--- a/testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-non5.log
+++ b/testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-non5.log
@ -1,13 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	factor-non5
-#open	2013-03-25-02-00-12
-#fields	num	factorial_num
-#types	count	count
-1	1
-2	2
-3	6
-4	24
-#close	2013-03-25-02-00-12
--- a/testing/btest/Baseline/doc.manual.framework_notice_hook_01/.stdout
+++ b/testing/btest/Baseline/doc.manual.framework_notice_hook_01/.stdout
--- a/testing/btest/Baseline/doc.manual.framework_notice_hook_suppression_01/.stdout
+++ b/testing/btest/Baseline/doc.manual.framework_notice_hook_suppression_01/.stdout
--- a/testing/btest/Baseline/doc.manual.framework_notice_shortcuts_01/.stdout
+++ b/testing/btest/Baseline/doc.manual.framework_notice_shortcuts_01/.stdout
--- a/testing/btest/Baseline/doc.manual.framework_notice_shortcuts_02/.stdout
+++ b/testing/btest/Baseline/doc.manual.framework_notice_shortcuts_02/.stdout
--- a/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/.stdout
+++ b/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/.stdout
--- a/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/conn.log
+++ b/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/conn.log
@ -1,43 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	conn
-#open	2013-05-05-20-51-24
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
-#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
-1300475167.096535	UWkUyAuUGXf	141.142.220.202	5353	224.0.0.251	5353	udp	dns	-	-	-	S0	-	0	D	1	73	0	0	-
-1300475167.097012	arKYeMETxOg	fe80::217:f2ff:fed7:cf65	5353	ff02::fb	5353	udp	-	-	-	-	S0	-	0	D	1	199	0	0	-
-1300475167.099816	k6kgXLOoSKl	141.142.220.50	5353	224.0.0.251	5353	udp	-	-	-	-	S0	-	0	D	1	179	0	0	-
-1300475168.853899	TEfuqmmG4bh	141.142.220.118	43927	141.142.2.2	53	udp	dns	0.000435	38	89	SF	-	0	Dd	1	66	1	117	-
-1300475168.854378	FrJExwHcSal	141.142.220.118	37676	141.142.2.2	53	udp	dns	0.000420	52	99	SF	-	0	Dd	1	80	1	127	-
-1300475168.854837	5OKnoww6xl4	141.142.220.118	40526	141.142.2.2	53	udp	dns	0.000392	38	183	SF	-	0	Dd	1	66	1	211	-
-1300475168.857956	fRFu0wcOle6	141.142.220.118	32902	141.142.2.2	53	udp	dns	0.000317	38	89	SF	-	0	Dd	1	66	1	117	-
-1300475168.858306	qSsw6ESzHV4	141.142.220.118	59816	141.142.2.2	53	udp	dns	0.000343	52	99	SF	-	0	Dd	1	80	1	127	-
-1300475168.858713	iE6yhOq3SF	141.142.220.118	59714	141.142.2.2	53	udp	dns	0.000375	38	183	SF	-	0	Dd	1	66	1	211	-
-1300475168.891644	qCaWGmzFtM5	141.142.220.118	58206	141.142.2.2	53	udp	dns	0.000339	38	89	SF	-	0	Dd	1	66	1	117	-
-1300475168.892037	70MGiRM1Qf4	141.142.220.118	38911	141.142.2.2	53	udp	dns	0.000335	52	99	SF	-	0	Dd	1	80	1	127	-
-1300475168.892414	h5DsfNtYzi1	141.142.220.118	59746	141.142.2.2	53	udp	dns	0.000421	38	183	SF	-	0	Dd	1	66	1	211	-
-1300475168.893988	c4Zw9TmAE05	141.142.220.118	45000	141.142.2.2	53	udp	dns	0.000384	38	89	SF	-	0	Dd	1	66	1	117	-
-1300475168.894422	EAr0uf4mhq	141.142.220.118	48479	141.142.2.2	53	udp	dns	0.000317	52	99	SF	-	0	Dd	1	80	1	127	-
-1300475168.894787	GvmoxJFXdTa	141.142.220.118	48128	141.142.2.2	53	udp	dns	0.000423	38	183	SF	-	0	Dd	1	66	1	211	-
-1300475168.901749	slFea8xwSmb	141.142.220.118	56056	141.142.2.2	53	udp	dns	0.000402	36	131	SF	-	0	Dd	1	64	1	159	-
-1300475168.902195	UfGkYA2HI2g	141.142.220.118	55092	141.142.2.2	53	udp	dns	0.000374	36	198	SF	-	0	Dd	1	64	1	226	-
-1300475169.899438	BWaU4aSuwkc	141.142.220.44	5353	224.0.0.251	5353	udp	dns	-	-	-	S0	-	0	D	1	85	0	0	-
-1300475170.862384	10XodEwRycf	141.142.220.226	137	141.142.220.255	137	udp	dns	2.613017	350	0	S0	-	0	D	7	546	0	0	-
-1300475171.675372	zno26fFZkrh	fe80::3074:17d5:2052:c324	65373	ff02::1:3	5355	udp	dns	0.100096	66	0	S0	-	0	D	2	162	0	0	-
-1300475171.677081	v5rgkJBig5l	141.142.220.226	55131	224.0.0.252	5355	udp	dns	0.100021	66	0	S0	-	0	D	2	122	0	0	-
-1300475173.116749	eWZCH7OONC1	fe80::3074:17d5:2052:c324	54213	ff02::1:3	5355	udp	dns	0.099801	66	0	S0	-	0	D	2	162	0	0	-
-1300475173.117362	0Pwk3ntf8O3	141.142.220.226	55671	224.0.0.252	5355	udp	dns	0.099849	66	0	S0	-	0	D	2	122	0	0	-
-1300475173.153679	0HKorjr8Zp7	141.142.220.238	56641	141.142.220.255	137	udp	dns	-	-	-	S0	-	0	D	1	78	0	0	-
-1300475168.859163	GSxOnSLghOa	141.142.220.118	49998	208.80.152.3	80	tcp	http	0.215893	1130	734	S1	-	0	ShADad	6	1450	4	950	-
-1300475168.652003	nQcgTWjvg4c	141.142.220.118	35634	208.80.152.2	80	tcp	-	0.061329	463	350	OTH	-	0	DdA	2	567	1	402	-
-1300475168.895267	0Q4FH8sESw5	141.142.220.118	50001	208.80.152.3	80	tcp	http	0.227284	1178	734	S1	-	0	ShADad	6	1498	4	950	-
-1300475168.902635	i2rO3KD1Syg	141.142.220.118	35642	208.80.152.2	80	tcp	http	0.120041	534	412	S1	-	0	ShADad	4	750	3	576	-
-1300475168.892936	Tw8jXtpTGu6	141.142.220.118	50000	208.80.152.3	80	tcp	http	0.229603	1148	734	S1	-	0	ShADad	6	1468	4	950	-
-1300475168.855305	3PKsZ2Uye21	141.142.220.118	49996	208.80.152.3	80	tcp	http	0.218501	1171	733	S1	-	0	ShADad	6	1491	4	949	-
-1300475168.892913	P654jzLoe3a	141.142.220.118	49999	208.80.152.3	80	tcp	http	0.220961	1137	733	S1	-	0	ShADad	6	1457	4	949	-
-1300475169.780331	2cx26uAvUPl	141.142.220.235	6705	173.192.163.128	80	tcp	-	-	-	-	OTH	-	0	h	0	0	1	48	-
-1300475168.724007	j4u32Pc5bif	141.142.220.118	48649	208.80.152.118	80	tcp	http	0.119905	525	232	S1	-	0	ShADad	4	741	3	396	-
-1300475168.855330	VW0XPVINV8a	141.142.220.118	49997	208.80.152.3	80	tcp	http	0.219720	1125	734	S1	-	0	ShADad	6	1445	4	950	-
-#close	2013-05-05-20-51-24
--- a/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/http.log
+++ b/testing/btest/Baseline/doc.manual.using_bro_sandbox_01/http.log
@ -1,23 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	http
-#open	2013-05-05-21-12-40
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
-1300475168.784020	j4u32Pc5bif	141.142.220.118	48649	208.80.152.118	80	1	GET	bits.wikimedia.org	/skins-1.5/monobook/main.css	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475168.916018	VW0XPVINV8a	141.142.220.118	49997	208.80.152.3	80	1	GET	upload.wikimedia.org	/wikipedia/commons/6/63/Wikipedia-logo.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475168.916183	3PKsZ2Uye21	141.142.220.118	49996	208.80.152.3	80	1	GET	upload.wikimedia.org	/wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475168.918358	GSxOnSLghOa	141.142.220.118	49998	208.80.152.3	80	1	GET	upload.wikimedia.org	/wikipedia/commons/b/bd/Bookshelf-40x201_6.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475168.952307	Tw8jXtpTGu6	141.142.220.118	50000	208.80.152.3	80	1	GET	upload.wikimedia.org	/wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475168.952296	P654jzLoe3a	141.142.220.118	49999	208.80.152.3	80	1	GET	upload.wikimedia.org	/wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475168.954820	0Q4FH8sESw5	141.142.220.118	50001	208.80.152.3	80	1	GET	upload.wikimedia.org	/wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475168.962687	i2rO3KD1Syg	141.142.220.118	35642	208.80.152.2	80	1	GET	meta.wikimedia.org	/images/wikimedia-button.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475168.975934	VW0XPVINV8a	141.142.220.118	49997	208.80.152.3	80	2	GET	upload.wikimedia.org	/wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475168.976436	3PKsZ2Uye21	141.142.220.118	49996	208.80.152.3	80	2	GET	upload.wikimedia.org	/wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475168.979264	GSxOnSLghOa	141.142.220.118	49998	208.80.152.3	80	2	GET	upload.wikimedia.org	/wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475169.014619	Tw8jXtpTGu6	141.142.220.118	50000	208.80.152.3	80	2	GET	upload.wikimedia.org	/wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475169.014593	P654jzLoe3a	141.142.220.118	49999	208.80.152.3	80	2	GET	upload.wikimedia.org	/wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1300475169.014927	0Q4FH8sESw5	141.142.220.118	50001	208.80.152.3	80	2	GET	upload.wikimedia.org	/wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png	http://www.wikipedia.org/	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-#close	2013-05-05-21-12-40
--- a/testing/btest/Baseline/doc.manual.using_bro_sandbox_02/conn.log
+++ b/testing/btest/Baseline/doc.manual.using_bro_sandbox_02/conn.log
@ -1,15 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	conn
-#open	2013-05-07-14-38-27
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
-#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
-1320329757.771503	j4u32Pc5bif	10.0.2.15	49286	192.150.187.43	80	tcp	http	15.161537	2899	1127	S2	-	0	ShADadF	20	3719	19	1891	-
-1320329757.771262	nQcgTWjvg4c	10.0.2.15	49285	192.150.187.43	80	tcp	http	15.161772	889	377	S2	-	0	ShADadF	8	1229	8	701	-
-1320329757.761327	arKYeMETxOg	10.0.2.15	49283	192.150.187.43	80	tcp	http	15.168898	459	189	S2	-	0	ShADadF	5	679	4	353	-
-1320329757.458867	UWkUyAuUGXf	10.0.2.15	49282	192.150.187.43	80	tcp	http	15.471378	1824	751	S2	-	0	ShADadF	12	2324	13	1275	-
-1320329757.761638	k6kgXLOoSKl	10.0.2.15	49284	192.150.187.43	80	tcp	http	15.168613	898	376	S2	-	0	ShADadF	8	1238	8	700	-
-1320329757.771755	TEfuqmmG4bh	10.0.2.15	49287	192.150.187.43	80	tcp	http	15.161267	900	376	S2	-	0	ShADadF	8	1240	8	700	-
-#close	2013-05-07-14-38-27
--- a/testing/btest/Baseline/doc.manual.using_bro_sandbox_02/http.log
+++ b/testing/btest/Baseline/doc.manual.using_bro_sandbox_02/http.log
@ -1,26 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	http
-#open	2013-05-07-14-38-27
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
-1320329757.460004	UWkUyAuUGXf	10.0.2.15	49282	192.150.187.43	80	1	GET	bro-ids.org	/	-	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329757.772457	UWkUyAuUGXf	10.0.2.15	49282	192.150.187.43	80	2	GET	bro-ids.org	/css/pygments.css	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329757.874406	UWkUyAuUGXf	10.0.2.15	49282	192.150.187.43	80	3	GET	bro-ids.org	/js/jquery.zrssfeed.js	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329757.775110	k6kgXLOoSKl	10.0.2.15	49284	192.150.187.43	80	1	GET	bro-ids.org	/css/960.css	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329757.776072	TEfuqmmG4bh	10.0.2.15	49287	192.150.187.43	80	1	GET	bro-ids.org	/js/jquery.cycle.all.min.js	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329757.776421	nQcgTWjvg4c	10.0.2.15	49285	192.150.187.43	80	1	GET	bro-ids.org	/js/jquery.tweet.js	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329757.776240	j4u32Pc5bif	10.0.2.15	49286	192.150.187.43	80	1	GET	bro-ids.org	/js/jquery.fancybox-1.3.4.pack.js	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329757.775251	arKYeMETxOg	10.0.2.15	49283	192.150.187.43	80	1	GET	bro-ids.org	/css/bro-ids.css	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329757.975651	UWkUyAuUGXf	10.0.2.15	49282	192.150.187.43	80	4	GET	bro-ids.org	/js/jquery.tableofcontents.js	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329757.979943	k6kgXLOoSKl	10.0.2.15	49284	192.150.187.43	80	2	GET	bro-ids.org	/js/superfish.js	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329757.985656	TEfuqmmG4bh	10.0.2.15	49287	192.150.187.43	80	2	GET	bro-ids.org	/js/hoverIntent.js	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329757.989904	nQcgTWjvg4c	10.0.2.15	49285	192.150.187.43	80	2	GET	bro-ids.org	/js/general.js	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329757.991315	j4u32Pc5bif	10.0.2.15	49286	192.150.187.43	80	2	GET	bro-ids.org	/js/jquery.collapse.js	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329758.172397	j4u32Pc5bif	10.0.2.15	49286	192.150.187.43	80	3	GET	bro-ids.org	/css/print.css	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329759.998388	j4u32Pc5bif	10.0.2.15	49286	192.150.187.43	80	4	GET	bro-ids.org	/documentation/index.html	http://bro-ids.org/	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329760.146412	j4u32Pc5bif	10.0.2.15	49286	192.150.187.43	80	5	GET	bro-ids.org	/js/breadcrumbs.js	http://bro-ids.org/documentation/index.html	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-1320329762.971726	j4u32Pc5bif	10.0.2.15	49286	192.150.187.43	80	6	GET	bro-ids.org	/documentation/reporting-problems.html	http://bro-ids.org/documentation/index.html	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2	0	0	304	Not Modified	-	-	-	(empty)	-	-	-	-	-	-
-#close	2013-05-07-14-38-27
--- a/testing/btest/Baseline/language.common-mistakes/1.out
+++ b/testing/btest/Baseline/language.common-mistakes/1.out
@ -1,4 +1,4 @@
 expression error in ./1.zeek, line 9: field value missing (mr$f)
 bar start
 foo start
-other bro_init
+other zeek_init
--- a/testing/btest/Baseline/language.event/out
+++ b/testing/btest/Baseline/language.event/out
@ -2,6 +2,6 @@ event statement
 event part1
 event part2
 assign event variable (6)
-schedule statement in bro_init
+schedule statement in zeek_init
 schedule statement in global
-schedule statement another in bro_init
+schedule statement another in zeek_init
--- a/testing/btest/Baseline/language.index-assignment-invalid/out
+++ b/testing/btest/Baseline/language.index-assignment-invalid/out
@ -2,4 +2,4 @@ runtime error in /home/jon/pro/zeek/zeek/scripts/base/utils/queue.zeek, line 152
 #0 Queue::get_vector([initialized=T, vals={[2] = test,[6] = jkl;,[4] = asdf,[1] = goodbye,[5] = 3,[0] = hello,[3] = [a=T, b=hi, c=<uninitialized>]}, settings=[max_len=<uninitialized>], top=7, bottom=0, size=0], [hello, goodbye, test]) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:19 
 #1 bar(55) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:27 
 #2 foo(hi, 13) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:39 
- #3 bro_init() 
+ #3 zeek_init() 
--- a/testing/btest/Baseline/language.returnwhen/bro..stdout
+++ b/testing/btest/Baseline/language.returnwhen/bro..stdout
@ -1,6 +1,6 @@
-dummy from async_func() from bro_init()
-async_func() return result in bro_init(), flag in my_set
-dummy from bro_init() when block
+dummy from async_func() from zeek_init()
+async_func() return result in zeek_init(), flag in my_set
+dummy from zeek_init() when block
 hi!
 dummy from async_func() from do_another()
 async_func() return result in do_another(), flag in my_set
--- a/testing/btest/Baseline/language.zeek_init/out
+++ b/testing/btest/Baseline/language.zeek_init/out
@ -0,0 +1,8 @@
+zeek_init at priority 10!
+bro_init at priority 5!
+zeek_init at priority 0!
+bro_init at priority -10!
+zeek_done at priority 10!
+bro_done at priority 5!
+zeek_done at priority 0!
+bro_done at priority -10!
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@ -277,7 +277,7 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@ -462,7 +462,7 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@ -562,7 +562,6 @@
 0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Unified2::mappings_initialized, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Unified2::start_watching, <frame>, ()) -> <no result>
-0.000000   MetaHookPost  CallFunction(bro_init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(current_time, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(filter_change_tracking, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(getenv, <null>, (BRO_DEFAULT_LISTEN_ADDRESS)) -> <no result>
@ -574,6 +573,7 @@
 0.000000   MetaHookPost  CallFunction(set_to_regex, <frame>, ({}, (^\.?|\.)(~~)$)) -> <no result>
 0.000000   MetaHookPost  CallFunction(string_to_pattern, <frame>, ((^\.?|\.)()$, F)) -> <no result>
 0.000000   MetaHookPost  CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, )) -> <no result>
+0.000000   MetaHookPost  CallFunction(zeek_init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  DrainEvents() -> <void>
 0.000000   MetaHookPost  LoadFile(0, ..<...>/main.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ..<...>/plugin.zeek) -> -1
@ -899,8 +899,8 @@
 0.000000   MetaHookPost  LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -> <void>
 0.000000   MetaHookPost  LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, <void ptr>) -> true
 0.000000   MetaHookPost  QueueEvent(NetControl::init()) -> false
-0.000000   MetaHookPost  QueueEvent(bro_init()) -> false
 0.000000   MetaHookPost  QueueEvent(filter_change_tracking()) -> false
+0.000000   MetaHookPost  QueueEvent(zeek_init()) -> false
 0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_BACKDOOR))
 0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_INTERCONN))
 0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_STEPPINGSTONE))
@ -1180,7 +1180,7 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@ -1365,7 +1365,7 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
@ -1465,7 +1465,6 @@
 0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(Unified2::mappings_initialized, <frame>, ())
 0.000000   MetaHookPre   CallFunction(Unified2::start_watching, <frame>, ())
-0.000000   MetaHookPre   CallFunction(bro_init, <null>, ())
 0.000000   MetaHookPre   CallFunction(current_time, <frame>, ())
 0.000000   MetaHookPre   CallFunction(filter_change_tracking, <null>, ())
 0.000000   MetaHookPre   CallFunction(getenv, <null>, (BRO_DEFAULT_LISTEN_ADDRESS))
@ -1477,6 +1476,7 @@
 0.000000   MetaHookPre   CallFunction(set_to_regex, <frame>, ({}, (^\.?|\.)(~~)$))
 0.000000   MetaHookPre   CallFunction(string_to_pattern, <frame>, ((^\.?|\.)()$, F))
 0.000000   MetaHookPre   CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, ))
+0.000000   MetaHookPre   CallFunction(zeek_init, <null>, ())
 0.000000   MetaHookPre   DrainEvents()
 0.000000   MetaHookPre   LoadFile(0, ..<...>/main.zeek)
 0.000000   MetaHookPre   LoadFile(0, ..<...>/plugin.zeek)
@ -1802,8 +1802,8 @@
 0.000000   MetaHookPre   LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)})
 0.000000   MetaHookPre   LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, <void ptr>)
 0.000000   MetaHookPre   QueueEvent(NetControl::init())
-0.000000   MetaHookPre   QueueEvent(bro_init())
 0.000000   MetaHookPre   QueueEvent(filter_change_tracking())
+0.000000   MetaHookPre   QueueEvent(zeek_init())
 0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_BACKDOOR)
 0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_INTERCONN)
 0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_STEPPINGSTONE)
@ -2082,7 +2082,7 @@
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@ -2267,7 +2267,7 @@
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction NetControl::check_plugins()
 0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()
@ -2367,7 +2367,6 @@
 0.000000 | HookCallFunction SumStats::register_observe_plugins()
 0.000000 | HookCallFunction Unified2::mappings_initialized()
 0.000000 | HookCallFunction Unified2::start_watching()
-0.000000 | HookCallFunction bro_init()
 0.000000 | HookCallFunction current_time()
 0.000000 | HookCallFunction filter_change_tracking()
 0.000000 | HookCallFunction getenv(BRO_DEFAULT_LISTEN_ADDRESS)
@ -2379,6 +2378,7 @@
 0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$)
 0.000000 | HookCallFunction string_to_pattern((^\.?|\.)()$, F)
 0.000000 | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, )
+0.000000 | HookCallFunction zeek_init()
 0.000000 | HookDrainEvents
 0.000000 | HookLoadFile  ..<...>/main.zeek
 0.000000 | HookLoadFile  ..<...>/plugin.zeek
@ -2702,10 +2702,10 @@
 0.000000 | HookLoadFile  base<...>/x509
 0.000000 | HookLoadFile  base<...>/xmpp
 0.000000 | HookLogInit   packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
-0.000000 | HookLogWrite  packet_filter [ts=1555434070.553089, node=bro, filter=ip or not ip, init=T, success=T]
+0.000000 | HookLogWrite  packet_filter [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T]
 0.000000 | HookQueueEvent NetControl::init()
-0.000000 | HookQueueEvent bro_init()
 0.000000 | HookQueueEvent filter_change_tracking()
+0.000000 | HookQueueEvent zeek_init()
 1362692526.869344   MetaHookPost  BroObjDtor(<void ptr>) -> <void>
 1362692526.869344   MetaHookPost  CallFunction(ChecksumOffloading::check, <null>, ()) -> <no result>
 1362692526.869344   MetaHookPost  CallFunction(NetControl::catch_release_seen, <frame>, (141.142.228.5)) -> <no result>
@ -3154,7 +3154,6 @@
 1362692527.080972   MetaHookPost  CallFunction(KRB::fill_in_subjects, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
 1362692527.080972   MetaHookPost  CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])) -> <no result>
 1362692527.080972   MetaHookPost  CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])) -> <no result>
-1362692527.080972   MetaHookPost  CallFunction(bro_done, <null>, ()) -> <no result>
 1362692527.080972   MetaHookPost  CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
 1362692527.080972   MetaHookPost  CallFunction(connection_state_remove, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
 1362692527.080972   MetaHookPost  CallFunction(filter_change_tracking, <null>, ()) -> <no result>
@ -3169,14 +3168,15 @@
 1362692527.080972   MetaHookPost  CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -> <no result>
 1362692527.080972   MetaHookPost  CallFunction(sub_bytes, <frame>, (HTTP, 0, 1)) -> <no result>
 1362692527.080972   MetaHookPost  CallFunction(to_lower, <frame>, (HTTP)) -> <no result>
+1362692527.080972   MetaHookPost  CallFunction(zeek_done, <null>, ()) -> <no result>
 1362692527.080972   MetaHookPost  DrainEvents() -> <void>
 1362692527.080972   MetaHookPost  LogInit(Log::WRITER_ASCII, default, true, true, conn(1362692527.080972,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}) -> <void>
 1362692527.080972   MetaHookPost  LogWrite(Log::WRITER_ASCII, default, conn(1362692527.080972,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}, <void ptr>) -> true
 1362692527.080972   MetaHookPost  QueueEvent(ChecksumOffloading::check()) -> false
-1362692527.080972   MetaHookPost  QueueEvent(bro_done()) -> false
 1362692527.080972   MetaHookPost  QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> false
 1362692527.080972   MetaHookPost  QueueEvent(filter_change_tracking()) -> false
 1362692527.080972   MetaHookPost  QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> false
+1362692527.080972   MetaHookPost  QueueEvent(zeek_done()) -> false
 1362692527.080972   MetaHookPost  UpdateNetworkTime(1362692527.080972) -> <void>
 1362692527.080972   MetaHookPre   CallFunction(ChecksumOffloading::check, <null>, ())
 1362692527.080972   MetaHookPre   CallFunction(Conn::conn_state, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], tcp))
@ -3187,7 +3187,6 @@
 1362692527.080972   MetaHookPre   CallFunction(KRB::fill_in_subjects, <frame>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
 1362692527.080972   MetaHookPre   CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>]))
 1362692527.080972   MetaHookPre   CallFunction(Log::write, <frame>, (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>]))
-1362692527.080972   MetaHookPre   CallFunction(bro_done, <null>, ())
 1362692527.080972   MetaHookPre   CallFunction(cat, <frame>, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
 1362692527.080972   MetaHookPre   CallFunction(connection_state_remove, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
 1362692527.080972   MetaHookPre   CallFunction(filter_change_tracking, <null>, ())
@ -3202,14 +3201,15 @@
 1362692527.080972   MetaHookPre   CallFunction(set_file_handle, <frame>, (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80))
 1362692527.080972   MetaHookPre   CallFunction(sub_bytes, <frame>, (HTTP, 0, 1))
 1362692527.080972   MetaHookPre   CallFunction(to_lower, <frame>, (HTTP))
+1362692527.080972   MetaHookPre   CallFunction(zeek_done, <null>, ())
 1362692527.080972   MetaHookPre   DrainEvents()
 1362692527.080972   MetaHookPre   LogInit(Log::WRITER_ASCII, default, true, true, conn(1362692527.080972,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])})
 1362692527.080972   MetaHookPre   LogWrite(Log::WRITER_ASCII, default, conn(1362692527.080972,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}, <void ptr>)
 1362692527.080972   MetaHookPre   QueueEvent(ChecksumOffloading::check())
-1362692527.080972   MetaHookPre   QueueEvent(bro_done())
 1362692527.080972   MetaHookPre   QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
 1362692527.080972   MetaHookPre   QueueEvent(filter_change_tracking())
 1362692527.080972   MetaHookPre   QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
+1362692527.080972   MetaHookPre   QueueEvent(zeek_done())
 1362692527.080972   MetaHookPre   UpdateNetworkTime(1362692527.080972)
 1362692527.080972  | HookUpdateNetworkTime 1362692527.080972
 1362692527.080972 | HookCallFunction ChecksumOffloading::check()
@ -3221,7 +3221,6 @@
 1362692527.080972 | HookCallFunction KRB::fill_in_subjects([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
 1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])
 1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>])
-1362692527.080972 | HookCallFunction bro_done()
 1362692527.080972 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)
 1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
 1362692527.080972 | HookCallFunction filter_change_tracking()
@ -3236,11 +3235,12 @@
 1362692527.080972 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)
 1362692527.080972 | HookCallFunction sub_bytes(HTTP, 0, 1)
 1362692527.080972 | HookCallFunction to_lower(HTTP)
+1362692527.080972 | HookCallFunction zeek_done()
 1362692527.080972 | HookDrainEvents
 1362692527.080972 | HookLogInit   conn 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}
 1362692527.080972 | HookLogWrite  conn [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>]
 1362692527.080972 | HookQueueEvent ChecksumOffloading::check()
-1362692527.080972 | HookQueueEvent bro_done()
 1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
 1362692527.080972 | HookQueueEvent filter_change_tracking()
 1362692527.080972 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
+1362692527.080972 | HookQueueEvent zeek_done()
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
@ -1,4 +1,4 @@
-         0.000000 bro_init
+         0.000000 zeek_init
         0.000000 NetControl::init
         0.000000 filter_change_tracking
 1254722767.492060 ChecksumOffloading::check
@ -226,5 +226,5 @@
 1437831800.217854 connection_state_remove
 1437831800.217854 connection_pending
 1437831800.217854 connection_state_remove
-1437831800.217854 bro_done
+1437831800.217854 zeek_done
 1437831800.217854 ChecksumOffloading::check
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
--- a/testing/btest/bifs/all_set.zeek
+++ b/testing/btest/bifs/all_set.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = vector( T, F, T );
 	print all_set(a);
--- a/testing/btest/bifs/analyzer_name.zeek
+++ b/testing/btest/bifs/analyzer_name.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = Analyzer::ANALYZER_PIA_TCP;
 	print Analyzer::name(a);
--- a/testing/btest/bifs/any_set.zeek
+++ b/testing/btest/bifs/any_set.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = vector( F, T, F );
 	print any_set(a);
--- a/testing/btest/bifs/bloomfilter-seed.zeek
+++ b/testing/btest/bifs/bloomfilter-seed.zeek
@ -34,7 +34,7 @@ function test_bloom_filter()
  
  }

-event bro_init()
+event zeek_init()
  {
  test_bloom_filter();
  }
--- a/testing/btest/bifs/bloomfilter.zeek
+++ b/testing/btest/bifs/bloomfilter.zeek
@ -88,7 +88,7 @@ function test_counting_bloom_filter()
  print bloomfilter_lookup(bf_merged, "baz");
  }

-event bro_init()
+event zeek_init()
  {
  test_basic_bloom_filter();
  test_counting_bloom_filter();
--- a/testing/btest/bifs/bro_version.zeek
+++ b/testing/btest/bifs/bro_version.zeek
@ -1,7 +1,7 @@
 #
 # @TEST-EXEC: bro -b %INPUT

-event bro_init()
+event zeek_init()
 	{
 	local a = bro_version();
 	if ( |a| == 0 )
--- a/testing/btest/bifs/bytestring_to_count.zeek
+++ b/testing/btest/bifs/bytestring_to_count.zeek
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-diff out


-event bro_init()
+event zeek_init()
 	{

 	# unsupported byte lengths
--- a/testing/btest/bifs/bytestring_to_double.zeek
+++ b/testing/btest/bifs/bytestring_to_double.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local s1 = "\x43\x26\x4f\xa0\x71\x30\x80\x00"; # 3.14e15
 	local s2 = "\xc3\x26\x4f\xa0\x71\x30\x80\x00"; #-3.14e15
--- a/testing/btest/bifs/bytestring_to_hexstr.zeek
+++ b/testing/btest/bifs/bytestring_to_hexstr.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	print bytestring_to_hexstr("04");
 	print bytestring_to_hexstr("");
--- a/testing/btest/bifs/capture_state_updates.zeek
+++ b/testing/btest/bifs/capture_state_updates.zeek
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-diff out
 # @TEST-EXEC: test -f testfile

-event bro_init()
+event zeek_init()
 	{
 	print capture_state_updates("testfile");
 	}
--- a/testing/btest/bifs/cat.zeek
+++ b/testing/btest/bifs/cat.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = "foo";
 	local b = 3;
--- a/testing/btest/bifs/cat_string_array.zeek
+++ b/testing/btest/bifs/cat_string_array.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a: string_array = { 
 		[0] = "this", [1] = "is", [2] = "a", [3] = "test" 
--- a/testing/btest/bifs/check_subnet.zeek
+++ b/testing/btest/bifs/check_subnet.zeek
@ -30,7 +30,7 @@ function check_member(s: subnet)

 	}

-event bro_init()
+event zeek_init()
 	{
 	check_member(10.2.0.2/32);
 	check_member(10.2.0.2/31);
--- a/testing/btest/bifs/checkpoint_state.zeek
+++ b/testing/btest/bifs/checkpoint_state.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT
 # @TEST-EXEC: test -f .state/state.bst

-event bro_init()
+event zeek_init()
 	{
 	local a = checkpoint_state();
 	if ( a != T )
--- a/testing/btest/bifs/clear_table.zeek
+++ b/testing/btest/bifs/clear_table.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT > out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local mytable: table[string] of string = { ["key1"] = "val1" };

--- a/testing/btest/bifs/convert_for_pattern.zeek
+++ b/testing/btest/bifs/convert_for_pattern.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	print convert_for_pattern("foo");
 	print convert_for_pattern("");
--- a/testing/btest/bifs/count_to_addr.zeek
+++ b/testing/btest/bifs/count_to_addr.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = "1";
 	print count_to_v4_addr(to_count(a));
--- a/testing/btest/bifs/create_file.zeek
+++ b/testing/btest/bifs/create_file.zeek
@ -5,7 +5,7 @@
 # @TEST-EXEC: btest-diff testfile2
 # @TEST-EXEC: test -f testdir/testfile4

-event bro_init()
+event zeek_init()
 	{
 	# Test that creating a file works as expected
 	local a = open("testfile");
--- a/testing/btest/bifs/current_analyzer.zeek
+++ b/testing/btest/bifs/current_analyzer.zeek
@ -1,7 +1,7 @@
 #
 # @TEST-EXEC: bro -b %INPUT

-event bro_init()
+event zeek_init()
 	{
 	local a = current_analyzer();
 	if ( a != 0 )
--- a/testing/btest/bifs/current_time.zeek
+++ b/testing/btest/bifs/current_time.zeek
@ -1,7 +1,7 @@
 #
 # @TEST-EXEC: bro -b %INPUT

-event bro_init()
+event zeek_init()
 	{
 	local a = current_time();
 	if ( a <= double_to_time(0) )
--- a/testing/btest/bifs/directory_operations.zeek
+++ b/testing/btest/bifs/directory_operations.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	# Test succesful operations...
 	print mkdir("testdir");
--- a/testing/btest/bifs/edit.zeek
+++ b/testing/btest/bifs/edit.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = "hello there";

--- a/testing/btest/bifs/enable_raw_output.test
+++ b/testing/btest/bifs/enable_raw_output.test
@ -6,7 +6,7 @@
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: cmp myfile hookfile

-event bro_init()
+event zeek_init()
    {
    local myfile: file;
    myfile = open("myfile");
--- a/testing/btest/bifs/entropy_test.zeek
+++ b/testing/btest/bifs/entropy_test.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = "dh3Hie02uh^s#Sdf9L3frd243h$d78r2G4cM6*Q05d(7rh46f!0|4-f";
 	local handle = entropy_test_init();
--- a/testing/btest/bifs/enum_to_int.zeek
+++ b/testing/btest/bifs/enum_to_int.zeek
@ -16,7 +16,7 @@ export {
 	};
 }

-event bro_init()
+event zeek_init()
 	{


--- a/testing/btest/bifs/escape_string.zeek
+++ b/testing/btest/bifs/escape_string.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = "Test \0string";

--- a/testing/btest/bifs/exit.zeek
+++ b/testing/btest/bifs/exit.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out || test $? -eq 7
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	print "hello";
 	exit(7);
--- a/testing/btest/bifs/file_mode.zeek
+++ b/testing/btest/bifs/file_mode.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = 420;  # octal: 0644
 	print file_mode(a);
--- a/testing/btest/bifs/filter_subnet_table.zeek
+++ b/testing/btest/bifs/filter_subnet_table.zeek
@ -32,7 +32,7 @@ global testb: table[subnet] of string = {
 };


-event bro_init()
+event zeek_init()
 	{
 	local c = filter_subnet_table(10.2.0.2/32, testa);
 	print c;
--- a/testing/btest/bifs/find_all.zeek
+++ b/testing/btest/bifs/find_all.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = "this is a test";
 	local pat = /hi|es/;
--- a/testing/btest/bifs/find_entropy.zeek
+++ b/testing/btest/bifs/find_entropy.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = "dh3Hie02uh^s#Sdf9L3frd243h$d78r2G4cM6*Q05d(7rh46f!0|4-f";
 	local b = "0011000aaabbbbcccc000011111000000000aaaabbbbcccc0000000";
--- a/testing/btest/bifs/find_last.zeek
+++ b/testing/btest/bifs/find_last.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = "this is a test";
 	local pat = /hi|es/;
--- a/testing/btest/bifs/fmt.zeek
+++ b/testing/btest/bifs/fmt.zeek
@ -4,7 +4,7 @@

 type color: enum { Red, Blue };

-event bro_init()
+event zeek_init()
 	{
 	local a = Blue;
 	local b = vector( 1, 2, 3);
--- a/testing/btest/bifs/fmt_ftp_port.zeek
+++ b/testing/btest/bifs/fmt_ftp_port.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = 192.168.0.2;
 	local b = 257/tcp;
--- a/testing/btest/bifs/get_matcher_stats.zeek
+++ b/testing/btest/bifs/get_matcher_stats.zeek
@ -10,7 +10,7 @@ signature my_ftp_client {
 }
@TEST-END-FILE

-event bro_init()
+event zeek_init()
 	{
 	local a = get_matcher_stats();
 	if ( a$matchers == 0 )
--- a/testing/btest/bifs/get_port_transport_proto.zeek
+++ b/testing/btest/bifs/get_port_transport_proto.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = 123/tcp;
 	local b = 123/udp;
--- a/testing/btest/bifs/gethostname.zeek
+++ b/testing/btest/bifs/gethostname.zeek
@ -1,7 +1,7 @@
 #
 # @TEST-EXEC: bro -b %INPUT

-event bro_init()
+event zeek_init()
 	{
 	local a = gethostname();
 	if ( |a| == 0 )
--- a/testing/btest/bifs/getpid.zeek
+++ b/testing/btest/bifs/getpid.zeek
@ -1,7 +1,7 @@
 #
 # @TEST-EXEC: bro -b %INPUT

-event bro_init()
+event zeek_init()
 	{
 	local a = getpid();
 	if ( a == 0 )
--- a/testing/btest/bifs/getsetenv.zeek
+++ b/testing/btest/bifs/getsetenv.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: TESTBRO=testvalue bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = getenv("NOTDEFINED");
 	local b = getenv("TESTBRO");
--- a/testing/btest/bifs/global_ids.zeek
+++ b/testing/btest/bifs/global_ids.zeek
@ -2,13 +2,13 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = global_ids();
 	for ( i in a )
 		{
 		# the table is quite large, so just print one item we expect
-		if ( i == "bro_init" )
+		if ( i == "zeek_init" )
 			print a[i]$type_name;

 		}
--- a/testing/btest/bifs/global_sizes.zeek
+++ b/testing/btest/bifs/global_sizes.zeek
@ -2,14 +2,14 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = global_sizes();
 	for ( i in a )
 		{
 		# the table is quite large, so just look for one item we expect
-		if ( i == "bro_init" )
-			print "found bro_init";
+		if ( i == "zeek_init" )
+			print "found zeek_init";

 		}

--- a/testing/btest/bifs/haversine_distance.zeek
+++ b/testing/btest/bifs/haversine_distance.zeek
@ -7,7 +7,7 @@ function test(la1: double, lo1: double, la2: double, lo2: double)
 	print fmt("%.4e", haversine_distance(la1, lo1, la2, lo2));
 	}

-event bro_init()
+event zeek_init()
 	{
 	# Test two arbitrary locations.
 	test(37.866798, -122.253601, 48.25, 11.65);
--- a/testing/btest/bifs/hexdump.zeek
+++ b/testing/btest/bifs/hexdump.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = "abc\xffdefghijklmnopqrstuvwxyz";

--- a/testing/btest/bifs/hexstr_to_bytestring.zeek
+++ b/testing/btest/bifs/hexstr_to_bytestring.zeek
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-diff out
 # @TEST-EXEC: btest-diff .stderr

-event bro_init()
+event zeek_init()
 	{
 	print hexstr_to_bytestring("3034");
 	print hexstr_to_bytestring("");
--- a/testing/btest/bifs/hll_cardinality.zeek
+++ b/testing/btest/bifs/hll_cardinality.zeek
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-diff out
 # @TEST-EXEC: btest-diff .stderr

-event bro_init()
+event zeek_init()
 	{
 	local c1 = hll_cardinality_init(0.01, 0.95);
 	local c2 = hll_cardinality_init(0.01, 0.95);
--- a/testing/btest/bifs/hll_large_estimate.zeek
+++ b/testing/btest/bifs/hll_large_estimate.zeek
@ -6,7 +6,7 @@
 # @TEST-EXEC: head -n1 out2 >> out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local cp: opaque of cardinality = hll_cardinality_init(0.1, 1.0);
 	local base: count = 2130706432; # 127.0.0.0
--- a/testing/btest/bifs/identify_data.zeek
+++ b/testing/btest/bifs/identify_data.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT | sed 's/; charset=.*//g' >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	# plain text
 	local a = "This is a test";
--- a/testing/btest/bifs/install_src_addr_filter.test
+++ b/testing/btest/bifs/install_src_addr_filter.test
@ -1,7 +1,7 @@
 # @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output
 # @TEST-EXEC: btest-diff output

-event bro_init()
+event zeek_init()
    {
    install_src_addr_filter(141.142.220.118, TH_SYN, 100.0);
    }
--- a/testing/btest/bifs/is_ascii.zeek
+++ b/testing/btest/bifs/is_ascii.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = "this is a test\xfe";
 	local b = "this is a test\x7f";
--- a/testing/btest/bifs/is_local_interface.zeek
+++ b/testing/btest/bifs/is_local_interface.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	print is_local_interface(127.0.0.1);
 	print is_local_interface(1.2.3.4);
--- a/testing/btest/bifs/is_port.zeek
+++ b/testing/btest/bifs/is_port.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = 123/tcp;
 	local b = 123/udp;
--- a/testing/btest/bifs/join_string.zeek
+++ b/testing/btest/bifs/join_string.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a: string_array = { 
 		[1] = "this", [2] = "is", [3] = "a", [4] = "test" 
--- a/testing/btest/bifs/levenshtein_distance.zeek
+++ b/testing/btest/bifs/levenshtein_distance.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 {
 	local a = "this is a string";
 	local b = "this is a tring";
--- a/testing/btest/bifs/lookup_ID.zeek
+++ b/testing/btest/bifs/lookup_ID.zeek
@ -4,7 +4,7 @@

 global a = "bro test";

-event bro_init()
+event zeek_init()
 	{
 	local b = "local value";

@ -12,5 +12,5 @@ event bro_init()
 	print lookup_ID("");
 	print lookup_ID("xyz");
 	print lookup_ID("b");
-	print type_name( lookup_ID("bro_init") );
+	print type_name( lookup_ID("zeek_init") );
 	}
--- a/testing/btest/bifs/lowerupper.zeek
+++ b/testing/btest/bifs/lowerupper.zeek
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out

-event bro_init()
+event zeek_init()
 	{
 	local a = "this is a Test";

--- a/Show more
+++ b/Show more