Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/seth/zeek_init'

Browse source 
* origin/topic/seth/zeek_init:
  Some more testing fixes.
  Update docs and tests for bro_(init|done) -> zeek_(init|done)
  Implement the zeek_init handler.
This commit is contained in:
Jon Siwek 2019-04-19 11:16:35 -07:00
commit a994be9eeb
628 changed files with 868 additions and 1082 deletions
Download patch file Download diff file Expand all files Collapse all files

2
testing/btest/scripts/base/frameworks/logging/adapt-filter.zeek
View file

@ -19,7 +19,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Info]);

2
testing/btest/scripts/base/frameworks/logging/ascii-binary.zeek
View file

@ -15,7 +15,7 @@ export {
redef LogAscii::separator = "|";
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Info]);
Log::write(SSH::LOG, [$data="abc\n\xffdef", $data2="DATA2"]);

2
testing/btest/scripts/base/frameworks/logging/ascii-double.zeek
View file

@ -23,7 +23,7 @@ function logwrite(val: double)
Log::write(Test::LOG, [$d=val]);
}
event bro_init()
event zeek_init()
{
local d: double;
local dmax: double = 1.79e308;

2
testing/btest/scripts/base/frameworks/logging/ascii-empty.zeek
View file

@ -23,7 +23,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.zeek
View file

@ -12,7 +12,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
local a = "abc\0def";
local b = escape_string(a);

2
testing/btest/scripts/base/frameworks/logging/ascii-escape-empty-str.zeek
View file

@ -14,7 +14,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(test::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/ascii-escape-notset-str.zeek
View file

@ -14,7 +14,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(Test::LOG, [$columns=Log]);
Log::write(Test::LOG, [$x=LogAscii::unset_field, $z=""]);

2
testing/btest/scripts/base/frameworks/logging/ascii-escape-set-separator.zeek
View file

@ -11,7 +11,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(Test::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/ascii-escape.zeek
View file

@ -18,7 +18,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.zeek
View file

@ -17,7 +17,7 @@ export {
redef Log::default_rotation_interval = 1hr;
redef LogAscii::gzip_level = 1;
event bro_init()
event zeek_init()
{
Log::create_stream(Test::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek
View file

@ -42,7 +42,7 @@ function foo(i : count) : string
return "Bar";
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);
local filter = Log::Filter($name="ssh-uncompressed", $path="ssh-uncompressed",

2
testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.zeek
View file

@ -17,7 +17,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);
Log::write(SSH::LOG, [

2
testing/btest/scripts/base/frameworks/logging/ascii-json-optional.zeek
View file

@ -17,7 +17,7 @@ export {
global log_test: event(rec: Info);
}
event bro_init() &priority=5
event zeek_init() &priority=5
{
Log::create_stream(testing::LOG, [$columns=testing::Info, $ev=log_test]);
local info: Info;

2
testing/btest/scripts/base/frameworks/logging/ascii-json.zeek
View file

@ -40,7 +40,7 @@ function foo(i : count) : string
return "Bar";
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/ascii-line-like-comment.zeek
View file

@ -13,7 +13,7 @@ export {
};
}
event bro_init()
event zeek_init()
{
Log::create_stream(Test::LOG, [$columns=Info]);
Log::write(Test::LOG, [$data="Test1"]);

2
testing/btest/scripts/base/frameworks/logging/ascii-options.zeek
View file

@ -19,7 +19,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/ascii-timestamps.zeek
View file

@ -12,7 +12,7 @@ export {
};
}
event bro_init()
event zeek_init()
{
Log::create_stream(Test::LOG, [$columns=Info]);
Log::write(Test::LOG, [$data=double_to_time(1234567890)]);

2
testing/btest/scripts/base/frameworks/logging/ascii-tsv.zeek
View file

@ -17,7 +17,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/attr-extend.zeek
View file

@ -26,7 +26,7 @@ redef record Log += {
} &log;
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/attr.zeek
View file

@ -15,7 +15,7 @@ export {
};
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/disable-stream.zeek
View file

@ -15,7 +15,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/empty-event.zeek
View file

@ -17,7 +17,7 @@ export {
global log_ssh: event(rec: Log);
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log, $ev=log_ssh]);

2
testing/btest/scripts/base/frameworks/logging/enable-stream.zeek
View file

@ -15,7 +15,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/events.zeek
View file

@ -20,7 +20,7 @@ export {
global ssh_log: event(rec: Log);
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log, $ev=ssh_log]);

2
testing/btest/scripts/base/frameworks/logging/exclude.zeek
View file

@ -15,7 +15,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek
View file

@ -62,7 +62,7 @@ event kill_worker()
Broker::publish("death", slow_death);
}
event bro_init()
event zeek_init()
{
if ( Cluster::node == "worker-1" )
{

2
testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek
View file

@ -55,7 +55,7 @@ event kill_worker()
Broker::publish("death", slow_death);
}
event bro_init()
event zeek_init()
{
if ( Cluster::node == "worker-1" )
{

2
testing/btest/scripts/base/frameworks/logging/file.zeek
View file

@ -15,7 +15,7 @@ export {
const foo_log = open_log_file("Foo") &redef;
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);
Log::write(SSH::LOG, [$t=network_time(), $f=foo_log]);

2
testing/btest/scripts/base/frameworks/logging/include.zeek
View file

@ -15,7 +15,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/no-local.zeek
View file

@ -17,7 +17,7 @@ export {
redef Log::enable_local_logging = F;
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/none-debug.zeek
View file

@ -20,7 +20,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
local config: table[string] of string;
config["foo"]="bar";

2
testing/btest/scripts/base/frameworks/logging/path-func-column-demote.zeek
View file

@ -16,7 +16,7 @@ function split_log(id: Log::ID, path: string, rec: record {id:conn_id;}): string
return Site::is_local_addr(rec$id$orig_h) ? "local" : "remote";
}
event bro_init()
event zeek_init()
{
# Add a new filter to the Conn::LOG stream that logs only
# timestamp and originator address.

2
testing/btest/scripts/base/frameworks/logging/path-func.zeek
View file

@ -28,7 +28,7 @@ function path_func(id: Log::ID, path: string, rec: Log) : string
return fmt("%s-%d-%s", path, c, rec$country);
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);
Log::remove_default_filter(SSH::LOG);

2
testing/btest/scripts/base/frameworks/logging/pred.zeek
View file

@ -24,7 +24,7 @@ function fail(rec: Log): bool
return rec$status != "success";
}
event bro_init()
event zeek_init()
{
Log::create_stream(Test::LOG, [$columns=Log]);
Log::remove_default_filter(Test::LOG);

2
testing/btest/scripts/base/frameworks/logging/remove.zeek
View file

@ -20,7 +20,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);
Log::add_filter(SSH::LOG, [$name="f1", $path="ssh.failure", $pred=function(rec: Log): bool { return rec$status == "failure"; }]);

2
testing/btest/scripts/base/frameworks/logging/rotate-custom.zeek
View file

@ -28,7 +28,7 @@ function custom_rotate(info: Log::RotationInfo) : bool
return T;
}
event bro_init()
event zeek_init()
{
Log::create_stream(Test::LOG, [$columns=Log]);
Log::add_filter(Test::LOG, [$name="2nd", $path="test2", $interv=30mins, $postprocessor=custom_rotate]);

2
testing/btest/scripts/base/frameworks/logging/rotate.zeek
View file

@ -21,7 +21,7 @@ export {
redef Log::default_rotation_interval = 1hr;
redef Log::default_rotation_postprocessor_cmd = "echo";
event bro_init()
event zeek_init()
{
Log::create_stream(Test::LOG, [$columns=Log]);
}

2
testing/btest/scripts/base/frameworks/logging/sqlite/error.zeek
View file

@ -73,7 +73,7 @@ function foo(i : count) : string
return "Bar";
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);
Log::remove_filter(SSH::LOG, "default");

2
testing/btest/scripts/base/frameworks/logging/sqlite/set.zeek
View file

@ -32,7 +32,7 @@ function foo(i : count) : string
return "Bar";
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);
Log::remove_filter(SSH::LOG, "default");

2
testing/btest/scripts/base/frameworks/logging/sqlite/simultaneous-writes.zeek
View file

@ -47,7 +47,7 @@ function foo(i : count) : string
return "Bar";
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);
Log::create_stream(SSH::LOG2, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/sqlite/types.zeek
View file

@ -45,7 +45,7 @@ function foo(i : count) : string
return "Bar";
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);
Log::remove_filter(SSH::LOG, "default");

2
testing/btest/scripts/base/frameworks/logging/stdout.zeek
View file

@ -16,7 +16,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/test-logging.zeek
View file

@ -15,7 +15,7 @@ export {
} &log;
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/types.zeek
View file

@ -40,7 +40,7 @@ function foo(i : count) : string
return "Bar";
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/unset-record.zeek
View file

@ -14,7 +14,7 @@ type Bar: record {
b: count &log;
};
event bro_init()
event zeek_init()
{
Log::create_stream(TESTING, [$columns=Bar]);

2
testing/btest/scripts/base/frameworks/logging/vec.zeek
View file

@ -12,7 +12,7 @@ export {
};
}
event bro_init()
event zeek_init()
{
Log::create_stream(SSH::LOG, [$columns=Log]);

2
testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek
View file

@ -7,7 +7,7 @@
@load base/protocols/http
event bro_init()
event zeek_init()
{
# Both the default filter for the http stream and this new one will
# attempt to have the same writer write to path "http", which will