Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updating baselines for recent commits.

Browse source
This commit is contained in:
Robin Sommer 2011-12-19 07:44:29 -08:00
parent 26ff8e1dab
commit a9f0b10e2e
26 changed files with 47 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

4
testing/btest/Baseline/istate.events-ssl/receiver.http.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path http #path http
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
#types time string addr port addr port count string string string string string count count count string count string string table string string table string string file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
1323276411.786237 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - - 1324308802.436269 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - -

4
testing/btest/Baseline/istate.events-ssl/sender.http.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path http #path http
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
#types time string addr port addr port count string string string string string count count count string count string string table string string table string string file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
1323276411.786237 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - - 1324308802.436269 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - -

4
testing/btest/Baseline/istate.events/receiver.http.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path http #path http
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
#types time string addr port addr port count string string string string string count count count string count string string table string string table string string file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
1323276438.655853 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - - 1324308826.107003 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - -

4
testing/btest/Baseline/istate.events/sender.http.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path http #path http
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
#types time string addr port addr port count string string string string string count count count string count string string table string string table string string file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
1323276438.655853 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - - 1324308826.107003 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - -

2
testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-set-separator/test.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path test #path test
#fields ss #fields ss
#types table #types table[string]
CC,AA,\x2c,\x2c\x2c CC,AA,\x2c,\x2c\x2c

2
testing/btest/Baseline/scripts.base.frameworks.logging.pred/test.success.log
View file

@ -5,4 +5,4 @@
#path test.success #path test.success
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
#types time addr port addr port string string #types time addr port addr port string string
1323275882.725518 1.2.3.4 1234 2.3.4.5 80 success - 1324308566.444800 1.2.3.4 1234 2.3.4.5 80 success unknown

5
testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log
View file

@ -1,5 +1,8 @@
#separator \x09 #separator \x09
#set_separator \x2c
#empty_field \x45\x4d\x50\x54\x59
#unset_field \x2d
#path test #path test
#fields b i e c p sn a d t iv s sc ss se vc ve #fields b i e c p sn a d t iv s sc ss se vc ve
#types bool int enum count port subnet addr double time interval string table[count] table[string] table[string] vector[count] vector[string] #types bool int enum count port subnet addr double time interval string table[count] table[string] table[string] vector[count] vector[string]
T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1323292199.700588 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1324308572.066737 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY

10
testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log
View file

@ -5,8 +5,8 @@
#path test #path test
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
#types time addr port addr port string string #types time addr port addr port string string
1323276013.684540 1.2.3.4 1234 2.3.4.5 80 success - 1324308589.020941 1.2.3.4 1234 2.3.4.5 80 success unknown
1323276013.684540 1.2.3.4 1234 2.3.4.5 80 failure US 1324308589.020941 1.2.3.4 1234 2.3.4.5 80 failure US
1323276013.684540 1.2.3.4 1234 2.3.4.5 80 failure UK 1324308589.020941 1.2.3.4 1234 2.3.4.5 80 failure UK
1323276013.684540 1.2.3.4 1234 2.3.4.5 80 success BR 1324308589.020941 1.2.3.4 1234 2.3.4.5 80 success BR
1323276013.684540 1.2.3.4 1234 2.3.4.5 80 failure MX 1324308589.020941 1.2.3.4 1234 2.3.4.5 80 failure MX

4
testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log
View file

@ -5,5 +5,5 @@
#path test.success #path test.success
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country #fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
#types time addr port addr port string string #types time addr port addr port string string
1323276013.684540 1.2.3.4 1234 2.3.4.5 80 success - 1324308589.020941 1.2.3.4 1234 2.3.4.5 80 success unknown
1323276013.684540 1.2.3.4 1234 2.3.4.5 80 success BR 1324308589.020941 1.2.3.4 1234 2.3.4.5 80 success BR

5
testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log
View file

@ -1,5 +1,8 @@
#separator \x09 #separator \x09
#set_separator \x2c
#empty_field \x45\x4d\x50\x54\x59
#unset_field \x2d
#path ssh #path ssh
#fields b i e c p sn a d t iv s sc ss se vc ve f #fields b i e c p sn a d t iv s sc ss se vc ve f
#types bool int enum count port subnet addr double time interval string table[count] table[string] table[string] vector[count] vector[string] func #types bool int enum count port subnet addr double time interval string table[count] table[string] table[string] vector[count] vector[string] func
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1323292210.836187 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1324308607.500960 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}

4
testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path notice #path notice
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
#types time string addr port addr port enum string string addr addr port count string table table interval bool string string string double double addr string subnet #types time string addr port addr port enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet
1323276259.751377 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 100/100 - 1.2.3.4 - - 100 manager-1 Notice::ACTION_LOG 6 3600.000000 - - - - - - 1.2.3.4 - - 1324308631.319990 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 100/100 - 1.2.3.4 - - 100 manager-1 Notice::ACTION_LOG 6 3600.000000 F - - - - - 1.2.3.4 - -

6
testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log
View file

@ -4,6 +4,6 @@
#unset_field \x2d #unset_field \x2d
#path notice #path notice
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
#types time string addr port addr port enum string string addr addr port count string table table interval bool string string string double double addr string subnet #types time string addr port addr port enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet
1323276275.255136 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 3/2 - 1.2.3.4 - - 3 bro Notice::ACTION_LOG 6 3600.000000 - - - - - - 1.2.3.4 - - 1324308665.314874 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 3/2 - 1.2.3.4 - - 3 bro Notice::ACTION_LOG 6 3600.000000 F - - - - - 1.2.3.4 - -
1323276275.255136 - - - - - Test_Notice Threshold crossed by metric_index(host=6.5.4.3) 2/2 - 6.5.4.3 - - 2 bro Notice::ACTION_LOG 6 3600.000000 - - - - - - 6.5.4.3 - - 1324308665.314874 - - - - - Test_Notice Threshold crossed by metric_index(host=6.5.4.3) 2/2 - 6.5.4.3 - - 2 bro Notice::ACTION_LOG 6 3600.000000 F - - - - - 6.5.4.3 - -

4
testing/btest/Baseline/scripts.base.frameworks.notice.cluster/manager-1.notice.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path notice #path notice
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
#types time string addr port addr port enum string string addr addr port count string table table interval bool string string string double double addr string subnet #types time string addr port addr port enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet
1323276288.745044 - - - - - Test_Notice test notice! - - - - - worker-1 Notice::ACTION_LOG 6 3600.000000 - - - - - - - - - 1324308679.119923 - - - - - Test_Notice test notice! - - - - - worker-1 Notice::ACTION_LOG 6 3600.000000 F - - - - - - - -

4
testing/btest/Baseline/scripts.base.frameworks.notice.suppression-cluster/manager-1.notice.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path notice #path notice
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
#types time string addr port addr port enum string string addr addr port count string table table interval bool string string string double double addr string subnet #types time string addr port addr port enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet
1323276310.879512 - - - - - Test_Notice test notice! - - - - - worker-2 Notice::ACTION_LOG 6 3600.000000 - - - - - - - - - 1324308705.683375 - - - - - Test_Notice test notice! - - - - - worker-2 Notice::ACTION_LOG 6 3600.000000 F - - - - - - - -

4
testing/btest/Baseline/scripts.base.frameworks.notice.suppression/notice.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path notice #path notice
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port enum string string addr addr port count string table table interval bool string string string double double #types time string addr port addr port enum string string addr addr port count string table[enum] table[count] interval bool string string string double double
1323276329.733314 - - - - - Test_Notice test - - - - - bro Notice::ACTION_LOG 6 3600.000000 - - - - - - 1324308722.344582 - - - - - Test_Notice test - - - - - bro Notice::ACTION_LOG 6 3600.000000 F - - - - -

2
testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path http #path http
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
#types time string addr port addr port count string string string string string count count count string count string string table string string table string string file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
1237440095.634312 UWkUyAuUGXf 192.168.3.103 54102 128.146.216.51 80 1 POST www.osu.edu / - curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3 2001 60731 200 OK 100 Continue - - - - - text/html - - 1237440095.634312 UWkUyAuUGXf 192.168.3.103 54102 128.146.216.51 80 1 POST www.osu.edu / - curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3 2001 60731 200 OK 100 Continue - - - - - text/html - -

2
testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path http #path http
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
#types time string addr port addr port count string string string string string count count count string count string string table string string table string string file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
1128727435.634189 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - http-item_141.42.64.125:56730-125.190.109.199:80_resp_1.dat 1128727435.634189 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - http-item_141.42.64.125:56730-125.190.109.199:80_resp_1.dat

2
testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log
View file

@ -4,7 +4,7 @@
#unset_field \x2d #unset_field \x2d
#path http #path http
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
#types time string addr port addr port count string string string string string count count count string count string string table string string table string string file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - - - - - FAKE_MIME - - 1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - - - - - FAKE_MIME - -
1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - - - - - FAKE_MIME - - 1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - - - - - FAKE_MIME - -
1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - - - - - FAKE_MIME - - 1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - - - - - FAKE_MIME - -

2
testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log
View file

@ -4,7 +4,7 @@
#unset_field \x2d #unset_field \x2d
#path http #path http
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied md5 extraction_file #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied md5 extraction_file
#types time string addr port addr port count string string string string string count count count string count string string table string string table string file #types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string file
1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - - - - - - - 1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - - - - - - -
1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - - - - - - - 1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - - - - - - -
1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - - - - - - - 1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - - - - - - -

2
testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log
View file

@ -4,7 +4,7 @@
#unset_field \x2d #unset_field \x2d
#path irc #path irc
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size extraction_file #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size extraction_file
#types time string addr port addr port string string table string string string table string count file #types time string addr port addr port string string table[string] string string string table[enum] string count file
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - -
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - -
1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - 1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - -

2
testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log
View file

@ -4,7 +4,7 @@
#unset_field \x2d #unset_field \x2d
#path irc #path irc
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size dcc_mime_type extraction_file #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size dcc_mime_type extraction_file
#types time string addr port addr port string string table string string string table string count string file #types time string addr port addr port string string table[string] string string string table[enum] string count string file
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - - 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - -
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - - 1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - -
1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - - 1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - -

2
testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path smtp #path smtp
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent
#types time string addr port addr port count string string table string string table string string string string addr string string string vector string #types time string addr port addr port count string string table[string] string string table[string] string string string string addr string string string vector[addr] string
1254722768.219663 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 GP <gurpartap@patriots.in> <raj_deol2002in@yahoo.co.in> Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" <gurpartap@patriots.in> <raj_deol2002in@yahoo.co.in> - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 1254722768.219663 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 GP <gurpartap@patriots.in> <raj_deol2002in@yahoo.co.in> Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" <gurpartap@patriots.in> <raj_deol2002in@yahoo.co.in> - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0

2
testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log
View file

@ -4,7 +4,7 @@
#unset_field \x2d #unset_field \x2d
#path known_services #path known_services
#fields ts host port_num port_proto service #fields ts host port_num port_proto service
#types time addr port enum table #types time addr port enum table[string]
1308930691.049431 172.16.238.131 22 tcp SSH 1308930691.049431 172.16.238.131 22 tcp SSH
1308930694.550308 172.16.238.131 80 tcp HTTP 1308930694.550308 172.16.238.131 80 tcp HTTP
1308930716.462556 74.125.225.81 80 tcp HTTP 1308930716.462556 74.125.225.81 80 tcp HTTP

2
testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log
View file

@ -4,7 +4,7 @@
#unset_field \x2d #unset_field \x2d
#path known_services #path known_services
#fields ts host port_num port_proto service #fields ts host port_num port_proto service
#types time addr port enum table #types time addr port enum table[string]
1308930691.049431 172.16.238.131 22 tcp SSH 1308930691.049431 172.16.238.131 22 tcp SSH
1308930694.550308 172.16.238.131 80 tcp HTTP 1308930694.550308 172.16.238.131 80 tcp HTTP
1308930718.361665 172.16.238.131 21 tcp FTP 1308930718.361665 172.16.238.131 21 tcp FTP

2
testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log
View file

@ -4,6 +4,6 @@
#unset_field \x2d #unset_field \x2d
#path known_services #path known_services
#fields ts host port_num port_proto service #fields ts host port_num port_proto service
#types time addr port enum table #types time addr port enum table[string]
1308930716.462556 74.125.225.81 80 tcp HTTP 1308930716.462556 74.125.225.81 80 tcp HTTP
1308930726.872485 141.142.192.39 22 tcp SSH 1308930726.872485 141.142.192.39 22 tcp SSH

2
testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log
View file

@ -4,5 +4,5 @@
#unset_field \x2d #unset_field \x2d
#path dns #path dns
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name QR AA TC RD RA Z answers TTLs auth addl #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name QR AA TC RD RA Z answers TTLs auth addl
#types time string addr port addr port enum count string count string count string count string bool bool bool bool bool count vector vector table table #types time string addr port addr port enum count string count string count string count string bool bool bool bool bool count vector[string] vector[interval] table[string] table[string]
930613226.529070 UWkUyAuUGXf 212.180.42.100 25000 131.243.64.3 53 tcp 34798 - - - - - 0 NOERROR F F F F T 0 4.3.2.1 31337.000000 - - 930613226.529070 UWkUyAuUGXf 212.180.42.100 25000 131.243.64.3 53 tcp 34798 - - - - - 0 NOERROR F F F F T 0 4.3.2.1 31337.000000 - -