Merge branch 'master' of ssh://git.bro-ids.org/bro

testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/.stderr

@@ -0,0 +1,10 @@
+1st test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0
+1st test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0
+1st test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0
+1st test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0
+1st test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0
+1st test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0
+1st test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0
+1st test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0
+1st test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0
+1st test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1

testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out

@@ -1,13 +1,3 @@
-1st test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0
-1st test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0
-1st test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0
-1st test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0
-1st test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0
-1st test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0
-1st test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0
-1st test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0
-1st test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0
-1st test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
 custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_03.00.05.log, path=test2, open=1299466805.0, close=1299470395.0, terminating=F]
 custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_03.59.55.log, path=test2, open=1299470395.0, close=1299470405.0, terminating=F]
 custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_04.00.05.log, path=test2, open=1299470405.0, close=1299473995.0, terminating=F]

testing/btest/Baseline/scripts.base.frameworks.notice.default-policy-order/notice_policy.log

@@ -1,11 +0,0 @@
-#separator \x09
-#path	notice_policy
-#fields	position	priority	result	pred	halt	suppress_for
-#types	count	count	enum	func	bool	interval
-0	10	Notice::ACTION_NONE	anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::lookup_location_types));\x0a}	F	-
-1	9	Notice::ACTION_NO_SUPPRESS	anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::not_suppressed_types));\x0a}	F	-
-2	9	Notice::ACTION_NONE	anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::ignored_types));\x0a}	T	-
-3	8	Notice::ACTION_EMAIL	anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::emailed_types));\x0a}	F	-
-4	8	Notice::ACTION_ALARM	anonymous-function\x0a{ \x0areturn ((Notice::n$note in Notice::alarmed_types));\x0a}	F	-
-5	8	Notice::ACTION_NONE	anonymous-function\x0a{ \x0aif (Notice::n$note in Notice::type_suppression_intervals) \x0a\x09{ \x0a\x09Notice::n$suppress_for = Notice::type_suppression_intervals[Notice::n$note];\x0a\x09return (T);\x0a\x09}\x0a\x0areturn (F);\x0a}	F	-
-6	0	Notice::ACTION_LOG	-	F	-

testing/btest/Baseline/scripts.base.frameworks.notice.suppression-disable/notice.log

@@ -1,6 +0,0 @@
-#separator \x09
-#path	notice
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	note	msg	sub	src	dst	p	n	peer_descr	actions	policy_items	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
-#types	time	string	addr	port	addr	port	enum	string	string	addr	addr	port	count	string	table	table	interval	bool	string	string	string	double	double
-1317927277.508920	-	-	-	-	-	Test_Notice	test	-	-	-	-	-	bro	Notice::ACTION_NO_SUPPRESS,Notice::ACTION_LOG	6,1	3600.000000	-	-	-	-	-	-
-1317927277.508920	-	-	-	-	-	Test_Notice	another test	-	-	-	-	-	bro	Notice::ACTION_NO_SUPPRESS,Notice::ACTION_LOG	6,1	3600.000000	-	-	-	-	-	-

testing/btest/scripts/base/frameworks/logging/rotate-custom.bro

@@ -1,7 +1,8 @@
 #
-# @TEST-EXEC: bro -b -r %DIR/rotation.trace %INPUT 2>&1 | egrep "test|test2" | sort >out
+# @TEST-EXEC: bro -b -r %DIR/rotation.trace %INPUT | egrep "test|test2" | sort >out
 # @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | uniq >>out
 # @TEST-EXEC: btest-diff out
+# @TEST-EXEC: btest-diff .stderr
 
 module Test;
 

testing/btest/scripts/base/frameworks/notice/default-policy-order.test

@@ -1,4 +1,10 @@
-# This test checks that the default notice policy ordering is the same
-# as a known baseline.
+# This test checks that the default notice policy ordering does not
+# change from run to run.
 # @TEST-EXEC: bro -e ''
-# @TEST-EXEC: btest-diff notice_policy.log
+# @TEST-EXEC: mv notice_policy.log notice_policy.log.1
+# @TEST-EXEC: bro -e ''
+# @TEST-EXEC: mv notice_policy.log notice_policy.log.2
+# @TEST-EXEC: bro -e ''
+# @TEST-EXEC: mv notice_policy.log notice_policy.log.3
+# @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.2
+# @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.3

testing/btest/scripts/base/frameworks/notice/suppression-disable.bro

@@ -1,5 +1,6 @@
 # @TEST-EXEC: bro -b %INPUT
-# @TEST-EXEC: btest-diff notice.log
+# The "Test_Notice" should be logged twice
+# @TEST-EXEC: test `grep Test_Notice notice.log | wc -l` -eq 2
 
 @load base/frameworks/notice
 
@@ -9,8 +10,16 @@ redef enum Notice::Type += {
 
 redef Notice::not_suppressed_types += { Test_Notice };
 
+# The second notice needs to be scheduled due to how the notice framework
+# uses the event queue.
+
+event second_notice()
+	{
+	NOTICE([$note=Test_Notice, $msg="another test", $identifier="static"]);
+	}
+
 event bro_init()
 	{
 	NOTICE([$note=Test_Notice, $msg="test", $identifier="static"]);
-	NOTICE([$note=Test_Notice, $msg="another test", $identifier="static"]);
-	}
+	schedule 1msec { second_notice() };
+	}