mirror of
https://github.com/zeek/zeek.git
synced 2025-10-17 22:18:20 +00:00
Merge remote-tracking branch 'origin/topic/documentation'
I'm merging in the documentation branch to avoid that it keeps getting out of sync. We still need to work on this a bit more, I'll summarize in a mail. * origin/topic/documentation: (68 commits) Going over initial parts of the scripting overview. Adding lines in scripting/index.txt. No other change. Updating submodule. Pass over the Using Bro section. Applying doc updates from BIT-1063. (Anthony Verez) Breaking lines in using/*. More doc reorg, and a light pass over the first 3 sections. Starting to put a new structure in place. Updating submodule(s). Updating submodule(s). Adding some temporary testing/demonstration to front page. Switching btest to topic/robin/parts branch. Basic cross-referencing UIDs between files, btests, and baselines. A truly embarassing number of spelling corrections. Using redirection with bro-cut. Include initial btests for this document. Corrected a mis-typed RST include. Initial start for "Using Bro". Spelling corrections. Include Notice Policy shortcuts in the Scripting User Manual. Notice::policy hooks and tests. ... Conflicts: src/3rdparty
This commit is contained in:
Robin Sommer
commit
ac66db286a
309 changed files with 11468 additions and 1312 deletions
|
|
@ -0,0 +1,5 @@
|
|||
[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={
|
||||
|
||||
}, addl=, hot=0, history=ShADadFf, uid=UWkUyAuUGXf, tunnel=<uninitialized>, conn=[ts=930613226.067666, uid=UWkUyAuUGXf, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=<uninitialized>, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={
|
||||
|
||||
}], extract_orig=F, extract_resp=F]
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={
|
||||
|
||||
}, addl=, hot=0, history=ShADadFf, uid=UWkUyAuUGXf, tunnel=<uninitialized>, conn=[ts=930613226.067666, uid=UWkUyAuUGXf, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=<uninitialized>, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={
|
||||
|
||||
}], extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=[pending={
|
||||
|
||||
}, finished_answers={
|
||||
34798
|
||||
}]]
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
Service: dns(RFC1035)
|
||||
port: 53/tcp
|
||||
port: 53/udp
|
||||
Service: http(RFC2616)
|
||||
port: 80/tcp
|
||||
port: 8080/tcp
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
System: morlock
|
||||
Service: dns(RFC1035)
|
||||
port: 53/tcp
|
||||
port: 53/udp
|
||||
Service: http(RFC2616)
|
||||
port: 80/tcp
|
||||
port: 8080/tcp
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
SSL Port: 993/tcp
|
||||
SSL Port: 22/tcp
|
||||
SSL Port: 587/tcp
|
||||
SSL Port: 443/tcp
|
||||
Non-SSL Port: 143/tcp
|
||||
Non-SSL Port: 25/tcp
|
||||
Non-SSL Port: 80/tcp
|
||||
Non-SSL Port: 23/tcp
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai
|
||||
Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai
|
||||
Harakiri was released in 1962 by Shochiku Eiga studios, directed by Masaki Kobayashi and starring Tatsuya Nakadai
|
||||
Tasogare Seibei was released in 2002 by Eisei Gekijo studios, directed by Yoji Yamada and starring Hiroyuki Sanada
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
Service Name: IMAPS - Common Port: 993/tcp
|
||||
Service Name: HTTPS - Common Port: 443/tcp
|
||||
Service Name: SSH - Common Port: 22/tcp
|
||||
Service Name: SMTPS - Common Port: 587/tcp
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
[1, 2, 3, 4]
|
||||
[1, 2, 3, 4]
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
contents of v1: [1, 2, 3, 4]
|
||||
length of v1: 4
|
||||
contents of v1: [1, 2, 3, 4]
|
||||
length of v2: 4
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
1.2.0.0/18
|
||||
2.3.0.0/18
|
||||
3.4.0.0/18
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
[6666/tcp] = IRC,
|
||||
[80/tcp] = WWW
|
||||
}
|
||||
|
|
@ -0,0 +1 @@
|
|||
A: 10, B: 10
|
||||
15
testing/btest/Baseline/doc.manual.data_type_interval/.stdout
Normal file
15
testing/btest/Baseline/doc.manual.data_type_interval/.stdout
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 132.0 msecs 97.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 177.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 2.0 msecs 177.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 33.0 msecs 898.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 35.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 2.0 msecs 532.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2
|
||||
Time since last connection: 7.0 msecs 866.0 usecs
|
||||
|
|
@ -0,0 +1 @@
|
|||
i + 2 = 12
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
The
|
||||
brown fox jumped over the
|
||||
dog.
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
equality and /^?(equal)$?/ are not equal
|
||||
equality and /^?(equality)$?/ are equal
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
172.16.4.56 belongs to subnet 172.16.0.0/20
|
||||
172.16.47.254 belongs to subnet 172.16.32.0/20
|
||||
172.16.22.45 belongs to subnet 172.16.16.0/20
|
||||
172.16.1.1 belongs to subnet 172.16.0.0/20
|
||||
8
testing/btest/Baseline/doc.manual.data_type_time/.stdout
Normal file
8
testing/btest/Baseline/doc.manual.data_type_time/.stdout
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2^J
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
1
|
||||
2
|
||||
6
|
||||
24
|
||||
120
|
||||
720
|
||||
5040
|
||||
40320
|
||||
362880
|
||||
3628800
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path factor
|
||||
#open 2013-03-19-03-25-33
|
||||
#fields num factorial_num
|
||||
#types count count
|
||||
1 1
|
||||
2 2
|
||||
3 6
|
||||
4 24
|
||||
5 120
|
||||
6 720
|
||||
7 5040
|
||||
8 40320
|
||||
9 362880
|
||||
10 3628800
|
||||
#close 2013-03-19-03-25-33
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path factor-mod5
|
||||
#open 2013-03-20-03-22-52
|
||||
#fields num factorial_num
|
||||
#types count count
|
||||
5 120
|
||||
6 720
|
||||
7 5040
|
||||
8 40320
|
||||
9 362880
|
||||
10 3628800
|
||||
#close 2013-03-20-03-22-52
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path factor-non5
|
||||
#open 2013-03-20-03-22-52
|
||||
#fields num factorial_num
|
||||
#types count count
|
||||
1 1
|
||||
2 2
|
||||
3 6
|
||||
4 24
|
||||
#close 2013-03-20-03-22-52
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path factor-mod5
|
||||
#open 2013-03-25-02-00-12
|
||||
#fields num factorial_num
|
||||
#types count count
|
||||
5 120
|
||||
6 720
|
||||
7 5040
|
||||
8 40320
|
||||
9 362880
|
||||
10 3628800
|
||||
#close 2013-03-25-02-00-12
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path factor-non5
|
||||
#open 2013-03-25-02-00-12
|
||||
#fields num factorial_num
|
||||
#types count count
|
||||
1 1
|
||||
2 2
|
||||
3 6
|
||||
4 24
|
||||
#close 2013-03-25-02-00-12
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-05-05-20-51-24
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1300475167.096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty)
|
||||
1300475167.097012 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - 0 D 1 199 0 0 (empty)
|
||||
1300475167.099816 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - 0 D 1 179 0 0 (empty)
|
||||
1300475168.853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.857956 fRFu0wcOle6 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.858306 qSsw6ESzHV4 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.858713 iE6yhOq3SF 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.891644 qCaWGmzFtM5 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.892037 70MGiRM1Qf4 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.892414 h5DsfNtYzi1 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.893988 c4Zw9TmAE05 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - 0 Dd 1 66 1 117 (empty)
|
||||
1300475168.894422 EAr0uf4mhq 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - 0 Dd 1 80 1 127 (empty)
|
||||
1300475168.894787 GvmoxJFXdTa 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - 0 Dd 1 66 1 211 (empty)
|
||||
1300475168.901749 slFea8xwSmb 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - 0 Dd 1 64 1 159 (empty)
|
||||
1300475168.902195 UfGkYA2HI2g 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - 0 Dd 1 64 1 226 (empty)
|
||||
1300475169.899438 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 85 0 0 (empty)
|
||||
1300475170.862384 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 - 0 D 7 546 0 0 (empty)
|
||||
1300475171.675372 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 - 0 D 2 162 0 0 (empty)
|
||||
1300475171.677081 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 - 0 D 2 122 0 0 (empty)
|
||||
1300475173.116749 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 - 0 D 2 162 0 0 (empty)
|
||||
1300475173.117362 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 - 0 D 2 122 0 0 (empty)
|
||||
1300475173.153679 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns - - - S0 - 0 D 1 78 0 0 (empty)
|
||||
1300475168.859163 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - 0 ShADad 6 1450 4 950 (empty)
|
||||
1300475168.652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - 0 DdA 2 567 1 402 (empty)
|
||||
1300475168.895267 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - 0 ShADad 6 1498 4 950 (empty)
|
||||
1300475168.902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 - 0 ShADad 4 750 3 576 (empty)
|
||||
1300475168.892936 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - 0 ShADad 6 1468 4 950 (empty)
|
||||
1300475168.855305 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - 0 ShADad 6 1491 4 949 (empty)
|
||||
1300475168.892913 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - 0 ShADad 6 1457 4 949 (empty)
|
||||
1300475169.780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - 0 h 0 0 1 48 (empty)
|
||||
1300475168.724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - 0 ShADad 4 741 3 396 (empty)
|
||||
1300475168.855330 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - 0 ShADad 6 1445 4 950 (empty)
|
||||
#close 2013-05-05-20-51-24
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-05-05-21-12-40
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1300475168.784020 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475168.916018 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475168.916183 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475168.918358 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475168.952307 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475168.952296 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475168.954820 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475168.962687 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475168.975934 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475168.976436 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475168.979264 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475169.014619 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475169.014593 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475169.014927 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
#close 2013-05-05-21-12-40
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-05-07-14-38-27
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1320329757.771503 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 tcp http 15.161537 2899 1127 S2 - 0 ShADadF 20 3719 19 1891 (empty)
|
||||
1320329757.771262 nQcgTWjvg4c 10.0.2.15 49285 192.150.187.43 80 tcp http 15.161772 889 377 S2 - 0 ShADadF 8 1229 8 701 (empty)
|
||||
1320329757.761327 arKYeMETxOg 10.0.2.15 49283 192.150.187.43 80 tcp http 15.168898 459 189 S2 - 0 ShADadF 5 679 4 353 (empty)
|
||||
1320329757.458867 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 tcp http 15.471378 1824 751 S2 - 0 ShADadF 12 2324 13 1275 (empty)
|
||||
1320329757.761638 k6kgXLOoSKl 10.0.2.15 49284 192.150.187.43 80 tcp http 15.168613 898 376 S2 - 0 ShADadF 8 1238 8 700 (empty)
|
||||
1320329757.771755 TEfuqmmG4bh 10.0.2.15 49287 192.150.187.43 80 tcp http 15.161267 900 376 S2 - 0 ShADadF 8 1240 8 700 (empty)
|
||||
#close 2013-05-07-14-38-27
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-05-07-14-38-27
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1320329757.460004 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 1 GET bro-ids.org / - Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329757.772457 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 2 GET bro-ids.org /css/pygments.css http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329757.874406 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 3 GET bro-ids.org /js/jquery.zrssfeed.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329757.775110 k6kgXLOoSKl 10.0.2.15 49284 192.150.187.43 80 1 GET bro-ids.org /css/960.css http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329757.776072 TEfuqmmG4bh 10.0.2.15 49287 192.150.187.43 80 1 GET bro-ids.org /js/jquery.cycle.all.min.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329757.776421 nQcgTWjvg4c 10.0.2.15 49285 192.150.187.43 80 1 GET bro-ids.org /js/jquery.tweet.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329757.776240 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 1 GET bro-ids.org /js/jquery.fancybox-1.3.4.pack.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329757.775251 arKYeMETxOg 10.0.2.15 49283 192.150.187.43 80 1 GET bro-ids.org /css/bro-ids.css http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329757.975651 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 4 GET bro-ids.org /js/jquery.tableofcontents.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329757.979943 k6kgXLOoSKl 10.0.2.15 49284 192.150.187.43 80 2 GET bro-ids.org /js/superfish.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329757.985656 TEfuqmmG4bh 10.0.2.15 49287 192.150.187.43 80 2 GET bro-ids.org /js/hoverIntent.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329757.989904 nQcgTWjvg4c 10.0.2.15 49285 192.150.187.43 80 2 GET bro-ids.org /js/general.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329757.991315 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 2 GET bro-ids.org /js/jquery.collapse.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329758.172397 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 3 GET bro-ids.org /css/print.css http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329759.998388 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 4 GET bro-ids.org /documentation/index.html http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329760.146412 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 5 GET bro-ids.org /js/breadcrumbs.js http://bro-ids.org/documentation/index.html Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1320329762.971726 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 6 GET bro-ids.org /documentation/reporting-problems.html http://bro-ids.org/documentation/index.html Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
#close 2013-05-07-14-38-27
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro -b -r dns-session.trace connection_record_01.bro
|
||||
[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={
|
||||
|
||||
}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=930613226.067666, uid=CXWv6p3arKYeMETxOg, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=<uninitialized>, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={
|
||||
|
||||
}], extract_orig=F, extract_resp=F]
|
||||
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro -b -r dns-session.trace connection_record_02.bro
|
||||
[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={
|
||||
|
||||
}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=930613226.067666, uid=CXWv6p3arKYeMETxOg, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=<uninitialized>, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={
|
||||
|
||||
}], extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=[pending={
|
||||
[34798] = [initialized=T, vals={
|
||||
|
||||
}, settings=[max_len=<uninitialized>], top=1, bottom=1, size=0]
|
||||
}, finished_answers={
|
||||
|
||||
}]]
|
||||
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_struct_record_01.bro
|
||||
Service: dns(RFC1035)
|
||||
port: 53/tcp
|
||||
port: 53/udp
|
||||
Service: http(RFC2616)
|
||||
port: 80/tcp
|
||||
port: 8080/tcp
|
||||
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_struct_record_02.bro
|
||||
System: morlock
|
||||
Service: dns(RFC1035)
|
||||
port: 53/tcp
|
||||
port: 53/udp
|
||||
Service: http(RFC2616)
|
||||
port: 80/tcp
|
||||
port: 8080/tcp
|
||||
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_struct_set_declaration.bro
|
||||
SSL Port: 993/tcp
|
||||
SSL Port: 22/tcp
|
||||
SSL Port: 587/tcp
|
||||
SSL Port: 443/tcp
|
||||
Non-SSL Port: 143/tcp
|
||||
Non-SSL Port: 25/tcp
|
||||
Non-SSL Port: 80/tcp
|
||||
Non-SSL Port: 23/tcp
|
||||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro -b data_struct_table_complex.bro
|
||||
Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai
|
||||
Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai
|
||||
Harakiri was released in 1962 by Shochiku Eiga studios, directed by Masaki Kobayashi and starring Tatsuya Nakadai
|
||||
Tasogare Seibei was released in 2002 by Eisei Gekijo studios, directed by Yoji Yamada and starring Hiroyuki Sanada
|
||||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_struct_table_declaration.bro
|
||||
Service Name: IMAPS - Common Port: 993/tcp
|
||||
Service Name: HTTPS - Common Port: 443/tcp
|
||||
Service Name: SSH - Common Port: 22/tcp
|
||||
Service Name: SMTPS - Common Port: 587/tcp
|
||||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_struct_vector_declaration.bro
|
||||
contents of v1: [1, 2, 3, 4]
|
||||
length of v1: 4
|
||||
contents of v1: [1, 2, 3, 4]
|
||||
length of v2: 4
|
||||
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro -b data_struct_vector_iter.bro
|
||||
1.2.0.0/18
|
||||
2.3.0.0/18
|
||||
3.4.0.0/18
|
||||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro -b data_type_const.bro
|
||||
{
|
||||
[6666/tcp] = IRC,
|
||||
[80/tcp] = WWW
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro -r wikipedia.trace data_type_interval.bro
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 132.0 msecs 97.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 177.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 2.0 msecs 177.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 33.0 msecs 898.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 35.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
|
||||
Time since last connection: 2.0 msecs 532.0 usecs
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2
|
||||
Time since last connection: 7.0 msecs 866.0 usecs
|
||||
2011/06/18 19:03:09: New connection established from 141.142.220.235 to 173.192.163.128
|
||||
Time since last connection: 817.0 msecs 703.0 usecs
|
||||
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_type_pattern_01.bro
|
||||
The
|
||||
brown fox jumped over the
|
||||
dog.
|
||||
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_type_pattern_02.bro
|
||||
equality and /^?(equal)$?/ are not equal
|
||||
equality and /^?(equality)$?/ are equal
|
||||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro data_type_subnets.bro
|
||||
172.16.4.56 belongs to subnet 172.16.0.0/20
|
||||
172.16.47.254 belongs to subnet 172.16.32.0/20
|
||||
172.16.22.45 belongs to subnet 172.16.16.0/20
|
||||
172.16.1.1 belongs to subnet 172.16.0.0/20
|
||||
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro -r wikipedia.trace data_type_time.bro
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
|
||||
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2^J
|
||||
2011/06/18 19:03:09: New connection established from 141.142.220.235 to 173.192.163.128^J
|
||||
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro framework_logging_factorial_02.bro
|
||||
|
||||
.. code-block:: guess
|
||||
:linenos:
|
||||
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path factor
|
||||
#open 2013-08-31-22-50-17
|
||||
#fields num factorial_num
|
||||
#types count count
|
||||
1 1
|
||||
2 2
|
||||
3 6
|
||||
4 24
|
||||
5 120
|
||||
6 720
|
||||
7 5040
|
||||
8 40320
|
||||
9 362880
|
||||
10 3628800
|
||||
#close 2013-08-31-22-50-17
|
||||
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro framework_logging_factorial_03.bro
|
||||
|
||||
.. code-block:: guess
|
||||
:linenos:
|
||||
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path factor-mod5
|
||||
#open 2013-08-31-22-50-17
|
||||
#fields num factorial_num
|
||||
#types count count
|
||||
5 120
|
||||
6 720
|
||||
7 5040
|
||||
8 40320
|
||||
9 362880
|
||||
10 3628800
|
||||
#close 2013-08-31-22-50-17
|
||||
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
.. code-block:: none
|
||||
:linenos:
|
||||
:emphasize-lines: 1,1
|
||||
|
||||
# bro framework_logging_factorial_01.bro
|
||||
1
|
||||
2
|
||||
6
|
||||
24
|
||||
120
|
||||
720
|
||||
5040
|
||||
40320
|
||||
362880
|
||||
3628800
|
||||
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- connection_record_02.bro
|
||||
|
||||
@load base/protocols/conn
|
||||
@load base/protocols/dns
|
||||
|
||||
event connection_state_remove(c: connection)
|
||||
{
|
||||
print c;
|
||||
}
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- connection_record_02.bro
|
||||
|
||||
@load base/protocols/conn
|
||||
@load base/protocols/dns
|
||||
|
||||
event connection_state_remove(c: connection)
|
||||
{
|
||||
print c;
|
||||
}
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- connection_record_02.bro
|
||||
|
||||
@load base/protocols/conn
|
||||
@load base/protocols/dns
|
||||
|
||||
event connection_state_remove(c: connection)
|
||||
{
|
||||
print c;
|
||||
}
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- connection_record_02.bro
|
||||
|
||||
@load base/protocols/conn
|
||||
@load base/protocols/dns
|
||||
|
||||
event connection_state_remove(c: connection)
|
||||
{
|
||||
print c;
|
||||
}
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_record_01.bro
|
||||
|
||||
type Service: record {
|
||||
name: string;
|
||||
ports: set[port];
|
||||
rfc: count;
|
||||
};
|
||||
|
||||
function print_service(serv: Service): string
|
||||
{
|
||||
print fmt("Service: %s(RFC%d)",serv$name, serv$rfc);
|
||||
|
||||
for ( p in serv$ports )
|
||||
print fmt(" port: %s", p);
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local dns: Service = [$name="dns", $ports=set(53/udp, 53/tcp), $rfc=1035];
|
||||
local http: Service = [$name="http", $ports=set(80/tcp, 8080/tcp), $rfc=2616];
|
||||
|
||||
print_service(dns);
|
||||
print_service(http);
|
||||
}
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_record_01.bro
|
||||
|
||||
type Service: record {
|
||||
name: string;
|
||||
ports: set[port];
|
||||
rfc: count;
|
||||
};
|
||||
|
||||
function print_service(serv: Service): string
|
||||
{
|
||||
print fmt("Service: %s(RFC%d)",serv$name, serv$rfc);
|
||||
|
||||
for ( p in serv$ports )
|
||||
print fmt(" port: %s", p);
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local dns: Service = [$name="dns", $ports=set(53/udp, 53/tcp), $rfc=1035];
|
||||
local http: Service = [$name="http", $ports=set(80/tcp, 8080/tcp), $rfc=2616];
|
||||
|
||||
print_service(dns);
|
||||
print_service(http);
|
||||
}
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_record_02.bro
|
||||
|
||||
type Service: record {
|
||||
name: string;
|
||||
ports: set[port];
|
||||
rfc: count;
|
||||
};
|
||||
|
||||
type System: record {
|
||||
name: string;
|
||||
services: set[Service];
|
||||
};
|
||||
|
||||
function print_service(serv: Service): string
|
||||
{
|
||||
print fmt(" Service: %s(RFC%d)",serv$name, serv$rfc);
|
||||
|
||||
for ( p in serv$ports )
|
||||
print fmt(" port: %s", p);
|
||||
}
|
||||
|
||||
function print_system(sys: System): string
|
||||
{
|
||||
print fmt("System: %s", sys$name);
|
||||
|
||||
for ( s in sys$services )
|
||||
print_service(s);
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local server01: System;
|
||||
server01$name = "morlock";
|
||||
add server01$services[[ $name="dns", $ports=set(53/udp, 53/tcp), $rfc=1035]];
|
||||
add server01$services[[ $name="http", $ports=set(80/tcp, 8080/tcp), $rfc=2616]];
|
||||
print_system(server01);
|
||||
|
||||
|
||||
# local dns: Service = [ $name="dns", $ports=set(53/udp, 53/tcp), $rfc=1035];
|
||||
# local http: Service = [ $name="http", $ports=set(80/tcp, 8080/tcp), $rfc=2616];
|
||||
# print_service(dns);
|
||||
# print_service(http);
|
||||
}
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_record_02.bro
|
||||
|
||||
type Service: record {
|
||||
name: string;
|
||||
ports: set[port];
|
||||
rfc: count;
|
||||
};
|
||||
|
||||
type System: record {
|
||||
name: string;
|
||||
services: set[Service];
|
||||
};
|
||||
|
||||
function print_service(serv: Service): string
|
||||
{
|
||||
print fmt(" Service: %s(RFC%d)",serv$name, serv$rfc);
|
||||
|
||||
for ( p in serv$ports )
|
||||
print fmt(" port: %s", p);
|
||||
}
|
||||
|
||||
function print_system(sys: System): string
|
||||
{
|
||||
print fmt("System: %s", sys$name);
|
||||
|
||||
for ( s in sys$services )
|
||||
print_service(s);
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local server01: System;
|
||||
server01$name = "morlock";
|
||||
add server01$services[[ $name="dns", $ports=set(53/udp, 53/tcp), $rfc=1035]];
|
||||
add server01$services[[ $name="http", $ports=set(80/tcp, 8080/tcp), $rfc=2616]];
|
||||
print_system(server01);
|
||||
|
||||
|
||||
# local dns: Service = [ $name="dns", $ports=set(53/udp, 53/tcp), $rfc=1035];
|
||||
# local http: Service = [ $name="http", $ports=set(80/tcp, 8080/tcp), $rfc=2616];
|
||||
# print_service(dns);
|
||||
# print_service(http);
|
||||
}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local ssl_ports: set[port];
|
||||
local non_ssl_ports = set( 23/tcp, 80/tcp, 143/tcp, 25/tcp );
|
||||
}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local ssl_ports: set[port];
|
||||
local non_ssl_ports = set( 23/tcp, 80/tcp, 143/tcp, 25/tcp );
|
||||
}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
|
||||
for ( i in ssl_ports )
|
||||
print fmt("SSL Port: %s", i);
|
||||
|
||||
for ( i in non_ssl_ports )
|
||||
print fmt("Non-SSL Port: %s", i);
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
|
||||
for ( i in ssl_ports )
|
||||
print fmt("SSL Port: %s", i);
|
||||
|
||||
for ( i in non_ssl_ports )
|
||||
print fmt("Non-SSL Port: %s", i);
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
|
||||
# Check for SMTPS
|
||||
if ( 587/tcp !in ssl_ports )
|
||||
add ssl_ports[587/tcp];
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
|
||||
# Check for SMTPS
|
||||
if ( 587/tcp !in ssl_ports )
|
||||
add ssl_ports[587/tcp];
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local ssl_ports: set[port];
|
||||
local non_ssl_ports = set( 23/tcp, 80/tcp, 143/tcp, 25/tcp );
|
||||
|
||||
# SSH
|
||||
add ssl_ports[22/tcp];
|
||||
# HTTPS
|
||||
add ssl_ports[443/tcp];
|
||||
# IMAPS
|
||||
add ssl_ports[993/tcp];
|
||||
|
||||
# Check for SMTPS
|
||||
if ( 587/tcp !in ssl_ports )
|
||||
add ssl_ports[587/tcp];
|
||||
|
||||
for ( i in ssl_ports )
|
||||
print fmt("SSL Port: %s", i);
|
||||
|
||||
for ( i in non_ssl_ports )
|
||||
print fmt("Non-SSL Port: %s", i);
|
||||
}
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_set_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local ssl_ports: set[port];
|
||||
local non_ssl_ports = set( 23/tcp, 80/tcp, 143/tcp, 25/tcp );
|
||||
|
||||
# SSH
|
||||
add ssl_ports[22/tcp];
|
||||
# HTTPS
|
||||
add ssl_ports[443/tcp];
|
||||
# IMAPS
|
||||
add ssl_ports[993/tcp];
|
||||
|
||||
# Check for SMTPS
|
||||
if ( 587/tcp !in ssl_ports )
|
||||
add ssl_ports[587/tcp];
|
||||
|
||||
for ( i in ssl_ports )
|
||||
print fmt("SSL Port: %s", i);
|
||||
|
||||
for ( i in non_ssl_ports )
|
||||
print fmt("Non-SSL Port: %s", i);
|
||||
}
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_table_complex.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local samurai_flicks: table[string, string, count, string] of string;
|
||||
|
||||
samurai_flicks["Kihachi Okamoto", "Toho", 1968, "Tatsuya Nakadai"] = "Kiru";
|
||||
samurai_flicks["Hideo Gosha", "Fuji", 1969, "Tatsuya Nakadai"] = "Goyokin";
|
||||
samurai_flicks["Masaki Kobayashi", "Shochiku Eiga", 1962, "Tatsuya Nakadai" ] = "Harakiri";
|
||||
samurai_flicks["Yoji Yamada", "Eisei Gekijo", 2002, "Hiroyuki Sanada" ] = "Tasogare Seibei";
|
||||
|
||||
for ( [d, s, y, a] in samurai_flicks )
|
||||
print fmt("%s was released in %d by %s studios, directed by %s and starring %s", samurai_flicks[d, s, y, a], y, s, d, a);
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_table_complex.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local samurai_flicks: table[string, string, count, string] of string;
|
||||
|
||||
samurai_flicks["Kihachi Okamoto", "Toho", 1968, "Tatsuya Nakadai"] = "Kiru";
|
||||
samurai_flicks["Hideo Gosha", "Fuji", 1969, "Tatsuya Nakadai"] = "Goyokin";
|
||||
samurai_flicks["Masaki Kobayashi", "Shochiku Eiga", 1962, "Tatsuya Nakadai" ] = "Harakiri";
|
||||
samurai_flicks["Yoji Yamada", "Eisei Gekijo", 2002, "Hiroyuki Sanada" ] = "Tasogare Seibei";
|
||||
|
||||
for ( [d, s, y, a] in samurai_flicks )
|
||||
print fmt("%s was released in %d by %s studios, directed by %s and starring %s", samurai_flicks[d, s, y, a], y, s, d, a);
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_table_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local ssl_services: table[string] of port;
|
||||
|
||||
ssl_services = table(["SSH"] = 22/tcp, ["HTTPS"] = 443/tcp);
|
||||
ssl_services["IMAPS"] = 993/tcp;
|
||||
|
||||
if ( "SMTPS" !in ssl_services )
|
||||
ssl_services["SMTPS"] = 587/tcp;
|
||||
|
||||
for ( k in ssl_services )
|
||||
print fmt("Service Name: %s - Common Port: %s", k, ssl_services[k]);
|
||||
}
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_table_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local ssl_services: table[string] of port;
|
||||
|
||||
ssl_services = table(["SSH"] = 22/tcp, ["HTTPS"] = 443/tcp);
|
||||
ssl_services["IMAPS"] = 993/tcp;
|
||||
|
||||
if ( "SMTPS" !in ssl_services )
|
||||
ssl_services["SMTPS"] = 587/tcp;
|
||||
|
||||
for ( k in ssl_services )
|
||||
print fmt("Service Name: %s - Common Port: %s", k, ssl_services[k]);
|
||||
}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_vector_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local v1: vector of count;
|
||||
local v2 = vector(1, 2, 3, 4);
|
||||
|
||||
v1[|v1|] = 1;
|
||||
v1[|v1|] = 2;
|
||||
v1[|v1|] = 3;
|
||||
v1[|v1|] = 4;
|
||||
|
||||
print fmt("contents of v1: %s", v1);
|
||||
print fmt("length of v1: %d", |v1|);
|
||||
print fmt("contents of v1: %s", v2);
|
||||
print fmt("length of v2: %d", |v2|);
|
||||
}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_vector_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local v1: vector of count;
|
||||
local v2 = vector(1, 2, 3, 4);
|
||||
|
||||
v1[|v1|] = 1;
|
||||
v1[|v1|] = 2;
|
||||
v1[|v1|] = 3;
|
||||
v1[|v1|] = 4;
|
||||
|
||||
print fmt("contents of v1: %s", v1);
|
||||
print fmt("length of v1: %d", |v1|);
|
||||
print fmt("contents of v1: %s", v2);
|
||||
print fmt("length of v2: %d", |v2|);
|
||||
}
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_vector_iter.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local addr_vector: vector of addr = vector(1.2.3.4, 2.3.4.5, 3.4.5.6);
|
||||
|
||||
for (i in addr_vector)
|
||||
print mask_addr(addr_vector[i], 18);
|
||||
}
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_struct_vector_iter.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local addr_vector: vector of addr = vector(1.2.3.4, 2.3.4.5, 3.4.5.6);
|
||||
|
||||
for (i in addr_vector)
|
||||
print mask_addr(addr_vector[i], 18);
|
||||
}
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_const.bro
|
||||
|
||||
const port_list: table[port] of string &redef;
|
||||
|
||||
redef port_list += { [6666/tcp] = "IRC"};
|
||||
redef port_list += { [80/tcp] = "WWW" };
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
print port_list;
|
||||
}
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_const.bro
|
||||
|
||||
const port_list: table[port] of string &redef;
|
||||
|
||||
redef port_list += { [6666/tcp] = "IRC"};
|
||||
redef port_list += { [80/tcp] = "WWW" };
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
print port_list;
|
||||
}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_const_simple.bro
|
||||
|
||||
@load base/protocols/http
|
||||
|
||||
redef HTTP::default_capture_password = T;
|
||||
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_const_simple.bro
|
||||
|
||||
@load base/protocols/http
|
||||
|
||||
redef HTTP::default_capture_password = T;
|
||||
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local a: int;
|
||||
a = 10;
|
||||
local b = 10;
|
||||
|
||||
if ( a == b )
|
||||
print fmt("A: %d, B: %d", a, b);
|
||||
}
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_declaration.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local a: int;
|
||||
a = 10;
|
||||
local b = 10;
|
||||
|
||||
if ( a == b )
|
||||
print fmt("A: %d, B: %d", a, b);
|
||||
}
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_interval.bro
|
||||
|
||||
# Store the time the previous connection was established.
|
||||
global last_connection_time: time;
|
||||
|
||||
# boolean value to indicate whether we have seen a previous connection.
|
||||
global connection_seen: bool = F;
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local net_time: time = network_time();
|
||||
|
||||
print fmt("%s: New connection established from %s to %s", strftime("%Y/%M/%d %H:%m:%S", net_time), c$id$orig_h, c$id$resp_h);
|
||||
|
||||
if ( connection_seen )
|
||||
print fmt(" Time since last connection: %s", net_time - last_connection_time);
|
||||
|
||||
last_connection_time = net_time;
|
||||
connection_seen = T;
|
||||
}
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_interval.bro
|
||||
|
||||
# Store the time the previous connection was established.
|
||||
global last_connection_time: time;
|
||||
|
||||
# boolean value to indicate whether we have seen a previous connection.
|
||||
global connection_seen: bool = F;
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local net_time: time = network_time();
|
||||
|
||||
print fmt("%s: New connection established from %s to %s", strftime("%Y/%M/%d %H:%m:%S", net_time), c$id$orig_h, c$id$resp_h);
|
||||
|
||||
if ( connection_seen )
|
||||
print fmt(" Time since last connection: %s", net_time - last_connection_time);
|
||||
|
||||
last_connection_time = net_time;
|
||||
connection_seen = T;
|
||||
}
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_local.bro
|
||||
|
||||
function add_two(i: count): count
|
||||
{
|
||||
local added_two = i+2;
|
||||
print fmt("i + 2 = %d", added_two);
|
||||
return added_two;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local test = add_two(10);
|
||||
}
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_local.bro
|
||||
|
||||
function add_two(i: count): count
|
||||
{
|
||||
local added_two = i+2;
|
||||
print fmt("i + 2 = %d", added_two);
|
||||
return added_two;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local test = add_two(10);
|
||||
}
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_pattern_01.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local test_string = "The quick brown fox jumped over the lazy dog.";
|
||||
local test_pattern = /quick|lazy/;
|
||||
|
||||
if ( test_pattern in test_string )
|
||||
{
|
||||
local results = split(test_string, test_pattern);
|
||||
print results[1];
|
||||
print results[2];
|
||||
print results[3];
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_pattern_01.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local test_string = "The quick brown fox jumped over the lazy dog.";
|
||||
local test_pattern = /quick|lazy/;
|
||||
|
||||
if ( test_pattern in test_string )
|
||||
{
|
||||
local results = split(test_string, test_pattern);
|
||||
print results[1];
|
||||
print results[2];
|
||||
print results[3];
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_pattern_02.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local test_string = "equality";
|
||||
|
||||
local test_pattern = /equal/;
|
||||
print fmt("%s and %s %s equal", test_string, test_pattern, test_pattern == test_string ? "are" : "are not");
|
||||
|
||||
test_pattern = /equality/;
|
||||
print fmt("%s and %s %s equal", test_string, test_pattern, test_pattern == test_string ? "are" : "are not");
|
||||
}
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_pattern_02.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local test_string = "equality";
|
||||
|
||||
local test_pattern = /equal/;
|
||||
print fmt("%s and %s %s equal", test_string, test_pattern, test_pattern == test_string ? "are" : "are not");
|
||||
|
||||
test_pattern = /equality/;
|
||||
print fmt("%s and %s %s equal", test_string, test_pattern, test_pattern == test_string ? "are" : "are not");
|
||||
}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_subnets.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local subnets = vector(172.16.0.0/20, 172.16.16.0/20, 172.16.32.0/20, 172.16.48.0/20);
|
||||
local addresses = vector(172.16.4.56, 172.16.47.254, 172.16.22.45, 172.16.1.1);
|
||||
|
||||
for ( a in addresses )
|
||||
{
|
||||
for ( s in subnets )
|
||||
{
|
||||
if ( addresses[a] in subnets[s] )
|
||||
print fmt("%s belongs to subnet %s", addresses[a], subnets[s]);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_subnets.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local subnets = vector(172.16.0.0/20, 172.16.16.0/20, 172.16.32.0/20, 172.16.48.0/20);
|
||||
local addresses = vector(172.16.4.56, 172.16.47.254, 172.16.22.45, 172.16.1.1);
|
||||
|
||||
for ( a in addresses )
|
||||
{
|
||||
for ( s in subnets )
|
||||
{
|
||||
if ( addresses[a] in subnets[s] )
|
||||
print fmt("%s belongs to subnet %s", addresses[a], subnets[s]);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_time.bro
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
print fmt("%s: New connection established from %s to %s\n", strftime("%Y/%M/%d %H:%m:%S", network_time()), c$id$orig_h, c$id$resp_h);
|
||||
}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- data_type_time.bro
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
print fmt("%s: New connection established from %s to %s\n", strftime("%Y/%M/%d %H:%m:%S", network_time()), c$id$orig_h, c$id$resp_h);
|
||||
}
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- framework_logging_factorial_01.bro
|
||||
|
||||
module Factor;
|
||||
|
||||
function factorial(n: count): count
|
||||
{
|
||||
if ( n == 0 )
|
||||
return 1;
|
||||
else
|
||||
return ( n * factorial(n - 1) );
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local numbers: vector of count = vector(1, 2, 3, 4, 5, 6, 7, 8, 9, 10);
|
||||
|
||||
for ( n in numbers )
|
||||
print fmt("%d", factorial(numbers[n]));
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- framework_logging_factorial_01.bro
|
||||
|
||||
module Factor;
|
||||
|
||||
function factorial(n: count): count
|
||||
{
|
||||
if ( n == 0 )
|
||||
return 1;
|
||||
else
|
||||
return ( n * factorial(n - 1) );
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local numbers: vector of count = vector(1, 2, 3, 4, 5, 6, 7, 8, 9, 10);
|
||||
|
||||
for ( n in numbers )
|
||||
print fmt("%d", factorial(numbers[n]));
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- framework_logging_factorial_02.bro
|
||||
|
||||
module Factor;
|
||||
|
||||
export {
|
||||
redef enum Log::ID += { LOG };
|
||||
|
||||
type Info: record {
|
||||
num: count &log;
|
||||
factorial_num: count &log;
|
||||
};
|
||||
}
|
||||
|
||||
function factorial(n: count): count
|
||||
{
|
||||
if ( n == 0 )
|
||||
return 1;
|
||||
|
||||
else
|
||||
return ( n * factorial(n - 1) );
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Log::create_stream(LOG, [$columns=Info]);
|
||||
}
|
||||
|
||||
event bro_done()
|
||||
{
|
||||
local numbers: vector of count = vector(1, 2, 3, 4, 5, 6, 7, 8, 9, 10);
|
||||
for ( n in numbers )
|
||||
Log::write( Factor::LOG, [$num=numbers[n],
|
||||
$factorial_num=factorial(numbers[n])]);
|
||||
}
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- framework_logging_factorial_02.bro
|
||||
|
||||
module Factor;
|
||||
|
||||
export {
|
||||
redef enum Log::ID += { LOG };
|
||||
|
||||
type Info: record {
|
||||
num: count &log;
|
||||
factorial_num: count &log;
|
||||
};
|
||||
}
|
||||
|
||||
function factorial(n: count): count
|
||||
{
|
||||
if ( n == 0 )
|
||||
return 1;
|
||||
|
||||
else
|
||||
return ( n * factorial(n - 1) );
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Log::create_stream(LOG, [$columns=Info]);
|
||||
}
|
||||
|
||||
event bro_done()
|
||||
{
|
||||
local numbers: vector of count = vector(1, 2, 3, 4, 5, 6, 7, 8, 9, 10);
|
||||
for ( n in numbers )
|
||||
Log::write( Factor::LOG, [$num=numbers[n],
|
||||
$factorial_num=factorial(numbers[n])]);
|
||||
}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- framework_logging_factorial_03.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Log::create_stream(LOG, [$columns=Info]);
|
||||
|
||||
local filter: Log::Filter = [$name="split-mod5s", $path_func=mod5];
|
||||
Log::add_filter(Factor::LOG, filter);
|
||||
Log::remove_filter(Factor::LOG, "default");
|
||||
}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
# @TEST-EXEC: btest-diff %INPUT
|
||||
|
||||
-- framework_logging_factorial_03.bro
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Log::create_stream(LOG, [$columns=Info]);
|
||||
|
||||
local filter: Log::Filter = [$name="split-mod5s", $path_func=mod5];
|
||||
Log::add_filter(Factor::LOG, filter);
|
||||
Log::remove_filter(Factor::LOG, "default");
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue