From cfe3bddd75a918ddd686122a9a9cb6575220b8e0 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Tue, 28 Jun 2016 11:03:16 -0400
Subject: [PATCH] Fixing SMB tests again.

---
 scripts/base/protocols/dce-rpc/__load__.bro   |  2 -
 .../base/protocols/dce-rpc/endpoint-atsvc.bro | 52 -------------------
 .../base/protocols/smb/const-dos-error.bro    |  1 +
 .../base/protocols/smb/const-nt-status.bro    |  1 +
 scripts/policy/protocols/smb/files.bro        |  1 +
 scripts/policy/protocols/smb/main.bro         |  7 +--
 scripts/policy/protocols/smb/smb1-main.bro    |  4 +-
 scripts/policy/protocols/smb/smb2-main.bro    |  2 +
 .../canonified_loaded_scripts.log             |  8 +--
 .../canonified_loaded_scripts.log             |  9 +---
 .../btest/Baseline/coverage.find-bro-logs/out |  5 ++
 testing/btest/Baseline/plugins.hooks/output   | 20 +++----
 12 files changed, 27 insertions(+), 85 deletions(-)
 delete mode 100644 scripts/base/protocols/dce-rpc/endpoint-atsvc.bro

diff --git a/scripts/base/protocols/dce-rpc/__load__.bro b/scripts/base/protocols/dce-rpc/__load__.bro
index 155b8369b8..1d47f6e0cd 100644
--- a/scripts/base/protocols/dce-rpc/__load__.bro
+++ b/scripts/base/protocols/dce-rpc/__load__.bro
@@ -1,4 +1,2 @@
 @load ./consts
 @load ./main
-
-@load ./endpoint-atsvc
\ No newline at end of file
diff --git a/scripts/base/protocols/dce-rpc/endpoint-atsvc.bro b/scripts/base/protocols/dce-rpc/endpoint-atsvc.bro
deleted file mode 100644
index 88a08403d4..0000000000
--- a/scripts/base/protocols/dce-rpc/endpoint-atsvc.bro
+++ /dev/null
@@ -1,52 +0,0 @@
-module DCE_RPC;
-
-export {
-	redef enum Log::ID += {
-		ATSVC_LOG,
-	};
-
-	type ATSvcInfo: record {
-		ts       : time    &log; ##< Time of the request
-		uid      : string  &log; ##< UID of the connection
-		id       : conn_id &log; ##< Connection info
-		command  : string  &log; ##< Command (add, enum, delete, etc.)
-		arg      : string  &log; ##< Argument
-		server   : string  &log; ##< Server the command was issued to
-		result   : string  &log &optional; ##< Result of the command
-	};
-}
-
-redef record DCE_RPC::State += {
-	endpoint_atsvc: ATSvcInfo &optional;
-};
-
-event bro_init() &priority=5
-	{
-	Log::create_stream(ATSVC_LOG, [$columns=ATSvcInfo, $path="dce_rpc_atsvc"]);
-	}
-
-event atsvc_job_add(c: connection, server: string, job: string) &priority=5
-	{
-	local info = ATSvcInfo($ts=network_time(),
-	                       $uid = c$uid,
-	                       $id = c$id,
-	                       $command = "Add job",
-	                       $arg = job,
-	                       $server = server);
-	c$dce_rpc_state$endpoint_atsvc = info;
-	}
-
-event atsvc_job_id(c: connection, id: count, status: count) &priority=5
-	{
-	if ( c$dce_rpc_state?$endpoint_atsvc )
-		c$dce_rpc_state$endpoint_atsvc$result = (status==0) ? "success" : "failed";
-	}
-
-event atsvc_job_id(c: connection, id: count, status: count) &priority=-5
-	{
-	if ( c$dce_rpc_state?$endpoint_atsvc )
-		{
-		Log::write(ATSVC_LOG, c$dce_rpc_state$endpoint_atsvc);
-		delete c$dce_rpc_state$endpoint_atsvc;
-		}
-	}
\ No newline at end of file
diff --git a/scripts/base/protocols/smb/const-dos-error.bro b/scripts/base/protocols/smb/const-dos-error.bro
index 72236d8cba..880df222c9 100644
--- a/scripts/base/protocols/smb/const-dos-error.bro
+++ b/scripts/base/protocols/smb/const-dos-error.bro
@@ -1,4 +1,5 @@
 # DOS error codes.
+@load ./consts
 
 module SMB;
 
diff --git a/scripts/base/protocols/smb/const-nt-status.bro b/scripts/base/protocols/smb/const-nt-status.bro
index 2af1cfa0c0..8804522ed9 100644
--- a/scripts/base/protocols/smb/const-nt-status.bro
+++ b/scripts/base/protocols/smb/const-nt-status.bro
@@ -1,4 +1,5 @@
 # NT status codes.
+@load ./consts
 
 module SMB;
 
diff --git a/scripts/policy/protocols/smb/files.bro b/scripts/policy/protocols/smb/files.bro
index 82c65686fd..d01aa815a5 100644
--- a/scripts/policy/protocols/smb/files.bro
+++ b/scripts/policy/protocols/smb/files.bro
@@ -1,4 +1,5 @@
 @load base/frameworks/files
+@load ./main
 
 module SMB;
 
diff --git a/scripts/policy/protocols/smb/main.bro b/scripts/policy/protocols/smb/main.bro
index 02dc054aa8..c3f6241680 100644
--- a/scripts/policy/protocols/smb/main.bro
+++ b/scripts/policy/protocols/smb/main.bro
@@ -1,3 +1,4 @@
+@load base/protocols/smb
 
 module SMB;
 
@@ -200,9 +201,9 @@ redef likely_server_ports += { ports };
 
 event bro_init() &priority=5
 	{
-	Log::create_stream(CMD_LOG, [$columns=SMB::CmdInfo]);
-	Log::create_stream(FILES_LOG, [$columns=SMB::FileInfo]);
-	Log::create_stream(MAPPING_LOG, [$columns=SMB::TreeInfo]);
+	Log::create_stream(SMB::CMD_LOG, [$columns=SMB::CmdInfo]);
+	Log::create_stream(SMB::FILES_LOG, [$columns=SMB::FileInfo]);
+	Log::create_stream(SMB::MAPPING_LOG, [$columns=SMB::TreeInfo]);
 
 	Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, ports);
 	}
diff --git a/scripts/policy/protocols/smb/smb1-main.bro b/scripts/policy/protocols/smb/smb1-main.bro
index a188ed7c2a..eff71006ae 100644
--- a/scripts/policy/protocols/smb/smb1-main.bro
+++ b/scripts/policy/protocols/smb/smb1-main.bro
@@ -1,3 +1,5 @@
+@load ./main
+
 module SMB1;
 
 redef record SMB::CmdInfo += {
@@ -257,7 +259,7 @@ event smb1_close_request(c: connection, hdr: SMB1::Header, file_id: count) &prio
 		}
 	}
 
-event smb1_trans2_get_dfs_referral_request(c: connection, hdr: SMB1::Header, file_name: string, max_referral_level: count)
+event smb1_trans2_get_dfs_referral_request(c: connection, hdr: SMB1::Header, file_name: string)
 	{
 	c$smb_state$current_cmd$argument = file_name;
 	}
diff --git a/scripts/policy/protocols/smb/smb2-main.bro b/scripts/policy/protocols/smb/smb2-main.bro
index 1d0c60e117..129dca930c 100644
--- a/scripts/policy/protocols/smb/smb2-main.bro
+++ b/scripts/policy/protocols/smb/smb2-main.bro
@@ -1,3 +1,5 @@
+@load ./main
+
 module SMB2;
 
 redef record SMB::CmdInfo += {
diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
index 034ec8f5cb..fcb97ab411 100644
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2016-06-24-17-42-28
+#open	2016-06-28-15-02-03
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@@ -123,17 +123,13 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.bro
-    build/scripts/base/bif/plugins/Bro_SMB.smb2_com_ioctl.bif.bro
-    build/scripts/base/bif/plugins/Bro_SMB.smb2_com_lock.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.bro
-    build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.bro
-    build/scripts/base/bif/plugins/Bro_SMB.smb_pipe.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.types.bif.bro
     build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro
@@ -169,4 +165,4 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
 scripts/policy/misc/loaded-scripts.bro
   scripts/base/utils/paths.bro
-#close	2016-06-24-17-42-28
+#close	2016-06-28-15-02-03
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index 34b9d08fd1..d0aaa5230a 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2016-06-24-17-59-13
+#open	2016-06-28-15-01-50
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@@ -123,17 +123,13 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.bro
-    build/scripts/base/bif/plugins/Bro_SMB.smb2_com_ioctl.bif.bro
-    build/scripts/base/bif/plugins/Bro_SMB.smb2_com_lock.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.bro
-    build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.bro
-    build/scripts/base/bif/plugins/Bro_SMB.smb_pipe.bif.bro
     build/scripts/base/bif/plugins/Bro_SMB.types.bif.bro
     build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro
     build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro
@@ -263,7 +259,6 @@ scripts/base/init-default.bro
   scripts/base/protocols/dce-rpc/__load__.bro
     scripts/base/protocols/dce-rpc/consts.bro
     scripts/base/protocols/dce-rpc/main.bro
-    scripts/base/protocols/dce-rpc/endpoint-atsvc.bro
   scripts/base/protocols/dhcp/__load__.bro
     scripts/base/protocols/dhcp/consts.bro
     scripts/base/protocols/dhcp/main.bro
@@ -355,4 +350,4 @@ scripts/base/init-default.bro
   scripts/base/misc/find-checksum-offloading.bro
   scripts/base/misc/find-filtered-trace.bro
 scripts/policy/misc/loaded-scripts.bro
-#close	2016-06-24-17-59-13
+#close	2016-06-28-15-01-50
diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out
index 9619ebb4b9..f62cb2f756 100644
--- a/testing/btest/Baseline/coverage.find-bro-logs/out
+++ b/testing/btest/Baseline/coverage.find-bro-logs/out
@@ -4,6 +4,7 @@ capture_loss
 cluster
 communication
 conn
+dce__r_pc
 dhcp
 dnp3
 dns
@@ -28,6 +29,7 @@ netcontrol_drop
 netcontrol_shunt
 notice
 notice_alarm
+ntlm
 open_flow
 packet_filter
 pe
@@ -37,6 +39,9 @@ reporter
 rfb
 signatures
 sip
+smb_cmd
+smb_files
+smb_mapping
 smtp
 snmp
 socks
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index 665402dd81..8e3232b2c5 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -247,7 +247,7 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1467055470.330961, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1467124664.5544, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Communication::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Conn::LOG)) -> <no result>
@@ -377,7 +377,7 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1467055470.330961, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1467124664.5544, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@@ -492,17 +492,13 @@
 0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb1_events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb2_com_close.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb2_com_create.bif.bro) -> -1
-0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb2_com_ioctl.bif.bro) -> -1
-0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb2_com_lock.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb2_com_negotiate.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb2_com_read.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb2_com_session_setup.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb2_com_set_info.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb2_com_tree_connect.bif.bro) -> -1
-0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb2_com_tree_disconnect.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb2_com_write.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb2_events.bif.bro) -> -1
-0.000000   MetaHookPost  LoadFile(./Bro_SMB.smb_pipe.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMB.types.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMTP.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_SMTP.functions.bif.bro) -> -1
@@ -964,7 +960,7 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1467055470.330961, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1467124664.5544, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Communication::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Conn::LOG))
@@ -1094,7 +1090,7 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1467055470.330961, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1467124664.5544, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
@@ -1209,17 +1205,13 @@
 0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb1_events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb2_com_close.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb2_com_create.bif.bro)
-0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb2_com_ioctl.bif.bro)
-0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb2_com_lock.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb2_com_negotiate.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb2_com_read.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb2_com_session_setup.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb2_com_set_info.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb2_com_tree_connect.bif.bro)
-0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb2_com_tree_disconnect.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb2_com_write.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb2_events.bif.bro)
-0.000000   MetaHookPre   LoadFile(./Bro_SMB.smb_pipe.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMB.types.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMTP.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_SMTP.functions.bif.bro)
@@ -1680,7 +1672,7 @@
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1467055470.330961, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1467124664.5544, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG)
@@ -1810,7 +1802,7 @@
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1467055470.330961, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1467124664.5544, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction NetControl::check_plugins()
 0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()