Merge branch 'master' into topic/jsiwek/filter-rotation

testing/btest/scripts/base/frameworks/logging/adapt-filter.bro

@@ -7,7 +7,7 @@ module SSH;
 
 export {
 	# Create a new ID for our log stream
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	# Define a record with all the columns the log file can have.
 	# (I'm using a subset of fields from ssh-ext for demonstration.)
@@ -21,13 +21,13 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Info]);
+	Log::create_stream(SSH::LOG, [$columns=Info]);
 
-	local filter = Log::get_filter(SSH, "default");
+	local filter = Log::get_filter(SSH::LOG, "default");
 	filter$path= "ssh-new-default";
-	Log::add_filter(SSH, filter);
+	Log::add_filter(SSH::LOG, filter);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
 }

testing/btest/scripts/base/frameworks/logging/ascii-binary.bro

@@ -5,7 +5,7 @@
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Info: record {
 		data: string;
@@ -17,9 +17,9 @@ redef LogAscii::separator = "|";
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Info]);
-	Log::write(SSH, [$data="abc\n\xffdef", $data2="DATA2"]);
-	Log::write(SSH, [$data="abc|\xffdef", $data2="DATA2"]);
-	Log::write(SSH, [$data="abc\xff|def", $data2="DATA2"]);
+	Log::create_stream(SSH::LOG, [$columns=Info]);
+	Log::write(SSH::LOG, [$data="abc\n\xffdef", $data2="DATA2"]);
+	Log::write(SSH::LOG, [$data="abc|\xffdef", $data2="DATA2"]);
+	Log::write(SSH::LOG, [$data="abc\xff|def", $data2="DATA2"]);
 }
 

testing/btest/scripts/base/frameworks/logging/ascii-empty.bro

@@ -11,7 +11,7 @@ redef LogAscii::header_prefix = "PREFIX<>";
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -24,15 +24,15 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $country="BR"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $b=T, $status="failure", $country=""]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $b=T, $status="failure", $country=""]);
 	
 }
 

testing/btest/scripts/base/frameworks/logging/ascii-escape.bro

@@ -7,7 +7,7 @@ redef LogAscii::separator = "||";
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -19,14 +19,14 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="fa||ure", $country="UK"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="su||ess", $country="BR"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);	
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="fa||ure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="su||ess", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);	
 }
 

testing/btest/scripts/base/frameworks/logging/ascii-options.bro

@@ -9,7 +9,7 @@ redef LogAscii::include_header = F;
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -21,15 +21,15 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
 	
 }
 

testing/btest/scripts/base/frameworks/logging/ascii-timestamps.bro

@@ -5,7 +5,7 @@
 module Test;
 
 export {
-	redef enum Log::ID += { TEST };
+	redef enum Log::ID += { LOG };
 
 	type Info: record {
 		data: time &log;
@@ -14,14 +14,14 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(TEST, [$columns=Info]);
-	Log::write(TEST, [$data=double_to_time(1234567890)]);
-	Log::write(TEST, [$data=double_to_time(1234567890.0)]);
-	Log::write(TEST, [$data=double_to_time(1234567890.01)]);
-	Log::write(TEST, [$data=double_to_time(1234567890.001)]);
-	Log::write(TEST, [$data=double_to_time(1234567890.0001)]);
-	Log::write(TEST, [$data=double_to_time(1234567890.00001)]);
-	Log::write(TEST, [$data=double_to_time(1234567890.000001)]);
-	Log::write(TEST, [$data=double_to_time(1234567890.0000001)]);
+	Log::create_stream(Test::LOG, [$columns=Info]);
+	Log::write(Test::LOG, [$data=double_to_time(1234567890)]);
+	Log::write(Test::LOG, [$data=double_to_time(1234567890.0)]);
+	Log::write(Test::LOG, [$data=double_to_time(1234567890.01)]);
+	Log::write(Test::LOG, [$data=double_to_time(1234567890.001)]);
+	Log::write(Test::LOG, [$data=double_to_time(1234567890.0001)]);
+	Log::write(Test::LOG, [$data=double_to_time(1234567890.00001)]);
+	Log::write(Test::LOG, [$data=double_to_time(1234567890.000001)]);
+	Log::write(Test::LOG, [$data=double_to_time(1234567890.0000001)]);
 }
 

testing/btest/scripts/base/frameworks/logging/attr-extend.bro

@@ -5,7 +5,7 @@
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -28,10 +28,10 @@ redef record Log += {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $a1=1, $a2=2, $b1=3, $b2=4]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $a1=1, $a2=2, $b1=3, $b2=4]);
 }
 

testing/btest/scripts/base/frameworks/logging/attr.bro

@@ -5,7 +5,7 @@
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -17,15 +17,15 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
 	
 }
 

testing/btest/scripts/base/frameworks/logging/disable-stream.bro

@@ -5,7 +5,7 @@
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -17,17 +17,17 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
-	Log::disable_stream(SSH);
+	Log::disable_stream(SSH::LOG);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
 	
 }
 

testing/btest/scripts/base/frameworks/logging/empty-event.bro

@@ -5,7 +5,7 @@
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -19,15 +19,15 @@ global log_ssh: event(rec: Log);
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log, $ev=log_ssh]);
+	Log::create_stream(SSH::LOG, [$columns=Log, $ev=log_ssh]);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
 	
 }
 

testing/btest/scripts/base/frameworks/logging/events.bro

@@ -6,7 +6,7 @@ module SSH;
 
 export {
 	# Create a new ID for our log stream
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	# Define a record with all the columns the log file can have.
 	# (I'm using a subset of fields from ssh-ext for demonstration.)
@@ -22,12 +22,12 @@ global ssh_log: event(rec: Log);
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log, $ev=ssh_log]);
+	Log::create_stream(SSH::LOG, [$columns=Log, $ev=ssh_log]);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 	local r: Log = [$t=network_time(), $id=cid, $status="success"];
-	Log::write(SSH, r);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, r);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
 	
 }
 

testing/btest/scripts/base/frameworks/logging/exclude.bro

@@ -5,7 +5,7 @@
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -17,18 +17,18 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
-	Log::remove_default_filter(SSH);
-	Log::add_filter(SSH, [$name="f1", $exclude=set("t", "id.orig_h")]);
+	Log::remove_default_filter(SSH::LOG);
+	Log::add_filter(SSH::LOG, [$name="f1", $exclude=set("t", "id.orig_h")]);
 
 	local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
 	
 }
 

testing/btest/scripts/base/frameworks/logging/file.bro

@@ -5,7 +5,7 @@
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -17,7 +17,7 @@ const foo_log = open_log_file("Foo") &redef;
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
-	Log::write(SSH, [$t=network_time(), $f=foo_log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
+	Log::write(SSH::LOG, [$t=network_time(), $f=foo_log]);
 }
 

testing/btest/scripts/base/frameworks/logging/include.bro

@@ -5,7 +5,7 @@
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -17,18 +17,18 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
-	Log::remove_default_filter(SSH);
-	Log::add_filter(SSH, [$name="default", $include=set("t", "id.orig_h")]);
+	Log::remove_default_filter(SSH::LOG);
+	Log::add_filter(SSH::LOG, [$name="default", $include=set("t", "id.orig_h")]);
 
 	local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
 	
 }
 

testing/btest/scripts/base/frameworks/logging/no-local.bro

@@ -5,7 +5,7 @@
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -19,15 +19,15 @@ redef Log::enable_local_logging = F;
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
 	
 }
 

testing/btest/scripts/base/frameworks/logging/path-func.bro

@@ -7,7 +7,7 @@ module SSH;
 
 export {
 	# Create a new ID for our log stream
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	# Define a record with all the columns the log file can have.
 	# (I'm using a subset of fields from ssh-ext for demonstration.)
@@ -30,19 +30,19 @@ function path_func(id: Log::ID, path: string, rec: Log) : string
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
-	Log::remove_default_filter(SSH);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
+	Log::remove_default_filter(SSH::LOG);
 
-	Log::add_filter(SSH, [$name="dyn", $path="static-prefix", $path_func=path_func]);
+	Log::add_filter(SSH::LOG, [$name="dyn", $path="static-prefix", $path_func=path_func]);
 
-	Log::set_buf(SSH, F);
+	Log::set_buf(SSH::LOG, F);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX2"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX3"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX2"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX3"]);
 }

testing/btest/scripts/base/frameworks/logging/pred.bro

@@ -1,16 +1,16 @@
 
 # @TEST-EXEC: bro -b %INPUT 
-# @TEST-EXEC: btest-diff ssh.success.log
-# @TEST-EXEC: btest-diff ssh.failure.log
+# @TEST-EXEC: btest-diff test.success.log
+# @TEST-EXEC: btest-diff test.failure.log
 
-module SSH;
+module Test;
 
 export {
 	# Create a new ID for our log stream
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	# Define a record with all the columns the log file can have.
-	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	# (I'm using a subset of fields from ssh for demonstration.)
 	type Log: record {
 		t: time;
 		id: conn_id; # Will be rolled out into individual columns.
@@ -26,14 +26,14 @@ function fail(rec: Log): bool
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
-	Log::remove_default_filter(SSH);
-	Log::add_filter(SSH, [$name="f1", $path="ssh.success", $pred=function(rec: Log): bool { return rec$status == "success"; }]);
-	Log::add_filter(SSH, [$name="f2", $path="ssh.failure", $pred=fail]);
+	Log::create_stream(Test::LOG, [$columns=Log]);
+	Log::remove_default_filter(Test::LOG);
+	Log::add_filter(Test::LOG, [$name="f1", $path="test.success", $pred=function(rec: Log): bool { return rec$status == "success"; }]);
+	Log::add_filter(Test::LOG, [$name="f2", $path="test.failure", $pred=fail]);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 	local r: Log = [$t=network_time(), $id=cid, $status="success"];
-	Log::write(SSH, r);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(Test::LOG, r);
+	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
 	
 }

testing/btest/scripts/base/frameworks/logging/remote-types.bro

@@ -15,7 +15,7 @@ module Test;
 
 export {
 	# Create a new ID for our log stream
-	redef enum Log::ID += { TEST };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		b: bool;
@@ -39,7 +39,7 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(TEST, [$columns=Log]);
+	Log::create_stream(Test::LOG, [$columns=Log]);
 }
 
 #####
@@ -55,10 +55,10 @@ event remote_connection_handshake_done(p: event_peer)
 	local empty_set: set[string];
 	local empty_vector: vector of string;
 
-	Log::write(TEST, [
+	Log::write(Test::LOG, [
 		$b=T,
 		$i=-42,
-		$e=TEST,
+		$e=Test::LOG,
 		$c=21,
 		$p=123/tcp,
 		$sn=10.0.0.1/24,

testing/btest/scripts/base/frameworks/logging/remote.bro

@@ -16,7 +16,7 @@ module Test;
 
 export {
 	# Create a new ID for our log stream
-	redef enum Log::ID += { TEST };
+	redef enum Log::ID += { LOG };
 
 	# Define a record with all the columns the log file can have.
 	# (I'm using a subset of fields from ssh-ext for demonstration.)
@@ -30,8 +30,8 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(TEST, [$columns=Log]);
-	Log::add_filter(TEST, [$name="f1", $path="test.success", $pred=function(rec: Log): bool { return rec$status == "success"; }]);
+	Log::create_stream(Test::LOG, [$columns=Log]);
+	Log::add_filter(Test::LOG, [$name="f1", $path="test.success", $pred=function(rec: Log): bool { return rec$status == "success"; }]);
 }
 
 #####
@@ -49,18 +49,18 @@ function fail(rec: Log): bool
 
 event remote_connection_handshake_done(p: event_peer)
 	{
-	Log::add_filter(TEST, [$name="f2", $path="test.failure", $pred=fail]);
+	Log::add_filter(Test::LOG, [$name="f2", $path="test.failure", $pred=fail]);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
 	local r: Log = [$t=network_time(), $id=cid, $status="success"];
 
 	# Log something.
-	Log::write(TEST, r);
-	Log::write(TEST, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(TEST, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(TEST, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(TEST, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::write(Test::LOG, r);
+	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
 	}
 @TEST-END-FILE
 

testing/btest/scripts/base/frameworks/logging/remove.bro

@@ -7,7 +7,7 @@ module SSH;
 
 export {
 	# Create a new ID for our log stream
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	# Define a record with all the columns the log file can have.
 	# (I'm using a subset of fields from ssh-ext for demonstration.)
@@ -21,21 +21,21 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
-	Log::add_filter(SSH, [$name="f1", $path="ssh.failure", $pred=function(rec: Log): bool { return rec$status == "failure"; }]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
+	Log::add_filter(SSH::LOG, [$name="f1", $path="ssh.failure", $pred=function(rec: Log): bool { return rec$status == "failure"; }]);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
 	# Log something.
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
 
-	Log::remove_filter(SSH, "f1");
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="BR"]);
+	Log::remove_filter(SSH::LOG, "f1");
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="BR"]);
 
-	Log::remove_filter(SSH, "default");
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::remove_filter(SSH::LOG, "default");
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
 
-	Log::remove_filter(SSH, "doesn-not-exist");
+	Log::remove_filter(SSH::LOG, "doesn-not-exist");
 }
 

testing/btest/scripts/base/frameworks/logging/rotate-custom.bro

@@ -7,7 +7,7 @@ module Test;
 
 export {
 	# Create a new ID for our log stream
-	redef enum Log::ID += { Test };
+	redef enum Log::ID += { LOG };
 
 	# Define a record with all the columns the log file can have.
 	# (I'm using a subset of fields from ssh-ext for demonstration.)
@@ -32,12 +32,12 @@ redef Log::rotation_control += {
 
 event bro_init()
 {
-	Log::create_stream(Test, [$columns=Log]);
-	Log::add_filter(Test, [$name="2nd", $path="test2"]);
+	Log::create_stream(Test::LOG, [$columns=Log]);
+	Log::add_filter(Test::LOG, [$name="2nd", $path="test2"]);
 
 }
 
 event new_connection(c: connection)
 	{
-	Log::write(Test, [$t=network_time(), $id=c$id]);
+	Log::write(Test::LOG, [$t=network_time(), $id=c$id]);
 	}

testing/btest/scripts/base/frameworks/logging/rotate.bro

@@ -7,7 +7,7 @@ module Test;
 
 export {
 	# Create a new ID for our log stream
-	redef enum Log::ID += { Test };
+	redef enum Log::ID += { LOG };
 
 	# Define a record with all the columns the log file can have.
 	# (I'm using a subset of fields from ssh-ext for demonstration.)
@@ -22,10 +22,10 @@ redef Log::default_rotation_postprocessor_cmd = "echo";
 
 event bro_init()
 {
-	Log::create_stream(Test, [$columns=Log]);
+	Log::create_stream(Test::LOG, [$columns=Log]);
 }
 
 event new_connection(c: connection)
 	{
-	Log::write(Test, [$t=network_time(), $id=c$id]);
+	Log::write(Test::LOG, [$t=network_time(), $id=c$id]);
 	}

testing/btest/scripts/base/frameworks/logging/stdout.bro

@@ -6,7 +6,7 @@
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -18,19 +18,19 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
-	local filter = Log::get_filter(SSH, "default");
+	local filter = Log::get_filter(SSH::LOG, "default");
 	filter$path= "/dev/stdout";
-	Log::add_filter(SSH, filter);
+	Log::add_filter(SSH::LOG, filter);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
 	
 }
 

testing/btest/scripts/base/frameworks/logging/test-logging.bro

@@ -5,7 +5,7 @@
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		t: time;
@@ -17,15 +17,15 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
     local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
 	
 }
 

testing/btest/scripts/base/frameworks/logging/types.bro

@@ -9,7 +9,7 @@ redef LogAscii::empty_field = "EMPTY";
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
 		b: bool;
@@ -42,15 +42,15 @@ function foo(i : count) : string
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
 	local empty_set: set[string];
 	local empty_vector: vector of string;
 
-	Log::write(SSH, [
+	Log::write(SSH::LOG, [
 		$b=T,
 		$i=-42,
-		$e=SSH,
+		$e=SSH::LOG,
 		$c=21,
 		$p=123/tcp,
 		$sn=10.0.0.1/24,

testing/btest/scripts/base/frameworks/logging/vec.bro

@@ -5,7 +5,7 @@
 module SSH;
 
 export {
-	redef enum Log::ID += { SSH };
+	redef enum Log::ID += { LOG };
 
 	type Log: record {
         vec: vector of string &log;
@@ -14,14 +14,14 @@ export {
 
 event bro_init()
 {
-	Log::create_stream(SSH, [$columns=Log]);
+	Log::create_stream(SSH::LOG, [$columns=Log]);
 
     local v: vector of string;
 
 	v[1] = "2";
 	v[4] = "5";
 
-	Log::write(SSH, [$vec=v]);
+	Log::write(SSH::LOG, [$vec=v]);
 }