Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'topic/robin/event-dumper'

Browse source 
Changes:

   - Changing semantics of the new_event() meta event: it's raised
     only for events that have a handler defined. There are too many
     checks in Bro that prevent events wo/ handler from being even
     prepared to raise to do that differently.

   - Adding test case.

* topic/robin/event-dumper:
  New script misc/dump-events.bro, along with core support, that dumps events Bro is raising in an easily readable form.
  Prettyfing Describe() for record types.
This commit is contained in:
Robin Sommer 2013-12-04 12:10:54 -08:00
commit dadfcde70e
14 changed files with 420 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

36
testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log Normal file
View file

@ -0,0 +1,36 @@
0.000000 bro_init
0.000000 filter_change_tracking
1170717505.366729 ChecksumOffloading::check
1170717505.366729 filter_change_tracking
1170717505.366729 new_connection
1170717505.548308 connection_established
1170717505.549109 ssl_client_hello
1170717505.734145 protocol_confirmation
1170717505.734145 ssl_server_hello
1170717505.735416 x509_certificate
1170717505.735416 x509_certificate
1170717505.934612 ssl_established
1170717508.515696 new_connection
1170717508.696747 connection_established
1170717508.697180 ssl_client_hello
1170717508.881857 protocol_confirmation
1170717508.881857 ssl_server_hello
1170717508.883051 x509_certificate
1170717508.883051 x509_certificate
1170717509.082241 ssl_established
1170717511.541455 new_connection
1170717511.722589 connection_established
1170717511.722913 ssl_client_hello
1170717511.908619 protocol_confirmation
1170717511.908619 ssl_server_hello
1170717511.909717 x509_certificate
1170717511.909717 x509_certificate
1170717512.108799 ssl_established
1170717528.851698 ChecksumOffloading::check
1170717528.851698 connection_state_remove
1170717531.882302 net_done
1170717531.882302 filter_change_tracking
1170717531.882302 connection_state_remove
1170717531.882302 connection_state_remove
1170717531.882302 bro_done
1170717531.882302 ChecksumOffloading::check

161
testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log Normal file
View file

File diff suppressed because one or more lines are too long

60
testing/btest/Baseline/scripts.policy.misc.dump-events/ssl-events.log Normal file
View file

File diff suppressed because one or more lines are too long

7
testing/btest/scripts/policy/misc/dump-events.bro Normal file
View file

@ -0,0 +1,7 @@
# @TEST-EXEC: bro -r $TRACES/ssl.v3.trace policy/misc/dump-events.bro >all-events.log
# @TEST-EXEC: bro -r $TRACES/ssl.v3.trace policy/misc/dump-events.bro DumpEvents::include_args=F >all-events-no-args.log
# @TEST-EXEC: bro -r $TRACES/ssl.v3.trace policy/misc/dump-events.bro DumpEvents::include=/ssl_/ >ssl-events.log
#
# @TEST-EXEC: btest-diff all-events.log
# @TEST-EXEC: btest-diff all-events-no-args.log
# @TEST-EXEC: btest-diff ssl-events.log