Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

GH-1184: Add 'source' field to weird log denoting where the weird was reported

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-11-05 13:18:54 -07:00
parent eccbbb4476
commit e27008ef26
72 changed files with 964 additions and 890 deletions
Download patch file Download diff file Expand all files Collapse all files

63
testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log
View file

@ -1,36 +1,37 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open 2020-04-30-00-47-11
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
1354328874.237327 ClEkJM2Vm5giqnMf4h 128.2.6.136 46563 173.194.75.103 80 missing_HTTP_uri - F zeek
1354328874.278822 C4J4Th3PJpwUYZZ6gc 128.2.6.136 46564 173.194.75.103 80 bad_HTTP_request - F zeek
1354328874.321792 CtPZjS20MLrsMUOJi2 128.2.6.136 46565 173.194.75.103 80 bad_HTTP_request - F zeek
1354328882.908690 C37jN32gN3y3AZzyf6 128.2.6.136 46569 173.194.75.103 80 bad_HTTP_request - F zeek
1354328882.949510 C3eiCBGOLw3VtHfOj 128.2.6.136 46570 173.194.75.103 80 bad_HTTP_request - F zeek
1354328887.094494 C0LAHyvtKSQHyJxIl 128.2.6.136 46572 173.194.75.103 80 bad_HTTP_request - F zeek
1354328891.141058 CFLRIC3zaTU1loLGxh 128.2.6.136 46573 173.194.75.103 80 bad_HTTP_request - F zeek
1354328891.183942 C9rXSW3KSpTYvPrlI1 128.2.6.136 46574 173.194.75.103 80 bad_HTTP_request_with_version - F zeek
1354328891.226199 Ck51lg1bScffFj34Ri 128.2.6.136 46575 173.194.75.103 80 bad_HTTP_request - F zeek
1354328891.267625 C9mvWx3ezztgzcexV7 128.2.6.136 46576 173.194.75.103 80 bad_HTTP_request_with_version - F zeek
1354328891.309065 CNnMIj2QSd84NKf7U3 128.2.6.136 46577 173.194.75.103 80 unknown_HTTP_method CCM_POST F zeek
1354328895.355012 C7fIlMZDuRiqjpYbb 128.2.6.136 46578 173.194.75.103 80 unknown_HTTP_method CCM_POST F zeek
1354328895.396634 CykQaM33ztNt0csB9a 128.2.6.136 46579 173.194.75.103 80 bad_HTTP_request - F zeek
1354328895.438812 CtxTCR2Yer0FR1tIBg 128.2.6.136 46580 173.194.75.103 80 bad_HTTP_request - F zeek
1354328895.480865 CpmdRlaUoJLN3uIRa 128.2.6.136 46581 173.194.75.103 80 unknown_HTTP_method CCM_POST F zeek
1354328903.614145 CLNN1k2QMum1aexUK7 128.2.6.136 46584 173.194.75.103 80 bad_HTTP_request - F zeek
1354328903.656369 CBA8792iHmnhPLksKa 128.2.6.136 46585 173.194.75.103 80 bad_HTTP_request - F zeek
1354328911.832856 Cipfzj1BEnhejw8cGf 128.2.6.136 46589 173.194.75.103 80 bad_HTTP_request - F zeek
1354328911.876341 CV5WJ42jPYbNW9JNWf 128.2.6.136 46590 173.194.75.103 80 bad_HTTP_request - F zeek
1354328920.052085 CzrZOtXqhwwndQva3 128.2.6.136 46594 173.194.75.103 80 bad_HTTP_request - F zeek
1354328920.094072 CaGCc13FffXe6RkQl9 128.2.6.136 46595 173.194.75.103 80 bad_HTTP_request - F zeek
1354328924.266693 CzmEfj4RValNyLfT58 128.2.6.136 46599 173.194.75.103 80 bad_HTTP_request - F zeek
1354328924.308714 CCk2V03QgWwIurU3f 128.2.6.136 46600 173.194.75.103 80 bad_HTTP_request - F zeek
1354328924.476011 CKJVAj1rNx0nolFFc4 128.2.6.136 46604 173.194.75.103 80 bad_HTTP_request - F zeek
1354328924.518204 CD7vfu1qu4YJKe1nGi 128.2.6.136 46605 173.194.75.103 80 bad_HTTP_request - F zeek
1354328932.734579 CRJ9x54IaE7bkVEpad 128.2.6.136 46609 173.194.75.103 80 bad_HTTP_request - F zeek
1354328932.776609 CAvUKGaEgLlR4i6t2 128.2.6.136 46610 173.194.75.103 80 bad_HTTP_request - F zeek
#close 2020-04-30-00-47-11
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
#types time string addr port addr port string string bool string string
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 128.2.6.136 46563 173.194.75.103 80 missing_HTTP_uri - F zeek HTTP
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 128.2.6.136 46564 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 128.2.6.136 46565 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 128.2.6.136 46569 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 128.2.6.136 46570 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 128.2.6.136 46572 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 128.2.6.136 46573 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 128.2.6.136 46574 173.194.75.103 80 bad_HTTP_request_with_version - F zeek HTTP
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 128.2.6.136 46575 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 128.2.6.136 46576 173.194.75.103 80 bad_HTTP_request_with_version - F zeek HTTP
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 128.2.6.136 46577 173.194.75.103 80 unknown_HTTP_method CCM_POST F zeek -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 128.2.6.136 46578 173.194.75.103 80 unknown_HTTP_method CCM_POST F zeek -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 128.2.6.136 46579 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 128.2.6.136 46580 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 128.2.6.136 46581 173.194.75.103 80 unknown_HTTP_method CCM_POST F zeek -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 128.2.6.136 46584 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 128.2.6.136 46585 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 128.2.6.136 46589 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 128.2.6.136 46590 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 128.2.6.136 46594 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 128.2.6.136 46595 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CzmEfj4RValNyLfT58 128.2.6.136 46599 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CCk2V03QgWwIurU3f 128.2.6.136 46600 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CKJVAj1rNx0nolFFc4 128.2.6.136 46604 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CD7vfu1qu4YJKe1nGi 128.2.6.136 46605 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CRJ9x54IaE7bkVEpad 128.2.6.136 46609 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
XXXXXXXXXX.XXXXXX CAvUKGaEgLlR4i6t2 128.2.6.136 46610 173.194.75.103 80 bad_HTTP_request - F zeek HTTP
#close XXXX-XX-XX-XX-XX-XX