mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Add btest for timestamp check
This commit is contained in:
Martin van Hensbergen
Johanna Amann
parent
a4f73ee45f
commit
e993f75ccb
2 changed files with 12 additions and 0 deletions
BIN
testing/btest/Traces/pe/pe_files_timestamp.pcap.gz
Normal file
BIN
testing/btest/Traces/pe/pe_files_timestamp.pcap.gz
Normal file
Binary file not shown.
12
testing/btest/scripts/base/files/pe/timestamp.test
Normal file
12
testing/btest/scripts/base/files/pe/timestamp.test
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
# This tests if a pe file's timestamp in pe.log matches the files timestamp in files.log
|
||||
|
||||
# btest-diff cannot be used as that throws away the timestamps in logs
|
||||
|
||||
# We simply test if the timestamp and uid of the file is in both pe.log and files.log
|
||||
|
||||
# @TEST-EXEC: zcat <$TRACES/pe/pe_files_timestamp.pcap.gz | zeek -b -r - %INPUT
|
||||
# @TEST-EXEC: grep "1716472371.824801 FyNlOv4xQHBf68TIf5" pe.log
|
||||
# @TEST-EXEC: grep "1716472371.824801 FyNlOv4xQHBf68TIf5" files.log
|
||||
|
||||
@load base/protocols/http
|
||||
@load base/files/pe
|
||||
Loading…
Add table
Add a link
Reference in a new issue