Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 21:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add btest for timestamp check

Browse source
This commit is contained in:
Martin van Hensbergen 2024-05-29 10:40:26 +02:00 committed by Johanna Amann
parent a4f73ee45f
commit e993f75ccb
2 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
testing/btest/Traces/pe/pe_files_timestamp.pcap.gz Normal file
View file

Binary file not shown.

12
testing/btest/scripts/base/files/pe/timestamp.test Normal file
View file

@ -0,0 +1,12 @@
# This tests if a pe file's timestamp in pe.log matches the files timestamp in files.log
# btest-diff cannot be used as that throws away the timestamps in logs
# We simply test if the timestamp and uid of the file is in both pe.log and files.log
# @TEST-EXEC: zcat <$TRACES/pe/pe_files_timestamp.pcap.gz | zeek -b -r - %INPUT
# @TEST-EXEC: grep "1716472371.824801 FyNlOv4xQHBf68TIf5" pe.log
# @TEST-EXEC: grep "1716472371.824801 FyNlOv4xQHBf68TIf5" files.log
@load base/protocols/http
@load base/files/pe