mirror of
https://github.com/zeek/zeek.git
synced 2025-10-16 13:38:19 +00:00
Merge branch 'master' into topic/jsiwek/gh-320
This commit is contained in:
Seth Hall
GitHub
commit
eb690a18cc
3266 changed files with 87729 additions and 103138 deletions
|
|
@ -1,6 +1,6 @@
|
|||
# Just a very basic test to check if ANALYZER_DATA_EVENT works.
|
||||
# Also check if "in" works with binary data.
|
||||
# @TEST-EXEC: bro -r $TRACES/pe/pe.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/pe/pe.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
# @TEST-EXEC: btest-diff .stderr
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=1
|
||||
# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=1
|
||||
# @TEST-EXEC: btest-diff extract_files/1
|
||||
# @TEST-EXEC: btest-diff 1.out
|
||||
# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=2 double_it=T
|
||||
# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=2 double_it=T
|
||||
# @TEST-EXEC: btest-diff extract_files/2
|
||||
# @TEST-EXEC: btest-diff 2.out
|
||||
# @TEST-EXEC: btest-diff files.log
|
||||
# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=7000 efname=3 unlimit_it=T
|
||||
# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace %INPUT max_extract=7000 efname=3 unlimit_it=T
|
||||
# @TEST-EXEC: btest-diff extract_files/3
|
||||
# @TEST-EXEC: btest-diff 3.out
|
||||
|
||||
|
|
@ -39,7 +39,7 @@ event file_extraction_limit(f: fa_file, args: any, limit: count, len: count)
|
|||
print outfile, FileExtract::set_limit(f, args, 0);
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open(fmt("%s.out", efname));
|
||||
}
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
# This tests the PE analyzer against a PCAP of 4 PE files being downloaded via FTP.
|
||||
# The files are a mix of DLL/EXEs, signed/unsigned, and 32/64-bit files.
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/pe/pe.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/pe/pe.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff pe.log
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -b %INPUT Unified2::watch_file=$FILES/unified2.u2
|
||||
# @TEST-EXEC: zeek -b %INPUT Unified2::watch_file=$FILES/unified2.u2
|
||||
# @TEST-EXEC: btest-diff unified2.log
|
||||
|
||||
@TEST-START-FILE sid_msg.map
|
||||
|
|
@ -61,7 +61,7 @@ config classification: default-login-attempt,Attempt to Login By a Default Usern
|
|||
|
||||
redef exit_only_after_terminate = T;
|
||||
|
||||
@load base/files/unified2
|
||||
@load policy/files/unified2
|
||||
|
||||
redef Unified2::sid_msg = @DIR+"/sid_msg.map";
|
||||
redef Unified2::gen_msg = @DIR+"/gen_msg.map";
|
||||
|
|
@ -73,4 +73,4 @@ event Unified2::alert(f: fa_file, ev: Unified2::IDSEvent, pkt: Unified2::Packet)
|
|||
++i;
|
||||
if ( i == 2 )
|
||||
terminate();
|
||||
}
|
||||
}
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
# Test that the timestamp of a pre-y-2000 certificate is correctly parsed
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/telesec.pcap
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/telesec.pcap
|
||||
# @TEST-EXEC: btest-diff x509.log
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/certificate-with-sct.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/certificate-with-sct.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
@load protocols/ssl/validate-certs
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,14 +0,0 @@
|
|||
#
|
||||
# @TEST-EXEC: bro -r ${TRACES}/var-services-std-ports.trace %INPUT
|
||||
# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq dns
|
||||
# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq ssh
|
||||
#
|
||||
|
||||
redef Analyzer::disabled_analyzers += { Analyzer::ANALYZER_SSH };
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Analyzer::disable_analyzer(Analyzer::ANALYZER_DNS);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
#
|
||||
# @TEST-EXEC: zeek -r ${TRACES}/var-services-std-ports.trace %INPUT
|
||||
# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq dns
|
||||
# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq ssh
|
||||
#
|
||||
|
||||
redef Analyzer::disabled_analyzers += { Analyzer::ANALYZER_SSH };
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
Analyzer::disable_analyzer(Analyzer::ANALYZER_DNS);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
#
|
||||
# @TEST-EXEC: bro -r ${TRACES}/var-services-std-ports.trace %INPUT
|
||||
# @TEST-EXEC: cat conn.log | bro-cut service | grep -q dns
|
||||
#
|
||||
|
||||
redef Analyzer::disable_all = T;
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Analyzer::enable_analyzer(Analyzer::ANALYZER_DNS);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
#
|
||||
# @TEST-EXEC: zeek -r ${TRACES}/var-services-std-ports.trace %INPUT
|
||||
# @TEST-EXEC: cat conn.log | zeek-cut service | grep -q dns
|
||||
#
|
||||
|
||||
redef Analyzer::disable_all = T;
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
Analyzer::enable_analyzer(Analyzer::ANALYZER_DNS);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
#
|
||||
# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT dpd_buffer_size=0;
|
||||
# @TEST-EXEC: cat conn.log | bro-cut service | grep -q ssh
|
||||
#
|
||||
# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0;
|
||||
# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq ssh
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Analyzer::register_for_port(Analyzer::ANALYZER_SSH, 80/tcp);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
#
|
||||
# @TEST-EXEC: zeek -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT dpd_buffer_size=0;
|
||||
# @TEST-EXEC: cat conn.log | zeek-cut service | grep -q ssh
|
||||
#
|
||||
# @TEST-EXEC: zeek -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0;
|
||||
# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq ssh
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
Analyzer::register_for_port(Analyzer::ANALYZER_SSH, 80/tcp);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT | sort >output
|
||||
# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT | sort >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
global x = 0;
|
||||
|
|
@ -4,13 +4,13 @@
|
|||
# @TEST-PORT: BROKER_PORT4
|
||||
# @TEST-PORT: BROKER_PORT5
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 30
|
||||
# @TEST-EXEC: btest-diff manager-1/.stdout
|
||||
|
||||
@TEST-START-FILE cluster-layout.bro
|
||||
@TEST-START-FILE cluster-layout.zeek
|
||||
redef Cluster::nodes = {
|
||||
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))],
|
||||
["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"],
|
||||
|
|
@ -22,7 +22,7 @@ redef Cluster::nodes = {
|
|||
|
||||
global my_pool_spec: Cluster::PoolSpec =
|
||||
Cluster::PoolSpec(
|
||||
$topic = "bro/cluster/pool/my_pool",
|
||||
$topic = "zeek/cluster/pool/my_pool",
|
||||
$node_type = Cluster::PROXY
|
||||
);
|
||||
|
||||
|
|
@ -30,13 +30,13 @@ global my_pool: Cluster::Pool;
|
|||
|
||||
redef Cluster::proxy_pool_spec =
|
||||
Cluster::PoolSpec(
|
||||
$topic = "bro/cluster/pool/proxy",
|
||||
$topic = "zeek/cluster/pool/proxy",
|
||||
$node_type = Cluster::PROXY,
|
||||
$exclusive = T,
|
||||
$max_nodes = 1
|
||||
);
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
my_pool = Cluster::register_pool(my_pool_spec);
|
||||
}
|
||||
|
|
@ -4,13 +4,13 @@
|
|||
# @TEST-PORT: BROKER_PORT4
|
||||
# @TEST-PORT: BROKER_PORT5
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 30
|
||||
# @TEST-EXEC: btest-diff manager-1/.stdout
|
||||
|
||||
@TEST-START-FILE cluster-layout.bro
|
||||
@TEST-START-FILE cluster-layout.zeek
|
||||
redef Cluster::nodes = {
|
||||
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))],
|
||||
["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"],
|
||||
|
|
@ -22,7 +22,7 @@ redef Cluster::nodes = {
|
|||
|
||||
global my_pool_spec: Cluster::PoolSpec =
|
||||
Cluster::PoolSpec(
|
||||
$topic = "bro/cluster/pool/my_pool",
|
||||
$topic = "zeek/cluster/pool/my_pool",
|
||||
$node_type = Cluster::PROXY
|
||||
);
|
||||
|
||||
|
|
@ -30,13 +30,13 @@ global my_pool: Cluster::Pool;
|
|||
|
||||
redef Cluster::proxy_pool_spec =
|
||||
Cluster::PoolSpec(
|
||||
$topic = "bro/cluster/pool/proxy",
|
||||
$topic = "zeek/cluster/pool/proxy",
|
||||
$node_type = Cluster::PROXY,
|
||||
$exclusive = F,
|
||||
$max_nodes = 1
|
||||
);
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
my_pool = Cluster::register_pool(my_pool_spec);
|
||||
}
|
||||
|
|
@ -4,11 +4,11 @@
|
|||
# @TEST-PORT: BROKER_PORT4
|
||||
# @TEST-PORT: BROKER_PORT5
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 30
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout
|
||||
# @TEST-EXEC: btest-diff proxy-1/.stdout
|
||||
|
|
@ -16,7 +16,7 @@
|
|||
# @TEST-EXEC: btest-diff worker-1/.stdout
|
||||
# @TEST-EXEC: btest-diff worker-2/.stdout
|
||||
|
||||
@TEST-START-FILE cluster-layout.bro
|
||||
@TEST-START-FILE cluster-layout.zeek
|
||||
redef Cluster::nodes = {
|
||||
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))],
|
||||
["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"],
|
||||
|
|
@ -67,7 +67,7 @@ event fully_connected()
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::auto_publish(Cluster::manager_topic, fully_connected);
|
||||
|
||||
|
|
@ -3,15 +3,15 @@
|
|||
# @TEST-PORT: BROKER_PORT3
|
||||
# @TEST-PORT: BROKER_PORT4
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run logger-1 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run logger-2 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-2 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager BROPATH=$BROPATH:.. CLUSTER_NODE=manager bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run logger-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=logger-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run logger-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=logger-2 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 30
|
||||
# @TEST-EXEC: btest-diff logger-1/test.log
|
||||
# @TEST-EXEC: btest-diff logger-2/test.log
|
||||
|
||||
@TEST-START-FILE cluster-layout.bro
|
||||
@TEST-START-FILE cluster-layout.zeek
|
||||
redef Cluster::manager_is_logger = F;
|
||||
|
||||
redef Cluster::nodes = {
|
||||
|
|
@ -32,7 +32,7 @@ type Info: record {
|
|||
num: count &log;
|
||||
};
|
||||
|
||||
event bro_init() &priority=5
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Test::LOG, [$columns=Info, $path="test"]);
|
||||
}
|
||||
|
|
@ -5,12 +5,12 @@
|
|||
# @TEST-PORT: BROKER_PORT5
|
||||
# @TEST-PORT: BROKER_PORT6
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run logger-1 CLUSTER_NODE=logger-1 BROPATH=$BROPATH:.. bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager-1 CLUSTER_NODE=manager-1 BROPATH=$BROPATH:.. bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 CLUSTER_NODE=proxy-1 BROPATH=$BROPATH:.. bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 CLUSTER_NODE=proxy-2 BROPATH=$BROPATH:.. bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-1 CLUSTER_NODE=worker-1 BROPATH=$BROPATH:.. bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-2 CLUSTER_NODE=worker-2 BROPATH=$BROPATH:.. bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run logger-1 CLUSTER_NODE=logger-1 ZEEKPATH=$ZEEKPATH:.. zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager-1 CLUSTER_NODE=manager-1 ZEEKPATH=$ZEEKPATH:.. zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 CLUSTER_NODE=proxy-1 ZEEKPATH=$ZEEKPATH:.. zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 CLUSTER_NODE=proxy-2 ZEEKPATH=$ZEEKPATH:.. zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-1 CLUSTER_NODE=worker-1 ZEEKPATH=$ZEEKPATH:.. zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-2 CLUSTER_NODE=worker-2 ZEEKPATH=$ZEEKPATH:.. zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 30
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff logger-1/.stdout
|
||||
# @TEST-EXEC: btest-diff manager-1/.stdout
|
||||
|
|
@ -19,7 +19,7 @@
|
|||
# @TEST-EXEC: btest-diff worker-1/.stdout
|
||||
# @TEST-EXEC: btest-diff worker-2/.stdout
|
||||
|
||||
@TEST-START-FILE cluster-layout.bro
|
||||
@TEST-START-FILE cluster-layout.zeek
|
||||
redef Cluster::manager_is_logger = F;
|
||||
redef Cluster::nodes = {
|
||||
["logger-1"] = [$node_type=Cluster::LOGGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))],
|
||||
|
|
@ -55,7 +55,7 @@ event fully_connected(n: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::auto_publish(Cluster::logger_topic, fully_connected);
|
||||
}
|
||||
|
|
@ -4,11 +4,11 @@
|
|||
# @TEST-PORT: BROKER_PORT4
|
||||
# @TEST-PORT: BROKER_PORT5
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 30
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout
|
||||
# @TEST-EXEC: btest-diff proxy-1/.stdout
|
||||
|
|
@ -16,7 +16,7 @@
|
|||
# @TEST-EXEC: btest-diff worker-1/.stdout
|
||||
# @TEST-EXEC: btest-diff worker-2/.stdout
|
||||
|
||||
@TEST-START-FILE cluster-layout.bro
|
||||
@TEST-START-FILE cluster-layout.zeek
|
||||
redef Cluster::nodes = {
|
||||
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))],
|
||||
["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"],
|
||||
|
|
@ -47,7 +47,7 @@ event fully_connected()
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::auto_publish(Cluster::manager_topic, fully_connected);
|
||||
}
|
||||
|
|
@ -4,13 +4,13 @@
|
|||
# @TEST-PORT: BROKER_PORT4
|
||||
# @TEST-PORT: BROKER_PORT5
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 30
|
||||
# @TEST-EXEC: btest-diff manager-1/.stdout
|
||||
|
||||
@TEST-START-FILE cluster-layout.bro
|
||||
@TEST-START-FILE cluster-layout.zeek
|
||||
redef Cluster::nodes = {
|
||||
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))],
|
||||
["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"],
|
||||
|
|
@ -4,15 +4,15 @@
|
|||
# @TEST-PORT: BROKER_PORT4
|
||||
# @TEST-PORT: BROKER_PORT5
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 30
|
||||
# @TEST-EXEC: btest-diff manager-1/.stdout
|
||||
# @TEST-EXEC: btest-diff proxy-1/.stdout
|
||||
# @TEST-EXEC: btest-diff proxy-2/.stdout
|
||||
|
||||
@TEST-START-FILE cluster-layout.bro
|
||||
@TEST-START-FILE cluster-layout.zeek
|
||||
redef Cluster::nodes = {
|
||||
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))],
|
||||
["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"],
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff bro/config.log
|
||||
# @TEST-EXEC: btest-diff bro/.stderr
|
||||
# @TEST-EXEC: btest-diff zeek/config.log
|
||||
# @TEST-EXEC: btest-diff zeek/.stderr
|
||||
|
||||
@load base/frameworks/config
|
||||
@load base/protocols/conn
|
||||
|
|
@ -2,10 +2,10 @@
|
|||
# @TEST-PORT: BROKER_PORT2
|
||||
# @TEST-PORT: BROKER_PORT3
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT
|
||||
# @TEST-EXEC: sleep 1
|
||||
# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 15
|
||||
# @TEST-EXEC: btest-diff manager-1/.stdout
|
||||
# @TEST-EXEC: btest-diff worker-1/.stdout
|
||||
|
|
@ -15,7 +15,7 @@
|
|||
@load base/frameworks/config
|
||||
|
||||
|
||||
@TEST-START-FILE cluster-layout.bro
|
||||
@TEST-START-FILE cluster-layout.zeek
|
||||
redef Cluster::nodes = {
|
||||
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))],
|
||||
["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"],
|
||||
|
|
@ -39,7 +39,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
|||
|
||||
global ready_for_data: event();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::auto_publish(Cluster::worker_topic, ready_for_data);
|
||||
}
|
||||
|
|
@ -64,7 +64,7 @@ function option_changed(ID: string, new_value: any, location: string): any
|
|||
return new_value;
|
||||
}
|
||||
|
||||
event bro_init() &priority=5
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Option::set_change_handler("testport", option_changed, -100);
|
||||
Option::set_change_handler("teststring", option_changed, -100);
|
||||
|
|
@ -2,11 +2,11 @@
|
|||
# @TEST-PORT: BROKER_PORT2
|
||||
# @TEST-PORT: BROKER_PORT3
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT
|
||||
# @TEST-EXEC: sleep 1
|
||||
# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT
|
||||
# @TEST-EXEC: sleep 15
|
||||
# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 15
|
||||
# @TEST-EXEC: btest-diff manager-1/.stdout
|
||||
# @TEST-EXEC: btest-diff worker-1/.stdout
|
||||
|
|
@ -19,7 +19,7 @@
|
|||
@load base/frameworks/config
|
||||
|
||||
|
||||
@TEST-START-FILE cluster-layout.bro
|
||||
@TEST-START-FILE cluster-layout.zeek
|
||||
redef Cluster::nodes = {
|
||||
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))],
|
||||
["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"],
|
||||
|
|
@ -44,7 +44,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
|||
|
||||
global ready_for_data: event();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::auto_publish(Cluster::worker_topic, ready_for_data);
|
||||
}
|
||||
|
|
@ -84,7 +84,7 @@ function option_changed(ID: string, new_value: any, location: string): any
|
|||
return new_value;
|
||||
}
|
||||
|
||||
event bro_init() &priority=5
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Option::set_change_handler("testport", option_changed, -100);
|
||||
Option::set_change_handler("teststring", option_changed, -100);
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff bro/config.log
|
||||
# @TEST-EXEC: btest-diff zeek/config.log
|
||||
|
||||
@load base/frameworks/config
|
||||
@load base/protocols/conn
|
||||
|
|
@ -51,7 +51,7 @@ event Input::end_of_data(name: string, source:string)
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Config::read_config("../configfile");
|
||||
}
|
||||
|
|
@ -2,10 +2,10 @@
|
|||
# @TEST-PORT: BROKER_PORT2
|
||||
# @TEST-PORT: BROKER_PORT3
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT
|
||||
# @TEST-EXEC: sleep 1
|
||||
# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 15
|
||||
# @TEST-EXEC: btest-diff manager-1/.stdout
|
||||
# @TEST-EXEC: btest-diff worker-1/.stdout
|
||||
|
|
@ -15,7 +15,7 @@
|
|||
@load base/frameworks/config
|
||||
|
||||
|
||||
@TEST-START-FILE cluster-layout.bro
|
||||
@TEST-START-FILE cluster-layout.zeek
|
||||
redef Cluster::nodes = {
|
||||
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))],
|
||||
["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1", $interface="eth0"],
|
||||
|
|
@ -59,7 +59,7 @@ export {
|
|||
option test_vector: vector of count = {};
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Config::read_config("../configfile");
|
||||
}
|
||||
|
|
@ -75,7 +75,7 @@ function option_changed(ID: string, new_value: any, location: string): any
|
|||
return new_value;
|
||||
}
|
||||
|
||||
event bro_init() &priority=5
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Option::set_change_handler("testport", option_changed, -100);
|
||||
Option::set_change_handler("teststring", option_changed, -100);
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-canonifier | grep -v ^# | $SCRIPTS/diff-sort" btest-diff bro/config.log
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-canonifier | grep -v ^# | $SCRIPTS/diff-sort" btest-diff zeek/config.log
|
||||
|
||||
@load base/frameworks/config
|
||||
@load base/protocols/conn
|
||||
|
|
@ -1,12 +1,12 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 10 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 10 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: mv configfile2 configfile
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 10 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 10 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: mv configfile3 configfile
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 10 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 10 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: mv configfile4 configfile
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff bro/config.log
|
||||
# @TEST-EXEC: btest-diff zeek/config.log
|
||||
|
||||
@load base/frameworks/config
|
||||
@load base/protocols/conn
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/bro.org.pcap %INPUT >output
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/bro.org.pcap %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff config.log
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Config::set_value("Weird::sampling_duration", 5sec);
|
||||
Config::set_value("Weird::sampling_threshold", 10);
|
||||
|
|
@ -11,7 +11,7 @@ event bro_init()
|
|||
print "Config values set";
|
||||
}
|
||||
|
||||
event bro_init() &priority = -10
|
||||
event zeek_init() &priority = -10
|
||||
{
|
||||
print Reporter::get_weird_sampling_whitelist();
|
||||
print Reporter::get_weird_sampling_rate();
|
||||
|
|
@ -1,26 +1,26 @@
|
|||
# @TEST-PORT: BROKER_PORT
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro -Bbroker %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT
|
||||
# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro -Bbroker %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=configuration_update
|
||||
# @TEST-EXEC: btest-bg-run controllee ZEEKPATH=$ZEEKPATH:.. zeek -Bbroker %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT
|
||||
# @TEST-EXEC: btest-bg-run controller ZEEKPATH=$ZEEKPATH:.. zeek -Bbroker %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=configuration_update
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff controllee/.stdout
|
||||
|
||||
const test_var = "ORIGINAL VALUE (this should be printed out first)" &redef;
|
||||
|
||||
@TEST-START-FILE test-redef.bro
|
||||
@TEST-START-FILE test-redef.zeek
|
||||
redef test_var = "NEW VALUE (this should be printed out second)";
|
||||
@TEST-END-FILE
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
print test_var;
|
||||
Reporter::info("handle bro_init");
|
||||
Reporter::info("handle zeek_init");
|
||||
}
|
||||
|
||||
event bro_done()
|
||||
event zeek_done()
|
||||
{
|
||||
print test_var;
|
||||
Reporter::info("handle bro_done");
|
||||
Reporter::info("handle zeek_done");
|
||||
}
|
||||
|
||||
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
||||
|
|
@ -1,14 +1,14 @@
|
|||
# @TEST-PORT: BROKER_PORT
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Broker::default_port=$BROKER_PORT
|
||||
# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=id_value Control::arg=test_var
|
||||
# @TEST-EXEC: btest-bg-run controllee ZEEKPATH=$ZEEKPATH:.. zeek %INPUT only-for-controllee frameworks/control/controllee Broker::default_port=$BROKER_PORT
|
||||
# @TEST-EXEC: btest-bg-run controller ZEEKPATH=$ZEEKPATH:.. zeek %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=id_value Control::arg=test_var
|
||||
# @TEST-EXEC: btest-bg-wait -k 10
|
||||
# @TEST-EXEC: btest-diff controller/.stdout
|
||||
|
||||
# This value shouldn't ever be printed to the controllers stdout.
|
||||
const test_var = "Original value" &redef;
|
||||
|
||||
@TEST-START-FILE only-for-controllee.bro
|
||||
@TEST-START-FILE only-for-controllee.zeek
|
||||
# This is only loaded on the controllee, but it's sent to the controller
|
||||
# and should be printed there.
|
||||
redef test_var = "This is the value from the controllee";
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# @TEST-PORT: BROKER_PORT
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT
|
||||
# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=shutdown
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# @TEST-PORT: BROKER_PORT
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run controllee ZEEKPATH=$ZEEKPATH:.. zeek %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT
|
||||
# @TEST-EXEC: btest-bg-run controller ZEEKPATH=$ZEEKPATH:.. zeek %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=shutdown
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT >out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
redef test_print_file_data_events = T;
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
redef test_print_file_data_events = T;
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT 2>&1
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT 2>&1
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
print "This should fail but not crash";
|
||||
print Files::lookup_file("asdf");
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff files.log
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Files::register_for_mime_type(Files::ANALYZER_MD5, "text/plain");
|
||||
};
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT >get.out
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out
|
||||
# @TEST-EXEC: btest-diff get.out
|
||||
|
||||
redef test_file_analysis_source = "HTTP";
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 8
|
||||
# @TEST-EXEC: btest-diff bro/.stdout
|
||||
# @TEST-EXEC: btest-diff zeek/.stdout
|
||||
|
||||
global cnt: count = 0;
|
||||
global timeout_cnt: count = 0;
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT >get.out
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out
|
||||
# @TEST-EXEC: btest-diff get.out
|
||||
# @TEST-EXEC: test ! -s Cx92a0ym5R8-file
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff files.log
|
||||
|
||||
@load frameworks/files/hash-all-files
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# This used to crash the file reassemly code.
|
||||
#
|
||||
# @TEST-EXEC: bro -r $TRACES/http/byteranges.trace frameworks/files/extract-all-files FileExtract::default_limit=4000
|
||||
#
|
||||
# @TEST-EXEC: btest-diff files.log
|
||||
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# This used to crash the file reassemly code.
|
||||
#
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/byteranges.trace frameworks/files/extract-all-files FileExtract::default_limit=4000
|
||||
#
|
||||
# @TEST-EXEC: btest-diff files.log
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/ftp/retr.trace $SCRIPTS/file-analysis-test.bro %INPUT >out
|
||||
# @TEST-EXEC: zeek -r $TRACES/ftp/retr.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
# @TEST-EXEC: btest-diff thefile
|
||||
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT c=1 >get.out
|
||||
# @TEST-EXEC: bro -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.bro %INPUT c=2 >get-gzip.out
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=1 >get.out
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=2 >get-gzip.out
|
||||
# @TEST-EXEC: btest-diff get.out
|
||||
# @TEST-EXEC: btest-diff get-gzip.out
|
||||
# @TEST-EXEC: btest-diff 1-file
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/multipart.trace $SCRIPTS/file-analysis-test.bro %INPUT >out
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/multipart.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
# @TEST-EXEC: btest-diff 1-file
|
||||
# @TEST-EXEC: btest-diff 2-file
|
||||
|
|
@ -1,14 +1,14 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.bro %INPUT >a.out
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >a.out
|
||||
# @TEST-EXEC: btest-diff a.out
|
||||
# @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >a.size
|
||||
# @TEST-EXEC: btest-diff a.size
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.bro %INPUT >b.out
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >b.out
|
||||
# @TEST-EXEC: btest-diff b.out
|
||||
# @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >b.size
|
||||
# @TEST-EXEC: btest-diff b.size
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.bro %INPUT >c.out
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >c.out
|
||||
# @TEST-EXEC: btest-diff c.out
|
||||
# @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >c.size
|
||||
# @TEST-EXEC: btest-diff c.size
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.bro %INPUT >out
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
# @TEST-EXEC: btest-diff 1-file
|
||||
# @TEST-EXEC: btest-diff 2-file
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.bro %INPUT >out
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
# @TEST-EXEC: btest-diff 1-file
|
||||
# @TEST-EXEC: btest-diff 2-file
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b $SCRIPTS/file-analysis-test.bro %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b $SCRIPTS/file-analysis-test.zeek %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 8
|
||||
# @TEST-EXEC: btest-diff bro/.stdout
|
||||
# @TEST-EXEC: diff -q bro/FK8WqY1Q9U1rVxnDge-file input.log
|
||||
# @TEST-EXEC: btest-diff zeek/.stdout
|
||||
# @TEST-EXEC: diff -q zeek/FK8WqY1Q9U1rVxnDge-file input.log
|
||||
|
||||
redef exit_only_after_terminate = T;
|
||||
|
||||
|
|
@ -18,7 +18,7 @@ redef test_get_file_name = function(f: fa_file): string
|
|||
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242
|
||||
@TEST-END-FILE
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
local source: string = "../input.log";
|
||||
Input::add_analysis([$source=source, $reader=Input::READER_BINARY,
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace $SCRIPTS/file-analysis-test.bro %INPUT >out
|
||||
# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
# @TEST-EXEC: btest-diff thefile
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT
|
||||
# @TEST-EXEC: btest-diff files.log
|
||||
|
||||
redef test_file_analysis_source = "HTTP";
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace $SCRIPTS/file-analysis-test.bro %INPUT >out
|
||||
# @TEST-EXEC: zeek -r $TRACES/smtp.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
# @TEST-EXEC: btest-diff thefile0
|
||||
# @TEST-EXEC: btest-diff thefile1
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
# @TEST-EXEC: zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-diff .stderr
|
||||
|
||||
@TEST-START-FILE input.log
|
||||
#separator \x09
|
||||
#fields i p
|
||||
#types count pattern
|
||||
1 /d/og/
|
||||
2 /cat/sss
|
||||
3 /foo|bar
|
||||
4 this is not a pattern
|
||||
5 /5
|
||||
@TEST-END-FILE
|
||||
|
||||
redef exit_only_after_terminate = T;
|
||||
|
||||
module A;
|
||||
|
||||
type Idx: record {
|
||||
i: int;
|
||||
};
|
||||
|
||||
type Val: record {
|
||||
p: pattern;
|
||||
};
|
||||
|
||||
event kill_me()
|
||||
{
|
||||
terminate();
|
||||
}
|
||||
|
||||
global pats: table[int] of Val = table();
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_table([$source="input.log", $name="pats", $idx=Idx, $val=Val, $destination=pats]);
|
||||
schedule 10msec { kill_me() };
|
||||
}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -26,7 +26,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -45,7 +45,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, a: string, b
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -67,7 +67,7 @@ event Input::end_of_data(name: string, source:string)
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]);
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: tail -n +2 .stderr > errout
|
||||
# @TEST-EXEC: btest-diff errout
|
||||
|
|
@ -58,7 +58,7 @@ event Input::end_of_data(name: string, source:string)
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]);
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -51,7 +51,7 @@ event Input::end_of_data(name: string, source:string)
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]);
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -33,7 +33,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, val: Val)
|
|||
print outfile, val;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line, $want_record=T]);
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: mv input1.log input.log
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: mv input2.log input.log
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
|
@ -52,7 +52,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
|
|||
print outfile, right;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
try = 0;
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -29,7 +29,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
# Test different kinds of errors of the input framework
|
||||
#
|
||||
# @TEST-EXEC: bro -b %INPUT
|
||||
# @TEST-EXEC: zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-diff .stderr
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -148,7 +148,7 @@ event kill_me()
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("out");
|
||||
Input::add_event([$source="input.log", $name="file", $fields=FileVal, $ev=line_file, $want_record=T]);
|
||||
|
|
@ -188,5 +188,7 @@ event bro_init()
|
|||
Input::add_event([$source="input.log", $name="error4", $fields=Val, $ev=event11, $want_record=T, $error_ev=errorhandler4]);
|
||||
Input::add_event([$source="input.log", $name="error5", $fields=Val, $ev=event11, $want_record=T, $error_ev=errorhandler5]);
|
||||
|
||||
Input::add_table([$source="input.log", $name="error6", $idx=Idx, $destination=val_table]);
|
||||
|
||||
schedule 3secs { kill_me() };
|
||||
}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -35,7 +35,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: b
|
|||
print outfile, b;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line, $want_record=F]);
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -50,7 +50,7 @@ type Val: record {
|
|||
global servers: table[int] of Val = table();
|
||||
global servers2: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
# @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline
|
||||
|
|
@ -30,7 +30,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
|
||||
# @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline
|
||||
|
|
@ -45,7 +45,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, v: Val)
|
|||
print outfile, "Event", v;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
|
||||
# @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline
|
||||
|
|
@ -46,7 +46,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, v: Val)
|
|||
print outfile, "Event", v;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff bro/.stderr
|
||||
# @TEST-EXEC: btest-diff bro/.stdout
|
||||
# @TEST-EXEC: btest-diff zeek/.stderr
|
||||
# @TEST-EXEC: btest-diff zeek/.stdout
|
||||
|
||||
@TEST-START-FILE input.log
|
||||
#fields e i
|
||||
|
|
@ -22,7 +22,7 @@ type Val: record {
|
|||
|
||||
global etable: table[int] of Log::ID = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
# first read in the old stuff into the table...
|
||||
Input::add_table([$source="../input.log", $name="enum", $idx=Idx, $val=Val, $destination=etable, $want_record=F]);
|
||||
|
|
@ -3,15 +3,15 @@
|
|||
# It does a second test at the same time which configures the old
|
||||
# failing behavior.
|
||||
|
||||
# @TEST-EXEC: btest-bg-run bro bro %INPUT
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/init 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek %INPUT
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/init 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: mv does-exist.dat does-not-exist.dat
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/next 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/next 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: mv does-not-exist.dat does-not-exist-again.dat
|
||||
# @TEST-EXEC: echo "3 streaming still works" >> does-not-exist-again.dat
|
||||
# @TEST-EXEC: btest-bg-wait 5
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stdout
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stderr
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stdout
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stderr
|
||||
|
||||
@TEST-START-FILE does-exist.dat
|
||||
#separator \x09
|
||||
|
|
@ -50,7 +50,7 @@ event line2(description: Input::EventDescription, tpe: Input::Event, v: Val)
|
|||
}
|
||||
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_event([$source="../does-not-exist.dat", $name="input", $reader=Input::READER_ASCII, $mode=Input::REREAD, $fields=Val, $ev=line, $want_record=T]);
|
||||
Input::add_event([$source="../does-not-exist.dat", $name="inputstream", $reader=Input::READER_ASCII, $mode=Input::STREAM, $fields=Val, $ev=line, $want_record=T]);
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff bro/.stderr
|
||||
# @TEST-EXEC: btest-diff zeek/.stderr
|
||||
|
||||
redef exit_only_after_terminate = T;
|
||||
redef InputAscii::fail_on_file_problem = T;
|
||||
|
|
@ -19,7 +19,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: b
|
|||
{
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -28,7 +28,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of bool = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]);
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -28,7 +28,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_table([$name="input", $source="../input.log", $idx=Idx, $val=Val, $destination=servers]);
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -35,7 +35,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
@ -2,14 +2,14 @@
|
|||
# variables to verify that an absolute path prefix gets added correctly
|
||||
# to relative/path-less input sources.
|
||||
#
|
||||
# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/subdir|" >input.bro
|
||||
# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD/subdir|" >input.zeek
|
||||
# @TEST-EXEC: mkdir -p subdir
|
||||
#
|
||||
# Note, in the following we'd ideally use %DIR to express the
|
||||
# additional path, but there's currently a problem in btest with using
|
||||
# %DIR after TEST-START-NEXT.
|
||||
#
|
||||
# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b input.bro >output
|
||||
# @TEST-EXEC: ZEEKPATH=$ZEEKPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b input.zeek >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
@TEST-START-FILE subdir/input.data
|
||||
|
|
@ -19,10 +19,10 @@
|
|||
127.0.3.3 value
|
||||
@TEST-END-FILE
|
||||
|
||||
@load path-prefix-common-table.bro
|
||||
@load path-prefix-common-table.zeek
|
||||
redef InputAscii::path_prefix = "@path_prefix@";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_table([$source="input.data", $name="input", $idx=Idx, $val=Val,
|
||||
$destination=destination, $want_record=F]);
|
||||
|
|
@ -32,10 +32,10 @@ event bro_init()
|
|||
#
|
||||
# The same test, but using event streams for input.
|
||||
|
||||
@load path-prefix-common-event.bro
|
||||
@load path-prefix-common-event.zeek
|
||||
redef InputAscii::path_prefix = "@path_prefix@";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_event([$source="input.data", $name="input",
|
||||
$fields=Val, $ev=inputev]);
|
||||
|
|
@ -45,10 +45,10 @@ event bro_init()
|
|||
#
|
||||
# The same test again, but using file analysis w/ binary readers.
|
||||
|
||||
@load path-prefix-common-analysis.bro
|
||||
@load path-prefix-common-analysis.zeek
|
||||
redef InputBinary::path_prefix = "@path_prefix@";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_analysis([$source="input.data", $name="input"]);
|
||||
}
|
||||
|
|
@ -2,8 +2,8 @@
|
|||
# variables to verify that setting these prefixes has no effect when
|
||||
# an input file uses an absolute-path source.
|
||||
#
|
||||
# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD|" >input.bro
|
||||
# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b input.bro >output
|
||||
# @TEST-EXEC: cat %INPUT | sed "s|@path_prefix@|$PWD|" >input.zeek
|
||||
# @TEST-EXEC: ZEEKPATH=$ZEEKPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b input.zeek >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
@TEST-START-FILE input.data
|
||||
|
|
@ -13,10 +13,10 @@
|
|||
127.0.4.3 value
|
||||
@TEST-END-FILE
|
||||
|
||||
@load path-prefix-common-table.bro
|
||||
@load path-prefix-common-table.zeek
|
||||
redef InputAscii::path_prefix = "/this/does/not/exist";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_table([$source="@path_prefix@/input.data", $name="input", $idx=Idx, $val=Val,
|
||||
$destination=destination, $want_record=F]);
|
||||
|
|
@ -26,10 +26,10 @@ event bro_init()
|
|||
#
|
||||
# The same test, but using event streams for input.
|
||||
|
||||
@load path-prefix-common-event.bro
|
||||
@load path-prefix-common-event.zeek
|
||||
redef InputAscii::path_prefix = "/this/does/not/exist";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_event([$source="@path_prefix@/input.data", $name="input",
|
||||
$fields=Val, $ev=inputev]);
|
||||
|
|
@ -39,10 +39,10 @@ event bro_init()
|
|||
#
|
||||
# The same test again, but using file analysis w/ binary readers.
|
||||
|
||||
@load path-prefix-common-analysis.bro
|
||||
@load path-prefix-common-analysis.zeek
|
||||
redef InputBinary::path_prefix = "/this/does/not/exist";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_analysis([$source="@path_prefix@/input.data", $name="input"]);
|
||||
}
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# These tests verify that when setting neither InputAscii::path_prefix
|
||||
# nor InputBinary::path_prefix, Zeek correctly locates local input files.
|
||||
#
|
||||
# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b %INPUT >output
|
||||
# @TEST-EXEC: ZEEKPATH=$ZEEKPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
@TEST-START-FILE input.data
|
||||
|
|
@ -11,9 +11,9 @@
|
|||
127.0.0.3 value
|
||||
@TEST-END-FILE
|
||||
|
||||
@load path-prefix-common-table.bro
|
||||
@load path-prefix-common-table.zeek
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_table([$source="input.data", $name="input", $idx=Idx, $val=Val,
|
||||
$destination=destination, $want_record=F]);
|
||||
|
|
@ -23,9 +23,9 @@ event bro_init()
|
|||
#
|
||||
# The same test, but using event streams for input.
|
||||
|
||||
@load path-prefix-common-event.bro
|
||||
@load path-prefix-common-event.zeek
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_event([$source="input.data", $name="input",
|
||||
$fields=Val, $ev=inputev]);
|
||||
|
|
@ -35,9 +35,9 @@ event bro_init()
|
|||
#
|
||||
# The same test again, but using file analysis w/ binary readers.
|
||||
|
||||
@load path-prefix-common-analysis.bro
|
||||
@load path-prefix-common-analysis.zeek
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_analysis([$source="input.data", $name="input"]);
|
||||
}
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
# from the current working directory.
|
||||
#
|
||||
# @TEST-EXEC: mkdir -p alternative
|
||||
# @TEST-EXEC: BROPATH=$BROPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix bro -b %INPUT >output
|
||||
# @TEST-EXEC: ZEEKPATH=$ZEEKPATH:$TEST_BASE/scripts/base/frameworks/input/path-prefix zeek -b %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
@TEST-START-FILE alternative/input.data
|
||||
|
|
@ -13,10 +13,10 @@
|
|||
127.0.1.3 value
|
||||
@TEST-END-FILE
|
||||
|
||||
@load path-prefix-common-table.bro
|
||||
@load path-prefix-common-table.zeek
|
||||
redef InputAscii::path_prefix = "alternative";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_table([$source="input.data", $name="input", $idx=Idx, $val=Val,
|
||||
$destination=destination, $want_record=F]);
|
||||
|
|
@ -26,10 +26,10 @@ event bro_init()
|
|||
#
|
||||
# The same test, but using event streams for input.
|
||||
|
||||
@load path-prefix-common-event.bro
|
||||
@load path-prefix-common-event.zeek
|
||||
redef InputAscii::path_prefix = "alternative";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_event([$source="input.data", $name="input",
|
||||
$fields=Val, $ev=inputev]);
|
||||
|
|
@ -39,10 +39,10 @@ event bro_init()
|
|||
#
|
||||
# The same test again, but using file analysis w/ binary readers.
|
||||
|
||||
@load path-prefix-common-analysis.bro
|
||||
@load path-prefix-common-analysis.zeek
|
||||
redef InputBinary::path_prefix = "alternative";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_analysis([$source="input.data", $name="input"]);
|
||||
}
|
||||
47
testing/btest/scripts/base/frameworks/input/patterns.zeek
Normal file
47
testing/btest/scripts/base/frameworks/input/patterns.zeek
Normal file
|
|
@ -0,0 +1,47 @@
|
|||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
redef exit_only_after_terminate = T;
|
||||
|
||||
@TEST-START-FILE input.log
|
||||
#separator \x09
|
||||
#fields i p
|
||||
#types count pattern
|
||||
1 /dog/
|
||||
2 /cat/
|
||||
3 /foo|bar/
|
||||
4 /^oob/
|
||||
@TEST-END-FILE
|
||||
|
||||
global outfile: file;
|
||||
|
||||
module A;
|
||||
|
||||
type Idx: record {
|
||||
i: int;
|
||||
};
|
||||
|
||||
type Val: record {
|
||||
p: pattern;
|
||||
};
|
||||
|
||||
global pats: table[int] of Val = table();
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
Input::add_table([$source="../input.log", $name="pats", $idx=Idx, $val=Val, $destination=pats]);
|
||||
}
|
||||
|
||||
event Input::end_of_data(name: string, source:string)
|
||||
{
|
||||
print outfile, (pats[3]$p in "foobar"); # T
|
||||
print outfile, (pats[4]$p in "foobar"); # F
|
||||
print outfile, (pats[3]$p == "foo"); # T
|
||||
print outfile, pats;
|
||||
Input::remove("pats");
|
||||
close(outfile);
|
||||
terminate();
|
||||
}
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff bro/.stdout
|
||||
# @TEST-EXEC: btest-diff bro/.stderr
|
||||
# @TEST-EXEC: btest-diff zeek/.stdout
|
||||
# @TEST-EXEC: btest-diff zeek/.stderr
|
||||
|
||||
@TEST-START-FILE input.log
|
||||
#fields i p
|
||||
|
|
@ -32,7 +32,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
|
|||
print left, right;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $ev=line, $destination=servers]);
|
||||
}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -27,7 +27,7 @@ type Val: record {
|
|||
|
||||
global servers: table[addr] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]);
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
#
|
||||
# only difference from predicate.bro is, that this one uses a stream source.
|
||||
# only difference from predicate.zeek is, that this one uses a stream source.
|
||||
# the reason is, that the code-paths are quite different, because then the
|
||||
# ascii reader uses the put and not the sendevent interface
|
||||
|
||||
|
|
@ -64,7 +64,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
ct = 0;
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -34,7 +34,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of bool = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -31,7 +31,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int, string] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
|
||||
|
|
@ -1,12 +1,12 @@
|
|||
# @TEST-EXEC: mv input1.log input.log
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: mv input2.log input.log
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: mv input3.log input.log
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: mv input4.log input.log
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got4 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got4 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: mv input5.log input.log
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
|
@ -75,7 +75,7 @@ global servers: table[int, string] of Val = table();
|
|||
global outfile: file;
|
||||
global try: count;
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -35,7 +35,7 @@ type Val: record {
|
|||
|
||||
global servers: table[addr] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -38,7 +38,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: cat out.tmp | sed 's/^ *//g' >out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
|
@ -32,7 +32,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out.tmp");
|
||||
Input::add_event([$source="wc -l ../input.log |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line, $want_record=F]);
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 15
|
||||
# @TEST-EXEC: btest-diff test.txt
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
|
||||
|
|
@ -72,7 +72,7 @@ function more_input(name_prefix: string)
|
|||
$config=config_strings]);
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
++total_processes;
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
# @TEST-EXEC: cp input1.log input.log
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got1 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: cat input2.log >> input.log
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got3 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: cat input3.log >> input.log
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
|
@ -56,7 +56,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
try = 0;
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
# @TEST-EXEC: dd if=/dev/zero of=input.log bs=8193 count=1
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
#
|
||||
|
|
@ -29,7 +29,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-EXEC: cp input.log input2.log
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: $SCRIPTS/wait-for-file zeek/got2 5 || (btest-bg-wait -k 1 && false)
|
||||
# @TEST-EXEC: echo "hi" >> input2.log
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
|
||||
|
|
@ -33,7 +33,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -38,7 +38,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
# @TEST-EXEC: mkdir mydir && touch mydir/a && touch mydir/b && touch mydir/c
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -54,7 +54,7 @@ event InputRaw::process_finished(name: string, source:string, exit_code:count, s
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
local config_strings: table[string] of string = {
|
||||
["read_stderr"] = "1"
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue