mirror of
https://github.com/zeek/zeek.git
synced 2025-10-12 11:38:20 +00:00
Merge remote-tracking branch 'origin/fastpath'
* origin/fastpath: Fixing variable size issues (was uint, should be long) with http response code. Revert "Trick for parallelizing input framework unit tests." add opaque type-ignoring for the accept_unsupported_types input framework option.
This commit is contained in:
Robin Sommer
commit
fdf79196c6
40 changed files with 231 additions and 56 deletions
14
CHANGES
14
CHANGES
|
|
@ -1,4 +1,18 @@
|
|||
|
||||
2.1-279 | 2013-01-18 17:18:22 -0800
|
||||
|
||||
* Revert "Trick for parallelizing input framework unit tests." The
|
||||
old way of doing the tests seems more reliable for now. (Jon
|
||||
Siwek)
|
||||
|
||||
* Fixing variable size issues with http response code in
|
||||
ElasticSearch writer. (Gilbert Clark)
|
||||
|
||||
* Removing unused class member. (Robin Sommer)
|
||||
|
||||
* Add opaque type-ignoring for the accept_unsupported_types input
|
||||
framework option. (Bernhard Amann)
|
||||
|
||||
2.1-271 | 2013-01-08 10:18:57 -0800
|
||||
|
||||
* Change substring index notation to use a colon. String slice
|
||||
|
|
|
|||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
|||
2.1-271
|
||||
2.1-279
|
||||
|
|
|
|||
|
|
@ -787,22 +787,23 @@ bool Manager::UnrollRecordType(vector<Field*> *fields, const RecordType *rec,
|
|||
|
||||
if ( ! IsCompatibleType(rec->FieldType(i)) )
|
||||
{
|
||||
// If the field is a file or a function type
|
||||
// If the field is a file, function, or opaque
|
||||
// and it is optional, we accept it nevertheless.
|
||||
// This allows importing logfiles containing this
|
||||
// stuff that we actually cannot read :)
|
||||
if ( allow_file_func )
|
||||
{
|
||||
if ( ( rec->FieldType(i)->Tag() == TYPE_FILE ||
|
||||
rec->FieldType(i)->Tag() == TYPE_FUNC ) &&
|
||||
rec->FieldType(i)->Tag() == TYPE_FUNC ||
|
||||
rec->FieldType(i)->Tag() == TYPE_OPAQUE ) &&
|
||||
rec->FieldDecl(i)->FindAttr(ATTR_OPTIONAL) )
|
||||
{
|
||||
reporter->Info("Encountered incompatible type \"%s\" in table definition for ReaderFrontend. Ignoring field.", type_name(rec->FieldType(i)->Tag()));
|
||||
reporter->Info("Encountered incompatible type \"%s\" in type definition for ReaderFrontend. Ignoring optional field.", type_name(rec->FieldType(i)->Tag()));
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
reporter->Error("Incompatible type \"%s\" in table definition for ReaderFrontend", type_name(rec->FieldType(i)->Tag()));
|
||||
reporter->Error("Incompatible type \"%s\" in type definition for ReaderFrontend", type_name(rec->FieldType(i)->Tag()));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -402,7 +402,7 @@ bool ElasticSearch::HTTPSend(CURL *handle)
|
|||
|
||||
case CURLE_OK:
|
||||
{
|
||||
uint http_code = 0;
|
||||
long http_code = 0;
|
||||
curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE, &http_code);
|
||||
if ( http_code == 200 )
|
||||
// Hopefully everything goes through here.
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
1355266097.683599 error: ../input.log/Input::READER_ASCII: Number '12129223372036854775800' out of supported range.
|
||||
1355266097.683599 error: ../input.log/Input::READER_ASCII: Could not convert line '12129223372036854775800 121218446744073709551612' to Val. Ignoring line.
|
||||
1355266097.683599 warning: ../input.log/Input::READER_ASCII: Number '9223372036854775801TEXTHERE' contained non-numeric trailing characters. Ignored trailing characters 'TEXTHERE'
|
||||
1355266097.683599 warning: ../input.log/Input::READER_ASCII: Number '1Justtext' contained non-numeric trailing characters. Ignored trailing characters 'Justtext'
|
||||
1355266097.683599 error: ../input.log/Input::READER_ASCII: String 'Justtext' contained no parseable number
|
||||
1355266097.683599 error: ../input.log/Input::READER_ASCII: Could not convert line 'Justtext 1' to Val. Ignoring line.
|
||||
1355266097.683599 received termination signal
|
||||
error: ../input.log/Input::READER_ASCII: Number '12129223372036854775800' out of supported range.
|
||||
error: ../input.log/Input::READER_ASCII: Could not convert line '12129223372036854775800 121218446744073709551612' to Val. Ignoring line.
|
||||
warning: ../input.log/Input::READER_ASCII: Number '9223372036854775801TEXTHERE' contained non-numeric trailing characters. Ignored trailing characters 'TEXTHERE'
|
||||
warning: ../input.log/Input::READER_ASCII: Number '1Justtext' contained non-numeric trailing characters. Ignored trailing characters 'Justtext'
|
||||
error: ../input.log/Input::READER_ASCII: String 'Justtext' contained no parseable number
|
||||
error: ../input.log/Input::READER_ASCII: Could not convert line 'Justtext 1' to Val. Ignoring line.
|
||||
received termination signal
|
||||
>>>
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
1355265853.593476 error: ../input.log/Input::READER_ASCII: String 'l' contained no parseable number
|
||||
1355265853.593476 error: ../input.log/Input::READER_ASCII: Could not convert line ' l' to Val. Ignoring line.
|
||||
1355265853.593476 received termination signal
|
||||
error: ../input.log/Input::READER_ASCII: String 'l' contained no parseable number
|
||||
error: ../input.log/Input::READER_ASCII: Could not convert line ' l' to Val. Ignoring line.
|
||||
received termination signal
|
||||
>>>
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
1355265996.626106 error: does-not-exist.dat/Input::READER_ASCII: Init: cannot open does-not-exist.dat
|
||||
1355265996.626106 error: does-not-exist.dat/Input::READER_ASCII: Init failed
|
||||
1355265996.626106 warning: Stream input is already queued for removal. Ignoring remove.
|
||||
1355265996.626106 error: does-not-exist.dat/Input::READER_ASCII: terminating thread
|
||||
1355265996.626106 received termination signal
|
||||
error: does-not-exist.dat/Input::READER_ASCII: Init: cannot open does-not-exist.dat
|
||||
error: does-not-exist.dat/Input::READER_ASCII: Init failed
|
||||
warning: Stream input is already queued for removal. Ignoring remove.
|
||||
error: does-not-exist.dat/Input::READER_ASCII: terminating thread
|
||||
received termination signal
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -11,6 +14,7 @@ T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
|
|||
@TEST-END-FILE
|
||||
|
||||
@load base/protocols/ssh
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -10,6 +13,8 @@
|
|||
-9223372036854775800 18446744073709551612
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
module A;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -22,6 +25,8 @@ abc\xff\x7cdef|DATA2
|
|||
#end|2012-07-20-01-49-19
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
global try: count;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: cp input1.log input.log
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: sleep 2
|
||||
# @TEST-EXEC: cp input2.log input.log
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
|
|
@ -20,6 +23,9 @@
|
|||
2 TEST TEST
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
|
||||
module A;
|
||||
|
||||
type Idx: record {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -11,6 +14,8 @@ T 1
|
|||
- 2
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -16,6 +19,8 @@
|
|||
7 T
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
module A;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: cat out.tmp | sed 's/^ *//g' >out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
|
@ -14,6 +17,8 @@ sdf
|
|||
3rw43wRRERLlL#RWERERERE.
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
type Val: record {
|
||||
|
|
|
|||
|
|
@ -1,8 +1,11 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
# @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff .stderrwithoutfirstline
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderrwithoutfirstline
|
||||
|
||||
@TEST-START-FILE input.log
|
||||
#separator \x09
|
||||
|
|
@ -14,6 +17,8 @@ Justtext 1
|
|||
9223372036854775800 -18446744073709551612
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
module A;
|
||||
|
|
|
|||
|
|
@ -1,8 +1,11 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
# @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff .stderrwithoutfirstline
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderrwithoutfirstline
|
||||
|
||||
@TEST-START-FILE input.log
|
||||
#separator \x09
|
||||
|
|
@ -12,6 +15,8 @@
|
|||
5
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
module A;
|
||||
|
|
|
|||
|
|
@ -1,7 +1,12 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff bro/.stderr
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
global try: count;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -10,6 +13,8 @@
|
|||
T -42
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -10,6 +13,8 @@
|
|||
T -42
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -16,6 +19,8 @@
|
|||
7 T
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -9,6 +12,8 @@
|
|||
1.2.3.6 30 unknown
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
#
|
||||
|
|
@ -20,6 +23,8 @@
|
|||
7 T
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -16,6 +19,8 @@
|
|||
7 T
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -11,6 +14,8 @@
|
|||
2 T test2 idx2
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: cp input1.log input.log
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: sleep 2
|
||||
# @TEST-EXEC: cp input2.log input.log
|
||||
# @TEST-EXEC: sleep 2
|
||||
|
|
@ -55,6 +58,8 @@
|
|||
1 T test1 idx1
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
||||
module A;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -14,6 +17,8 @@ need-to-know 8c864306-d21a-37b1-8705-746a786719bf medium 95 1342569600 1.228.83.
|
|||
need-to-know 8c864306-d21a-37b1-8705-746a786719bf medium 65 1342656000 1.228.83.33 - - 9318 HANARO-AS Hanaro Telecom Inc. 1.224.0.0/13 apnic KR spam infrastructure spamming;malware domain public http://reputation.alienvault.com/reputation.generic
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -13,6 +16,8 @@ sdf
|
|||
3rw43wRRERLlL#RWERERERE.
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
global try: count;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
|
||||
|
||||
|
|
@ -10,6 +13,8 @@
|
|||
1 T
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
global try: count;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: cp input1.log input.log
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: sleep 2
|
||||
# @TEST-EXEC: cp input2.log input.log
|
||||
# @TEST-EXEC: sleep 2
|
||||
|
|
@ -56,6 +59,7 @@ F -48 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
|
|||
@TEST-END-FILE
|
||||
|
||||
@load base/protocols/ssh
|
||||
@load frameworks/communication/listen
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -13,6 +16,8 @@ sdf
|
|||
3rw43wRRERLlL#RWERERERE.
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
global try: count;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
|
||||
|
||||
|
|
@ -13,6 +16,8 @@
|
|||
192.168.17.42
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
|
||||
|
||||
|
|
@ -10,6 +13,8 @@
|
|||
|
||||
redef InputAscii::set_separator = "|";
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
module A;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
|
||||
|
||||
|
|
@ -13,6 +16,9 @@
|
|||
6
|
||||
@TEST-END-FILE
|
||||
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
module A;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: cp input1.log input.log
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: sleep 3
|
||||
# @TEST-EXEC: cat input2.log >> input.log
|
||||
# @TEST-EXEC: sleep 3
|
||||
|
|
@ -22,6 +25,7 @@ F -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
|
|||
@TEST-END-FILE
|
||||
|
||||
@load base/protocols/ssh
|
||||
@load frameworks/communication/listen
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: cp input1.log input.log
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: sleep 3
|
||||
# @TEST-EXEC: cat input2.log >> input.log
|
||||
# @TEST-EXEC: sleep 3
|
||||
|
|
@ -24,6 +27,8 @@ sdf
|
|||
3rw43wRRERLlL#RWERERERE.
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
module A;
|
||||
|
||||
type Val: record {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -11,6 +14,7 @@ T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
|
|||
@TEST-END-FILE
|
||||
|
||||
@load base/protocols/ssh
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
global try: count;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -11,6 +14,7 @@ T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
|
|||
@TEST-END-FILE
|
||||
|
||||
@load base/protocols/ssh
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -16,6 +19,8 @@
|
|||
7 T
|
||||
@TEST-END-FILE
|
||||
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
global try: count;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: cp input1.log input.log
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: sleep 5
|
||||
# @TEST-EXEC: cp input3.log input.log
|
||||
# @TEST-EXEC: btest-bg-wait -k 10
|
||||
|
|
@ -31,6 +34,7 @@ F -44 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
|
|||
@TEST-END-FILE
|
||||
|
||||
@load base/protocols/ssh
|
||||
@load frameworks/communication/listen
|
||||
|
||||
redef InputAscii::empty_field = "EMPTY";
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# @TEST-EXEC: btest-bg-run bro bro -b --pseudo-realtime -r $TRACES/socks.trace %INPUT
|
||||
# (uses listen.bro just to ensure input sources are more reliably fully-read).
|
||||
# @TEST-SERIALIZE: comm
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
||||
# @TEST-EXEC: btest-bg-wait -k 5
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
@ -11,6 +14,7 @@ whatever T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.00
|
|||
@TEST-END-FILE
|
||||
|
||||
@load base/protocols/ssh
|
||||
@load frameworks/communication/listen
|
||||
|
||||
global outfile: file;
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue