Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/signatures/custom-event.zeek
Tim Wojtulewicz 9142a48725 Remove deprecated signature definition format
2024-08-07 11:58:22 -07:00

39 lines
951 B
Text
Raw Permalink Blame History

# @TEST-DOC: Test the [event_name] notation within the event keyword of rules.
#
# @TEST-EXEC: zeek -b -s id -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >out
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
# @TEST-EXEC: btest-diff out
@TEST-START-FILE id.sig
signature udp-proto {
ip-proto == 17
event my_signature_match3 "message"
}
signature udp-stuff {
dst-ip == mynets
event my_signature_match2
}
@TEST-END-FILE
const mynets: set[subnet] = {
192.168.1.0/24,
10.0.0.0/8,
127.0.0.0/24
};
event signature_match(state: signature_state, msg: string, data: string)
{
print fmt("signature_match %s - %s", state$conn$id, msg);
}
event my_signature_match2(state: signature_state, data: string)
{
print fmt("signature_match2 %s", state$conn$id);
}
event my_signature_match3(state: signature_state, msg: string, data: string)
{
print fmt("signature_match3 %s - %s", state$conn$id, msg);
}
Reference in a new issue View git blame Copy permalink