mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
04a1ead978
As initial examples, this branch ports the Syslog and Finger analyzers over. We leave the old analyzers in place for now and activate them iff we compile without any Spicy. Needs `zeek-spicy-infra` branches in `spicy/`, `spicy-plugin/`, `CMake/`, and `zeek/zeek-testing-private`. Note that the analyzer events remain associated with the Spicy plugin for now: that's where they will show up with `-NN`, and also inside the Zeekygen documentation. We switch CMake over to linking the runtime library into the plugin, vs. at the top-level through object libraries.
37 lines
1 KiB
Text
37 lines
1 KiB
Text
# @TEST-DOC: Smoke test for a custom ahead-of-time compiled Spicy analyzer hooked into Zeek.
|
|
#
|
|
# @TEST-REQUIRES: $SCRIPTS/have-spicy
|
|
# @TEST-EXEC: ${BUILD}/src/builtin-plugins/spicy-plugin/bin/spicyz test.spicy test.evt -o test.hlto
|
|
# @TEST-EXEC: zeek -NN test.hlto | grep -q ANALYZER_SPICY_TEST
|
|
# @TEST-EXEC: zeek -r ${TRACES}/http/post.trace test.zeek test.hlto "Spicy::enable_print = T;" >>output 2>&1
|
|
# @TEST-EXEC: btest-diff output
|
|
|
|
# @TEST-START-FILE test.spicy
|
|
module test;
|
|
|
|
import zeek;
|
|
|
|
public type Dummy = unit {
|
|
# Consume all data. We split data into lines and log the number of lines and the lines when done.
|
|
data: bytes &eod &convert=$$.split(b"\r\n");
|
|
|
|
on %done { print |self.data|, self; }
|
|
};
|
|
# @TEST-END-FILE
|
|
|
|
# @TEST-START-FILE test.evt
|
|
protocol analyzer spicy::Test over TCP:
|
|
parse with test::Dummy,
|
|
port 80/tcp;
|
|
|
|
on test::Dummy -> event test::dummy(self.data);
|
|
# @TEST-END-FILE
|
|
|
|
# @TEST-START-FILE test.zeek
|
|
module test;
|
|
|
|
event test::dummy(data: vector of string)
|
|
{
|
|
print "Event:", data;
|
|
}
|
|
# @TEST-END-FILE
|