Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-01 22:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/Baseline/scripts.base.protocols.smb.smb2-create-delete-on-close/smb_cmd.log
Johanna Amann 0c875220e9 Default canonifier change to only remove first timestamp in line 
In the past, we used a default canonifier, which removes everything that
looks like a timestamp from log files. The goal of this is to prevent
logs from changing, e.g., due to local system times ending up in log
files.

This, however, also has the side-effect of removing information that is
parsed from protocols which probably should be part of our tests.
There is at least one test (1999 certificates) where the entire test
output was essentially removed by the canonifier.

GH-4521 was similarly masked by this.

This commit changes the default canonifier, so that only the first
timestamp in a line is removed. This should skip timestamps that are
likely to change while keeping timestamps that are parsed
from protocol information.

A pass has been made over the tests, with some additional adjustments
for cases which require the old canonifier.

There are some cases in which we probably could go further and not
remove timestamps at all - that, however, seems like a follow-up
project.
2025-06-18 15:41:48 +01:00

34 lines
6.4 KiB
Text
Raw Blame History

### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path smb_cmd
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p command sub_command argument status rtt version username tree tree_service referenced_file.ts referenced_file.uid referenced_file.id.orig_h referenced_file.id.orig_p referenced_file.id.resp_h referenced_file.id.resp_p referenced_file.fuid referenced_file.action referenced_file.path referenced_file.name referenced_file.size referenced_file.prev_name referenced_file.times.modified referenced_file.times.accessed referenced_file.times.created referenced_file.times.changed
#types time string addr port addr port string string string string interval string string string string time string addr port addr port string enum string string count string time time time time
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 NEGOTIATE_PROTOCOL - - SUCCESS 0.002119 SMB2 - - - 1657914389.942601 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - - - - 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 SESSION_SETUP - - SUCCESS 0.001559 SMB2 - - - 1657914389.945330 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - - - - 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 TREE_CONNECT - - SUCCESS 0.005032 SMB2 - - - 1657914389.947003 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - - - - 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CREATE - - SUCCESS 0.000430 SMB2 - - - 1657914389.952122 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_OPEN - test_dir 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 QUERY_INFO - - SUCCESS 0.000131 SMB2 - - - 1657914389.952628 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - - - - 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 SET_INFO - - SUCCESS 0.000298 SMB2 - - - 1657914389.952846 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - - - - 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CLOSE - - SUCCESS 0.000112 SMB2 - - - 1657914389.952122 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_CLOSE \\\\127.0.0.1\\tmp test_dir 0 - 1657914389.939333 1657914389.939333 1657914389.939333 1657914389.939333
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CREATE - - FILE_IS_A_DIRECTORY 0.000163 SMB2 - - - 1657914389.953385 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_OPEN - test_dir 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CREATE - - SUCCESS 0.000159 SMB2 - - - 1657914389.953607 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_OPEN - test_dir 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 QUERY_DIRECTORY - - SUCCESS 0.000135 SMB2 - - - 1657914389.953855 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - - - - 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CREATE - - SUCCESS 0.000227 SMB2 - - - 1657914389.954078 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_OPEN - test_dir\\test_create.dat 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CLOSE - - SUCCESS 0.000174 SMB2 - - - 1657914389.954078 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_CLOSE \\\\127.0.0.1\\tmp test_dir\\test_create.dat 0 - 1657914389.939333 1657914389.939333 1657914389.939333 1657914389.939333
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 QUERY_DIRECTORY - - NO_MORE_FILES 0.000038 SMB2 - - - 1657914389.954636 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - - - - 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CREATE - - OBJECT_NAME_NOT_FOUND 0.000158 SMB2 - - - 1657914389.954758 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_OPEN - test_dir\\test_create.dat 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CLOSE - - SUCCESS 0.000053 SMB2 - - - 1657914389.953607 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_CLOSE \\\\127.0.0.1\\tmp test_dir 0 - 1657914389.939333 1657914389.939333 1657914389.939333 1657914389.939333
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CREATE - - SUCCESS 0.000246 SMB2 - - - 1657914389.955119 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_OPEN - test_dir 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CLOSE - - SUCCESS 0.000220 SMB2 - - - 1657914389.955119 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_CLOSE \\\\127.0.0.1\\tmp test_dir 0 - 1657914389.951332 1657914389.951332 1657914389.939333 1657914389.951332
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CREATE - - SUCCESS 0.000748 SMB2 - - - 1657914389.955734 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_OPEN - test_dir 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 QUERY_INFO - - SUCCESS 0.000151 SMB2 - - - 1657914389.956589 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - - - - 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 SET_INFO - - SUCCESS 0.000333 SMB2 - - - 1657914389.956859 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - - - - 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CLOSE - - SUCCESS 0.000112 SMB2 - - - 1657914389.955734 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_CLOSE \\\\127.0.0.1\\tmp test_dir 0 - 1657914389.955334 1657914389.955334 1657914389.955334 1657914389.955334
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CREATE - - SUCCESS 0.000622 SMB2 - - - 1657914389.957470 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_OPEN - test_dir\\test_create.dat 0 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CLOSE - - SUCCESS 0.000141 SMB2 - - - 1657914389.957470 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_CLOSE \\\\127.0.0.1\\tmp test_dir\\test_create.dat 0 - 1657914389.955334 1657914389.955334 1657914389.955334 1657914389.955334
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 CREATE - - OBJECT_NAME_NOT_FOUND 0.000181 SMB2 - - - 1657914389.958383 CHhAvVGS1DHFjwGM9 127.0.0.1 54268 127.0.0.1 445 - SMB::FILE_OPEN - test_dir\\test_create.dat 0 - - - - -
#close XXXX-XX-XX-XX-XX-XX
Reference in a new issue View git blame Copy permalink