Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-01 22:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-2/netcontrol_catch_release.log
Johanna Amann 0c875220e9 Default canonifier change to only remove first timestamp in line 
In the past, we used a default canonifier, which removes everything that
looks like a timestamp from log files. The goal of this is to prevent
logs from changing, e.g., due to local system times ending up in log
files.

This, however, also has the side-effect of removing information that is
parsed from protocols which probably should be part of our tests.
There is at least one test (1999 certificates) where the entire test
output was essentially removed by the canonifier.

GH-4521 was similarly masked by this.

This commit changes the default canonifier, so that only the first
timestamp in a line is removed. This should skip timestamps that are
likely to change while keeping timestamps that are parsed
from protocol information.

A pass has been made over the tests, with some additional adjustments
for cases which require the old canonifier.

There are some cases in which we probably could go further and not
remove timestamps at all - that, however, seems like a follow-up
project.
2025-06-18 15:41:48 +01:00

16 lines
1.4 KiB
Text
Raw Blame History

### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path netcontrol_catch_release
#open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin
#types time string addr enum interval interval time time count string string string
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::ADDED 600.000000 3600.000000 - 1398532618.678276 1 test drop Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic. -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 - 1398532618.678276 1 test drop - Debug-All
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 1398532618.678276 1398615418.678276 2 test drop - -
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 1398532618.678276 1398615418.678276 2 test drop - Debug-All
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 1398615418.678276 1399133818.678276 3 test drop - -
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 1398615418.678276 1399133818.678276 3 test drop - Debug-All
#close XXXX-XX-XX-XX-XX-XX
Reference in a new issue View git blame Copy permalink