mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
15d74ac081
Mostly trying to standardize the way tests sleep for arbitrary amounts of time to make it easier to tell at which particular point the unit test actually may need the timeout interval increased (or else debugged further).
38 lines
1 KiB
Text
38 lines
1 KiB
Text
|
|
# @TEST-EXEC: btest-bg-run broproc bro %INPUT
|
|
# @TEST-EXEC: btest-bg-wait -k 5
|
|
# @TEST-EXEC: btest-diff broproc/intel.log
|
|
|
|
@TEST-START-FILE intel.dat
|
|
#fields indicator indicator_type meta.source meta.desc meta.url
|
|
1.2.3.4 Intel::ADDR source1 this host is just plain baaad http://some-data-distributor.com/1234
|
|
1.2.3.4 Intel::ADDR source1 this host is just plain baaad http://some-data-distributor.com/1234
|
|
e@mail.com Intel::EMAIL source1 Phishing email source http://some-data-distributor.com/100000
|
|
@TEST-END-FILE
|
|
|
|
redef exit_only_after_terminate = T;
|
|
redef Intel::read_files += { "../intel.dat" };
|
|
redef enum Intel::Where += { SOMEWHERE };
|
|
|
|
event do_it()
|
|
{
|
|
Intel::seen([$indicator="e@mail.com",
|
|
$indicator_type=Intel::EMAIL,
|
|
$where=SOMEWHERE]);
|
|
|
|
Intel::seen([$host=1.2.3.4,
|
|
$where=SOMEWHERE]);
|
|
}
|
|
|
|
global log_lines = 0;
|
|
event Intel::log_intel(rec: Intel::Info)
|
|
{
|
|
++log_lines;
|
|
if ( log_lines == 2 )
|
|
terminate();
|
|
}
|
|
|
|
event bro_init() &priority=-10
|
|
{
|
|
schedule 1sec { do_it() };
|
|
}
|