mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
0bc7d0905e
This has come up a few times and the motivation is mainly better "first timer" experience with Zeek. Concretely, if one wants to run a Zeek cluster with multiple workers and reasonable load balancing on Linux, AF_PACKET is a decent start. Without AF_PACKET support being built into Zeek, however, a new user's next experience is that of setting up a development environment in order to compile an external plugin (think compiler, kernel headers, zkg, ...). Only to get what could be termed basic functionality. This is using the ZEEK_INCLUDE_PLUGINS infrastructure. I've used the all upper case spelling of AF_PACKET in the help output because it seems everyone else references/writes it like that. I think we should also write it like that in the docs.
17 lines
1.1 KiB
Text
17 lines
1.1 KiB
Text
# This test is meant to cover whether the set of scripts that get loaded by
|
|
# default matches a baseline of known defaults. When new scripts are
|
|
# added to the scripts/base/ directory, the baseline will usually just need
|
|
# to be updated.
|
|
#
|
|
# As the output has absolute paths in it, we need to remove the common
|
|
# prefix to make the test work everywhere. That's what the sed magic
|
|
# below does. Don't ask. :-)
|
|
|
|
# @TEST-REQUIRES: test -x ${BUILD}/auxil/spicy/spicy/bin/spicy-config
|
|
# @TEST-EXEC: zeek misc/loaded-scripts
|
|
# @TEST-EXEC: test -e loaded_scripts.log
|
|
# @TEST-EXEC: cat loaded_scripts.log | egrep -v '#' | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix
|
|
# @TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix
|
|
# @TEST-EXEC: cat loaded_scripts.log | sed "s#`cat buildprefix`#build#g" | sed "s#`cat prefix`##g" >prefix_canonified_loaded_scripts.log
|
|
# @TEST-EXEC: grep -v 'Zeek_AF_Packet' prefix_canonified_loaded_scripts.log > canonified_loaded_scripts.log
|
|
# @TEST-EXEC: btest-diff canonified_loaded_scripts.log
|