mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
e11c20e1eb
Changing the default_file_bof_buffer_size has subtle impact on MIME type detection and changed the zeek-testing baseline. Do not load this new script via test-all-policy to avoid this. The new test was mainly an aid to understand what is actually going on. In short, if default_file_bof_buffer_size is larger than the file MIME detection only runs when the buffer is full, or when the file is removed. When a file transfer happens over multiple HTTP connections, only some or one of the http.log entries will have a proper response MIME type. PCAP extracted from 2009-M57-day11-18.trace.gz.
35 lines
1.2 KiB
Text
35 lines
1.2 KiB
Text
@load test-all-policy.zeek
|
|
|
|
# Scripts which are commented out in test-all-policy.zeek.
|
|
@load protocols/ssl/decryption.zeek
|
|
@load frameworks/cluster/nodes-experimental/manager.zeek
|
|
@load frameworks/control/controllee.zeek
|
|
@load frameworks/control/controller.zeek
|
|
@load frameworks/management/agent/main.zeek
|
|
@load frameworks/management/controller/main.zeek
|
|
@load frameworks/management/node/__load__.zeek
|
|
@load frameworks/management/node/main.zeek
|
|
@load frameworks/files/extract-all-files.zeek
|
|
@load frameworks/signatures/iso-9660.zeek
|
|
@load policy/misc/dump-events.zeek
|
|
@load policy/protocols/conn/speculative-service.zeek
|
|
|
|
@if ( have_spicy() )
|
|
# Loading this messes up documentation of some elements defined elsewhere.
|
|
# @load frameworks/spicy/record-spicy-batch.zeek
|
|
@load frameworks/spicy/resource-usage.zeek
|
|
@endif
|
|
|
|
@load ./example.zeek
|
|
|
|
event zeek_init() &priority=1000
|
|
{
|
|
# Disable events in modules that use zeek_init() to do stuff and may
|
|
# fail when run under zeekygen. For the purpose of zeekygen, we could
|
|
# probably disable all modules, too.
|
|
disable_module_events("Control");
|
|
disable_module_events("Management::Agent::Runtime");
|
|
disable_module_events("Management::Controller::Runtime");
|
|
disable_module_events("Management::Node");
|
|
terminate();
|
|
}
|