Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/scripts/base/frameworks/analyzer/schedule-analyzer.bro
Robin Sommer dfc4cb0881 Moving all analyzers over to new structure. 
This is a checkpoint, it works but there's more cleanup to do. TODOs in
src/analyzer/protocols/TODO.
2013-04-16 20:52:03 -07:00

36 lines
1.1 KiB
Text
Raw Blame History

#
# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT | sort >output
# @TEST-EXEC: btest-diff output
global x = 0;
event new_connection(c: connection)
{
# Make sure expiration executes.
Analyzer::schedule_analyzer(1.2.3.4, 1.2.3.4, 8/tcp, Analyzer::ANALYZER_MODBUS, 100hrs);
if ( x > 0 )
return;
x = 1;
Analyzer::schedule_analyzer(10.0.0.2, 10.0.0.3, 6/tcp, Analyzer::ANALYZER_SSH, 100hrs);
Analyzer::schedule_analyzer(10.0.0.2, 10.0.0.3, 6/tcp, Analyzer::ANALYZER_HTTP, 100hrs);
Analyzer::schedule_analyzer(10.0.0.2, 10.0.0.3, 6/tcp, Analyzer::ANALYZER_DNS, 100hrs);
Analyzer::schedule_analyzer(0.0.0.0, 10.0.0.3, 6/tcp, Analyzer::ANALYZER_FTP, 100hrs);
Analyzer::schedule_analyzer(10.0.0.2, 10.0.0.3, 7/tcp, Analyzer::ANALYZER_SSH, 1sec);
Analyzer::schedule_analyzer(10.0.0.2, 10.0.0.3, 8/tcp, Analyzer::ANALYZER_HTTP, 1sec);
Analyzer::schedule_analyzer(10.0.0.2, 10.0.0.3, 8/tcp, Analyzer::ANALYZER_DNS, 100hrs);
Analyzer::schedule_analyzer(10.0.0.2, 10.0.0.3, 9/tcp, Analyzer::ANALYZER_FTP, 1sec);
}
event scheduled_analyzer_applied(c: connection, a: Analyzer::Tag)
{
print "APPLIED:", network_time(), c$id, a;
}
Reference in a new issue View git blame Copy permalink