Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/Baseline/scripts.base.files.pe.basic/pe.log
Johanna Amann 0c875220e9 Default canonifier change to only remove first timestamp in line 
In the past, we used a default canonifier, which removes everything that
looks like a timestamp from log files. The goal of this is to prevent
logs from changing, e.g., due to local system times ending up in log
files.

This, however, also has the side-effect of removing information that is
parsed from protocols which probably should be part of our tests.
There is at least one test (1999 certificates) where the entire test
output was essentially removed by the canonifier.

GH-4521 was similarly masked by this.

This commit changes the default canonifier, so that only the first
timestamp in a line is removed. This should skip timestamps that are
likely to change while keeping timestamps that are parsed
from protocol information.

A pass has been made over the tests, with some additional adjustments
for cases which require the old canonifier.

There are some cases in which we probably could go further and not
remove timestamps at all - that, however, seems like a follow-up
project.
2025-06-18 15:41:48 +01:00

14 lines
1 KiB
Text
Raw Blame History

### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path pe
#open XXXX-XX-XX-XX-XX-XX
#fields ts id machine compile_ts os subsystem is_exe is_64bit uses_aslr uses_dep uses_code_integrity uses_seh has_import_table has_export_table has_cert_table has_debug_data section_names
#types time string string time string string bool bool bool bool bool bool bool bool bool bool vector[string]
XXXXXXXXXX.XXXXXX FMmjM54uAmLxPMZoV4 unknown-475 0.000000 - - F T F F F T - - - - -
XXXXXXXXXX.XXXXXX FZrhNp43wirvfAjbc I386 1171692517.000000 Windows XP x64 or Server 2003 WINDOWS_GUI T F F F F T T F F T .text,.data,.rsrc
XXXXXXXXXX.XXXXXX FuJAMo3ajILHQd1kFf I386 1210911433.000000 Windows 95 or NT 4.0 WINDOWS_CUI T F F F F T T F T T .text,.rdata,.data,.rsrc
XXXXXXXXXX.XXXXXX FbSGUN27wZI9RUxbv4 I386 1402852568.000000 Windows 95 or NT 4.0 WINDOWS_GUI T F F F F T T T F F .text,.Ddata,.data,.rsrc
#close XXXX-XX-XX-XX-XX-XX
Reference in a new issue View git blame Copy permalink