Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/testing/btest/scripts/policy/misc/dump-events.zeek

20 lines
1,020 B
Text
Raw Blame History

# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT >all-events.log
# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include_args=F >all-events-no-args.log
# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include=/smtp_/ >smtp-events.log
# @TEST-EXEC: zeek -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::dump_all_events=T | grep -v "CPU: interval\|samples: set\|path: string" > really-all-events.log
#
# @TEST-EXEC: btest-diff all-events.log
# @TEST-EXEC: btest-diff all-events-no-args.log
# @TEST-EXEC: btest-diff smtp-events.log
# @TEST-EXEC: btest-diff really-all-events.log
# There is some kind of race condition between the MD5 and SHA1 events, which are added
# by the SSL parser. Just remove MD5, this is not important for this test.
event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=-5
{
if ( ! c?$ssl )
return;
Files::remove_analyzer(f, Files::ANALYZER_MD5);
}
Reference in a new issue View git blame Copy permalink