mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 16:18:19 +00:00
08e1771682
support reading from commands by adppending | to the filename. support streaming reads from command. Fix something to make rearead work better. (magically happened)
58 lines
1.1 KiB
Text
58 lines
1.1 KiB
Text
#
|
|
# @TEST-EXEC: cp input1.log input.log
|
|
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
|
|
# @TEST-EXEC: sleep 3
|
|
# @TEST-EXEC: cat input2.log >> input.log
|
|
# @TEST-EXEC: sleep 3
|
|
# @TEST-EXEC: cat input3.log >> input.log
|
|
# @TEST-EXEC: btest-bg-wait -k 3
|
|
# @TEST-EXEC: btest-diff out
|
|
|
|
@TEST-START-FILE input1.log
|
|
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
|
|
@TEST-END-FILE
|
|
|
|
@TEST-START-FILE input2.log
|
|
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
|
|
q3r3057fdf
|
|
@TEST-END-FILE
|
|
|
|
@TEST-START-FILE input3.log
|
|
sdfs\d
|
|
|
|
dfsdf
|
|
sdf
|
|
3rw43wRRERLlL#RWERERERE.
|
|
|
|
@TEST-END-FILE
|
|
|
|
@load frameworks/communication/listen
|
|
|
|
module A;
|
|
|
|
type Val: record {
|
|
s: string;
|
|
};
|
|
|
|
global try: count;
|
|
global outfile: file;
|
|
|
|
event line(description: Input::EventDescription, tpe: Input::Event, s: string) {
|
|
print outfile, description;
|
|
print outfile, tpe;
|
|
print outfile, s;
|
|
try = try + 1;
|
|
|
|
if ( try == 9 ) {
|
|
print outfile, "done";
|
|
close(outfile);
|
|
Input::remove("input");
|
|
}
|
|
}
|
|
|
|
event bro_init()
|
|
{
|
|
outfile = open ("../out");
|
|
try = 0;
|
|
Input::add_event([$source="tail -f ../input.log |", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
|
|
}
|