Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/Baseline/scripts.base.protocols.http.version-mismatch/http.log
Johanna Amann 0c875220e9 Default canonifier change to only remove first timestamp in line 
In the past, we used a default canonifier, which removes everything that
looks like a timestamp from log files. The goal of this is to prevent
logs from changing, e.g., due to local system times ending up in log
files.

This, however, also has the side-effect of removing information that is
parsed from protocols which probably should be part of our tests.
There is at least one test (1999 certificates) where the entire test
output was essentially removed by the canonifier.

GH-4521 was similarly masked by this.

This commit changes the default canonifier, so that only the first
timestamp in a line is removed. This should skip timestamps that are
likely to change while keeping timestamps that are parsed
from protocol information.

A pass has been made over the tests, with some additional adjustments
for cases which require the old canonifier.

There are some cases in which we probably could go further and not
remove timestamps at all - that, however, seems like a follow-up
project.
2025-06-18 15:41:48 +01:00

12 lines
1.6 KiB
Text
Raw Blame History

### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path http
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
#types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.102 1482 74.201.118.102 80 1 GET ad.afy11.net /srad.js?azId=1000000326207 http://d3.zedo.com/jsc/d3/ff2.html?n=1073;c=1;s=1;d=7;w=160;h=600 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 0 12122 200 OK - - (empty) - - - - - - FdVLuk3tKSr7YHlidh - text/plain
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.102 1482 74.201.118.102 80 2 GET ad.afy11.net /ad?asId=1000000326207&sd=2x160x600&ct=7&enc=1&sf=0&sfd=0&ynw=0&anw=1&rand=71014409&rk1=46812516&rk2=1258567535.025&pt=0 http://d3.zedo.com/jsc/d3/ff2.html?n=1073;c=1;s=1;d=7;w=160;h=600 1.0 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 0 1254 200 OK - - (empty) - - - - - - F5aMef27icyTRBKeQa - application/javascript
#close XXXX-XX-XX-XX-XX-XX
Reference in a new issue View git blame Copy permalink