zeek/testing/btest/zeek-aux/zeek-cut/time-header.test

# @TEST-DOC: Test zeek-cut with both time conversion and show header options.
#

# Time format string does not affect the header timestamps.
# @TEST-EXEC: cat ${ZEEK_AUX_LOGS}/test.log | zeek-cut -C -U "%H %M %y %m %d" > utc-fmt
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff utc-fmt

# Log file uses non-default field separator.
# @TEST-EXEC: cat ${ZEEK_AUX_LOGS}/conncomma.log | zeek-cut -C -d proto ts id.orig_h > nondefault-separator
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff nondefault-separator

# Field separator changes between two log files.
# @TEST-EXEC: cat ${ZEEK_AUX_LOGS}/conn.log ${ZEEK_AUX_LOGS}/conncomma.log | zeek-cut -C -d proto ts id.orig_h > different-field-separator
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff different-field-separator

# Column order changes between two log files.
# @TEST-EXEC: cat ${ZEEK_AUX_LOGS}/conn.log ${ZEEK_AUX_LOGS}/conntimelast.log | zeek-cut -C -d proto ts id.orig_h > different-col-order
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff different-col-order

# One file has timestamps and one file does not.
# @TEST-EXEC: cat ${ZEEK_AUX_LOGS}/conn.log ${ZEEK_AUX_LOGS}/onecolumn.log | zeek-cut -C -d ts id.orig_h > missing-ts-one-file
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff missing-ts-one-file

# Specify ts twice.
# @TEST-EXEC: cat ${ZEEK_AUX_LOGS}/conn.log | zeek-cut -C -d ts id.orig_h ts > ts-twice
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff ts-twice

# File has more than one time column.
# @TEST-EXEC: cat ${ZEEK_AUX_LOGS}/multiple-times.log | zeek-cut -C -d proto ts2 ts1 > multiple-times
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff multiple-times