zeek/testing/btest/signatures/eval-condition.zeek at dafc44e8b9ff37f0d6af65bc3dc8af24c44f7d46 - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00

Robin Sommer 789cb376fd GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev.

This also installs symlinks from "zeek" and "bro-config" to a wrapper
script that prints a deprecation warning.

The btests pass, but this is still WIP. broctl renaming is still
missing.

#239

2019-05-01 21:43:45 +00:00

20 lines

347 B

Text

Raw Blame History

 # @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log
 @load-sigs blah.sig
 @TEST-START-FILE blah.sig
 signature blah
 	{
 	ip-proto == tcp
 	src-port == 21
 	payload /.*/
 	eval mark_conn
 	}
 @TEST-END-FILE
 function mark_conn(state: signature_state, data: string): bool
 	{
 	add state$conn$service["blah"];
 	return T;
 	}