Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/Baseline/scripts.base.protocols.smb.smb3-multichannel/smb_files.log
Johanna Amann 0c875220e9 Default canonifier change to only remove first timestamp in line 
In the past, we used a default canonifier, which removes everything that
looks like a timestamp from log files. The goal of this is to prevent
logs from changing, e.g., due to local system times ending up in log
files.

This, however, also has the side-effect of removing information that is
parsed from protocols which probably should be part of our tests.
There is at least one test (1999 certificates) where the entire test
output was essentially removed by the canonifier.

GH-4521 was similarly masked by this.

This commit changes the default canonifier, so that only the first
timestamp in a line is removed. This should skip timestamps that are
likely to change while keeping timestamps that are parsed
from protocol information.

A pass has been made over the tests, with some additional adjustments
for cases which require the old canonifier.

There are some cases in which we probably could go further and not
remove timestamps at all - that, however, seems like a follow-up
project.
2025-06-18 15:41:48 +01:00

75 lines
13 KiB
Text
Raw Blame History

### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path smb_files
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid action path name size prev_name times.modified times.accessed times.created times.changed
#types time string addr port addr port string enum string string count string time time time time
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 <share_root> 4096 - 1605187817.667324 1605187818.370434 1605186712.683043 1605187817.667324
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 00bfsvc.exe 77824 - 1575709687.627527 1605187818.339180 1605187803.589207 1605186871.995596
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 00bfsvc.enc 0 - 1605187839.401714 1605187839.401714 1605187839.401714 1605187839.401714
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_DELETE \\\\172.17.0.189\\share2 00bfsvc.exe 77824 - 1575709687.627527 1605187839.370483 1605187803.589207 1605186871.995596
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 01bootstat.docx 67584 - 1605186558.219021 1605187818.370434 1605187803.620455 1605186880.854933
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 <share_root> 4096 - 1605187839.479828 1605187839.479828 1605186712.683043 1605187839.479828
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 01bootstat.enc 0 - 1605187839.495455 1605187839.495455 1605187839.495455 1605187839.495455
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_DELETE \\\\172.17.0.189\\share2 01bootstat.docx 67584 - 1605186558.219021 1605187839.495455 1605187803.620455 1605186880.854933
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 02DtcInstall.doc 1947 - 1603199414.205622 1605187805.214176 1605187803.620455 1605186885.073690
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 02DtcInstall.enc 0 - 1605187839.526701 1605187839.526701 1605187839.526701 1605187839.526701
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_DELETE \\\\172.17.0.189\\share2 02DtcInstall.doc 1947 - 1603199414.205622 1605187805.214176 1605187803.620455 1605186885.073690
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 05hh.exe 18432 - 1575709779.615219 1605187810.261076 1605187803.651707 1605186902.386175
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 05hh.enc 0 - 1605187839.557980 1605187839.557980 1605187839.557980 1605187839.557980
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_DELETE \\\\172.17.0.189\\share2 05hh.exe 18432 - 1575709779.615219 1605187810.261076 1605187803.651707 1605186902.386175
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 06lsasetup.pdf 1376 - 1603199293.846262 1605187805.198553 1605187803.667328 1605186906.714336
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 06lsasetup.enc 0 - 1605187839.604832 1605187839.604832 1605187839.604832 1605187839.604832
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_DELETE \\\\172.17.0.189\\share2 06lsasetup.pdf 1376 - 1603199293.846262 1605187805.198553 1605187803.667328 1605186906.714336
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 07mib.pdf 43131 - 1575709738.863657 1605187805.182934 1605187803.682961 1605186910.386171
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 07mib.enc 0 - 1605187839.636076 1605187839.636076 1605187839.636076 1605187839.636076
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_DELETE \\\\172.17.0.189\\share2 07mib.pdf 43131 - 1575709738.863657 1605187839.636076 1605187803.682961 1605186910.386171
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 08notepad.exe 202240 - 1589175647.847164 1605187818.354807 1605187803.698591 1605186914.698669
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 08notepad.enc 0 - 1605187839.698582 1605187839.698582 1605187839.698582 1605187839.698582
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_DELETE \\\\172.17.0.189\\share2 08notepad.exe 202240 - 1589175647.847164 1605187839.698582 1605187803.698591 1605186914.698669
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 09PFRO.doc 4772 - 1603464285.061102 1605187818.401690 1605187803.714214 1605186917.979956
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 09PFRO.enc 0 - 1605187839.776712 1605187839.776712 1605187839.776712 1605187839.776712
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_DELETE \\\\172.17.0.189\\share2 09PFRO.doc 4772 - 1603464285.061102 1605187818.401690 1605187803.714214 1605186917.979956
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 10Professional.docx 30831 - 1575709828.779543 1605187805.151686 1605187803.729830 1605186922.058071
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 10Professional.enc 0 - 1605187839.807964 1605187839.807964 1605187839.807964 1605187839.807964
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_DELETE \\\\172.17.0.189\\share2 10Professional.docx 30831 - 1575709828.779543 1605187805.151686 1605187803.729830 1605186922.058071
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 11regedit.exe 369664 - 1575709785.990505 1605187810.229826 1605187803.729830 1605186925.042423
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_DELETE \\\\172.17.0.189\\share2 11regedit.exe 369664 - 1575709785.990505 1605187839.870453 1605187803.729830 1605186925.042423
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 12splwow64.exe 135168 - 1575709692.174423 1605187810.214214 1605187803.745453 1605186929.104958
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 12splwow64.enc 0 - 1605187839.995468 1605187839.995468 1605187839.995468 1605187839.995468
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.17.0.184 57093 172.17.0.189 445 - SMB::FILE_OPEN - 13system.pdf 219 - 1575709962.747200 1605187805.136053 1605187803.761078 1605186932.136166
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 13system.enc 0 - 1605187840.073576 1605187840.073576 1605187840.073576 1605187840.073576
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 172.17.0.184 57095 172.17.0.189 445 - SMB::FILE_OPEN - 13system.pdf 219 - 1575709962.747200 1605187805.136053 1605187803.761078 1605186932.136166
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 14twain_32.pdf 65024 - 1575709800.475327 1605187805.057928 1605187803.839201 1605186940.729935
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.17.0.184 57093 172.17.0.189 445 - SMB::FILE_OPEN - 14twain_32.enc 0 - 1605187840.151705 1605187840.151705 1605187840.151705 1605187840.151705
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 <share_root> 4096 - 1605187840.229822 1605187840.229822 1605186712.683043 1605187840.229822
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 00bfsvc.enc 103968 - 1605187839.417334 1605187839.417334 1605187839.401714 1605187839.417334
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 00bfsvc.enc 103968 - 1605187839.417334 1605187839.417334 1605187839.401714 1605187839.417334
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 01bootstat.enc 90288 - 1605187839.495455 1605187839.495455 1605187839.495455 1605187839.495455
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 01bootstat.enc 90288 - 1605187839.495455 1605187839.495455 1605187839.495455 1605187839.495455
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 02DtcInstall.enc 2736 - 1605187839.526701 1605187839.526701 1605187839.526701 1605187839.526701
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 02DtcInstall.enc 2736 - 1605187839.526701 1605187839.526701 1605187839.526701 1605187839.526701
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 05hh.enc 24624 - 1605187839.557980 1605187839.557980 1605187839.557980 1605187839.557980
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 05hh.enc 24624 - 1605187839.557980 1605187839.557980 1605187839.557980 1605187839.557980
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 06lsasetup.enc 2736 - 1605187839.620447 1605187839.620447 1605187839.604832 1605187839.620447
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 06lsasetup.enc 2736 - 1605187839.620447 1605187839.620447 1605187839.604832 1605187839.620447
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 07mib.enc 58824 - 1605187839.651703 1605187839.651703 1605187839.636076 1605187839.651703
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 07mib.enc 58824 - 1605187839.651703 1605187839.651703 1605187839.636076 1605187839.651703
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 08notepad.enc 270864 - 1605187839.714205 1605187839.714205 1605187839.698582 1605187839.714205
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 08notepad.enc 270864 - 1605187839.714205 1605187839.714205 1605187839.698582 1605187839.714205
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 09PFRO.enc 6840 - 1605187839.776712 1605187839.776712 1605187839.776712 1605187839.776712
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 09PFRO.enc 6840 - 1605187839.776712 1605187839.776712 1605187839.776712 1605187839.776712
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 10Professional.enc 42408 - 1605187839.807964 1605187839.807964 1605187839.807964 1605187839.807964
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 10Professional.enc 42408 - 1605187839.807964 1605187839.807964 1605187839.807964 1605187839.807964
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 11regedit.enc 493848 - 1605187839.901697 1605187839.901697 1605187839.870453 1605187839.901697
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 11regedit.enc 493848 - 1605187839.901697 1605187839.901697 1605187839.870453 1605187839.901697
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 12splwow64.enc 180576 - 1605187840.011074 1605187840.807953 1605187839.995468 1605187840.011074
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 12splwow64.enc 180576 - 1605187840.011074 1605187840.807953 1605187839.995468 1605187840.011074
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 13system.enc 1368 - 1605187840.073576 1605187840.839193 1605187840.073576 1605187840.073576
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 13system.enc 1368 - 1605187840.073576 1605187840.839193 1605187840.073576 1605187840.073576
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 172.17.0.184 57094 172.17.0.189 445 - SMB::FILE_OPEN - 14twain_32.enc 87552 - 1605187840.167326 1605187840.167326 1605187840.151705 1605187840.167326
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.0.184 57092 172.17.0.189 445 - SMB::FILE_OPEN \\\\172.17.0.189\\share2 14twain_32.enc 87552 - 1605187840.167326 1605187840.167326 1605187840.151705 1605187840.167326
#close XXXX-XX-XX-XX-XX-XX
Reference in a new issue View git blame Copy permalink