mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
03b358f6d1
* 'files_pe_timestamp_sync' of https://github.com/mvhensbergen/zeek: Don't hardcode values Add btest for timestamp check Copy timestamp from file object
10 lines
408 B
Text
10 lines
408 B
Text
# This tests if a pe file's timestamp in pe.log matches the files timestamp in files.log
|
|
|
|
# We simply test if the timestamp and uid of the file is in both pe.log and files.log
|
|
|
|
# @TEST-EXEC: zcat <$TRACES/pe/pe_files_timestamp.pcap.gz | zeek -b -r - %INPUT
|
|
# @TEST-EXEC: zeek-cut ts id < pe.log > pevalues.txt
|
|
# @TEST-EXEC: fgrep "`cat pevalues.txt`" files.log
|
|
|
|
@load base/protocols/http
|
|
@load base/files/pe
|