20 lines
851 B
Plaintext
20 lines
851 B
Plaintext
# @TEST-EXEC: zeek -r ${TRACES}/socks.trace %INPUT
|
|
# @TEST-EXEC: mv analyzer.log analyzer.log-default
|
|
# @TEST-EXEC: btest-diff analyzer.log-default
|
|
|
|
# @TEST-EXEC: zeek -r ${TRACES}/socks.trace %INPUT Analyzer::Logging::include_confirmations=T
|
|
# @TEST-EXEC: mv analyzer.log analyzer.log-include-confirmations
|
|
# @TEST-EXEC: btest-diff analyzer.log-include-confirmations
|
|
|
|
# @TEST-EXEC: zeek -r ${TRACES}/socks.trace %INPUT Analyzer::Logging::include_disabling=T
|
|
# @TEST-EXEC: mv analyzer.log analyzer.log-include-disabling
|
|
# @TEST-EXEC: btest-diff analyzer.log-include-disabling
|
|
|
|
@load base/protocols/conn
|
|
@load base/protocols/dns
|
|
@load base/protocols/socks
|
|
|
|
# DCE RPC violations are ignored by default. Consider violations for this
|
|
# test so that the analyzer will be disabled eventually.
|
|
redef DPD::ignore_violations -= { Analyzer::ANALYZER_DCE_RPC };
|