33 lines
994 B
Plaintext
33 lines
994 B
Plaintext
# @TEST-EXEC: btest-bg-run zeek zeek -b $SCRIPTS/file-analysis-test.zeek %INPUT
|
|
# @TEST-EXEC: btest-bg-wait 8
|
|
# @TEST-EXEC: btest-diff zeek/.stdout
|
|
# @TEST-EXEC: diff -q zeek/F0jzofqi9tYZw8TTd-file input.log
|
|
|
|
redef exit_only_after_terminate = T;
|
|
|
|
redef test_get_file_name = function(f: fa_file): string
|
|
{
|
|
return fmt("%s-file", f$id);
|
|
};
|
|
|
|
# @TEST-START-FILE input.log
|
|
#separator \x09
|
|
#path ssh
|
|
#fields b i e c p sn a d t iv s sc ss se vc ve ns
|
|
#types bool int enum count port subnet addr double time interval string table table table vector vector string
|
|
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242
|
|
# @TEST-END-FILE
|
|
|
|
event zeek_init()
|
|
{
|
|
local source: string = "../input.log";
|
|
Input::add_analysis([$source=source, $reader=Input::READER_BINARY,
|
|
$mode=Input::MANUAL, $name=source]);
|
|
Input::remove(source);
|
|
}
|
|
|
|
event file_state_remove(f: fa_file) &priority=-10
|
|
{
|
|
terminate();
|
|
}
|