From dfdddae7e2cae41fdd397e14f8c2b62859212bed Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Fri, 15 Nov 2024 14:11:46 +0100 Subject: [PATCH] baseline: Reduce conn.log to relevant fields --- tests/analyzer/basic.zeek | 2 +- tests/baseline/analyzer.basic/conn.log | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/analyzer/basic.zeek b/tests/analyzer/basic.zeek index ab64aed..6989d80 100644 --- a/tests/analyzer/basic.zeek +++ b/tests/analyzer/basic.zeek @@ -4,7 +4,7 @@ # @TEST-EXEC: cat files.log | sed 's/SHA1,MD5/MD5,SHA1/g' >files.log.tmp && mv -f files.log.tmp files.log # # Drop fields which are incompatible between zeek-6.0 and dev version. -# @TEST-EXEC: zeek-cut -C -n fuid conn.log2 && mv conn.log2 conn.log +# @TEST-EXEC: zeek-cut -C ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration history conn.log2 && mv conn.log2 conn.log # @TEST-EXEC: zeek-cut -C -n orig_fuids resp_fuids http.log.tmp && mv http.log.tmp http.log # @TEST-EXEC: zeek-cut -C -n fuid parent_fuid files.log.tmp && mv files.log.tmp files.log # diff --git a/tests/baseline/analyzer.basic/conn.log b/tests/baseline/analyzer.basic/conn.log index 076a0c8..b98ba1a 100644 --- a/tests/baseline/analyzer.basic/conn.log +++ b/tests/baseline/analyzer.basic/conn.log @@ -6,7 +6,7 @@ #unset_field - #path conn #open XXXX-XX-XX-XX-XX-XX -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents -#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration history +#types time string addr port addr port enum string interval string #close XXXX-XX-XX-XX-XX-XX -XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 53595 54.243.55.129 80 tcp http 0.068875 160 519 SF F F 0 ShADadFf 8 588 6 839 - +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.228.5 53595 54.243.55.129 80 tcp http 0.068875 ShADadFf