diff --git a/tests/Baseline/zeekjs.hook.no-break/.stdout b/tests/Baseline/zeekjs.hook.no-break/.stdout index 338ea47..1aac9a3 100644 --- a/tests/Baseline/zeekjs.hook.no-break/.stdout +++ b/tests/Baseline/zeekjs.hook.no-break/.stdout @@ -1,3 +1,3 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -dns: {"ts":1630165389.090197,"uid":"CHhAvVGS1DHFjwGM9","id.orig_h":"172.16.11.201","id.orig_p":36872,"id.resp_h":"1.1.1.1","id.resp_p":53,"proto":"udp","trans_id":64072,"rtt":0.04377388954162598,"query":"corelight.com","qclass":1,"qclass_name":"C_INTERNET","qtype":1,"qtype_name":"A","rcode":0,"rcode_name":"NOERROR","AA":false,"TC":false,"RD":true,"RA":true,"Z":2,"answers":["199.60.103.6","199.60.103.106"],"TTLs":[60,60],"rejected":false} +dns: {"ts":1630165389.090197,"uid":"CHhAvVGS1DHFjwGM9","id.orig_h":"172.16.11.201","id.orig_p":36872,"id.resp_h":"1.1.1.1","id.resp_p":53,"proto":"udp","trans_id":64072,"rtt":0.04377388954162598,"query":"corelight.com","qclass":1,"qclass_name":"C_INTERNET","qtype":1,"qtype_name":"A","rcode":0,"rcode_name":"NOERROR","AA":false,"TC":false,"RD":true,"RA":true,"Z":2,"answers":["199.60.103.6","199.60.103.106"],"TTLs":[60,60],"rejected":false,"opcode":0,"opcode_name":"query"} conn: {"ts":1630165389.090197,"uid":"CHhAvVGS1DHFjwGM9","id.orig_h":"172.16.11.201","id.orig_p":36872,"id.resp_h":"1.1.1.1","id.resp_p":53,"proto":"udp","service":"dns","duration":0.04377388954162598,"orig_bytes":54,"resp_bytes":74,"conn_state":"SF","missed_bytes":0,"history":"Dd","orig_pkts":1,"orig_ip_bytes":82,"resp_pkts":1,"resp_ip_bytes":102} diff --git a/tests/Baseline/zeekjs.hook.no-break/dns.log b/tests/Baseline/zeekjs.hook.no-break/dns.log index f77611b..6ec9a7b 100644 --- a/tests/Baseline/zeekjs.hook.no-break/dns.log +++ b/tests/Baseline/zeekjs.hook.no-break/dns.log @@ -1,2 +1,2 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -{"ts":1630165389.090197,"uid":"CHhAvVGS1DHFjwGM9","id.orig_h":"172.16.11.201","id.orig_p":36872,"id.resp_h":"1.1.1.1","id.resp_p":53,"proto":"udp","trans_id":64072,"rtt":0.04377388954162598,"query":"corelight.com","qclass":1,"qclass_name":"C_INTERNET","qtype":1,"qtype_name":"A","rcode":0,"rcode_name":"NOERROR","AA":false,"TC":false,"RD":true,"RA":true,"Z":2,"answers":["199.60.103.6","199.60.103.106"],"TTLs":[60.0,60.0],"rejected":false} +{"ts":1630165389.090197,"uid":"CHhAvVGS1DHFjwGM9","id.orig_h":"172.16.11.201","id.orig_p":36872,"id.resp_h":"1.1.1.1","id.resp_p":53,"proto":"udp","trans_id":64072,"rtt":0.04377388954162598,"query":"corelight.com","qclass":1,"qclass_name":"C_INTERNET","qtype":1,"qtype_name":"A","rcode":0,"rcode_name":"NOERROR","AA":false,"TC":false,"RD":true,"RA":true,"Z":2,"answers":["199.60.103.6","199.60.103.106"],"TTLs":[60.0,60.0],"rejected":false,"opcode":0,"opcode_name":"query"} diff --git a/tests/Baseline/zeekjs.hook.with-break/.stdout b/tests/Baseline/zeekjs.hook.with-break/.stdout index 338ea47..1aac9a3 100644 --- a/tests/Baseline/zeekjs.hook.with-break/.stdout +++ b/tests/Baseline/zeekjs.hook.with-break/.stdout @@ -1,3 +1,3 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -dns: {"ts":1630165389.090197,"uid":"CHhAvVGS1DHFjwGM9","id.orig_h":"172.16.11.201","id.orig_p":36872,"id.resp_h":"1.1.1.1","id.resp_p":53,"proto":"udp","trans_id":64072,"rtt":0.04377388954162598,"query":"corelight.com","qclass":1,"qclass_name":"C_INTERNET","qtype":1,"qtype_name":"A","rcode":0,"rcode_name":"NOERROR","AA":false,"TC":false,"RD":true,"RA":true,"Z":2,"answers":["199.60.103.6","199.60.103.106"],"TTLs":[60,60],"rejected":false} +dns: {"ts":1630165389.090197,"uid":"CHhAvVGS1DHFjwGM9","id.orig_h":"172.16.11.201","id.orig_p":36872,"id.resp_h":"1.1.1.1","id.resp_p":53,"proto":"udp","trans_id":64072,"rtt":0.04377388954162598,"query":"corelight.com","qclass":1,"qclass_name":"C_INTERNET","qtype":1,"qtype_name":"A","rcode":0,"rcode_name":"NOERROR","AA":false,"TC":false,"RD":true,"RA":true,"Z":2,"answers":["199.60.103.6","199.60.103.106"],"TTLs":[60,60],"rejected":false,"opcode":0,"opcode_name":"query"} conn: {"ts":1630165389.090197,"uid":"CHhAvVGS1DHFjwGM9","id.orig_h":"172.16.11.201","id.orig_p":36872,"id.resp_h":"1.1.1.1","id.resp_p":53,"proto":"udp","service":"dns","duration":0.04377388954162598,"orig_bytes":54,"resp_bytes":74,"conn_state":"SF","missed_bytes":0,"history":"Dd","orig_pkts":1,"orig_ip_bytes":82,"resp_pkts":1,"resp_ip_bytes":102} diff --git a/tests/Baseline/zeekjs.log-events/.stdout b/tests/Baseline/zeekjs.log-events/.stdout index c3db8ad..e78c385 100644 --- a/tests/Baseline/zeekjs.log-events/.stdout +++ b/tests/Baseline/zeekjs.log-events/.stdout @@ -29,7 +29,9 @@ DNS::log_dns: { 77, 77 ], - "rejected": false + "rejected": false, + "opcode": 0, + "opcode_name": "query" } HTTP::log_http: { "ts": 1630238734.007674, diff --git a/tests/Baseline/zeekjs.new-event/.stdout b/tests/Baseline/zeekjs.new-event/.stdout index b5a74b8..0281fc6 100644 --- a/tests/Baseline/zeekjs.new-event/.stdout +++ b/tests/Baseline/zeekjs.new-event/.stdout @@ -117,7 +117,8 @@ dns_message [ "num_queries": 1, "num_answers": 0, "num_auth": 0, - "num_addl": 1 + "num_addl": 1, + "is_netbios": false } }, { @@ -198,6 +199,8 @@ dns_request [ "RA": false, "Z": 0, "rejected": false, + "opcode": 0, + "opcode_name": "query", "saw_query": false, "saw_reply": false }, @@ -221,6 +224,8 @@ dns_request [ "RA": false, "Z": 0, "rejected": false, + "opcode": 0, + "opcode_name": "query", "saw_query": false, "saw_reply": false } @@ -245,7 +250,8 @@ dns_request [ "num_queries": 1, "num_answers": 0, "num_auth": 0, - "num_addl": 1 + "num_addl": 1, + "is_netbios": false } }, { @@ -345,6 +351,8 @@ dns_message [ "RA": false, "Z": 0, "rejected": false, + "opcode": 0, + "opcode_name": "query", "saw_query": true, "saw_reply": false }, @@ -373,6 +381,8 @@ dns_message [ "RA": false, "Z": 0, "rejected": false, + "opcode": 0, + "opcode_name": "query", "saw_query": true, "saw_reply": false } @@ -401,7 +411,8 @@ dns_message [ "num_queries": 1, "num_answers": 2, "num_auth": 0, - "num_addl": 1 + "num_addl": 1, + "is_netbios": false } }, { diff --git a/tests/zeekjs/hook/no-break.sh b/tests/zeekjs/hook/no-break.sh index 25626c6..35d5681 100644 --- a/tests/zeekjs/hook/no-break.sh +++ b/tests/zeekjs/hook/no-break.sh @@ -1,5 +1,5 @@ # @TEST-DOC: Hook Log::log_stream_policy and return an explicit false to break (and stop creating http.log) -# @TEST-REQUIRES: zeek -e 'global_ids()["Log::log_stream_policy"]' +# @TEST-REQUIRES: zeek -e 'global_ids()["dns_dynamic_update"]' # @TEST-EXEC: zeek -r $TRACES/dns.pcap ./hook.js ./local.zeek # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff conn.log diff --git a/tests/zeekjs/hook/with-break.sh b/tests/zeekjs/hook/with-break.sh index ba31a13..388fe3c 100644 --- a/tests/zeekjs/hook/with-break.sh +++ b/tests/zeekjs/hook/with-break.sh @@ -1,5 +1,5 @@ # @TEST-DOC: Hook Log::log_stream_policy and return an explicit false to break (and stop creating http.log) -# @TEST-REQUIRES: zeek -e 'global_ids()["Log::log_stream_policy"]' +# @TEST-REQUIRES: zeek -e 'global_ids()["dns_dynamic_update"]' # @TEST-EXEC: zeek -r $TRACES/dns.pcap ./hook.js ./local.zeek # These aren't written because our hook log_stream_policy hook prevents it. # @TEST-EXEC: test ! -f conn.log diff --git a/tests/zeekjs/log-events.sh b/tests/zeekjs/log-events.sh index 10477f0..7fe0d6d 100644 --- a/tests/zeekjs/log-events.sh +++ b/tests/zeekjs/log-events.sh @@ -1,6 +1,6 @@ # @TEST-DOC: Basic testing of the common log_ events from the base scripts # Only run this test on the (dev) version. It's too difficult to maintain it otherwise. -# @TEST-REQUIRES: zeek --version >&2 && zeek -e 'exit((Version::info$version_number >= 80000 && Version::info$commit >= 594) ? 0 : 1)' +# @TEST-REQUIRES: zeek --version >&2 && zeek -e 'exit((Version::info$version_number >= 80100 && Version::info$commit >= 920) ? 0 : 1)' # @TEST-EXEC: zeek -r $TRACES/dns-http-https.pcap ./log-events.js ./local.zeek # @TEST-EXEC: btest-diff .stdout