1 files changed, 86 insertions, 0 deletions

diff --git a/qa/378.out b/qa/378.out
new file mode 100644
index 0000000..7dfa328
--- /dev/null
+++ b/qa/378.out
@@ -0,0 +1,86 @@
+QA output created by 378
+just one archive (kenj-pc-1) ...
+pmie: timezone set to local timezone of host kenj-pc
+print Sun Feb  8 13:02:00 2004: kenj-pc: 1.51
+print Sun Feb  8 13:05:00 2004: kenj-pc: 1.71
+print Sun Feb  8 13:23:00 2004: kenj-pc: 2.23
+print Sun Feb  8 13:24:00 2004: kenj-pc: 2.17
+print Sun Feb  8 13:25:00 2004: kenj-pc: 1.68
+print Sun Feb  8 13:39:00 2004: kenj-pc: 2.08
+print Sun Feb  8 14:47:00 2004: kenj-pc: 1.71
+print Sun Feb  8 14:48:00 2004: kenj-pc: 1.52
+print Sun Feb  8 14:49:00 2004: kenj-pc: 1.81
+print Sun Feb  8 14:50:00 2004: kenj-pc: 1.55
+print Sun Feb  8 14:52:00 2004: kenj-pc: 1.81
+print Sun Feb  8 15:15:00 2004: kenj-pc: 1.85
+print Sun Feb  8 15:16:00 2004: kenj-pc: 1.56
+print Sun Feb  8 15:17:00 2004: kenj-pc: 1.53
+
+expect error as same host ...
+pmie: Error: archive src/kenj-pc-2 not legal - archive src/kenj-pc-1 is already open for host kenj-pc
+
+other archive (naslog) ...
+pmie: timezone set to local timezone of host snort
+print Thu Apr  8 16:12:00 2004: snort: 3.27
+print Thu Apr  8 16:13:00 2004: snort: 2.87
+print Thu Apr  8 16:14:00 2004: snort: 3.17
+print Thu Apr  8 16:15:00 2004: snort: 2.83
+print Thu Apr  8 16:16:00 2004: snort: 3.04
+print Thu Apr  8 16:17:00 2004: snort: 2.11
+
+and now together kenj-pc-1 first ...
+pmie: timezone set to local timezone of host kenj-pc
+print Sun Feb  8 13:02:00 2004: kenj-pc: 1.51
+print Sun Feb  8 13:05:00 2004: kenj-pc: 1.71
+print Sun Feb  8 13:23:00 2004: kenj-pc: 2.23
+print Sun Feb  8 13:24:00 2004: kenj-pc: 2.17
+print Sun Feb  8 13:25:00 2004: kenj-pc: 1.68
+print Sun Feb  8 13:39:00 2004: kenj-pc: 2.08
+print Sun Feb  8 14:47:00 2004: kenj-pc: 1.71
+print Sun Feb  8 14:48:00 2004: kenj-pc: 1.52
+print Sun Feb  8 14:49:00 2004: kenj-pc: 1.81
+print Sun Feb  8 14:50:00 2004: kenj-pc: 1.55
+print Sun Feb  8 14:52:00 2004: kenj-pc: 1.81
+print Sun Feb  8 15:15:00 2004: kenj-pc: 1.85
+print Sun Feb  8 15:16:00 2004: kenj-pc: 1.56
+print Sun Feb  8 15:17:00 2004: kenj-pc: 1.53
+
+and now together naslog first ...
+pmie: timezone set to local timezone of host snort
+print Thu Apr  8 16:12:00 2004: snort: 3.27
+print Thu Apr  8 16:13:00 2004: snort: 2.87
+print Thu Apr  8 16:14:00 2004: snort: 3.17
+print Thu Apr  8 16:15:00 2004: snort: 2.83
+print Thu Apr  8 16:16:00 2004: snort: 3.04
+print Thu Apr  8 16:17:00 2004: snort: 2.11
+
+two rules, host-specific (naslog first) ...
+pmie: timezone set to local timezone of host snort
+print Sun Feb  8 13:02:00 2004: kenj-pc: 1.51
+print Sun Feb  8 13:05:00 2004: kenj-pc: 1.71
+print Sun Feb  8 13:23:00 2004: kenj-pc: 2.23
+print Sun Feb  8 13:24:00 2004: kenj-pc: 2.17
+print Sun Feb  8 13:25:00 2004: kenj-pc: 1.68
+print Sun Feb  8 13:39:00 2004: kenj-pc: 2.08
+print Sun Feb  8 14:47:00 2004: kenj-pc: 1.71
+print Sun Feb  8 14:48:00 2004: kenj-pc: 1.52
+print Sun Feb  8 14:49:00 2004: kenj-pc: 1.81
+print Sun Feb  8 14:50:00 2004: kenj-pc: 1.55
+print Sun Feb  8 14:52:00 2004: kenj-pc: 1.81
+print Sun Feb  8 15:15:00 2004: kenj-pc: 1.85
+print Sun Feb  8 15:16:00 2004: kenj-pc: 1.56
+print Sun Feb  8 15:17:00 2004: kenj-pc: 1.53
+print Thu Apr  8 16:12:00 2004: snort: 3.27
+print Thu Apr  8 16:13:00 2004: snort: 2.87
+print Thu Apr  8 16:14:00 2004: snort: 3.17
+print Thu Apr  8 16:15:00 2004: snort: 2.83
+print Thu Apr  8 16:16:00 2004: snort: 3.04
+print Thu Apr  8 16:17:00 2004: snort: 2.11
+
+and now with some_host ... only one value ever available, so >
+condition is always false and some_host never gets a chance
+... expect no output
+pmie: timezone set to local timezone of host snort
+
+... and it does not matter which order the archives are given
+pmie: timezone set to local timezone of host kenj-pc