mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Change #types description of sets to set
Addresses BIT-1163
This commit is contained in:
Bernhard Amann
parent
9ec657eeb1
commit
01d075bf2d
66 changed files with 211 additions and 207 deletions
|
|
@ -68,6 +68,10 @@ string Field::TypeName() const
|
|||
{
|
||||
string n = type_name(type);
|
||||
|
||||
// we do not support tables, if the internal bro type is table it always is a set
|
||||
if ( type == TYPE_TABLE )
|
||||
n = "set";
|
||||
|
||||
if ( (type == TYPE_TABLE) || (type == TYPE_VECTOR) )
|
||||
{
|
||||
n += "[";
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2014-02-14-20-04-20
|
||||
#open 2014-04-01-22-56-13
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1371685686.536606 CXWv6p3arKYeMETxOg 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH - 0 D 1 257 0 0 (empty)
|
||||
1371686961.156859 CjhGID4nQcgTWjvg4c 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH - 0 d 0 0 1 1500 (empty)
|
||||
1371686961.479321 CCvvfg3TEfuqmmG4bh 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - 0 D 1 710 0 0 (empty)
|
||||
#close 2014-02-14-20-04-20
|
||||
#close 2014-04-01-22-56-13
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-19-02-12
|
||||
#open 2014-04-01-22-56-20
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1284385418.014560 CPbrpk1qSsw6ESzHV4 fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - 0 D 2 288 0 0 (empty)
|
||||
1284385417.962560 CRJuHdVW0XPVINV8a fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - 0 D 2 210 0 0 (empty)
|
||||
1284385411.091560 CjhGID4nQcgTWjvg4c fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - 0 - 1 64 0 0 (empty)
|
||||
|
|
@ -13,4 +13,4 @@
|
|||
1284385451.658560 C6pKV8GSxOnSLghOa fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - 0 - 5 500 5 500 (empty)
|
||||
1284385413.027560 CsRx2w45OKnoww6xl4 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - 0 - 1 64 0 0 (empty)
|
||||
1284385412.963560 CCvvfg3TEfuqmmG4bh fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - 0 - 1 48 0 0 (empty)
|
||||
#close 2013-08-26-19-02-12
|
||||
#close 2014-04-01-22-56-20
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-19-02-14
|
||||
#open 2014-04-01-22-56-24
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1278600802.069419 CXWv6p3arKYeMETxOg 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 381 7 3801 (empty)
|
||||
#close 2013-08-26-19-02-14
|
||||
#close 2014-04-01-22-56-24
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-19-02-13
|
||||
#open 2014-04-01-22-56-29
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1363900699.548138 CXWv6p3arKYeMETxOg 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - 0 D 2 92 0 0 (empty)
|
||||
1363900699.549647 CjhGID4nQcgTWjvg4c 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - 0 D 2 608 0 0 (empty)
|
||||
#close 2013-08-26-19-02-13
|
||||
#close 2014-04-01-22-56-29
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2014-01-24-22-19-38
|
||||
#open 2014-04-01-22-56-36
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1331764471.664131 CXWv6p3arKYeMETxOg 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF - 2902 ShADafF 5 750 4 172 (empty)
|
||||
#close 2014-01-24-22-19-38
|
||||
#close 2014-04-01-22-56-36
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-18-38-29
|
||||
#open 2014-04-01-22-56-43
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1257655301.595604 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - 0 ShADad 10 3605 11 5329 CCvvfg3TEfuqmmG4bh
|
||||
1257655296.585034 CCvvfg3TEfuqmmG4bh 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - 0 Dd 21 5717 13 6473 (empty)
|
||||
1257655293.629048 CXWv6p3arKYeMETxOg 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - 0 d 0 0 1 176 (empty)
|
||||
|
|
@ -14,4 +14,4 @@
|
|||
1257655296.585188 CPbrpk1qSsw6ESzHV4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
|
||||
1257655296.585151 CRJuHdVW0XPVINV8a fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
|
||||
1257655296.585034 CsRx2w45OKnoww6xl4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
|
||||
#close 2013-08-26-18-38-29
|
||||
#close 2014-04-01-22-56-43
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-19-34-59
|
||||
#open 2014-04-01-22-56-43
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1257655301.652206 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 10102 200 OK - - - (empty) - - - - - FYAtjT24MvCBUs5K5f text/html
|
||||
1257655302.514424 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 2 GET ipv6.google.com /csi?v=3&s=webhp&action=&tran=undefined&e=17259,19771,21517,21766,21887,22212&ei=BUz2Su7PMJTglQfz3NzCAw&rt=prt.77,xjs.565,ol.645 http://ipv6.google.com/ Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - - (empty) - - - - - - -
|
||||
1257655303.603569 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 3 GET ipv6.google.com /gen_204?atyp=i&ct=fade&cad=1254&ei=BUz2Su7PMJTglQfz3NzCAw&zx=1257655303600 http://ipv6.google.com/ Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - - (empty) - - - - - - -
|
||||
#close 2013-08-26-19-34-59
|
||||
#close 2014-04-01-22-56-43
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2014-01-16-21-51-36
|
||||
#open 2014-04-01-22-56-55
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1341436440.002928 CRJuHdVW0XPVINV8a 3.3.3.2 520 224.0.0.9 520 udp - 26.148268 48 0 S0 - 0 D 2 104 0 0 CjhGID4nQcgTWjvg4c
|
||||
1341436424.378840 CsRx2w45OKnoww6xl4 3.3.3.1 520 224.0.0.9 520 udp - 28.555457 168 0 S0 - 0 D 2 224 0 0 CjhGID4nQcgTWjvg4c
|
||||
1341436424.204043 CCvvfg3TEfuqmmG4bh 10.10.25.1 8 192.168.1.2 0 icmp - 42.380221 22464 22464 OTH - 0 - 312 31200 312 31200 CjhGID4nQcgTWjvg4c
|
||||
#close 2014-01-16-21-51-36
|
||||
#close 2014-04-01-22-56-55
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2014-01-16-21-51-12
|
||||
#open 2014-04-01-22-56-51
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1055289978.756932 CsRx2w45OKnoww6xl4 66.59.111.190 40264 172.28.2.3 22 tcp ssh 3.157831 952 1671 SF - 0 ShAdDaFf 12 1584 10 2199 CXWv6p3arKYeMETxOg
|
||||
1055289987.055189 CRJuHdVW0XPVINV8a 66.59.111.190 37675 172.28.2.3 53 udp dns 5.001141 66 0 S0 - 0 D 2 122 0 0 CXWv6p3arKYeMETxOg
|
||||
1055289996.849099 CIPOse170MGiRM1Qf4 66.59.111.190 123 129.170.17.4 123 udp - 0.072374 48 48 SF - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
|
||||
|
|
@ -13,4 +13,4 @@
|
|||
1055289992.849231 C6pKV8GSxOnSLghOa 66.59.111.190 123 66.59.111.182 123 udp - 0.056629 48 48 SF - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
|
||||
1055289968.793044 CjhGID4nQcgTWjvg4c 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH - 0 - 4 336 4 336 CXWv6p3arKYeMETxOg
|
||||
1055289987.106744 CPbrpk1qSsw6ESzHV4 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH - 0 - 2 178 0 0 CXWv6p3arKYeMETxOg
|
||||
#close 2014-01-16-21-51-12
|
||||
#close 2014-04-01-22-56-51
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-18-38-29
|
||||
#open 2014-04-01-22-56-58
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1333458850.321642 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 tcp http 0.257902 1138 63424 S3 - 0 ShADadf 29 2310 49 65396 CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh
|
||||
1333458850.325787 CCvvfg3TEfuqmmG4bh 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 - 0 D 49 67160 0 0 (empty)
|
||||
1333458850.321642 CXWv6p3arKYeMETxOg 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - 0 D 29 3354 0 0 (empty)
|
||||
#close 2013-08-26-18-38-29
|
||||
#close 2014-04-01-22-56-58
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-19-02-16
|
||||
#open 2014-04-01-22-56-58
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1333458850.340368 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 1 GET cdn.epicgameads.com /ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=4&cac=1&t=728x90&cb=1333458879 http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&channel=4&cb=1333458905296 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 0 31461 200 OK - - - (empty) - - - - - FHKKd91EMHBEK0hbdg application/x-shockwave-flash
|
||||
1333458850.399501 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 2 GET cdn.epicgameads.com /ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=0&cac=1&t=728x90&cb=1333458881 http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&cb=1333458920207 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 0 31461 200 OK - - - (empty) - - - - - Fu64Vqjy6nBop9nRd application/x-shockwave-flash
|
||||
#close 2013-08-26-19-02-16
|
||||
#close 2014-04-01-22-56-58
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-19-02-17
|
||||
#open 2014-04-01-22-57-03
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1333458871.219794 CXWv6p3arKYeMETxOg 10.131.24.6 2152 195.178.38.3 53 udp dns - - - S0 - 0 D 1 64 0 0 (empty)
|
||||
#close 2013-08-26-19-02-17
|
||||
#close 2014-04-01-22-57-03
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-18-38-30
|
||||
#open 2014-04-01-22-57-05
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1333458851.770000 CjhGID4nQcgTWjvg4c fe80::224c:4fff:fe43:414c 1234 ff02::1:3 5355 udp dns - - - S0 - 0 D 1 80 0 0 CXWv6p3arKYeMETxOg
|
||||
1333458851.770000 CXWv6p3arKYeMETxOg 118.92.124.41 2152 118.92.124.72 2152 udp gtpv1 0.199236 152 0 S0 - 0 D 2 208 0 0 (empty)
|
||||
1333458851.969236 CCvvfg3TEfuqmmG4bh fe80::224c:4fff:fe43:414c 133 ff02::2 134 icmp - - - - OTH - 0 - 1 56 0 0 CXWv6p3arKYeMETxOg
|
||||
#close 2013-08-26-18-38-30
|
||||
#close 2014-04-01-22-57-05
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-18-38-30
|
||||
#open 2014-04-01-22-57-08
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1333458850.037956 CEle3f3zno26fFZkrh 10.131.112.102 51403 94.245.121.253 3544 udp teredo - - - SHR - 0 d 0 0 1 84 C3SfNE4BWaU4aSuwkc
|
||||
1333458850.040098 CwSkQu4eWZCH7OONC1 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 - 0 D 2 248 0 0 (empty)
|
||||
1333458850.016620 CsRx2w45OKnoww6xl4 172.24.16.121 61901 94.245.121.251 3544 udp teredo - - - S0 - 0 D 1 80 0 0 CCvvfg3TEfuqmmG4bh
|
||||
|
|
@ -23,4 +23,4 @@
|
|||
1333458850.035456 CMXxB5GvmoxJFXdTa 172.27.159.9 63912 94.245.121.253 3544 udp teredo - - - S0 - 0 D 1 89 0 0 CJ3xTn1c4Zw9TmAE05
|
||||
1333458850.016620 CRJuHdVW0XPVINV8a 2001:0:5ef5:79fb:38b8:1695:2b37:be8e 128 2002:2571:c817::2571:c817 129 icmp - - - - OTH - 0 - 1 52 0 0 CsRx2w45OKnoww6xl4
|
||||
1333458850.035456 Caby8b1slFea8xwSmb fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH - 0 - 2 96 0 0 Che1bq3i2rO3KD1Syg,CMXxB5GvmoxJFXdTa
|
||||
#close 2013-08-26-18-38-30
|
||||
#close 2014-04-01-22-57-08
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-19-02-18
|
||||
#open 2014-04-01-22-57-11
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1333458850.532814 CXWv6p3arKYeMETxOg 247.56.43.90 2152 247.56.43.248 2152 udp - - - - S0 - 0 D 1 52 0 0 (empty)
|
||||
1333458850.867091 CjhGID4nQcgTWjvg4c 247.56.43.214 2152 237.56.101.238 2152 udp - 0.028676 12 14 SF - 0 Dd 1 40 1 42 (empty)
|
||||
#close 2013-08-26-19-02-18
|
||||
#close 2014-04-01-22-57-11
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-18-38-31
|
||||
#open 2014-04-01-22-57-12
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1333458852.011535 CjhGID4nQcgTWjvg4c 10.222.10.10 44960 173.194.69.188 5228 tcp ssl 0.573499 704 1026 S1 - 0 ShADad 17 1604 14 1762 CXWv6p3arKYeMETxOg
|
||||
1333458852.011535 CXWv6p3arKYeMETxOg 79.188.154.91 2152 243.149.173.198 2152 udp gtpv1 0.573499 1740 1930 SF - 0 Dd 17 2216 14 2322 (empty)
|
||||
#close 2013-08-26-18-38-31
|
||||
#close 2014-04-01-22-57-12
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-18-38-31
|
||||
#open 2014-04-01-22-57-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1333458850.364667 CjhGID4nQcgTWjvg4c 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF - 0 ShADadfF 27 3204 41 52594 CXWv6p3arKYeMETxOg
|
||||
1333458850.364667 CXWv6p3arKYeMETxOg 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF - 0 Dd 27 4176 41 54070 (empty)
|
||||
#close 2013-08-26-18-38-31
|
||||
#close 2014-04-01-22-57-15
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-19-02-18
|
||||
#open 2014-04-01-22-57-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1333458850.375568 CjhGID4nQcgTWjvg4c 10.131.47.185 1923 79.101.110.141 80 1 GET o-o.preferred.telekomrs-beg1.v2.lscache8.c.youtube.com /videoplayback?upn=MTU2MDY5NzQ5OTM0NTI3NDY4NDc&sparams=algorithm,burst,cp,factor,id,ip,ipbits,itag,source,upn,expire&fexp=912300,907210&algorithm=throttle-factor&itag=34&ip=212.0.0.0&burst=40&sver=3&signature=832FB1042E20780CFCA77A4DB5EA64AC593E8627.D1166C7E8365732E52DAFD68076DAE0146E0AE01&source=youtube&expire=1333484980&key=yt1&ipbits=8&factor=1.25&cp=U0hSSFRTUl9NSkNOMl9MTVZKOjh5eEN2SG8tZF84&id=ebf1e932d4bd1286&cm2=1 http://s.ytimg.com/yt/swfbin/watch_as3-vflqrJwOA.swf Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko; X-SBLSP) Chrome/17.0.963.83 Safari/535.11 0 56320 206 Partial Content - - - (empty) - - - - - FNJkBA1b8FSHt5N8jl -
|
||||
#close 2013-08-26-19-02-18
|
||||
#close 2014-04-01-22-57-15
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_services
|
||||
#open 2012-10-02-20-10-05
|
||||
#open 2014-04-01-22-57-25
|
||||
#fields ts host port_num port_proto service
|
||||
#types time addr port enum table[string]
|
||||
#types time addr port enum set[string]
|
||||
1258567191.405770 192.168.1.1 53 udp TEREDO
|
||||
#close 2012-10-02-20-10-05
|
||||
#close 2014-04-01-22-57-25
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-18-38-32
|
||||
#open 2014-04-01-22-57-21
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1210953047.736921 CjhGID4nQcgTWjvg4c 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - 0 fA 1 40 1 40 (empty)
|
||||
1210953050.867067 CCvvfg3TEfuqmmG4bh 192.168.2.16 1577 75.126.203.78 80 tcp - 0.000387 0 0 SHR - 0 fA 1 40 1 40 (empty)
|
||||
1210953057.833364 CIPOse170MGiRM1Qf4 192.168.2.16 1577 75.126.203.78 80 tcp - 0.079208 0 0 SH - 0 Fa 1 40 1 40 (empty)
|
||||
|
|
@ -27,4 +27,4 @@
|
|||
1210953052.324629 C6pKV8GSxOnSLghOa fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - 0 - 1 88 0 0 CPbrpk1qSsw6ESzHV4
|
||||
1210953060.829303 CEle3f3zno26fFZkrh 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - 0 - 1 52 1 52 C3SfNE4BWaU4aSuwkc,CsRx2w45OKnoww6xl4
|
||||
1210953052.202579 CRJuHdVW0XPVINV8a fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - 0 - 1 64 0 0 CsRx2w45OKnoww6xl4
|
||||
#close 2013-08-26-18-38-32
|
||||
#close 2014-04-01-22-57-21
|
||||
|
|
|
|||
|
|
@ -3,11 +3,11 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-19-35-02
|
||||
#open 2014-04-01-22-57-21
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1210953057.917183 C7XEbhP654jzLoe3a 192.168.2.16 1578 75.126.203.78 80 1 POST download913.avast.com /cgi-bin/iavs4stats.cgi - Syncer/4.80 (av_pro-1169;f) 589 0 204 <empty> - - - (empty) - - - Fp32SIJztq0Szn5Qc text/plain - -
|
||||
1210953061.585996 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - - - FNFYdH11h5iQcoD3a2 text/html
|
||||
1210953073.381474 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - - - FHD5nv1iSVFZVM0aH7 text/html
|
||||
1210953074.674817 Cab0vO1xNYSS2hJkle 192.168.2.16 1580 67.228.110.120 80 1 GET www.wireshark.org / http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 11845 200 OK - - - (empty) - - - - - FS7lUf2cJFAVBCu6w6 application/xml
|
||||
#close 2013-08-26-19-35-02
|
||||
#close 2014-04-01-22-57-21
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-18-38-32
|
||||
#open 2014-04-01-22-57-27
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1340127577.354166 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - 0 ShADad 10 2279 12 11191 CRJuHdVW0XPVINV8a
|
||||
1340127577.336558 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - 0 Dd 2 185 1 80 (empty)
|
||||
1340127577.341510 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - 0 Dd 12 2703 13 11607 (empty)
|
||||
|
|
@ -13,4 +13,4 @@
|
|||
1340127577.339015 CsRx2w45OKnoww6xl4 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - 0 - 1 88 0 0 CCvvfg3TEfuqmmG4bh
|
||||
1340127577.343969 CPbrpk1qSsw6ESzHV4 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - 0 - 1 52 1 52 CXWv6p3arKYeMETxOg,CRJuHdVW0XPVINV8a
|
||||
1340127577.336558 CjhGID4nQcgTWjvg4c fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - 0 - 1 64 0 0 CXWv6p3arKYeMETxOg
|
||||
#close 2013-08-26-18-38-32
|
||||
#close 2014-04-01-22-57-27
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-19-35-02
|
||||
#open 2014-04-01-22-57-27
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1340127577.361683 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - - - FWSTWv4EZLVlc2Zywi text/html
|
||||
1340127577.379360 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - - - FGKV3B3jz083xhGO13 text/html
|
||||
#close 2013-08-26-19-35-02
|
||||
#close 2014-04-01-22-57-27
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-19-02-20
|
||||
#open 2014-04-01-22-57-31
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
952109346.874907 CXWv6p3arKYeMETxOg 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH - 0 SADF 11 470 0 0 (empty)
|
||||
1128727435.450898 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 730 10 9945 (empty)
|
||||
1278600802.069419 CCvvfg3TEfuqmmG4bh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 381 7 3801 (empty)
|
||||
#close 2013-08-26-19-02-20
|
||||
#close 2014-04-01-22-57-31
|
||||
|
|
|
|||
|
|
@ -16,9 +16,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#open 2014-01-21-21-56-07
|
||||
#open 2014-04-01-22-59-07
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string table[enum] interval bool string string string double double
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
||||
1389721084.522861 - - - - - - - - - FTP::Bruteforcing 192.168.56.1 had 20 failed logins on 1 FTP server in 0m37s - 192.168.56.1 - - - bro Notice::ACTION_LOG 3600.000000 F - - - - -
|
||||
#close 2014-01-21-21-56-07
|
||||
#close 2014-04-01-22-59-07
|
||||
|
||||
|
|
|
|||
|
|
@ -16,9 +16,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#open 2014-01-21-20-11-20
|
||||
#open 2014-04-01-22-59-14
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string table[enum] interval bool string string string double double
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
||||
1389654450.449603 CXWv6p3arKYeMETxOg 192.168.56.1 52679 192.168.56.101 80 - - - tcp HTTP::Open_Proxy A local server is acting as an open proxy: 192.168.56.101 - 192.168.56.1 192.168.56.101 80 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
|
||||
#close 2014-01-21-20-11-20
|
||||
#close 2014-04-01-22-59-15
|
||||
|
||||
|
|
|
|||
|
|
@ -16,9 +16,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-10-07-23-48-15
|
||||
#open 2014-04-01-22-59-28
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty)
|
||||
1300475167.097012 CjhGID4nQcgTWjvg4c fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - 0 D 1 199 0 0 (empty)
|
||||
1300475167.099816 CCvvfg3TEfuqmmG4bh 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 179 0 0 (empty)
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-19-36-03
|
||||
#open 2014-04-01-23-00-17
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1377545762.339375 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - -
|
||||
#close 2013-08-26-19-36-04
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1396393217.023534 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - -
|
||||
#close 2014-04-01-23-00-19
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-19-36-03
|
||||
#open 2014-04-01-23-00-17
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1377545762.339375 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - -
|
||||
#close 2013-08-26-19-36-04
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1396393217.023534 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - -
|
||||
#close 2014-04-01-23-00-19
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-19-36-03
|
||||
#open 2014-04-01-22-59-59
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1377545762.339375 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - -
|
||||
#close 2013-08-26-19-36-04
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1396393198.822094 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - -
|
||||
#close 2014-04-01-23-00-00
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-19-03-34
|
||||
#open 2014-04-01-22-59-59
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1377543813.907864 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - -
|
||||
#close 2013-08-26-19-03-35
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1396393198.822094 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - -
|
||||
#close 2014-04-01-23-00-00
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2014-01-23-22-15-45
|
||||
#open 2014-04-01-23-12-50
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1300475168.784020 CRJuHdVW0XPVINV8a 141.142.0.0 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -
|
||||
1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.0.0 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -
|
||||
1300475168.916183 C7XEbhP654jzLoe3a 141.142.0.0 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -
|
||||
|
|
@ -20,4 +20,4 @@
|
|||
1300475169.014619 CyAhVIzHqb7t7kv28 141.142.0.0 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -
|
||||
1300475169.014593 CzA03V1VcgagLjnO92 141.142.0.0 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -
|
||||
1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.0.0 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -
|
||||
#close 2014-01-23-22-15-45
|
||||
#close 2014-04-01-23-12-50
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path files
|
||||
#open 2013-08-26-18-39-03
|
||||
#open 2014-04-01-23-13-35
|
||||
#fields ts fuid tx_hosts rx_hosts conn_uids source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted
|
||||
#types time string table[addr] table[addr] table[string] string count table[string] string string interval bool bool count count count count bool string string string string string
|
||||
#types time string set[addr] set[addr] set[string] string count set[string] string string interval bool bool count count count count bool string string string string string
|
||||
1362692527.009721 FakNcS1Jfe01uljb3 192.150.187.43 141.142.228.5 CXWv6p3arKYeMETxOg HTTP 0 SHA256,DATA_EVENT,MD5,EXTRACT,SHA1 text/plain - 0.000054 - F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac 1dd7ac0398df6cbc0696445a91ec681facf4dc47 4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18 FakNcS1Jfe01uljb3-file
|
||||
#close 2013-08-26-18-39-03
|
||||
#close 2014-04-01-23-13-35
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path intel
|
||||
#open 2013-08-14-03-46-32
|
||||
#open 2014-04-01-23-13-48
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc seen.indicator seen.indicator_type seen.where sources
|
||||
#types time string addr port addr port string string string string enum enum table[string]
|
||||
1376451992.872806 - - - - - - - - 123.123.123.123 Intel::ADDR Intel::IN_ANYWHERE worker-1
|
||||
#close 2013-08-14-03-46-42
|
||||
#types time string addr port addr port string string string string enum enum set[string]
|
||||
1396394028.821227 - - - - - - - - 123.123.123.123 Intel::ADDR Intel::IN_ANYWHERE worker-1
|
||||
#close 2014-04-01-23-13-58
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path intel
|
||||
#open 2013-08-14-03-47-03
|
||||
#open 2014-04-01-23-14-04
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc seen.indicator seen.indicator_type seen.where sources
|
||||
#types time string addr port addr port string string string string enum enum table[string]
|
||||
1376452023.137179 - - - - - - - - e@mail.com Intel::EMAIL SOMEWHERE source1
|
||||
1376452023.137179 - - - - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE source1
|
||||
#close 2013-08-14-03-47-03
|
||||
#types time string addr port addr port string string string string enum enum set[string]
|
||||
1396394044.377145 - - - - - - - - e@mail.com Intel::EMAIL SOMEWHERE source1
|
||||
1396394044.377145 - - - - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE source1
|
||||
#close 2014-04-01-23-14-04
|
||||
|
|
|
|||
|
|
@ -3,11 +3,11 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path intel
|
||||
#open 2013-08-14-03-47-23
|
||||
#open 2014-04-01-23-14-12
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc seen.indicator seen.indicator_type seen.where sources
|
||||
#types time string addr port addr port string string string string enum enum table[string]
|
||||
1376452043.835810 - - - - - - - - 1.2.3.4 Intel::ADDR Intel::IN_A_TEST source1
|
||||
1376452043.835810 - - - - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST source1
|
||||
1376452044.855238 - - - - - - - - 1.2.3.4 Intel::ADDR Intel::IN_A_TEST source1
|
||||
1376452044.855238 - - - - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST source1
|
||||
#close 2013-08-14-03-47-32
|
||||
#types time string addr port addr port string string string string enum enum set[string]
|
||||
1396394052.512481 - - - - - - - - 1.2.3.4 Intel::ADDR Intel::IN_A_TEST source1
|
||||
1396394052.512481 - - - - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST source1
|
||||
1396394053.554897 - - - - - - - - 1.2.3.4 Intel::ADDR Intel::IN_A_TEST source1
|
||||
1396394053.554897 - - - - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST source1
|
||||
#close 2014-04-01-23-14-21
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-18-39-58
|
||||
#open 2014-04-01-23-14-58
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1315799856.264750 CXWv6p3arKYeMETxOg 10.0.1.104 64216 193.40.5.162 80 1 GET lepo.it.da.ut.ee /~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf - Wget/1.12 (darwin10.8.0) 0 346 404 Not Found - - - (empty) - - - - - FGNm7b3eXjhJLfvOWl text/html
|
||||
#close 2013-08-26-18-39-58
|
||||
#close 2014-04-01-23-14-58
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#open 2012-07-20-01-49-19
|
||||
#open 2014-04-01-23-15-00
|
||||
#fields ss
|
||||
#types table[string]
|
||||
#types set[string]
|
||||
CC,AA,\x2c,\x2c\x2c
|
||||
#close 2012-07-20-01-49-19
|
||||
#close 2014-04-01-23-15-00
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@
|
|||
<!-- orig_ip_bytes : count -->
|
||||
<!-- resp_pkts : count -->
|
||||
<!-- resp_ip_bytes : count -->
|
||||
<!-- tunnel_parents : table[string] -->
|
||||
<!-- tunnel_parents : set[string] -->
|
||||
|
||||
# Extent, type='conn'
|
||||
ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@
|
|||
<!-- orig_ip_bytes : count -->
|
||||
<!-- resp_pkts : count -->
|
||||
<!-- resp_ip_bytes : count -->
|
||||
<!-- tunnel_parents : table[string] -->
|
||||
<!-- tunnel_parents : set[string] -->
|
||||
|
||||
# Extent, type='conn'
|
||||
ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
|
|
|
|||
|
|
@ -56,10 +56,10 @@
|
|||
<!-- info_code : count -->
|
||||
<!-- info_msg : string -->
|
||||
<!-- filename : string -->
|
||||
<!-- tags : table[enum] -->
|
||||
<!-- tags : set[enum] -->
|
||||
<!-- username : string -->
|
||||
<!-- password : string -->
|
||||
<!-- proxied : table[string] -->
|
||||
<!-- proxied : set[string] -->
|
||||
<!-- orig_fuids : vector[string] -->
|
||||
<!-- orig_mime_types : vector[string] -->
|
||||
<!-- resp_fuids : vector[string] -->
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field EMPTY
|
||||
#unset_field -
|
||||
#path test
|
||||
#open 1970-01-01-00-00-00
|
||||
#open 2014-04-01-23-15-05
|
||||
#fields b i e c p sn a d t iv s sc ss se vc ve
|
||||
#types bool int enum count port subnet addr double time interval string table[count] table[string] table[string] vector[count] vector[string]
|
||||
T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1342749004.579242 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY
|
||||
#close 2012-07-20-01-50-05
|
||||
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string]
|
||||
T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1396394104.330474 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY
|
||||
#close 2014-04-01-23-15-15
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field EMPTY
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#open 2012-07-20-01-49-22
|
||||
#open 2014-04-01-23-15-19
|
||||
#fields b i e c p sn a d t iv s sc ss se vc ve f
|
||||
#types bool int enum count port subnet addr double time interval string table[count] table[string] table[string] vector[count] vector[string] func
|
||||
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1342748962.114672 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
|
||||
#close 2012-07-20-01-49-22
|
||||
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
|
||||
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1396394119.939089 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
|
||||
#close 2014-04-01-23-15-19
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-19-03-59
|
||||
#open 2014-04-01-23-15-23
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1300475168.784020 CRJuHdVW0XPVINV8a 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -
|
||||
1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -
|
||||
1300475168.916183 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -
|
||||
|
|
@ -20,4 +20,4 @@
|
|||
1300475169.014619 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -
|
||||
1300475169.014593 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -
|
||||
1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - -
|
||||
#close 2013-08-26-19-03-59
|
||||
#close 2014-04-01-23-15-23
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#open 2013-07-25-20-02-37
|
||||
#open 2014-04-01-23-15-31
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string table[enum] interval bool string string string double double
|
||||
1374782557.074572 - - - - - - - - - Test_Notice test notice! - - - - - worker-1 Notice::ACTION_LOG 3600.000000 F - - - - -
|
||||
#close 2013-07-25-20-02-37
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
||||
1396394130.996908 - - - - - - - - - Test_Notice test notice! - - - - - worker-1 Notice::ACTION_LOG 3600.000000 F - - - - -
|
||||
#close 2014-04-01-23-15-31
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#open 2013-07-25-20-24-55
|
||||
#open 2014-04-01-23-15-42
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string table[enum] interval bool string string string double double
|
||||
1374783895.933003 - - - - - - - - - Test_Notice test notice! - - - - - worker-2 Notice::ACTION_LOG 3600.000000 F - - - - -
|
||||
#close 2013-07-25-20-24-58
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
||||
1396394142.353380 - - - - - - - - - Test_Notice test notice! - - - - - worker-2 Notice::ACTION_LOG 3600.000000 F - - - - -
|
||||
#close 2014-04-01-23-15-45
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#open 2013-07-25-18-56-00
|
||||
#open 2014-04-01-23-15-34
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string table[enum] interval bool string string string double double
|
||||
1374778560.016355 - - - - - - - - - Test_Notice test - - - - - bro Notice::ACTION_LOG 3600.000000 F - - - - -
|
||||
#close 2013-07-25-18-56-00
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
||||
1396394134.092329 - - - - - - - - - Test_Notice test - - - - - bro Notice::ACTION_LOG 3600.000000 F - - - - -
|
||||
#close 2014-04-01-23-15-34
|
||||
|
|
|
|||
|
|
@ -3,12 +3,12 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-19-04-09
|
||||
#open 2014-04-01-23-15-49
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty)
|
||||
1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty)
|
||||
1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty)
|
||||
1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty)
|
||||
1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty)
|
||||
#close 2013-08-26-19-04-09
|
||||
#close 2014-04-01-23-15-49
|
||||
|
|
|
|||
|
|
@ -3,13 +3,13 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-19-04-09
|
||||
#open 2014-04-01-23-15-51
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1329327783.316897 CjhGID4nQcgTWjvg4c 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF - 0 ShAdfFa 5 372 4 642 (empty)
|
||||
1329327786.524332 CCvvfg3TEfuqmmG4bh 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 57087 tcp ftp-data 0.217501 0 43 SF - 0 ShAdfFa 5 372 4 343 (empty)
|
||||
1329327787.289095 CsRx2w45OKnoww6xl4 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 57088 tcp ftp-data 0.217941 0 77 SF - 0 ShAdfFa 5 372 4 377 (empty)
|
||||
1329327795.571921 CRJuHdVW0XPVINV8a 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF - 0 ShADFaf 5 449 4 300 (empty)
|
||||
1329327777.822004 CXWv6p3arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF - 0 ShAdDfFa 57 4426 34 5908 (empty)
|
||||
1329327800.017649 CPbrpk1qSsw6ESzHV4 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF - 0 ShADFaf 5 714 4 300 (empty)
|
||||
#close 2013-08-26-19-04-09
|
||||
#close 2014-04-01-23-15-51
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-19-36-34
|
||||
#open 2014-04-01-23-15-53
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1348168976.274919 CXWv6p3arKYeMETxOg 192.168.57.103 60108 192.168.57.101 2811 tcp ssl,ftp,gridftp 0.294743 4491 6659 SF - 0 ShAdDaFf 22 5643 21 7759 (empty)
|
||||
1348168976.546371 CjhGID4nQcgTWjvg4c 192.168.57.103 35391 192.168.57.101 55968 tcp ssl,gridftp-data 0.011938 2135 3196 S1 - 0 ShADad 8 2559 6 3516 (empty)
|
||||
#close 2013-08-26-19-36-34
|
||||
#close 2014-04-01-23-15-53
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#open 2013-08-26-19-04-09
|
||||
#open 2014-04-01-23-15-53
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string table[enum] interval bool string string string double double
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
||||
1348168976.558309 CjhGID4nQcgTWjvg4c 192.168.57.103 35391 192.168.57.101 55968 - - - tcp GridFTP::Data_Channel GridFTP data channel over threshold 2 bytes - 192.168.57.103 192.168.57.101 55968 - bro Notice::ACTION_LOG 3600.000000 F - - - - -
|
||||
#close 2013-08-26-19-04-09
|
||||
#close 2014-04-01-23-15-53
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-18-40-15
|
||||
#open 2014-04-01-23-15-57
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1237440095.634312 CXWv6p3arKYeMETxOg 192.168.3.103 54102 128.146.216.51 80 1 POST www.osu.edu / - curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3 2001 60731 200 OK 100 Continue - (empty) - - - F7Wq2D1IW7Cp2nfZMa text/plain FFhC1T3ieHHQqVBLpc text/html
|
||||
#close 2013-08-26-18-40-15
|
||||
#close 2014-04-01-23-15-57
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2014-02-13-03-37-02
|
||||
#open 2014-04-01-23-15-59
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1078232251.833846 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 tcp http,smtp 6.722274 1685 223 SF - 0 ShADadfF 14 2257 16 944 (empty)
|
||||
#close 2014-02-13-03-37-02
|
||||
#close 2014-04-01-23-15-59
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2014-02-13-03-37-02
|
||||
#open 2014-04-01-23-15-59
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1078232252.284420 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 1 CONNECT - mailin03.sul.t-online.de:25 / - - 0 0 200 Connection established - - - (empty) - - - - - - -
|
||||
#close 2014-02-13-03-37-02
|
||||
#close 2014-04-01-23-15-59
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path smtp
|
||||
#open 2014-02-13-03-37-02
|
||||
#open 2014-04-01-23-15-59
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent fuids
|
||||
#types time string addr port addr port count string string table[string] string string table[string] string string string string addr string string string vector[addr] string vector[string]
|
||||
#types time string addr port addr port count string string set[string] string string set[string] string string string string addr string string string vector[addr] string vector[string]
|
||||
1078232255.642953 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 1 208.191.73.21 <nhfjenna_neumann@lycos.com> <thenightwatch@t-online.de> Tue, 2 Mar 2004 13:57:49 +0100 Sybille Ostermann <nhfjenna_neumann@lycos.com> thenightwatch@t-online.de - - - Hier sind die dicken Girls hemmungloser denn je.. grcu - from mail.iosphere.net (mail.iosphere.net [216.58.97.33]) by mail.netsync.net with esmtp; Mrz, 02 2004 12:55:34 -0700 - 250 Message accepted. 254.228.86.79,79.26.245.236,216.58.97.33 Microsoft Outlook Build 10.0.2616 FVS9k93PUgScEUCOjd
|
||||
#close 2014-02-13-03-37-02
|
||||
#close 2014-04-01-23-15-59
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-18-40-16
|
||||
#open 2014-04-01-23-16-03
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1354328870.191989 CXWv6p3arKYeMETxOg 128.2.6.136 46562 173.194.75.103 80 1 OPTIONS www.google.com * - - 0 962 405 Method Not Allowed - - - (empty) - - - - - FKgccv1sOsIPuN3b73 text/html
|
||||
1354328874.237327 CjhGID4nQcgTWjvg4c 128.2.6.136 46563 173.194.75.103 80 1 OPTIONS www.google.com HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - - - FWUdF12OgqGLhf3NPl text/html
|
||||
1354328874.299063 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FE9yCx4wFg8js0ey37 text/html
|
||||
|
|
@ -55,4 +55,4 @@
|
|||
1354328932.692706 CkaPGx2P0Y3W5aHVFk 128.2.6.136 46608 173.194.75.103 80 1 HEAD www.google.com /HTTP/1.1 - - 0 0 400 Bad Request - - - (empty) - - - - - - -
|
||||
1354328932.754657 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - F04ZTu63dLSqJQpwa text/html
|
||||
1354328932.796568 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FVoxfM2o0FqsBuQkDa text/html
|
||||
#close 2013-08-26-18-40-16
|
||||
#close 2014-04-01-23-16-03
|
||||
|
|
|
|||
|
|
@ -3,12 +3,12 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-18-40-16
|
||||
#open 2014-04-01-23-16-13
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1258577884.844956 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - (empty) - - - - - Fa7DPI2ItmEOoVqyYj text/plain
|
||||
1258577884.960135 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - (empty) - - - - - FnBh5P1KP0SnMzl3Qj text/plain
|
||||
1258577885.317160 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - (empty) - - - - - F2TV5w2Kwn3G7doSk5 image/gif
|
||||
1258577885.349639 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - (empty) - - - - - F4kk4T3Unyqtkczzue image/png
|
||||
1258577885.394612 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - (empty) - - - - - FcB26G4nL7jRheOyA8 image/png
|
||||
#close 2013-08-26-18-40-16
|
||||
#close 2014-04-01-23-16-13
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#open 2013-08-26-18-40-16
|
||||
#open 2014-04-01-23-16-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] vector[string] vector[string] vector[string] vector[string]
|
||||
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string]
|
||||
1369159408.455878 CXWv6p3arKYeMETxOg 141.142.228.5 57262 54.243.88.146 80 1 POST httpbin.org /post - curl/7.30.0 370 465 200 OK - - - (empty) - - - F2yGNX2vGXLxfZeD12,Fq4rJh2kLHKa8YC1q1,F9sKY71Rb9megdy7sg - FjeopJ2lRk9U1CNNb5 text/plain
|
||||
#close 2013-08-26-18-40-16
|
||||
#close 2014-04-01-23-16-15
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path smtp
|
||||
#open 2013-08-26-18-40-24
|
||||
#open 2014-04-01-23-16-17
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent fuids
|
||||
#types time string addr port addr port count string string table[string] string string table[string] string string string string addr string string string vector[addr] string vector[string]
|
||||
#types time string addr port addr port count string string set[string] string string set[string] string string string string addr string string string vector[addr] string vector[string]
|
||||
1254722768.219663 CjhGID4nQcgTWjvg4c 10.10.1.4 1470 74.53.140.153 25 1 GP <gurpartap@patriots.in> <raj_deol2002in@yahoo.co.in> Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" <gurpartap@patriots.in> <raj_deol2002in@yahoo.co.in> - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 Fel9gs4OtNEV6gUJZ5,Ft4M3f2yMvLlmwtbq9,FL9Y0d45OI4LpS6fmh
|
||||
#close 2013-08-26-18-40-24
|
||||
#close 2014-04-01-23-16-17
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#open 2013-07-25-19-54-45
|
||||
#open 2014-04-01-23-16-19
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string table[enum] interval bool string string string double double
|
||||
1374782085.726121 - - - - - - - - - Software::Vulnerable_Version 1.2.3.4 is running Java 1.7.0.15 which is vulnerable. Java 1.7.0.15 1.2.3.4 - - - bro Notice::ACTION_LOG 3600.000000 F - - - - -
|
||||
1374782085.726121 - - - - - - - - - Software::Vulnerable_Version 1.2.3.5 is running Java 1.6.0.43 which is vulnerable. Java 1.6.0.43 1.2.3.5 - - - bro Notice::ACTION_LOG 3600.000000 F - - - - -
|
||||
#close 2013-07-25-19-54-45
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
||||
1396394179.027101 - - - - - - - - - Software::Vulnerable_Version 1.2.3.4 is running Java 1.7.0.15 which is vulnerable. Java 1.7.0.15 1.2.3.4 - - - bro Notice::ACTION_LOG 3600.000000 F - - - - -
|
||||
1396394179.027101 - - - - - - - - - Software::Vulnerable_Version 1.2.3.5 is running Java 1.6.0.43 which is vulnerable. Java 1.6.0.43 1.2.3.5 - - - bro Notice::ACTION_LOG 3600.000000 F - - - - -
|
||||
#close 2014-04-01-23-16-19
|
||||
|
|
|
|||
|
|
@ -3,12 +3,12 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_services
|
||||
#open 2011-06-24-15-51-31
|
||||
#open 2014-04-01-23-16-24
|
||||
#fields ts host port_num port_proto service
|
||||
#types time addr port enum table[string]
|
||||
#types time addr port enum set[string]
|
||||
1308930691.049431 172.16.238.131 22 tcp SSH
|
||||
1308930694.550308 172.16.238.131 80 tcp HTTP
|
||||
1308930716.462556 74.125.225.81 80 tcp HTTP
|
||||
1308930718.361665 172.16.238.131 21 tcp FTP
|
||||
1308930726.872485 141.142.192.39 22 tcp SSH
|
||||
#close 2011-06-24-15-52-08
|
||||
#close 2014-04-01-23-16-24
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_services
|
||||
#open 2011-06-24-15-51-31
|
||||
#open 2014-04-01-23-16-20
|
||||
#fields ts host port_num port_proto service
|
||||
#types time addr port enum table[string]
|
||||
#types time addr port enum set[string]
|
||||
1308930691.049431 172.16.238.131 22 tcp SSH
|
||||
1308930694.550308 172.16.238.131 80 tcp HTTP
|
||||
1308930718.361665 172.16.238.131 21 tcp FTP
|
||||
#close 2011-06-24-15-52-08
|
||||
#close 2014-04-01-23-16-20
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_services
|
||||
#open 2011-06-24-15-51-56
|
||||
#open 2014-04-01-23-16-22
|
||||
#fields ts host port_num port_proto service
|
||||
#types time addr port enum table[string]
|
||||
#types time addr port enum set[string]
|
||||
1308930716.462556 74.125.225.81 80 tcp HTTP
|
||||
1308930726.872485 141.142.192.39 22 tcp SSH
|
||||
#close 2011-06-24-15-52-08
|
||||
#close 2014-04-01-23-16-23
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#open 2014-03-13-21-37-53
|
||||
#open 2014-04-01-23-16-27
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string table[enum] interval bool string string string double double
|
||||
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
|
||||
1394745603.293028 CXWv6p3arKYeMETxOg 192.168.4.149 60539 87.98.220.10 443 F1fX1R2cDOzbvg17ye - - tcp SSL::Certificate_Expired Certificate CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated expired at 2014-03-04-23:59:59.000000000 - 192.168.4.149 87.98.220.10 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
|
||||
1394745619.197766 CjhGID4nQcgTWjvg4c 192.168.4.149 60540 122.1.240.204 443 F6NAbK127LhNBaEe5c - - tcp SSL::Certificate_Expires_Soon Certificate CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP is going to expire at 2014-03-14-23:59:59.000000000 - 192.168.4.149 122.1.240.204 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
|
||||
#close 2014-03-13-21-37-53
|
||||
#close 2014-04-01-23-16-27
|
||||
|
|
|
|||
|
|
@ -3,12 +3,12 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#open 2013-08-26-19-04-43
|
||||
#open 2014-04-01-23-16-29
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
|
||||
1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty)
|
||||
1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty)
|
||||
1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty)
|
||||
1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty)
|
||||
1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp,blah 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty)
|
||||
#close 2013-08-26-19-04-43
|
||||
#close 2014-04-01-23-16-29
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue