mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Changing the start/end markers in logs to open/close now reflecting
wall clock. Triggers lots of (simple) baseline updates.
This commit is contained in:
Robin Sommer
parent
f5862fb014
commit
1fd0d7a607
102 changed files with 294 additions and 305 deletions
6
NEWS
6
NEWS
|
|
@ -152,9 +152,9 @@ the full set.
|
|||
understands.
|
||||
|
||||
- ASCII logs now record the time when they were opened/closed at the
|
||||
beginning and end of the file, respectively. The options
|
||||
LogAscii::header_prefix and LogAscii::include_header have been
|
||||
renamed to LogAscii::meta_prefix and LogAscii::include_meta,
|
||||
beginning and end of the file, respectively (wall clock). The
|
||||
options LogAscii::header_prefix and LogAscii::include_header have
|
||||
been renamed to LogAscii::meta_prefix and LogAscii::include_meta,
|
||||
respectively.
|
||||
|
||||
- The ASCII writers "header_*" options have been renamed to "meta_*"
|
||||
|
|
|
|||
|
|
@ -81,10 +81,7 @@ void Ascii::CloseFile(double t)
|
|||
return;
|
||||
|
||||
if ( include_meta )
|
||||
{
|
||||
string ts = t ? Timestamp(t) : string("<abnormal termination>");
|
||||
WriteHeaderField("end", ts);
|
||||
}
|
||||
WriteHeaderField("close", Timestamp(0));
|
||||
|
||||
safe_close(fd);
|
||||
fd = 0;
|
||||
|
|
@ -124,8 +121,6 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const *
|
|||
if ( ! safe_write(fd, str.c_str(), str.length()) )
|
||||
goto write_error;
|
||||
|
||||
string ts = Timestamp(info.network_time);
|
||||
|
||||
if ( ! (WriteHeaderField("set_separator", get_escaped_string(
|
||||
string(set_separator, set_separator_len), false)) &&
|
||||
WriteHeaderField("empty_field", get_escaped_string(
|
||||
|
|
@ -133,7 +128,7 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const *
|
|||
WriteHeaderField("unset_field", get_escaped_string(
|
||||
string(unset_field, unset_field_len), false)) &&
|
||||
WriteHeaderField("path", get_escaped_string(path, false)) &&
|
||||
WriteHeaderField("start", ts)) )
|
||||
WriteHeaderField("open", Timestamp(0))) )
|
||||
goto write_error;
|
||||
|
||||
for ( int i = 0; i < num_fields; ++i )
|
||||
|
|
@ -419,6 +414,16 @@ string Ascii::Timestamp(double t)
|
|||
{
|
||||
time_t teatime = time_t(t);
|
||||
|
||||
if ( ! teatime )
|
||||
{
|
||||
// Use wall clock.
|
||||
struct timeval tv;
|
||||
if ( gettimeofday(&tv, 0) < 0 )
|
||||
Error("gettimeofday failed");
|
||||
else
|
||||
teatime = tv.tv_sec;
|
||||
}
|
||||
|
||||
struct tm tmbuf;
|
||||
struct tm* tm = localtime_r(&teatime, &tmbuf);
|
||||
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ private:
|
|||
bool DoWriteOne(ODesc* desc, threading::Value* val, const threading::Field* field);
|
||||
bool WriteHeaderField(const string& key, const string& value);
|
||||
void CloseFile(double t);
|
||||
string Timestamp(double t);
|
||||
string Timestamp(double t); // Uses current time if t is zero.
|
||||
|
||||
int fd;
|
||||
string fname;
|
||||
|
|
|
|||
|
|
@ -3,101 +3,101 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-03-26-18-03-01
|
||||
#open 2012-03-26-18-03-01
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332784981.078396 - - - - - bad_IP_checksum - F bro
|
||||
#end 2012-03-26-18-03-01
|
||||
#close 2012-03-26-18-03-01
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-03-26-18-01-25
|
||||
#open 2012-03-26-18-01-25
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332784885.686428 UWkUyAuUGXf 127.0.0.1 30000 127.0.0.1 80 bad_TCP_checksum - F bro
|
||||
#end 2012-03-26-18-01-25
|
||||
#close 2012-03-26-18-01-25
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-03-26-18-02-13
|
||||
#open 2012-03-26-18-02-13
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332784933.501023 UWkUyAuUGXf 127.0.0.1 30000 127.0.0.1 13000 bad_UDP_checksum - F bro
|
||||
#end 2012-03-26-18-02-13
|
||||
#close 2012-03-26-18-02-13
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-04-10-16-29-23
|
||||
#open 2012-04-10-16-29-23
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075363.536871 UWkUyAuUGXf 192.168.1.100 8 192.168.1.101 0 bad_ICMP_checksum - F bro
|
||||
#end 2012-04-10-16-29-23
|
||||
#close 2012-04-10-16-29-23
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-03-26-18-06-50
|
||||
#open 2012-03-26-18-06-50
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332785210.013051 - - - - - routing0_hdr - F bro
|
||||
1332785210.013051 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 80 bad_TCP_checksum - F bro
|
||||
#end 2012-03-26-18-06-50
|
||||
#close 2012-03-26-18-06-50
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-03-26-17-23-00
|
||||
#open 2012-03-26-17-23-00
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332782580.798420 - - - - - routing0_hdr - F bro
|
||||
1332782580.798420 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 13000 bad_UDP_checksum - F bro
|
||||
#end 2012-03-26-17-23-00
|
||||
#close 2012-03-26-17-23-00
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-04-10-16-25-11
|
||||
#open 2012-04-10-16-25-11
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075111.800086 - - - - - routing0_hdr - F bro
|
||||
1334075111.800086 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:78:1:32::1 129 bad_ICMP_checksum - F bro
|
||||
#end 2012-04-10-16-25-11
|
||||
#close 2012-04-10-16-25-11
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-03-26-18-07-30
|
||||
#open 2012-03-26-18-07-30
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332785250.469132 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 80 bad_TCP_checksum - F bro
|
||||
#end 2012-03-26-18-07-30
|
||||
#close 2012-03-26-18-07-30
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-03-26-17-02-22
|
||||
#open 2012-03-26-17-02-22
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332781342.923813 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 13000 bad_UDP_checksum - F bro
|
||||
#end 2012-03-26-17-02-22
|
||||
#close 2012-03-26-17-02-22
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-04-10-16-22-19
|
||||
#open 2012-04-10-16-22-19
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334074939.467194 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro
|
||||
#end 2012-04-10-16-22-19
|
||||
#close 2012-04-10-16-22-19
|
||||
|
|
|
|||
|
|
@ -3,68 +3,68 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-04-10-16-22-19
|
||||
#open 2012-04-10-16-22-19
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334074939.467194 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro
|
||||
#end 2012-04-10-16-22-19
|
||||
#close 2012-04-10-16-22-19
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-03-26-18-05-25
|
||||
#open 2012-03-26-18-05-25
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332785125.596793 - - - - - routing0_hdr - F bro
|
||||
#end 2012-03-26-18-05-25
|
||||
#close 2012-03-26-18-05-25
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-03-26-17-21-48
|
||||
#open 2012-03-26-17-21-48
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332782508.592037 - - - - - routing0_hdr - F bro
|
||||
#end 2012-03-26-17-21-48
|
||||
#close 2012-03-26-17-21-48
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-04-10-16-23-47
|
||||
#open 2012-04-10-16-23-47
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - - - - - routing0_hdr - F bro
|
||||
#end 2012-04-10-16-23-47
|
||||
#close 2012-04-10-16-23-47
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-04-10-16-23-47
|
||||
#open 2012-04-10-16-23-47
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - - - - - routing0_hdr - F bro
|
||||
#end 2012-04-10-16-23-47
|
||||
#close 2012-04-10-16-23-47
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-04-10-16-23-47
|
||||
#open 2012-04-10-16-23-47
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - - - - - routing0_hdr - F bro
|
||||
#end 2012-04-10-16-23-47
|
||||
#close 2012-04-10-16-23-47
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-04-10-16-23-47
|
||||
#open 2012-04-10-16-23-47
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - - - - - routing0_hdr - F bro
|
||||
#end 2012-04-10-16-23-47
|
||||
#close 2012-04-10-16-23-47
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-04-05-21-56-51
|
||||
#open 2012-04-05-21-56-51
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1333663011.602839 - - - - - unknown_protocol_135 - F bro
|
||||
#end 2012-04-05-21-56-51
|
||||
#close 2012-04-05-21-56-51
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path reporter
|
||||
#start 2011-03-18-19-06-08
|
||||
#open 2011-03-18-19-06-08
|
||||
#fields ts level message location
|
||||
#types time enum string string
|
||||
1300475168.783842 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
|
||||
|
|
@ -15,4 +15,4 @@
|
|||
1300475168.954761 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
|
||||
1300475168.962628 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
|
||||
1300475169.780331 Reporter::ERROR field value missing [c$ftp] /da/home/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 10
|
||||
#end 2011-03-18-19-06-13
|
||||
#close 2011-03-18-19-06-13
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path dns
|
||||
#start 2012-03-07-01-37-58
|
||||
#open 2012-03-07-01-37-58
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs
|
||||
#types time string addr port addr port enum count string count string count string count string bool bool bool bool count vector[string] vector[interval]
|
||||
1331084278.438444 UWkUyAuUGXf 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51850 2607:f740:b::f93 53 udp 3903 txtpadding_323.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 This TXT record should be ignored 1.000000
|
||||
1331084293.592245 arKYeMETxOg 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51851 2607:f740:b::f93 53 udp 40849 txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 This TXT record should be ignored 1.000000
|
||||
#end 2012-03-07-01-38-18
|
||||
#close 2012-03-07-01-38-18
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#start 2005-10-07-23-23-57
|
||||
#open 2005-10-07-23-23-57
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1128727435.450898 UWkUyAuUGXf 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 730 10 9945 (empty)
|
||||
#end 2005-10-07-23-23-57
|
||||
#close 2005-10-07-23-23-57
|
||||
|
|
|
|||
|
|
@ -3,38 +3,38 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path packet_filter
|
||||
#start 1970-01-01-00-00-00
|
||||
#open 2012-07-27-19-14-29
|
||||
#fields ts node filter init success
|
||||
#types time string string bool bool
|
||||
1342748953.570646 - ip or not ip T T
|
||||
#end <abnormal termination>
|
||||
1343416469.508262 - ip or not ip T T
|
||||
#close 2012-07-27-19-14-29
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path packet_filter
|
||||
#start 1970-01-01-00-00-00
|
||||
#open 2012-07-27-19-14-29
|
||||
#fields ts node filter init success
|
||||
#types time string string bool bool
|
||||
1342748953.898675 - (((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (tcp port 1080)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666) T T
|
||||
#end <abnormal termination>
|
||||
1343416469.888870 - (((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (tcp port 1080)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666) T T
|
||||
#close 2012-07-27-19-14-29
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path packet_filter
|
||||
#start 1970-01-01-00-00-00
|
||||
#open 2012-07-27-19-14-30
|
||||
#fields ts node filter init success
|
||||
#types time string string bool bool
|
||||
1342748954.278211 - port 42 T T
|
||||
#end <abnormal termination>
|
||||
1343416470.252918 - port 42 T T
|
||||
#close 2012-07-27-19-14-30
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path packet_filter
|
||||
#start 1970-01-01-00-00-00
|
||||
#open 2012-07-27-19-14-30
|
||||
#fields ts node filter init success
|
||||
#types time string string bool bool
|
||||
1342748954.883780 - port 56730 T T
|
||||
#end 2005-10-07-23-23-57
|
||||
1343416470.614962 - port 56730 T T
|
||||
#close 2012-07-27-19-14-30
|
||||
|
|
|
|||
|
|
@ -3,38 +3,38 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-04-11-16-01-35
|
||||
#open 2012-04-11-16-01-35
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334160095.895421 - - - - - truncated_IP - F bro
|
||||
#end 2012-04-11-16-01-35
|
||||
#close 2012-04-11-16-01-35
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-04-11-14-57-21
|
||||
#open 2012-04-11-14-57-21
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334156241.519125 - - - - - truncated_IP - F bro
|
||||
#end 2012-04-11-14-57-21
|
||||
#close 2012-04-11-14-57-21
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-04-10-21-50-48
|
||||
#open 2012-04-10-21-50-48
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334094648.590126 - - - - - truncated_IP - F bro
|
||||
#end 2012-04-10-21-50-48
|
||||
#close 2012-04-10-21-50-48
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-05-29-22-02-34
|
||||
#open 2012-05-29-22-02-34
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1338328954.078361 - - - - - internally_truncated_header - F bro
|
||||
#end 2012-05-29-22-02-34
|
||||
#close 2012-05-29-22-02-34
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#start 2009-11-08-04-41-57
|
||||
#open 2009-11-08-04-41-57
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1257655301.595604 5OKnoww6xl4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - 0 ShADad 10 3605 11 5329 k6kgXLOoSKl
|
||||
|
|
@ -14,4 +14,4 @@
|
|||
1257655296.585188 TEfuqmmG4bh fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - 0 - 2 144 0 0 k6kgXLOoSKl
|
||||
1257655296.585151 j4u32Pc5bif fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - 0 - 2 144 0 0 k6kgXLOoSKl
|
||||
1257655296.585034 nQcgTWjvg4c fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - 0 - 2 144 0 0 k6kgXLOoSKl
|
||||
#end 2009-11-08-04-41-57
|
||||
#close 2009-11-08-04-41-57
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2009-11-08-04-41-41
|
||||
#open 2009-11-08-04-41-41
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1257655301.652206 5OKnoww6xl4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 10102 200 OK - - - (empty) - - - text/html - -
|
||||
1257655302.514424 5OKnoww6xl4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 2 GET ipv6.google.com /csi?v=3&s=webhp&action=&tran=undefined&e=17259,19771,21517,21766,21887,22212&ei=BUz2Su7PMJTglQfz3NzCAw&rt=prt.77,xjs.565,ol.645 http://ipv6.google.com/ Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - - (empty) - - - - - -
|
||||
1257655303.603569 5OKnoww6xl4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 3 GET ipv6.google.com /gen_204?atyp=i&ct=fade&cad=1254&ei=BUz2Su7PMJTglQfz3NzCAw&zx=1257655303600 http://ipv6.google.com/ Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - - (empty) - - - - - -
|
||||
#end 2009-11-08-04-41-57
|
||||
#close 2009-11-08-04-41-57
|
||||
|
|
|
|||
|
|
@ -3,11 +3,11 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path tunnel
|
||||
#start 2009-11-08-04-41-33
|
||||
#open 2009-11-08-04-41-33
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||
#types time string addr port addr port enum enum
|
||||
1257655293.629048 UWkUyAuUGXf 192.168.3.101 53796 216.14.98.22 5072 Tunnel::AYIYA Tunnel::DISCOVER
|
||||
1257655296.585034 k6kgXLOoSKl 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::DISCOVER
|
||||
1257655317.464035 k6kgXLOoSKl 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE
|
||||
1257655317.464035 UWkUyAuUGXf 192.168.3.101 53796 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE
|
||||
#end 2009-11-08-04-41-57
|
||||
#close 2009-11-08-04-41-57
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path dpd
|
||||
#start 2009-11-18-17-59-51
|
||||
#open 2009-11-18-17-59-51
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason
|
||||
#types time string addr port addr port enum string string
|
||||
1258567191.486869 UWkUyAuUGXf 192.168.1.105 57696 192.168.1.1 53 udp TEREDO Teredo payload length [c\x1d\x81\x80\x00\x01\x00\x02\x00\x02\x00\x00\x04amch\x0equestionmarket\x03com\x00\x00\x01\x00...]
|
||||
|
|
@ -12,4 +12,4 @@
|
|||
1258581768.898165 TEfuqmmG4bh 192.168.1.104 50798 192.168.1.1 53 udp TEREDO Teredo payload length [o\xe3\x81\x80\x00\x01\x00\x02\x00\x04\x00\x04\x03www\x0fnashuatelegraph\x03com\x00\x00\x01\x00...]
|
||||
1258584478.989528 FrJExwHcSal 192.168.1.104 64963 192.168.1.1 53 udp TEREDO Teredo payload length [e\xbd\x81\x80\x00\x01\x00\x08\x00\x06\x00\x06\x08wellness\x05blogs\x04time\x03com\x00\x00\x01\x00...]
|
||||
1258600683.934672 5OKnoww6xl4 192.168.1.103 59838 192.168.1.1 53 udp TEREDO Teredo payload length [h\xf0\x81\x80\x00\x01\x00\x01\x00\x02\x00\x00\x06update\x0csanasecurity\x03com\x00\x00\x01\x00...]
|
||||
#end 2009-11-19-03-18-03
|
||||
#close 2009-11-19-03-18-03
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2009-11-18-17-59-51
|
||||
#open 2009-11-18-17-59-51
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1258567191.405770 - - - - - truncated_header_in_tunnel - F bro
|
||||
|
|
@ -12,4 +12,4 @@
|
|||
1258581768.568451 - - - - - truncated_header_in_tunnel - F bro
|
||||
1258584478.859853 - - - - - truncated_header_in_tunnel - F bro
|
||||
1258600683.934458 - - - - - truncated_header_in_tunnel - F bro
|
||||
#end 2009-11-19-03-18-03
|
||||
#close 2009-11-19-03-18-03
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#start 2008-05-16-15-50-57
|
||||
#open 2008-05-16-15-50-57
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1210953047.736921 arKYeMETxOg 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - 0 fA 1 40 1 40 (empty)
|
||||
|
|
@ -27,4 +27,4 @@
|
|||
1210953052.324629 FrJExwHcSal fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - 0 - 1 88 0 0 TEfuqmmG4bh
|
||||
1210953060.829303 qCaWGmzFtM5 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - 0 - 1 52 1 52 GSxOnSLghOa,nQcgTWjvg4c
|
||||
1210953052.202579 j4u32Pc5bif fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - 0 - 1 64 0 0 nQcgTWjvg4c
|
||||
#end 2008-05-16-15-51-16
|
||||
#close 2008-05-16-15-51-16
|
||||
|
|
|
|||
|
|
@ -3,11 +3,11 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2008-05-16-15-50-58
|
||||
#open 2008-05-16-15-50-58
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1210953057.917183 3PKsZ2Uye21 192.168.2.16 1578 75.126.203.78 80 1 POST download913.avast.com /cgi-bin/iavs4stats.cgi - Syncer/4.80 (av_pro-1169;f) 589 0 204 <empty> - - - (empty) - - - text/plain - -
|
||||
1210953061.585996 70MGiRM1Qf4 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - text/html - -
|
||||
1210953073.381474 70MGiRM1Qf4 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - text/html - -
|
||||
1210953074.674817 c4Zw9TmAE05 192.168.2.16 1580 67.228.110.120 80 1 GET www.wireshark.org / http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 11845 200 OK - - - (empty) - - - text/xml - -
|
||||
#end 2008-05-16-15-51-16
|
||||
#close 2008-05-16-15-51-16
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path tunnel
|
||||
#start 2008-05-16-15-50-52
|
||||
#open 2008-05-16-15-50-52
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||
#types time string addr port addr port enum enum
|
||||
1210953052.202579 nQcgTWjvg4c 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
||||
|
|
@ -12,4 +12,4 @@
|
|||
1210953076.058333 nQcgTWjvg4c 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE
|
||||
1210953076.058333 GSxOnSLghOa 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE
|
||||
1210953076.058333 TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE
|
||||
#end 2008-05-16-15-51-16
|
||||
#close 2008-05-16-15-51-16
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#start 2012-06-19-17-39-37
|
||||
#open 2012-06-19-17-39-37
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1340127577.354166 FrJExwHcSal 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - 0 ShADad 10 2279 12 11191 j4u32Pc5bif
|
||||
|
|
@ -13,4 +13,4 @@
|
|||
1340127577.339015 nQcgTWjvg4c fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - 0 - 1 88 0 0 k6kgXLOoSKl
|
||||
1340127577.343969 TEfuqmmG4bh 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - 0 - 1 52 1 52 UWkUyAuUGXf,j4u32Pc5bif
|
||||
1340127577.336558 arKYeMETxOg fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - 0 - 1 64 0 0 UWkUyAuUGXf
|
||||
#end 2012-06-19-17-39-37
|
||||
#close 2012-06-19-17-39-37
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2012-06-19-17-39-37
|
||||
#open 2012-06-19-17-39-37
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1340127577.361683 FrJExwHcSal 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - text/html - -
|
||||
1340127577.379360 FrJExwHcSal 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - text/html - -
|
||||
#end 2012-06-19-17-39-37
|
||||
#close 2012-06-19-17-39-37
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path tunnel
|
||||
#start 2012-06-19-17-39-37
|
||||
#open 2012-06-19-17-39-37
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||
#types time string addr port addr port enum enum
|
||||
1340127577.336558 UWkUyAuUGXf 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER
|
||||
|
|
@ -12,4 +12,4 @@
|
|||
1340127577.406995 UWkUyAuUGXf 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE
|
||||
1340127577.406995 j4u32Pc5bif 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE
|
||||
1340127577.406995 k6kgXLOoSKl 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE
|
||||
#end 2012-06-19-17-39-37
|
||||
#close 2012-06-19-17-39-37
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#start 2012-06-19-17-39-37
|
||||
#open 2012-06-19-17-39-37
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1340127577.346849 UWkUyAuUGXf 192.168.2.16 3797 65.55.158.80 3544 Teredo_bubble_with_payload - F bro
|
||||
1340127577.349292 j4u32Pc5bif 192.168.2.16 3797 83.170.1.38 32900 Teredo_bubble_with_payload - F bro
|
||||
#end 2012-06-19-17-39-37
|
||||
#close 2012-06-19-17-39-37
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#start 2005-10-07-23-23-55
|
||||
#open 2005-10-07-23-23-55
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
952109346.874907 UWkUyAuUGXf 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH - 0 SADF 11 470 0 0 (empty)
|
||||
1128727435.450898 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 730 10 9945 (empty)
|
||||
1278600802.069419 k6kgXLOoSKl 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 381 7 3801 (empty)
|
||||
#end 2010-07-08-14-53-22
|
||||
#close 2010-07-08-14-53-22
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path loaded_scripts
|
||||
#start 2012-07-20-14-34-11
|
||||
#open 2012-07-20-14-34-11
|
||||
#fields name
|
||||
#types string
|
||||
scripts/base/init-bare.bro
|
||||
|
|
@ -30,4 +30,4 @@ scripts/base/init-bare.bro
|
|||
scripts/base/frameworks/input/./readers/raw.bro
|
||||
scripts/base/frameworks/input/./readers/benchmark.bro
|
||||
scripts/policy/misc/loaded-scripts.bro
|
||||
#end 2012-07-20-14-34-11
|
||||
#close 2012-07-20-14-34-11
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path loaded_scripts
|
||||
#start 2012-07-20-14-34-40
|
||||
#open 2012-07-20-14-34-40
|
||||
#fields name
|
||||
#types string
|
||||
scripts/base/init-bare.bro
|
||||
|
|
@ -110,4 +110,4 @@ scripts/base/init-default.bro
|
|||
scripts/base/protocols/syslog/./consts.bro
|
||||
scripts/base/protocols/syslog/./main.bro
|
||||
scripts/policy/misc/loaded-scripts.bro
|
||||
#end 2012-07-20-14-34-40
|
||||
#close 2012-07-20-14-34-40
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2012-07-20-01-53-03
|
||||
#open 2012-07-20-01-53-03
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1342749182.906082 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - -
|
||||
#end 2012-07-20-01-53-04
|
||||
#close 2012-07-20-01-53-04
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2012-07-20-01-53-03
|
||||
#open 2012-07-20-01-53-03
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1342749182.906082 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - -
|
||||
#end 2012-07-20-01-53-04
|
||||
#close 2012-07-20-01-53-04
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2012-07-20-01-53-12
|
||||
#open 2012-07-20-01-53-12
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1342749191.765740 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - -
|
||||
#end 2012-07-20-01-53-13
|
||||
#close 2012-07-20-01-53-13
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2012-07-20-01-53-12
|
||||
#open 2012-07-20-01-53-12
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1342749191.765740 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - -
|
||||
#end 2012-07-20-01-53-13
|
||||
#close 2012-07-20-01-53-13
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path communication
|
||||
#start 2012-07-20-01-49-40
|
||||
#open 2012-07-20-01-49-40
|
||||
#fields ts peer src_name connected_peer_desc connected_peer_addr connected_peer_port level message
|
||||
#types time string string string addr port string string
|
||||
1342748980.737451 bro parent - - - info [#1/127.0.0.1:47757] added peer
|
||||
|
|
@ -21,4 +21,4 @@
|
|||
1342748980.793108 bro parent - - - info terminating...
|
||||
1342748980.796454 bro child - - - info terminating
|
||||
1342748980.797536 bro parent - - - info [#1/127.0.0.1:47757] closing connection
|
||||
#end 2012-07-20-01-49-40
|
||||
#close 2012-07-20-01-49-40
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh-new-default
|
||||
#start 2012-07-20-01-49-19
|
||||
#open 2012-07-20-01-49-19
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748959.430282 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1342748959.430282 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
#end 2012-07-20-01-49-19
|
||||
#close 2012-07-20-01-49-19
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field|(empty)
|
||||
#unset_field|-
|
||||
#path|ssh
|
||||
#start|2012-07-20-01-49-19
|
||||
#open|2012-07-20-01-49-19
|
||||
#fields|data|data2
|
||||
#types|string|string
|
||||
abc\x0a\xffdef|DATA2
|
||||
abc\x7c\xffdef|DATA2
|
||||
abc\xff\x7cdef|DATA2
|
||||
#end|2012-07-20-01-49-19
|
||||
#close|2012-07-20-01-49-19
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2012-07-20-01-49-19
|
||||
#open 2012-07-20-01-49-19
|
||||
#fields x y z
|
||||
#types string string string
|
||||
\x2d - (empty)
|
||||
#end 2012-07-20-01-49-19
|
||||
#close 2012-07-20-01-49-19
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2011-09-12-03-57-36
|
||||
#open 2011-09-12-03-57-36
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1315799856.264750 UWkUyAuUGXf 10.0.1.104 64216 193.40.5.162 80 1 GET lepo.it.da.ut.ee /~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf - Wget/1.12 (darwin10.8.0) 0 346 404 Not Found - - - (empty) - - - text/html - -
|
||||
#end 2011-09-12-03-57-37
|
||||
#close 2011-09-12-03-57-37
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2012-07-20-01-49-19
|
||||
#open 2012-07-20-01-49-19
|
||||
#fields ss
|
||||
#types table[string]
|
||||
CC,AA,\x2c,\x2c\x2c
|
||||
#end 2012-07-20-01-49-19
|
||||
#close 2012-07-20-01-49-19
|
||||
|
|
|
|||
|
|
@ -3,10 +3,12 @@
|
|||
#empty_field||(empty)
|
||||
#unset_field||-
|
||||
#path||ssh
|
||||
#open||2012-07-27-19-14-35
|
||||
#fields||t||id.orig_h||id.orig_p||id.resp_h||id.resp_p||status||country
|
||||
#types||time||addr||port||addr||port||string||string
|
||||
1342759749.586006||1.2.3.4||1234||2.3.4.5||80||success||unknown
|
||||
1342759749.586006||1.2.3.4||1234||2.3.4.5||80||failure||US
|
||||
1342759749.586006||1.2.3.4||1234||2.3.4.5||80||fa\x7c\x7cure||UK
|
||||
1342759749.586006||1.2.3.4||1234||2.3.4.5||80||su\x7c\x7cess||BR
|
||||
1342759749.586006||1.2.3.4||1234||2.3.4.5||80||failure||MX
|
||||
1343416475.837726||1.2.3.4||1234||2.3.4.5||80||success||unknown
|
||||
1343416475.837726||1.2.3.4||1234||2.3.4.5||80||failure||US
|
||||
1343416475.837726||1.2.3.4||1234||2.3.4.5||80||fa\x7c\x7cure||UK
|
||||
1343416475.837726||1.2.3.4||1234||2.3.4.5||80||su\x7c\x7cess||BR
|
||||
1343416475.837726||1.2.3.4||1234||2.3.4.5||80||failure||MX
|
||||
#close||2012-07-27-19-14-35
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2012-07-20-01-49-22
|
||||
#open 2012-07-20-01-49-22
|
||||
#fields data c
|
||||
#types string count
|
||||
Test1 42
|
||||
\x23Kaputt 42
|
||||
Test2 42
|
||||
#end 2012-07-20-01-49-22
|
||||
#close 2012-07-20-01-49-22
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2012-07-20-01-49-20
|
||||
#open 2012-07-20-01-49-20
|
||||
#fields data
|
||||
#types time
|
||||
1234567890.000000
|
||||
|
|
@ -14,4 +14,4 @@
|
|||
1234567890.000010
|
||||
1234567890.000001
|
||||
1234567890.000000
|
||||
#end 2012-07-20-01-49-20
|
||||
#close 2012-07-20-01-49-20
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#start 2012-07-20-01-49-20
|
||||
#open 2012-07-20-01-49-20
|
||||
#fields status country a1 b1 b2
|
||||
#types string string count count count
|
||||
success unknown 1 3 4
|
||||
#end 2012-07-20-01-49-20
|
||||
#close 2012-07-20-01-49-20
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#start 2012-07-20-01-49-20
|
||||
#open 2012-07-20-01-49-20
|
||||
#fields status country
|
||||
#types string string
|
||||
success unknown
|
||||
|
|
@ -11,4 +11,4 @@ failure US
|
|||
failure UK
|
||||
success BR
|
||||
failure MX
|
||||
#end 2012-07-20-01-49-20
|
||||
#close 2012-07-20-01-49-20
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#start 2012-07-20-01-49-20
|
||||
#open 2012-07-20-01-49-20
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748960.468458 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
|
|
@ -11,4 +11,4 @@
|
|||
1342748960.468458 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1342748960.468458 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1342748960.468458 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
#end 2012-07-20-01-49-20
|
||||
#close 2012-07-20-01-49-20
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#start 2012-07-20-01-49-20
|
||||
#open 2012-07-20-01-49-20
|
||||
#fields id.orig_p id.resp_h id.resp_p status country
|
||||
#types port addr port string string
|
||||
1234 2.3.4.5 80 success unknown
|
||||
|
|
@ -11,4 +11,4 @@
|
|||
1234 2.3.4.5 80 failure UK
|
||||
1234 2.3.4.5 80 success BR
|
||||
1234 2.3.4.5 80 failure MX
|
||||
#end 2012-07-20-01-49-20
|
||||
#close 2012-07-20-01-49-20
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#start 2012-07-20-01-49-20
|
||||
#open 2012-07-20-01-49-20
|
||||
#fields t f
|
||||
#types time file
|
||||
1342748960.757056 Foo.log
|
||||
#end 2012-07-20-01-49-20
|
||||
#close 2012-07-20-01-49-20
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#start 2012-07-20-01-49-20
|
||||
#open 2012-07-20-01-49-20
|
||||
#fields t id.orig_h
|
||||
#types time addr
|
||||
1342748960.796093 1.2.3.4
|
||||
|
|
@ -11,4 +11,4 @@
|
|||
1342748960.796093 1.2.3.4
|
||||
1342748960.796093 1.2.3.4
|
||||
1342748960.796093 1.2.3.4
|
||||
#end 2012-07-20-01-49-20
|
||||
#close 2012-07-20-01-49-20
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path local
|
||||
#start 2011-03-18-19-06-13
|
||||
#open 2011-03-18-19-06-13
|
||||
#fields ts id.orig_h
|
||||
#types time addr
|
||||
1300475168.859163 141.142.220.118
|
||||
|
|
@ -36,4 +36,4 @@
|
|||
1300475168.902195 141.142.220.118
|
||||
1300475168.894787 141.142.220.118
|
||||
1300475168.901749 141.142.220.118
|
||||
#end 2011-03-18-19-06-13
|
||||
#close 2011-03-18-19-06-13
|
||||
|
|
|
|||
|
|
@ -3,11 +3,11 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path remote
|
||||
#start 2011-03-18-19-06-13
|
||||
#open 2011-03-18-19-06-13
|
||||
#fields ts id.orig_h
|
||||
#types time addr
|
||||
1300475169.780331 173.192.163.128
|
||||
1300475167.097012 fe80::217:f2ff:fed7:cf65
|
||||
1300475171.675372 fe80::3074:17d5:2052:c324
|
||||
1300475173.116749 fe80::3074:17d5:2052:c324
|
||||
#end 2011-03-18-19-06-13
|
||||
#close 2011-03-18-19-06-13
|
||||
|
|
|
|||
|
|
@ -10,68 +10,68 @@ static-prefix-2-UK.log
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-0-BR
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.180156 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-0-MX3
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.180156 1.2.3.4 1234 2.3.4.5 80 failure MX3
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-0-unknown
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.180156 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-1-MX
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.180156 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-1-US
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.180156 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-2-MX2
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.180156 1.2.3.4 1234 2.3.4.5 80 failure MX2
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-2-UK
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.180156 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test.failure
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.488370 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test.success
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.488370 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field EMPTY
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 1970-01-01-00-00-00
|
||||
#open 1970-01-01-00-00-00
|
||||
#fields b i e c p sn a d t iv s sc ss se vc ve
|
||||
#types bool int enum count port subnet addr double time interval string table[count] table[string] table[string] vector[count] vector[string]
|
||||
T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1342749004.579242 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY
|
||||
#end 2012-07-20-01-50-05
|
||||
#close 2012-07-20-01-50-05
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test.failure
|
||||
#start 2012-07-20-01-50-18
|
||||
#open 2012-07-20-01-50-18
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342749018.970682 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1342749018.970682 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1342749018.970682 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
#end 2012-07-20-01-50-18
|
||||
#close 2012-07-20-01-50-18
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2012-07-20-01-50-18
|
||||
#open 2012-07-20-01-50-18
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342749018.970682 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
|
|
@ -11,4 +11,4 @@
|
|||
1342749018.970682 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1342749018.970682 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1342749018.970682 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
#end 2012-07-20-01-50-18
|
||||
#close 2012-07-20-01-50-18
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test.success
|
||||
#start 2012-07-20-01-50-18
|
||||
#open 2012-07-20-01-50-18
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342749018.970682 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1342749018.970682 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
#end 2012-07-20-01-50-18
|
||||
#close 2012-07-20-01-50-18
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh.failure
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.521536 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1342748961.521536 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.521536 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1342748961.521536 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1342748961.521536 1.2.3.4 1234 2.3.4.5 80 failure BR
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
|
|
|
|||
|
|
@ -28,32 +28,14 @@ custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_11.00.05.log, pat
|
|||
custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_11.59.55.log, path=test2, open=1299499195.0, close=1299499205.0, terminating=F]
|
||||
custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.00.05.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F]
|
||||
custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.59.55.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T]
|
||||
#close 2012-07-27-19-14-39
|
||||
#empty_field (empty)
|
||||
#end 2011-03-07-03-59-55
|
||||
#end 2011-03-07-04-00-05
|
||||
#end 2011-03-07-04-59-55
|
||||
#end 2011-03-07-05-00-05
|
||||
#end 2011-03-07-05-59-55
|
||||
#end 2011-03-07-06-00-05
|
||||
#end 2011-03-07-06-59-55
|
||||
#end 2011-03-07-07-00-05
|
||||
#end 2011-03-07-07-59-55
|
||||
#end 2011-03-07-08-00-05
|
||||
#end 2011-03-07-08-59-55
|
||||
#end 2011-03-07-09-00-05
|
||||
#end 2011-03-07-09-59-55
|
||||
#end 2011-03-07-10-00-05
|
||||
#end 2011-03-07-10-59-55
|
||||
#end 2011-03-07-11-00-05
|
||||
#end 2011-03-07-11-59-55
|
||||
#end 2011-03-07-12-00-05
|
||||
#end 2011-03-07-12-59-55
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#open 2012-07-27-19-14-39
|
||||
#path test
|
||||
#path test2
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#start 2011-03-07-03-00-05
|
||||
#types time addr port addr port
|
||||
#unset_field -
|
||||
1299466805.000000 10.0.0.1 20 10.0.0.2 1024
|
||||
|
|
|
|||
|
|
@ -14,117 +14,117 @@ test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1 ascii
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2011-03-07-03-00-05
|
||||
#open 2011-03-07-03-00-05
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
1299466805.000000 10.0.0.1 20 10.0.0.2 1024
|
||||
1299470395.000000 10.0.0.2 20 10.0.0.3 0
|
||||
#end 2011-03-07-04-00-05
|
||||
#close 2011-03-07-04-00-05
|
||||
> test.2011-03-07-04-00-05.log
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2011-03-07-03-00-05
|
||||
#open 2011-03-07-03-00-05
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
1299470405.000000 10.0.0.1 20 10.0.0.2 1025
|
||||
1299473995.000000 10.0.0.2 20 10.0.0.3 1
|
||||
#end 2011-03-07-05-00-05
|
||||
#close 2011-03-07-05-00-05
|
||||
> test.2011-03-07-05-00-05.log
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2011-03-07-03-00-05
|
||||
#open 2011-03-07-03-00-05
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
1299474005.000000 10.0.0.1 20 10.0.0.2 1026
|
||||
1299477595.000000 10.0.0.2 20 10.0.0.3 2
|
||||
#end 2011-03-07-06-00-05
|
||||
#close 2011-03-07-06-00-05
|
||||
> test.2011-03-07-06-00-05.log
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2011-03-07-03-00-05
|
||||
#open 2011-03-07-03-00-05
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
1299477605.000000 10.0.0.1 20 10.0.0.2 1027
|
||||
1299481195.000000 10.0.0.2 20 10.0.0.3 3
|
||||
#end 2011-03-07-07-00-05
|
||||
#close 2011-03-07-07-00-05
|
||||
> test.2011-03-07-07-00-05.log
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2011-03-07-03-00-05
|
||||
#open 2011-03-07-03-00-05
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
1299481205.000000 10.0.0.1 20 10.0.0.2 1028
|
||||
1299484795.000000 10.0.0.2 20 10.0.0.3 4
|
||||
#end 2011-03-07-08-00-05
|
||||
#close 2011-03-07-08-00-05
|
||||
> test.2011-03-07-08-00-05.log
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2011-03-07-03-00-05
|
||||
#open 2011-03-07-03-00-05
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
1299484805.000000 10.0.0.1 20 10.0.0.2 1029
|
||||
1299488395.000000 10.0.0.2 20 10.0.0.3 5
|
||||
#end 2011-03-07-09-00-05
|
||||
#close 2011-03-07-09-00-05
|
||||
> test.2011-03-07-09-00-05.log
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2011-03-07-03-00-05
|
||||
#open 2011-03-07-03-00-05
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
1299488405.000000 10.0.0.1 20 10.0.0.2 1030
|
||||
1299491995.000000 10.0.0.2 20 10.0.0.3 6
|
||||
#end 2011-03-07-10-00-05
|
||||
#close 2011-03-07-10-00-05
|
||||
> test.2011-03-07-10-00-05.log
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2011-03-07-03-00-05
|
||||
#open 2011-03-07-03-00-05
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
1299492005.000000 10.0.0.1 20 10.0.0.2 1031
|
||||
1299495595.000000 10.0.0.2 20 10.0.0.3 7
|
||||
#end 2011-03-07-11-00-05
|
||||
#close 2011-03-07-11-00-05
|
||||
> test.2011-03-07-11-00-05.log
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2011-03-07-03-00-05
|
||||
#open 2011-03-07-03-00-05
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
1299495605.000000 10.0.0.1 20 10.0.0.2 1032
|
||||
1299499195.000000 10.0.0.2 20 10.0.0.3 8
|
||||
#end 2011-03-07-12-00-05
|
||||
#close 2011-03-07-12-00-05
|
||||
> test.2011-03-07-12-00-05.log
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#start 2011-03-07-03-00-05
|
||||
#open 2011-03-07-03-00-05
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
1299499205.000000 10.0.0.1 20 10.0.0.2 1033
|
||||
1299502795.000000 10.0.0.2 20 10.0.0.3 9
|
||||
#end 2011-03-07-12-59-55
|
||||
#close 2011-03-07-12-59-55
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path /dev/stdout
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.732599 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
|
|
@ -11,4 +11,4 @@
|
|||
1342748961.732599 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1342748961.732599 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1342748961.732599 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#start 2012-07-20-01-49-21
|
||||
#open 2012-07-20-01-49-21
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1342748961.748481 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
|
|
@ -11,4 +11,4 @@
|
|||
1342748961.748481 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1342748961.748481 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1342748961.748481 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
#end 2012-07-20-01-49-21
|
||||
#close 2012-07-20-01-49-21
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field EMPTY
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#start 2012-07-20-01-49-22
|
||||
#open 2012-07-20-01-49-22
|
||||
#fields b i e c p sn a d t iv s sc ss se vc ve f
|
||||
#types bool int enum count port subnet addr double time interval string table[count] table[string] table[string] vector[count] vector[string] func
|
||||
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1342748962.114672 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
|
||||
#end 2012-07-20-01-49-22
|
||||
#close 2012-07-20-01-49-22
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path testing
|
||||
#start 2012-07-20-01-49-22
|
||||
#open 2012-07-20-01-49-22
|
||||
#fields a.val1 a.val2 b
|
||||
#types count count count
|
||||
- - 6
|
||||
1 2 3
|
||||
#end 2012-07-20-01-49-22
|
||||
#close 2012-07-20-01-49-22
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#start 2012-07-20-01-49-22
|
||||
#open 2012-07-20-01-49-22
|
||||
#fields vec
|
||||
#types vector[string]
|
||||
-,2,-,-,5
|
||||
#end 2012-07-20-01-49-22
|
||||
#close 2012-07-20-01-49-22
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http-2-2
|
||||
#start 2011-03-18-19-06-08
|
||||
#open 2011-03-18-19-06-08
|
||||
#fields status_code
|
||||
#types count
|
||||
304
|
||||
|
|
@ -20,4 +20,4 @@
|
|||
304
|
||||
304
|
||||
304
|
||||
#end 2011-03-18-19-06-13
|
||||
#close 2011-03-18-19-06-13
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http-2
|
||||
#start 2011-03-18-19-06-08
|
||||
#open 2011-03-18-19-06-08
|
||||
#fields host
|
||||
#types string
|
||||
bits.wikimedia.org
|
||||
|
|
@ -20,4 +20,4 @@ upload.wikimedia.org
|
|||
upload.wikimedia.org
|
||||
upload.wikimedia.org
|
||||
upload.wikimedia.org
|
||||
#end 2011-03-18-19-06-13
|
||||
#close 2011-03-18-19-06-13
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http-3
|
||||
#start 2011-03-18-19-06-08
|
||||
#open 2011-03-18-19-06-08
|
||||
#fields uri
|
||||
#types string
|
||||
/skins-1.5/monobook/main.css
|
||||
|
|
@ -20,4 +20,4 @@
|
|||
/wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png
|
||||
/wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png
|
||||
/wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png
|
||||
#end 2011-03-18-19-06-13
|
||||
#close 2011-03-18-19-06-13
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2011-03-18-19-06-08
|
||||
#open 2011-03-18-19-06-08
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1300475168.784020 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
|
|
@ -20,4 +20,4 @@
|
|||
1300475169.014619 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475169.014593 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
1300475169.014927 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
|
||||
#end 2011-03-18-19-06-13
|
||||
#close 2011-03-18-19-06-13
|
||||
|
|
|
|||
4
testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log
Executable file → Normal file
4
testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log
Executable file → Normal file
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path reporter
|
||||
#start 2011-03-18-19-06-08
|
||||
#open 2011-03-18-19-06-08
|
||||
#fields ts level message location
|
||||
#types time enum string string
|
||||
1300475168.843894 Reporter::WARNING Write using filter 'host-only' on path 'http' changed to use new path 'http-2' to avoid conflict with filter 'default' (empty)
|
||||
1300475168.843894 Reporter::WARNING Write using filter 'uri-only' on path 'http' changed to use new path 'http-3' to avoid conflict with filter 'default' (empty)
|
||||
1300475168.843894 Reporter::WARNING Write using filter 'status-only' on path 'http-2' changed to use new path 'http-2-2' to avoid conflict with filter 'host-only' (empty)
|
||||
#end 2011-03-18-19-06-13
|
||||
#close 2011-03-18-19-06-13
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path metrics
|
||||
#start 2012-07-20-01-50-41
|
||||
#open 2012-07-20-01-50-41
|
||||
#fields ts metric_id filter_name index.host index.str index.network value
|
||||
#types time enum string addr string subnet count
|
||||
1342749041.601712 TEST_METRIC foo-bar 6.5.4.3 - - 4
|
||||
1342749041.601712 TEST_METRIC foo-bar 7.2.1.5 - - 2
|
||||
1342749041.601712 TEST_METRIC foo-bar 1.2.3.4 - - 6
|
||||
#end 2012-07-20-01-50-49
|
||||
#close 2012-07-20-01-50-49
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path metrics
|
||||
#start 2012-07-20-01-49-22
|
||||
#open 2012-07-20-01-49-22
|
||||
#fields ts metric_id filter_name index.host index.str index.network value
|
||||
#types time enum string addr string subnet count
|
||||
1342748962.841548 TEST_METRIC foo-bar 6.5.4.3 - - 2
|
||||
1342748962.841548 TEST_METRIC foo-bar 7.2.1.5 - - 1
|
||||
1342748962.841548 TEST_METRIC foo-bar 1.2.3.4 - - 3
|
||||
#end 2012-07-20-01-49-22
|
||||
#close 2012-07-20-01-49-22
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#start 2012-07-20-01-50-59
|
||||
#open 2012-07-20-01-50-59
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
|
||||
#types time string addr port addr port enum enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet
|
||||
1342749059.978651 - - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 100/100 - 1.2.3.4 - - 100 manager-1 Notice::ACTION_LOG 6 3600.000000 F - - - - - 1.2.3.4 - -
|
||||
#end 2012-07-20-01-51-08
|
||||
#close 2012-07-20-01-51-08
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#start 2012-07-20-01-49-23
|
||||
#open 2012-07-20-01-49-23
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
|
||||
#types time string addr port addr port enum enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet
|
||||
1342748963.085888 - - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 3/2 - 1.2.3.4 - - 3 bro Notice::ACTION_LOG 6 3600.000000 F - - - - - 1.2.3.4 - -
|
||||
1342748963.085888 - - - - - - Test_Notice Threshold crossed by metric_index(host=6.5.4.3) 2/2 - 6.5.4.3 - - 2 bro Notice::ACTION_LOG 6 3600.000000 F - - - - - 6.5.4.3 - -
|
||||
#end 2012-07-20-01-49-23
|
||||
#close 2012-07-20-01-49-23
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#start 2012-07-20-01-51-18
|
||||
#open 2012-07-20-01-51-18
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
|
||||
#types time string addr port addr port enum enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet
|
||||
1342749078.270791 - - - - - - Test_Notice test notice! - - - - - worker-1 Notice::ACTION_LOG 6 3600.000000 F - - - - - - - -
|
||||
#end 2012-07-20-01-51-27
|
||||
#close 2012-07-20-01-51-27
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#start 2012-07-20-01-51-36
|
||||
#open 2012-07-20-01-51-36
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
|
||||
#types time string addr port addr port enum enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet
|
||||
1342749096.545663 - - - - - - Test_Notice test notice! - - - - - worker-2 Notice::ACTION_LOG 6 3600.000000 F - - - - - - - -
|
||||
#end 2012-07-20-01-51-45
|
||||
#close 2012-07-20-01-51-45
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#start 2012-07-20-01-49-23
|
||||
#open 2012-07-20-01-49-23
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
||||
#types time string addr port addr port enum enum string string addr addr port count string table[enum] table[count] interval bool string string string double double
|
||||
1342748963.685754 - - - - - - Test_Notice test - - - - - bro Notice::ACTION_LOG 6 3600.000000 F - - - - -
|
||||
#end 2012-07-20-01-49-23
|
||||
#close 2012-07-20-01-49-23
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#start 2012-02-21-16-53-13
|
||||
#open 2012-02-21-16-53-13
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1329843175.736107 arKYeMETxOg 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty)
|
||||
|
|
@ -11,4 +11,4 @@
|
|||
1329843194.151526 nQcgTWjvg4c 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty)
|
||||
1329843197.783443 j4u32Pc5bif 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty)
|
||||
1329843161.968492 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty)
|
||||
#end 2012-02-21-16-53-20
|
||||
#close 2012-02-21-16-53-20
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ftp
|
||||
#start 2012-02-21-16-53-13
|
||||
#open 2012-02-21-16-53-13
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p user password command arg mime_type mime_desc file_size reply_code reply_msg tags extraction_file
|
||||
#types time string addr port addr port string string string string string string count count string table[string] file
|
||||
1329843179.926563 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 anonymous test RETR ftp://199.233.217.249/./robots.txt text/plain ASCII text 77 226 Transfer complete. - -
|
||||
1329843197.727769 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 anonymous test RETR ftp://199.233.217.249/./robots.txt text/plain ASCII text, with CRLF line terminators 77 226 Transfer complete. - -
|
||||
#end 2012-02-21-16-53-20
|
||||
#close 2012-02-21-16-53-20
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#start 2012-02-15-17-43-15
|
||||
#open 2012-02-15-17-43-15
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
|
||||
1329327783.316897 arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF - 0 ShAdfFa 5 372 4 642 (empty)
|
||||
|
|
@ -12,4 +12,4 @@
|
|||
1329327795.571921 j4u32Pc5bif 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF - 0 ShADFaf 5 449 4 300 (empty)
|
||||
1329327777.822004 UWkUyAuUGXf 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF - 0 ShAdDfFa 57 4426 34 5908 (empty)
|
||||
1329327800.017649 TEfuqmmG4bh 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF - 0 ShADFaf 5 714 4 300 (empty)
|
||||
#end 2012-02-15-17-43-24
|
||||
#close 2012-02-15-17-43-24
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ftp
|
||||
#start 2012-02-15-17-43-07
|
||||
#open 2012-02-15-17-43-07
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p user password command arg mime_type mime_desc file_size reply_code reply_msg tags extraction_file
|
||||
#types time string addr port addr port string string string string string string count count string table[string] file
|
||||
1329327787.396984 UWkUyAuUGXf 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 anonymous test RETR ftp://[2001:470:4867:99::21]/robots.txt - - 77 226 Transfer complete. - -
|
||||
1329327795.463946 UWkUyAuUGXf 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 anonymous test RETR ftp://[2001:470:4867:99::21]/robots.txt - - 77 226 Transfer complete. - -
|
||||
#end 2012-02-15-17-43-24
|
||||
#close 2012-02-15-17-43-24
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2009-03-19-05-21-36
|
||||
#open 2009-03-19-05-21-36
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1237440095.634312 UWkUyAuUGXf 192.168.3.103 54102 128.146.216.51 80 1 POST www.osu.edu / - curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3 2001 60731 200 OK 100 Continue - (empty) - - - text/html - -
|
||||
#end 2009-03-19-05-21-36
|
||||
#close 2009-03-19-05-21-36
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2005-10-07-23-23-56
|
||||
#open 2005-10-07-23-23-56
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1128727435.634189 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - http-item_141.42.64.125:56730-125.190.109.199:80_resp_1.dat
|
||||
#end 2005-10-07-23-23-57
|
||||
#close 2005-10-07-23-23-57
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2009-11-18-20-58-04
|
||||
#open 2009-11-18-20-58-04
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - (empty) - - - FAKE_MIME - -
|
||||
|
|
@ -11,4 +11,4 @@
|
|||
1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - (empty) - - - FAKE_MIME - -
|
||||
1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - (empty) - - - image/png e0029eea80812e9a8e57b8d05d52938a -
|
||||
1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - (empty) - - - image/png 30aa926344f58019d047e85ba049ca1e -
|
||||
#end 2009-11-18-20-58-32
|
||||
#close 2009-11-18-20-58-32
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#start 2009-11-18-20-58-04
|
||||
#open 2009-11-18-20-58-04
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string file
|
||||
1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - (empty) - - - - -
|
||||
|
|
@ -11,4 +11,4 @@
|
|||
1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - (empty) - - - - -
|
||||
1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - (empty) - - - - -
|
||||
1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - (empty) - - - - -
|
||||
#end 2009-11-18-20-58-32
|
||||
#close 2009-11-18-20-58-32
|
||||
|
|
|
|||
|
|
@ -3,11 +3,11 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path irc
|
||||
#start 2011-07-20-19-12-44
|
||||
#open 2011-07-20-19-12-44
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user command value addl dcc_file_name dcc_file_size extraction_file
|
||||
#types time string addr port addr port string string string string string string count file
|
||||
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - NICK bloed - - - -
|
||||
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - -
|
||||
1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje JOIN #easymovies (empty) - - -
|
||||
1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje DCC #easymovies (empty) ladyvampress-default(2011-07-07)-OS.zip 42208 -
|
||||
#end 2011-07-20-19-15-42
|
||||
#close 2011-07-20-19-15-42
|
||||
|
|
|
|||
|
|
@ -3,11 +3,11 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path irc
|
||||
#start 2011-07-20-19-12-44
|
||||
#open 2011-07-20-19-12-44
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user command value addl dcc_file_name dcc_file_size dcc_mime_type extraction_file
|
||||
#types time string addr port addr port string string string string string string count string file
|
||||
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - NICK bloed - - - - -
|
||||
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - -
|
||||
1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje JOIN #easymovies (empty) - - - -
|
||||
1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje DCC #easymovies (empty) ladyvampress-default(2011-07-07)-OS.zip 42208 FAKE_MIME irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat
|
||||
#end 2011-07-20-19-15-42
|
||||
#close 2011-07-20-19-15-42
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path smtp
|
||||
#start 2009-10-05-06-06-12
|
||||
#open 2009-10-05-06-06-12
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent
|
||||
#types time string addr port addr port count string string table[string] string string table[string] string string string string addr string string string vector[addr] string
|
||||
1254722768.219663 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 GP <gurpartap@patriots.in> <raj_deol2002in@yahoo.co.in> Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" <gurpartap@patriots.in> <raj_deol2002in@yahoo.co.in> - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0
|
||||
#end 2009-10-05-06-06-16
|
||||
#close 2009-10-05-06-06-16
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path smtp_entities
|
||||
#start 2009-10-05-06-06-10
|
||||
#open 2009-10-05-06-06-10
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth filename content_len mime_type md5 extraction_file excerpt
|
||||
#types time string addr port addr port count string count string string file string
|
||||
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 79 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat (empty)
|
||||
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 1918 FAKE_MIME - - (empty)
|
||||
1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 NEWS.txt 10823 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat (empty)
|
||||
#end 2009-10-05-06-06-16
|
||||
#close 2009-10-05-06-06-16
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path smtp_entities
|
||||
#start 2009-10-05-06-06-10
|
||||
#open 2009-10-05-06-06-10
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth filename content_len mime_type md5 extraction_file excerpt
|
||||
#types time string addr port addr port count string count string string file string
|
||||
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 79 FAKE_MIME 92bca2e6cdcde73647125da7dccbdd07 - (empty)
|
||||
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 1918 FAKE_MIME - - (empty)
|
||||
1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 NEWS.txt 10823 FAKE_MIME a968bb0f9f9d95835b2e74c845877e87 - (empty)
|
||||
#end 2009-10-05-06-06-16
|
||||
#close 2009-10-05-06-06-16
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path socks
|
||||
#start 2012-06-20-17-23-38
|
||||
#open 2012-06-20-17-23-38
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user status request.host request.name request_p bound.host bound.name bound_p
|
||||
#types time string addr port addr port count string string addr string port addr string port
|
||||
1340213015.276495 UWkUyAuUGXf 10.0.0.55 53994 60.190.189.214 8124 5 - succeeded - www.osnews.com 80 192.168.0.31 - 2688
|
||||
#end 2012-06-20-17-28-10
|
||||
#close 2012-06-20-17-28-10
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path tunnel
|
||||
#start 2012-06-20-17-23-35
|
||||
#open 2012-06-20-17-23-35
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||
#types time string addr port addr port enum enum
|
||||
1340213015.276495 - 10.0.0.55 0 60.190.189.214 8124 Tunnel::SOCKS Tunnel::DISCOVER
|
||||
#end 2012-06-20-17-28-10
|
||||
#close 2012-06-20-17-28-10
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path socks
|
||||
#start 2012-06-19-13-41-02
|
||||
#open 2012-06-19-13-41-02
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user status request.host request.name request_p bound.host bound.name bound_p
|
||||
#types time string addr port addr port count string string addr string port addr string port
|
||||
1340113261.914619 UWkUyAuUGXf 10.0.0.50 59580 85.194.84.197 1080 5 - succeeded - www.google.com 443 0.0.0.0 - 443
|
||||
#end 2012-06-19-13-41-05
|
||||
#close 2012-06-19-13-41-05
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path tunnel
|
||||
#start 2012-06-19-13-41-01
|
||||
#open 2012-06-19-13-41-01
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||
#types time string addr port addr port enum enum
|
||||
1340113261.914619 - 10.0.0.50 0 85.194.84.197 1080 Tunnel::SOCKS Tunnel::DISCOVER
|
||||
#end 2012-06-19-13-41-05
|
||||
#close 2012-06-19-13-41-05
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path tunnel
|
||||
#start 2008-04-15-22-43-49
|
||||
#open 2008-04-15-22-43-49
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
|
||||
#types time string addr port addr port enum enum
|
||||
1208299429.265774 - 127.0.0.1 0 127.0.0.1 1080 Tunnel::SOCKS Tunnel::DISCOVER
|
||||
#end 2008-04-15-22-43-49
|
||||
#close 2008-04-15-22-43-49
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssl
|
||||
#start 2012-04-27-14-53-12
|
||||
#open 2012-04-27-14-53-12
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher server_name session_id subject issuer_subject not_valid_before not_valid_after last_alert
|
||||
#types time string addr port addr port string string string string string string time time string
|
||||
1335538392.319381 UWkUyAuUGXf 192.168.1.105 62045 74.125.224.79 443 TLSv10 TLS_ECDHE_RSA_WITH_RC4_128_SHA ssl.gstatic.com - CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority,O=Google Inc,C=US 1334102677.000000 1365639277.000000 -
|
||||
#end 2012-04-27-14-53-16
|
||||
#close 2012-04-27-14-53-16
|
||||
|
|
|
|||
|
|
@ -3,11 +3,11 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_hosts
|
||||
#start 2011-03-18-19-06-08
|
||||
#open 2011-03-18-19-06-08
|
||||
#fields ts host
|
||||
#types time addr
|
||||
1300475168.783842 141.142.220.118
|
||||
1300475168.783842 208.80.152.118
|
||||
1300475168.915940 208.80.152.3
|
||||
1300475168.962628 208.80.152.2
|
||||
#end 2011-03-18-19-06-13
|
||||
#close 2011-03-18-19-06-13
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_hosts
|
||||
#start 2011-03-18-19-06-08
|
||||
#open 2011-03-18-19-06-08
|
||||
#fields ts host
|
||||
#types time addr
|
||||
1300475168.783842 141.142.220.118
|
||||
#end 2011-03-18-19-06-13
|
||||
#close 2011-03-18-19-06-13
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_hosts
|
||||
#start 2011-03-18-19-06-08
|
||||
#open 2011-03-18-19-06-08
|
||||
#fields ts host
|
||||
#types time addr
|
||||
1300475168.783842 208.80.152.118
|
||||
1300475168.915940 208.80.152.3
|
||||
1300475168.962628 208.80.152.2
|
||||
#end 2011-03-18-19-06-13
|
||||
#close 2011-03-18-19-06-13
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_services
|
||||
#start 2011-06-24-15-51-31
|
||||
#open 2011-06-24-15-51-31
|
||||
#fields ts host port_num port_proto service
|
||||
#types time addr port enum table[string]
|
||||
1308930691.049431 172.16.238.131 22 tcp SSH
|
||||
|
|
@ -11,4 +11,4 @@
|
|||
1308930716.462556 74.125.225.81 80 tcp HTTP
|
||||
1308930718.361665 172.16.238.131 21 tcp FTP
|
||||
1308930726.872485 141.142.192.39 22 tcp SSH
|
||||
#end 2011-06-24-15-52-08
|
||||
#close 2011-06-24-15-52-08
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_services
|
||||
#start 2011-06-24-15-51-31
|
||||
#open 2011-06-24-15-51-31
|
||||
#fields ts host port_num port_proto service
|
||||
#types time addr port enum table[string]
|
||||
1308930691.049431 172.16.238.131 22 tcp SSH
|
||||
1308930694.550308 172.16.238.131 80 tcp HTTP
|
||||
1308930718.361665 172.16.238.131 21 tcp FTP
|
||||
#end 2011-06-24-15-52-08
|
||||
#close 2011-06-24-15-52-08
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_services
|
||||
#start 2011-06-24-15-51-56
|
||||
#open 2011-06-24-15-51-56
|
||||
#fields ts host port_num port_proto service
|
||||
#types time addr port enum table[string]
|
||||
1308930716.462556 74.125.225.81 80 tcp HTTP
|
||||
1308930726.872485 141.142.192.39 22 tcp SSH
|
||||
#end 2011-06-24-15-52-08
|
||||
#close 2011-06-24-15-52-08
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue