mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Updates for log format changes.
This commit is contained in:
Robin Sommer
parent
c81477d9d3
commit
3ac4ff6b42
76 changed files with 406 additions and 406 deletions
|
|
@ -1,16 +1,16 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path reporter
|
||||
#fields ts level message location
|
||||
#types time enum string string
|
||||
1300475168.783842 Reporter::ERROR field value missing [c$ftp] /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.915940 Reporter::ERROR field value missing [c$ftp] /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.916118 Reporter::ERROR field value missing [c$ftp] /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.918295 Reporter::ERROR field value missing [c$ftp] /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.952193 Reporter::ERROR field value missing [c$ftp] /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.952228 Reporter::ERROR field value missing [c$ftp] /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.954761 Reporter::ERROR field value missing [c$ftp] /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.962628 Reporter::ERROR field value missing [c$ftp] /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475169.780331 Reporter::ERROR field value missing [c$ftp] /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.783842 Reporter::ERROR field value missing [c$ftp] /Users/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.915940 Reporter::ERROR field value missing [c$ftp] /Users/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.916118 Reporter::ERROR field value missing [c$ftp] /Users/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.918295 Reporter::ERROR field value missing [c$ftp] /Users/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.952193 Reporter::ERROR field value missing [c$ftp] /Users/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.952228 Reporter::ERROR field value missing [c$ftp] /Users/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.954761 Reporter::ERROR field value missing [c$ftp] /Users/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475168.962628 Reporter::ERROR field value missing [c$ftp] /Users/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
1300475169.780331 Reporter::ERROR field value missing [c$ftp] /Users/robin/bro/master/testing/btest/.tmp/core.expr-exception/expr-exception.bro, line 8
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count
|
||||
|
|
|
|||
|
|
@ -1,32 +1,32 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path packet_filter
|
||||
#fields ts node filter init success
|
||||
#types time string string bool bool
|
||||
1323275491.966719 - not ip6 T T
|
||||
1324314285.981347 - not ip6 T T
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path packet_filter
|
||||
#fields ts node filter init success
|
||||
#types time string string bool bool
|
||||
1323275492.165829 - (((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666)) and (not ip6) T T
|
||||
1324314286.168294 - (((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666)) and (not ip6) T T
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path packet_filter
|
||||
#fields ts node filter init success
|
||||
#types time string string bool bool
|
||||
1323275492.362403 - port 42 T T
|
||||
1324314286.350780 - port 42 T T
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path packet_filter
|
||||
#fields ts node filter init success
|
||||
#types time string string bool bool
|
||||
1323275492.563649 - port 56730 T T
|
||||
1324314286.530768 - port 56730 T T
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
error in /da/home/robin/bro/seth/testing/btest/.tmp/core.reporter-error-in-handler/reporter-error-in-handler.bro, line 22: no such index (a[2])
|
||||
error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-error-in-handler/reporter-error-in-handler.bro, line 22: no such index (a[2])
|
||||
1st error printed on script level
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
error in /Users/jsiwek/tmp/bro/testing/btest/.tmp/core.reporter-fmt-strings/reporter-fmt-strings.bro, line 9: not an event (dont_interpret_this(%s))
|
||||
error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-fmt-strings/reporter-fmt-strings.bro, line 9: not an event (dont_interpret_this(%s))
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
error in /da/home/robin/bro/seth/testing/btest/.tmp/core.reporter-parse-error/reporter-parse-error.bro, line 7: unknown identifier TESTFAILURE, at or near "TESTFAILURE"
|
||||
error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-parse-error/reporter-parse-error.bro, line 7: unknown identifier TESTFAILURE, at or near "TESTFAILURE"
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
error in /Users/seth/bro.git9/testing/btest/.tmp/core.reporter-runtime-error/reporter-runtime-error.bro, line 12: no such index (a[1])
|
||||
error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-runtime-error/reporter-runtime-error.bro, line 12: no such index (a[1])
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
error in string and /da/home/robin/bro/seth/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: arithmetic mixed with non-arithmetic (string and 42)
|
||||
error in /da/home/robin/bro/seth/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11 and string: type mismatch (42 and string)
|
||||
error in /da/home/robin/bro/seth/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: argument type mismatch in event invocation (foo(42))
|
||||
error in string and /Users/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: arithmetic mixed with non-arithmetic (string and 42)
|
||||
error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11 and string: type mismatch (42 and string)
|
||||
error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter-type-mismatch/reporter-type-mismatch.bro, line 11: argument type mismatch in event invocation (foo(42))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
reporter_info|init test-info|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 8|0.000000
|
||||
reporter_warning|init test-warning|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 9|0.000000
|
||||
reporter_error|init test-error|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 10|0.000000
|
||||
reporter_info|done test-info|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 15|0.000000
|
||||
reporter_warning|done test-warning|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 16|0.000000
|
||||
reporter_error|done test-error|/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 17|0.000000
|
||||
reporter_info|init test-info|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 8|0.000000
|
||||
reporter_warning|init test-warning|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 9|0.000000
|
||||
reporter_error|init test-error|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 10|0.000000
|
||||
reporter_info|done test-info|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 15|0.000000
|
||||
reporter_warning|done test-warning|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 16|0.000000
|
||||
reporter_error|done test-error|/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 17|0.000000
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
/da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 52: pre test-info
|
||||
warning in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 53: pre test-warning
|
||||
error in /da/home/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 54: pre test-error
|
||||
/Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 52: pre test-info
|
||||
warning in /Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 53: pre test-warning
|
||||
error in /Users/robin/bro/master/testing/btest/.tmp/core.reporter/reporter.bro, line 54: pre test-error
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path conn
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes
|
||||
#types time string addr port addr port enum string interval count count string bool count string count count count count
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path loaded_scripts
|
||||
#fields name
|
||||
#types string
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path loaded_scripts
|
||||
#fields name
|
||||
#types string
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
ping received, seq 0, 1303093042.542125 at src, 1303093042.583423 at dest,
|
||||
ping received, seq 1, 1303093043.543167 at src, 1303093043.544026 at dest,
|
||||
ping received, seq 2, 1303093044.544115 at src, 1303093044.545008 at dest,
|
||||
ping received, seq 0, 1324314397.698781 at src, 1324314397.699240 at dest,
|
||||
ping received, seq 1, 1324314398.698905 at src, 1324314398.699094 at dest,
|
||||
ping received, seq 2, 1324314399.699012 at src, 1324314399.699231 at dest,
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1324308802.436269 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - -
|
||||
1324314406.995958 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - -
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1324308802.436269 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - -
|
||||
1324314406.995958 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - -
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1324308826.107003 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - -
|
||||
1324314415.616486 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - -
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1324308826.107003 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - -
|
||||
1324314415.616486 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - -
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
error in /da/home/robin/bro/seth/testing/btest/.tmp/language.wrong-delete-field/wrong-delete-field.bro, line 10: illegal delete statement (delete x$a)
|
||||
error in /Users/robin/bro/master/testing/btest/.tmp/language.wrong-delete-field/wrong-delete-field.bro, line 10: illegal delete statement (delete x$a)
|
||||
|
|
|
|||
|
|
@ -1,19 +1,19 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path communication
|
||||
#fields ts peer src_name connected_peer_desc connected_peer_addr connected_peer_port level message
|
||||
#types time string string string addr port string string
|
||||
1323275566.293849 bro parent - - - info [#1/127.0.0.1:47757] added peer
|
||||
1323275566.300180 bro child - - - info [#1/127.0.0.1:47757] connected
|
||||
1323275566.300467 bro parent - - - info [#1/127.0.0.1:47757] peer connected
|
||||
1323275566.300467 bro parent - - - info [#1/127.0.0.1:47757] phase: version
|
||||
1323275566.300936 bro script - - - info connection established
|
||||
1323275566.300936 bro script - - - info requesting events matching /^?(NOTHING)$?/
|
||||
1323275566.300936 bro script - - - info accepting state
|
||||
1323275566.302043 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake
|
||||
1323275566.302043 bro parent - - - info warning: no events to request
|
||||
1323275566.302043 bro parent - - - info terminating...
|
||||
1323275566.302043 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro
|
||||
1323275566.302043 bro parent - - - info [#1/127.0.0.1:47757] closing connection
|
||||
1324314302.411344 bro parent - - - info [#1/127.0.0.1:47757] added peer
|
||||
1324314302.414978 bro child - - - info [#1/127.0.0.1:47757] connected
|
||||
1324314302.415099 bro parent - - - info [#1/127.0.0.1:47757] peer connected
|
||||
1324314302.415099 bro parent - - - info [#1/127.0.0.1:47757] phase: version
|
||||
1324314302.417446 bro script - - - info connection established
|
||||
1324314302.417446 bro script - - - info requesting events matching /^?(NOTHING)$?/
|
||||
1324314302.417446 bro script - - - info accepting state
|
||||
1324314302.418003 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake
|
||||
1324314302.418003 bro parent - - - info warning: no events to request
|
||||
1324314302.418003 bro parent - - - info terminating...
|
||||
1324314302.418003 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro
|
||||
1324314302.418003 bro parent - - - info [#1/127.0.0.1:47757] closing connection
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh-new-default
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323275589.577486 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1323275589.577486 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1324314313.140603 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1324314313.140603 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x7c
|
||||
#set_separator|\x2c
|
||||
#empty_field|\x2d
|
||||
#unset_field|\x2d
|
||||
#separator |
|
||||
#set_separator|,
|
||||
#empty_field|(empty)
|
||||
#unset_field|-
|
||||
#path|ssh
|
||||
#fields|data|data2
|
||||
#types|string|string
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
PREFIX<>separator \x7c
|
||||
PREFIX<>set_separator|\x2c
|
||||
PREFIX<>empty_field|\x45\x4d\x50\x54\x59
|
||||
PREFIX<>unset_field|\x4e\x4f\x54\x2d\x53\x45\x54
|
||||
PREFIX<>separator |
|
||||
PREFIX<>set_separator|,
|
||||
PREFIX<>empty_field|EMPTY
|
||||
PREFIX<>unset_field|NOT-SET
|
||||
PREFIX<>path|ssh
|
||||
PREFIX<>fields|t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b
|
||||
PREFIX<>types|time|addr|port|addr|port|string|string|bool
|
||||
1323275635.348361|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET
|
||||
1323275635.348361|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET
|
||||
1323275635.348361|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET
|
||||
1323275635.348361|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET
|
||||
1323275635.348361|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T
|
||||
1324314313.345323|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET
|
||||
1324314313.345323|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET
|
||||
1324314313.345323|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET
|
||||
1324314313.345323|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET
|
||||
1324314313.345323|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1315799856.264750 UWkUyAuUGXf 10.0.1.104 64216 193.40.5.162 80 1 GET lepo.it.da.ut.ee /~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf - Wget/1.12 (darwin10.8.0) 0 346 404 Not Found - - - - - - - text/html - -
|
||||
1315799856.264750 UWkUyAuUGXf 10.0.1.104 64216 193.40.5.162 80 1 GET lepo.it.da.ut.ee /~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf - Wget/1.12 (darwin10.8.0) 0 346 404 Not Found - - - (empty) - - - text/html - -
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields ss
|
||||
#types table[string]
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
#separator \x7c\x7c
|
||||
#set_separator||\x2c
|
||||
#empty_field||\x2d
|
||||
#unset_field||\x2d
|
||||
#separator ||
|
||||
#set_separator||,
|
||||
#empty_field||(empty)
|
||||
#unset_field||-
|
||||
#path||ssh
|
||||
#fields||t||id.orig_h||id.orig_p||id.resp_h||id.resp_p||status||country
|
||||
#types||time||addr||port||addr||port||string||string
|
||||
1323275761.036351||1.2.3.4||1234||2.3.4.5||80||success||unknown
|
||||
1323275761.036351||1.2.3.4||1234||2.3.4.5||80||failure||US
|
||||
1323275761.036351||1.2.3.4||1234||2.3.4.5||80||fa\x7c\x7cure||UK
|
||||
1323275761.036351||1.2.3.4||1234||2.3.4.5||80||su\x7c\x7cess||BR
|
||||
1323275761.036351||1.2.3.4||1234||2.3.4.5||80||failure||MX
|
||||
1324314313.899736||1.2.3.4||1234||2.3.4.5||80||success||unknown
|
||||
1324314313.899736||1.2.3.4||1234||2.3.4.5||80||failure||US
|
||||
1324314313.899736||1.2.3.4||1234||2.3.4.5||80||fa\x7c\x7cure||UK
|
||||
1324314313.899736||1.2.3.4||1234||2.3.4.5||80||su\x7c\x7cess||BR
|
||||
1324314313.899736||1.2.3.4||1234||2.3.4.5||80||failure||MX
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
1299718506.38074|1.2.3.4|1234|2.3.4.5|80|success|unknown
|
||||
1299718506.38074|1.2.3.4|1234|2.3.4.5|80|failure|US
|
||||
1299718506.38074|1.2.3.4|1234|2.3.4.5|80|failure|UK
|
||||
1299718506.38074|1.2.3.4|1234|2.3.4.5|80|success|BR
|
||||
1299718506.38074|1.2.3.4|1234|2.3.4.5|80|failure|MX
|
||||
1324314313.990741|1.2.3.4|1234|2.3.4.5|80|success|unknown
|
||||
1324314313.990741|1.2.3.4|1234|2.3.4.5|80|failure|US
|
||||
1324314313.990741|1.2.3.4|1234|2.3.4.5|80|failure|UK
|
||||
1324314313.990741|1.2.3.4|1234|2.3.4.5|80|success|BR
|
||||
1324314313.990741|1.2.3.4|1234|2.3.4.5|80|failure|MX
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields data
|
||||
#types time
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#fields status country a1 b1 b2
|
||||
#types string string count count count
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#fields status country
|
||||
#types string string
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323275824.696040 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1323275824.696040 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1323275824.696040 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1323275824.696040 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1323275824.696040 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
1324314314.443785 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1324314314.443785 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1324314314.443785 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1324314314.443785 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1324314314.443785 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
[t=1323970492.986366, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=success, country=unknown]
|
||||
[t=1323970492.986366, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=failure, country=US]
|
||||
[t=1324314314.738385, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=success, country=unknown]
|
||||
[t=1324314314.738385, id=[orig_h=1.2.3.4, orig_p=1234/tcp, resp_h=2.3.4.5, resp_p=80/tcp], status=failure, country=US]
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#fields id.orig_p id.resp_h id.resp_p status country
|
||||
#types port addr port string string
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#fields t f
|
||||
#types time file
|
||||
1323275842.508479 Foo.log
|
||||
1324314314.940195 Foo.log
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#fields t id.orig_h
|
||||
#types time addr
|
||||
1323275846.507507 1.2.3.4
|
||||
1323275846.507507 1.2.3.4
|
||||
1323275846.507507 1.2.3.4
|
||||
1323275846.507507 1.2.3.4
|
||||
1323275846.507507 1.2.3.4
|
||||
1324314315.040480 1.2.3.4
|
||||
1324314315.040480 1.2.3.4
|
||||
1324314315.040480 1.2.3.4
|
||||
1324314315.040480 1.2.3.4
|
||||
1324314315.040480 1.2.3.4
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path local
|
||||
#fields ts id.orig_h
|
||||
#types time addr
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path remote
|
||||
#fields ts id.orig_h
|
||||
#types time addr
|
||||
|
|
|
|||
|
|
@ -6,58 +6,58 @@ static-prefix-1-US.log
|
|||
static-prefix-2-MX2.log
|
||||
static-prefix-2-UK.log
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-0-BR
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323275860.153895 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1324314315.385189 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-0-MX3
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323275860.153895 1.2.3.4 1234 2.3.4.5 80 failure MX3
|
||||
1324314315.385189 1.2.3.4 1234 2.3.4.5 80 failure MX3
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-0-unknown
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323275860.153895 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1324314315.385189 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-1-MX
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323275860.153895 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
1324314315.385189 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-1-US
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323275860.153895 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1324314315.385189 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-2-MX2
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323275860.153895 1.2.3.4 1234 2.3.4.5 80 failure MX2
|
||||
1324314315.385189 1.2.3.4 1234 2.3.4.5 80 failure MX2
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path static-prefix-2-UK
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323275860.153895 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1324314315.385189 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test.failure
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323275882.725518 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1324314315.498365 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test.success
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1324308566.444800 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1324314315.498365 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x45\x4d\x50\x54\x59
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field EMPTY
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields b i e c p sn a d t iv s sc ss se vc ve
|
||||
#types bool int enum count port subnet addr double time interval string table[count] table[string] table[string] vector[count] vector[string]
|
||||
T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1324308572.066737 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY
|
||||
T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1324314315.880694 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test.failure
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323276013.684540 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1323276013.684540 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1323276013.684540 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
1324314321.061516 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1324314321.061516 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1324314321.061516 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1324308589.020941 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1324308589.020941 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1324308589.020941 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1324308589.020941 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1324308589.020941 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
1324314321.061516 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1324314321.061516 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1324314321.061516 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1324314321.061516 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1324314321.061516 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test.success
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1324308589.020941 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1324308589.020941 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1324314321.061516 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1324314321.061516 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh.failure
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323276050.103643 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1323276050.103643 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1324314328.196443 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1324314328.196443 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323276050.103643 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1323276050.103643 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1323276050.103643 1.2.3.4 1234 2.3.4.5 80 failure BR
|
||||
1324314328.196443 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1324314328.196443 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1324314328.196443 1.2.3.4 1234 2.3.4.5 80 failure BR
|
||||
|
|
|
|||
|
|
@ -18,14 +18,14 @@ custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_11.00.05.log, pat
|
|||
custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_11.59.55.log, path=test2, open=1299499195.0, close=1299499205.0, terminating=F]
|
||||
custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.00.05.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F]
|
||||
custom rotate, [writer=Log::WRITER_ASCII, fname=test2-11-03-07_12.59.55.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T]
|
||||
#empty_field \x2d
|
||||
#empty_field (empty)
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#path test
|
||||
#path test2
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#set_separator ,
|
||||
#types time addr port addr port
|
||||
#unset_field \x2d
|
||||
#unset_field -
|
||||
1299466805.000000 10.0.0.1 20 10.0.0.2 1024
|
||||
1299470395.000000 10.0.0.2 20 10.0.0.3 0
|
||||
1299470405.000000 10.0.0.1 20 10.0.0.2 1025
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@ test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0
|
|||
test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
|
||||
> test.2011-03-07-03-00-05.log
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
|
|
@ -20,9 +20,9 @@ test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
|
|||
1299470395.000000 10.0.0.2 20 10.0.0.3 0
|
||||
> test.2011-03-07-04-00-05.log
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
|
|
@ -30,9 +30,9 @@ test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
|
|||
1299473995.000000 10.0.0.2 20 10.0.0.3 1
|
||||
> test.2011-03-07-05-00-05.log
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
|
|
@ -40,9 +40,9 @@ test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
|
|||
1299477595.000000 10.0.0.2 20 10.0.0.3 2
|
||||
> test.2011-03-07-06-00-05.log
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
|
|
@ -50,9 +50,9 @@ test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
|
|||
1299481195.000000 10.0.0.2 20 10.0.0.3 3
|
||||
> test.2011-03-07-07-00-05.log
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
|
|
@ -60,9 +60,9 @@ test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
|
|||
1299484795.000000 10.0.0.2 20 10.0.0.3 4
|
||||
> test.2011-03-07-08-00-05.log
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
|
|
@ -70,9 +70,9 @@ test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
|
|||
1299488395.000000 10.0.0.2 20 10.0.0.3 5
|
||||
> test.2011-03-07-09-00-05.log
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
|
|
@ -80,9 +80,9 @@ test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
|
|||
1299491995.000000 10.0.0.2 20 10.0.0.3 6
|
||||
> test.2011-03-07-10-00-05.log
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
|
|
@ -90,9 +90,9 @@ test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
|
|||
1299495595.000000 10.0.0.2 20 10.0.0.3 7
|
||||
> test.2011-03-07-11-00-05.log
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
|
|
@ -100,9 +100,9 @@ test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
|
|||
1299499195.000000 10.0.0.2 20 10.0.0.3 8
|
||||
> test.2011-03-07-12-00-05.log
|
||||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path test
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
#types time addr port addr port
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path /dev/stdout
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323276116.980214 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1323276116.980214 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1323276116.980214 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1323276116.980214 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1323276116.980214 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
1324314328.844271 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1324314328.844271 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1324314328.844271 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1324314328.844271 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1324314328.844271 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
||||
#types time addr port addr port string string
|
||||
1323276164.251500 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1323276164.251500 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1323276164.251500 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1323276164.251500 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1323276164.251500 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
1324314328.950525 1.2.3.4 1234 2.3.4.5 80 success unknown
|
||||
1324314328.950525 1.2.3.4 1234 2.3.4.5 80 failure US
|
||||
1324314328.950525 1.2.3.4 1234 2.3.4.5 80 failure UK
|
||||
1324314328.950525 1.2.3.4 1234 2.3.4.5 80 success BR
|
||||
1324314328.950525 1.2.3.4 1234 2.3.4.5 80 failure MX
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x45\x4d\x50\x54\x59
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field EMPTY
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#fields b i e c p sn a d t iv s sc ss se vc ve f
|
||||
#types bool int enum count port subnet addr double time interval string table[count] table[string] table[string] vector[count] vector[string] func
|
||||
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1324308607.500960 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
|
||||
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1324314329.051618 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path testing
|
||||
#fields a.val1 a.val2 b
|
||||
#types count count count
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path ssh
|
||||
#fields vec
|
||||
#types vector[string]
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path metrics
|
||||
#fields ts metric_id filter_name index.host index.str index.network value
|
||||
#types time enum string addr string subnet count
|
||||
1323276206.622034 TEST_METRIC foo-bar 6.5.4.3 - - 4
|
||||
1323276206.622034 TEST_METRIC foo-bar 1.2.3.4 - - 6
|
||||
1323276206.622034 TEST_METRIC foo-bar 7.2.1.5 - - 2
|
||||
1324314335.570789 TEST_METRIC foo-bar 6.5.4.3 - - 4
|
||||
1324314335.570789 TEST_METRIC foo-bar 1.2.3.4 - - 6
|
||||
1324314335.570789 TEST_METRIC foo-bar 7.2.1.5 - - 2
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path metrics
|
||||
#fields ts metric_id filter_name index.host index.str index.network value
|
||||
#types time enum string addr string subnet count
|
||||
1323276222.644659 TEST_METRIC foo-bar 6.5.4.3 - - 2
|
||||
1323276222.644659 TEST_METRIC foo-bar 1.2.3.4 - - 3
|
||||
1323276222.644659 TEST_METRIC foo-bar 7.2.1.5 - - 1
|
||||
1324314344.807073 TEST_METRIC foo-bar 6.5.4.3 - - 2
|
||||
1324314344.807073 TEST_METRIC foo-bar 1.2.3.4 - - 3
|
||||
1324314344.807073 TEST_METRIC foo-bar 7.2.1.5 - - 1
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
|
||||
#types time string addr port addr port enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet
|
||||
1324308631.319990 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 100/100 - 1.2.3.4 - - 100 manager-1 Notice::ACTION_LOG 6 3600.000000 F - - - - - 1.2.3.4 - -
|
||||
1324314350.184962 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 100/100 - 1.2.3.4 - - 100 manager-1 Notice::ACTION_LOG 6 3600.000000 F - - - - - 1.2.3.4 - -
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
|
||||
#types time string addr port addr port enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet
|
||||
1324308665.314874 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 3/2 - 1.2.3.4 - - 3 bro Notice::ACTION_LOG 6 3600.000000 F - - - - - 1.2.3.4 - -
|
||||
1324308665.314874 - - - - - Test_Notice Threshold crossed by metric_index(host=6.5.4.3) 2/2 - 6.5.4.3 - - 2 bro Notice::ACTION_LOG 6 3600.000000 F - - - - - 6.5.4.3 - -
|
||||
1324314359.357148 - - - - - Test_Notice Threshold crossed by metric_index(host=1.2.3.4) 3/2 - 1.2.3.4 - - 3 bro Notice::ACTION_LOG 6 3600.000000 F - - - - - 1.2.3.4 - -
|
||||
1324314359.357148 - - - - - Test_Notice Threshold crossed by metric_index(host=6.5.4.3) 2/2 - 6.5.4.3 - - 2 bro Notice::ACTION_LOG 6 3600.000000 F - - - - - 6.5.4.3 - -
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
|
||||
#types time string addr port addr port enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet
|
||||
1324308679.119923 - - - - - Test_Notice test notice! - - - - - worker-1 Notice::ACTION_LOG 6 3600.000000 F - - - - - - - -
|
||||
1324314363.721823 - - - - - Test_Notice test notice! - - - - - worker-1 Notice::ACTION_LOG 6 3600.000000 F - - - - - - - -
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
|
||||
#types time string addr port addr port enum string string addr addr port count string table[enum] table[count] interval bool string string string double double addr string subnet
|
||||
1324308705.683375 - - - - - Test_Notice test notice! - - - - - worker-2 Notice::ACTION_LOG 6 3600.000000 F - - - - - - - -
|
||||
1324314378.560010 - - - - - Test_Notice test notice! - - - - - worker-2 Notice::ACTION_LOG 6 3600.000000 F - - - - - - - -
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path notice
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p note msg sub src dst p n peer_descr actions policy_items suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
||||
#types time string addr port addr port enum string string addr addr port count string table[enum] table[count] interval bool string string string double double
|
||||
1324308722.344582 - - - - - Test_Notice test - - - - - bro Notice::ACTION_LOG 6 3600.000000 F - - - - -
|
||||
1324314387.663586 - - - - - Test_Notice test - - - - - bro Notice::ACTION_LOG 6 3600.000000 F - - - - -
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1237440095.634312 UWkUyAuUGXf 192.168.3.103 54102 128.146.216.51 80 1 POST www.osu.edu / - curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3 2001 60731 200 OK 100 Continue - - - - - text/html - -
|
||||
1237440095.634312 UWkUyAuUGXf 192.168.3.103 54102 128.146.216.51 80 1 POST www.osu.edu / - curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3 2001 60731 200 OK 100 Continue - (empty) - - - text/html - -
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1128727435.634189 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - - - - - text/html - http-item_141.42.64.125:56730-125.190.109.199:80_resp_1.dat
|
||||
1128727435.634189 arKYeMETxOg 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - text/html - http-item_141.42.64.125:56730-125.190.109.199:80_resp_1.dat
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
|
||||
1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - - - - - FAKE_MIME - -
|
||||
1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - - - - - FAKE_MIME - -
|
||||
1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - - - - - FAKE_MIME - -
|
||||
1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - - - - - image/png e0029eea80812e9a8e57b8d05d52938a -
|
||||
1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - - - - - image/png 30aa926344f58019d047e85ba049ca1e -
|
||||
1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - (empty) - - - FAKE_MIME - -
|
||||
1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - (empty) - - - FAKE_MIME - -
|
||||
1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - (empty) - - - FAKE_MIME - -
|
||||
1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - (empty) - - - image/png e0029eea80812e9a8e57b8d05d52938a -
|
||||
1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - (empty) - - - image/png 30aa926344f58019d047e85ba049ca1e -
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path http
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied md5 extraction_file
|
||||
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string file
|
||||
1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - - - - - - -
|
||||
1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - - - - - - -
|
||||
1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - - - - - - -
|
||||
1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - - - - - - -
|
||||
1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - - - - - - -
|
||||
1258577884.844956 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - (empty) - - - - -
|
||||
1258577884.960135 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - (empty) - - - - -
|
||||
1258577885.317160 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - (empty) - - - - -
|
||||
1258577885.349639 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - (empty) - - - - -
|
||||
1258577885.394612 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - (empty) - - - - -
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path irc
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size extraction_file
|
||||
#types time string addr port addr port string string table[string] string string string table[enum] string count file
|
||||
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - -
|
||||
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - -
|
||||
1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - -
|
||||
1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - - ladyvampress-default(2011-07-07)-OS.zip 42208 -
|
||||
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - (empty) - - -
|
||||
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq (empty) - - -
|
||||
1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies (empty) (empty) - - -
|
||||
1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies (empty) (empty) ladyvampress-default(2011-07-07)-OS.zip 42208 -
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path irc
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p nick user channels command value addl tags dcc_file_name dcc_file_size dcc_mime_type extraction_file
|
||||
#types time string addr port addr port string string table[string] string string string table[enum] string count string file
|
||||
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - - - - - -
|
||||
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq - - - - -
|
||||
1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies - - - - - -
|
||||
1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies - IRC::EXTRACTED_FILE ladyvampress-default(2011-07-07)-OS.zip 42208 FAKE_MIME irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat
|
||||
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 - - - NICK bloed - (empty) - - - -
|
||||
1311189164.119437 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed - - USER sdkfje sdkfje Montreal.QC.CA.Undernet.org dkdkrwq (empty) - - - -
|
||||
1311189174.474127 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - JOIN #easymovies (empty) (empty) - - - -
|
||||
1311189316.326025 UWkUyAuUGXf 192.168.1.77 57640 66.198.80.67 6667 bloed sdkfje - DCC #easymovies (empty) IRC::EXTRACTED_FILE ladyvampress-default(2011-07-07)-OS.zip 42208 FAKE_MIME irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path smtp
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent
|
||||
#types time string addr port addr port count string string table[string] string string table[string] string string string string addr string string string vector[addr] string
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path smtp_entities
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth filename content_len mime_type md5 extraction_file excerpt
|
||||
#types time string addr port addr port count string count string string file string
|
||||
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 79 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat -
|
||||
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 1918 FAKE_MIME - - -
|
||||
1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 NEWS.txt 10823 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat -
|
||||
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 79 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat (empty)
|
||||
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 1918 FAKE_MIME - - (empty)
|
||||
1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 NEWS.txt 10823 FAKE_MIME - smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat (empty)
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path smtp_entities
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth filename content_len mime_type md5 extraction_file excerpt
|
||||
#types time string addr port addr port count string count string string file string
|
||||
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 79 FAKE_MIME 92bca2e6cdcde73647125da7dccbdd07 - -
|
||||
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 1918 FAKE_MIME - - -
|
||||
1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 NEWS.txt 10823 FAKE_MIME a968bb0f9f9d95835b2e74c845877e87 - -
|
||||
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 79 FAKE_MIME 92bca2e6cdcde73647125da7dccbdd07 - (empty)
|
||||
1254722770.692743 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 - 1918 FAKE_MIME - - (empty)
|
||||
1254722770.692804 arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 NEWS.txt 10823 FAKE_MIME a968bb0f9f9d95835b2e74c845877e87 - (empty)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_hosts
|
||||
#fields ts host
|
||||
#types time addr
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_hosts
|
||||
#fields ts host
|
||||
#types time addr
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_hosts
|
||||
#fields ts host
|
||||
#types time addr
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_services
|
||||
#fields ts host port_num port_proto service
|
||||
#types time addr port enum table[string]
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_services
|
||||
#fields ts host port_num port_proto service
|
||||
#types time addr port enum table[string]
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path known_services
|
||||
#fields ts host port_num port_proto service
|
||||
#types time addr port enum table[string]
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#separator \x09
|
||||
#set_separator \x2c
|
||||
#empty_field \x2d
|
||||
#unset_field \x2d
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path dns
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name QR AA TC RD RA Z answers TTLs auth addl
|
||||
#types time string addr port addr port enum count string count string count string count string bool bool bool bool bool count vector[string] vector[interval] table[string] table[string]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue