Merge remote-tracking branch 'origin/master' into dev/2.7

* origin/master: Fix typo in Sessions.h Update baselines for SSH capabilities fix Fix SSH analyzer bug where is_server in capabilities is wrong. Revert DNS query 255 from ANY to * Missing commas... Fix typo in dce-rpc consts Refactor to use consistent numeric type in dce_rpc. Add missing DNS query type codes Add DCE_RPC exchange_mapi operations to relevant consts.bro file GH-186: fix JSON formatting of timestamps before Unix epoch Fix test baseline for plugin skeleton update Fix crash when modifying a table from within its &expire_func Convert site::local_nets, etc. into options. GH-184: add `bro-config --build_type`, outputs CMake build type Updating submodule(s). Add return value checks for some RPC parsing functions Add 'fallthrough' comment to a switch/case block Improve broker.remote_id unit test Increase broker unit test timeout intervals
2025-10-02 14:48:21 +00:00 · 2018-10-16 16:50:27 -05:00 · 2018-10-16 16:50:27 -05:00 · 45526e6063
commit 45526e6063
parent 92739c1b44 9a295a7009
44 changed files with 597 additions and 339 deletions
--- a/56
+++ b/56
@ -1,4 +1,60 @@
 2.6-beta2-40 | 2018-10-16 15:37:49 -0500
  * Change DNP3::function_codes name for request 0x21 (Dale Lakes)
  * Fix resource record type names in DNS::query_types for 41 and 100 (Dale Lakes)
  * Add missing DNS resource record types to DNS::query_types (Dale Lakes)
  * Refactor DCE_RPC constants to be specified in hex instead of decimal (Dale Lakes)
 2.6-beta2-35 | 2018-10-16 13:41:15 -0500
  * Update baselines for SSH capabilities fix (Vlad Grigorescu)
  * Fix SSH analyzer bug where is_server in capabilities is wrong. (Vlad Grigorescu)
 2.6-beta2-32 | 2018-10-16 09:22:54 -0700
  * Fix typo in Sessions.h (Eiji Yanagi (Cisco))
 2.6-beta2-31 | 2018-10-15 16:42:36 -0500
  * Add DCE_RPC exchange_mapi operations to relevant consts.bro file (Dale Lakes)
 2.6-beta2-29 | 2018-10-12 21:30:19 +0000
  * GH-186: fix JSON formatting of timestamps before Unix epoch (Jon Siwek, Corelight)
 2.6-beta2-28 | 2018-10-12 12:48:33 -0400
  * Fix test baseline for plugin skeleton update (Jon Siwek, Corelight)
 2.6-beta2-27 | 2018-10-12 12:18:02 -0400
  * Convert site::local_nets, etc. into options. (Johanna Amann)
 2.6-beta2-25 | 2018-10-12 08:33:32 -0400
  * Fix crash when modifying a table from within its &expire_func (Jon Siwek, Corelight)
 2.6-beta2-24 | 2018-10-05 14:24:34 -0500
  * GH-184: add `bro-config --build_type`, outputs CMake build type (Jon Siwek, Corelight)
 2.6-beta2-22 | 2018-10-04 11:31:48 -0500
  * Add return value checks for some RPC parsing functions (Jon Siwek, Corelight)
  * Add 'fallthrough' comment to a switch/case block (Jon Siwek, Corelight)
 2.6-beta2-20 | 2018-10-03 15:47:26 -0500
  * Improve broker.remote_id unit test (Jon Siwek, Corelight)
  * Increase broker unit test timeout intervals (Jon Siwek, Corelight)
 2.6-beta2-18 | 2018-10-03 11:09:04 -0500
  * Fix memory leak in broker type checking (Jon Siwek, Corelight)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -230,6 +230,7 @@ if ( NOT BINARY_PACKAGING_MODE )
    set(BRO_DIST ${CMAKE_SOURCE_DIR})
 endif ()
 string(TOLOWER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_LOWER)
 configure_file(${CMAKE_CURRENT_SOURCE_DIR}/bro-config.h.in
               ${CMAKE_CURRENT_BINARY_DIR}/bro-config.h)
 include_directories(${CMAKE_CURRENT_BINARY_DIR})
--- a/6
+++ b/6
@ -577,6 +577,12 @@ Changed Functionality
  indicated whether each Bro process was the "parent" or "child", but this
  is no longer relevant because each Bro node now runs as a single process.
 - The ``DNP3::function_codes`` name for request 0x21 has been corrected from
  "AUTHENTICATE_ERR" to "AUTHENTICATE_REQ_NR".
 - The ``DNS::query_types`` names for resource records 41 and 100 have been
  corrected from "EDNS" to "OPT" and "DINFO" to "UINFO", respectively.
 Removed Functionality
 ---------------------
--- a/2
+++ b/2
@ -1 +1 @@
-2.6-beta2-18
+2.6-beta2-40
--- a/aux/bro-aux
+++ b/aux/bro-aux
@ -1 +1 @@
-Subproject commit db3c064f084090cda60d0511c74908b6cec092f8
+Subproject commit 6fefde7e3e3a675f2359084f0dfa938a62da398c
--- a/aux/broker
+++ b/aux/broker
@ -1 +1 @@
-Subproject commit 5bc2184081c3edc44398b15f92d67d4a85d0b44b
+Subproject commit a843bfab047999386c6268a47bb2f6969b7bbaf7
--- a/bro-config.in
+++ b/bro-config.in
@ -1,6 +1,7 @@
 #!/bin/sh
 version=@VERSION@
 build_type=@CMAKE_BUILD_TYPE_LOWER@
 prefix=@CMAKE_INSTALL_PREFIX@
 script_dir=@BRO_SCRIPT_INSTALL_PATH@
 site_dir=@BRO_SCRIPT_INSTALL_PATH@/site
@ -16,7 +17,7 @@ caf_root=@BRO_CONFIG_CAF_ROOT_DIR@
 broker_root=@BRO_CONFIG_BROKER_ROOT_DIR@
 usage="\
-Usage: bro-config [--version] [--prefix] [--script_dir] [--site_dir] [--plugin_dir] [--config_dir] [--python_dir] [--include_dir] [--cmake_dir] [--bropath] [--bro_dist] [--binpac_root] [--caf_root] [--broker_root]"
+Usage: bro-config [--version] [--build_type] [--prefix] [--script_dir] [--site_dir] [--plugin_dir] [--config_dir] [--python_dir] [--include_dir] [--cmake_dir] [--bropath] [--bro_dist] [--binpac_root] [--caf_root] [--broker_root]"
 if [ $# -eq 0 ] ; then
      echo "${usage}" 1>&2
@ -36,6 +37,9 @@ while [ $# -ne 0 ]; do
    --prefix)
      echo $prefix
      ;;
    --build_type)
      echo $build_type
      ;;
    --script_dir)
      echo $script_dir
      ;;
--- a/scripts/base/protocols/dce-rpc/consts.bro
+++ b/scripts/base/protocols/dce-rpc/consts.bro
@ -101,259 +101,259 @@ export {
 	const operations: table[string,count] of string = {
 		# atsvc
-		["1ff70682-0a51-30e8-076d-740be8cee98b",0] = "NetrJobAdd",
+		["1ff70682-0a51-30e8-076d-740be8cee98b",0x00] = "NetrJobAdd",
-		["1ff70682-0a51-30e8-076d-740be8cee98b",1] = "NetrJobDel",
+		["1ff70682-0a51-30e8-076d-740be8cee98b",0x01] = "NetrJobDel",
-		["1ff70682-0a51-30e8-076d-740be8cee98b",2] = "NetrJobEnum",
+		["1ff70682-0a51-30e8-076d-740be8cee98b",0x02] = "NetrJobEnum",
-		["1ff70682-0a51-30e8-076d-740be8cee98b",3] = "NetrJobGetInfo",
+		["1ff70682-0a51-30e8-076d-740be8cee98b",0x03] = "NetrJobGetInfo",
 		# sasec
-		["378e52b0-c0a9-11cf-822d-00aa0051e40f",0] = "SASetAccountInformation",
+		["378e52b0-c0a9-11cf-822d-00aa0051e40f",0x00] = "SASetAccountInformation",
-		["378e52b0-c0a9-11cf-822d-00aa0051e40f",1] = "SASetNSAccountInformation",
+		["378e52b0-c0a9-11cf-822d-00aa0051e40f",0x01] = "SASetNSAccountInformation",
-		["378e52b0-c0a9-11cf-822d-00aa0051e40f",2] = "SAGetNSAccountInformation",
+		["378e52b0-c0a9-11cf-822d-00aa0051e40f",0x02] = "SAGetNSAccountInformation",
-		["378e52b0-c0a9-11cf-822d-00aa0051e40f",3] = "SAGetAccountInformation",
+		["378e52b0-c0a9-11cf-822d-00aa0051e40f",0x03] = "SAGetAccountInformation",
 		# idletask
-		["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",0] = "ItSrvRegisterIdleTask",
+		["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",0x00] = "ItSrvRegisterIdleTask",
-		["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",1] = "ItSrvUnregisterIdleTask",
+		["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",0x01] = "ItSrvUnregisterIdleTask",
-		["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",2] = "ItSrvProcessIdleTasks",
+		["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",0x02] = "ItSrvProcessIdleTasks",
-		["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",3] = "ItSrvSetDetectionParameters",
+		["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",0x03] = "ItSrvSetDetectionParameters",
 		# ITaskSchedulerService
-		["86d35949-83c9-4044-b424-db363231fd0c",0] = "SchRpcHighestVersion",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x00] = "SchRpcHighestVersion",
-		["86d35949-83c9-4044-b424-db363231fd0c",1] = "SchRpcRegisterTask",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x01] = "SchRpcRegisterTask",
-		["86d35949-83c9-4044-b424-db363231fd0c",2] = "SchRpcRetrieveTask",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x02] = "SchRpcRetrieveTask",
-		["86d35949-83c9-4044-b424-db363231fd0c",3] = "SchRpcCreateFolder",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x03] = "SchRpcCreateFolder",
-		["86d35949-83c9-4044-b424-db363231fd0c",4] = "SchRpcSetSecurity",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x04] = "SchRpcSetSecurity",
-		["86d35949-83c9-4044-b424-db363231fd0c",5] = "SchRpcGetSecurity",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x05] = "SchRpcGetSecurity",
-		["86d35949-83c9-4044-b424-db363231fd0c",6] = "SchRpcEnumFolder",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x06] = "SchRpcEnumFolder",
-		["86d35949-83c9-4044-b424-db363231fd0c",7] = "SchRpcEnumTasks",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x07] = "SchRpcEnumTasks",
-		["86d35949-83c9-4044-b424-db363231fd0c",8] = "SchRpcEnumInstances",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x08] = "SchRpcEnumInstances",
-		["86d35949-83c9-4044-b424-db363231fd0c",9] = "SchRpcGetInstanceInfo",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x09] = "SchRpcGetInstanceInfo",
-		["86d35949-83c9-4044-b424-db363231fd0c",10] = "SchRpcStopInstance",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x0a] = "SchRpcStopInstance",
-		["86d35949-83c9-4044-b424-db363231fd0c",11] = "SchRpcStop",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x0b] = "SchRpcStop",
-		["86d35949-83c9-4044-b424-db363231fd0c",12] = "SchRpcRun",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x0c] = "SchRpcRun",
-		["86d35949-83c9-4044-b424-db363231fd0c",13] = "SchRpcDelete",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x0d] = "SchRpcDelete",
-		["86d35949-83c9-4044-b424-db363231fd0c",14] = "SchRpcRename",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x0e] = "SchRpcRename",
-		["86d35949-83c9-4044-b424-db363231fd0c",15] = "SchRpcScheduledRuntimes",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x0f] = "SchRpcScheduledRuntimes",
-		["86d35949-83c9-4044-b424-db363231fd0c",16] = "SchRpcGetLastRunInfo",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x10] = "SchRpcGetLastRunInfo",
-		["86d35949-83c9-4044-b424-db363231fd0c",17] = "SchRpcGetTaskInfo",
+		["86d35949-83c9-4044-b424-db363231fd0c",0x11] = "SchRpcGetTaskInfo",
 		# IObjectExporter
-		["99fcfec4-5260-101b-bbcb-00aa0021347a",0] = "ResolveOxid",
+		["99fcfec4-5260-101b-bbcb-00aa0021347a",0x00] = "ResolveOxid",
-		["99fcfec4-5260-101b-bbcb-00aa0021347a",1] = "SimplePing",
+		["99fcfec4-5260-101b-bbcb-00aa0021347a",0x01] = "SimplePing",
-		["99fcfec4-5260-101b-bbcb-00aa0021347a",2] = "ComplexPing",
+		["99fcfec4-5260-101b-bbcb-00aa0021347a",0x02] = "ComplexPing",
-		["99fcfec4-5260-101b-bbcb-00aa0021347a",3] = "ServerAlive",
+		["99fcfec4-5260-101b-bbcb-00aa0021347a",0x03] = "ServerAlive",
-		["99fcfec4-5260-101b-bbcb-00aa0021347a",4] = "ResolveOxid2",
+		["99fcfec4-5260-101b-bbcb-00aa0021347a",0x04] = "ResolveOxid2",
-		["99fcfec4-5260-101b-bbcb-00aa0021347a",5] = "ServerAlive2",
+		["99fcfec4-5260-101b-bbcb-00aa0021347a",0x05] = "ServerAlive2",
 		# IActivation
-		["4d9f4ab8-7d1c-11cf-861e-0020af6e7c57",0] = "RemoteActivation",
+		["4d9f4ab8-7d1c-11cf-861e-0020af6e7c57",0x00] = "RemoteActivation",
 		# nspi
-		["f5cc5a18-4264-101a-8c59-08002b2f8426",0] = "NspiBind",
+		["f5cc5a18-4264-101a-8c59-08002b2f8426",0x00] = "NspiBind",
-		["f5cc5a18-4264-101a-8c59-08002b2f8426",1] = "NspiUnbind",
+		["f5cc5a18-4264-101a-8c59-08002b2f8426",0x01] = "NspiUnbind",
-		["f5cc5a18-4264-101a-8c59-08002b2f8426",2] = "NspiUpdateStat",
+		["f5cc5a18-4264-101a-8c59-08002b2f8426",0x02] = "NspiUpdateStat",
-		["f5cc5a18-4264-101a-8c59-08002b2f8426",3] = "NspiQueryRows",
+		["f5cc5a18-4264-101a-8c59-08002b2f8426",0x03] = "NspiQueryRows",
-		["f5cc5a18-4264-101a-8c59-08002b2f8426",4] = "NspiSeekEntries",
+		["f5cc5a18-4264-101a-8c59-08002b2f8426",0x04] = "NspiSeekEntries",
-		["f5cc5a18-4264-101a-8c59-08002b2f8426",5] = "NspiGetMatches",
+		["f5cc5a18-4264-101a-8c59-08002b2f8426",0x05] = "NspiGetMatches",
-		["f5cc5a18-4264-101a-8c59-08002b2f8426",6] = "NspiResortRestriction",
+		["f5cc5a18-4264-101a-8c59-08002b2f8426",0x06] = "NspiResortRestriction",
-		["f5cc5a18-4264-101a-8c59-08002b2f8426",7] = "NspiDNToEph",
+		["f5cc5a18-4264-101a-8c59-08002b2f8426",0x07] = "NspiDNToEph",
-		["f5cc5a18-4264-101a-8c59-08002b2f8426",8] = "NspiGetPropList",
+		["f5cc5a18-4264-101a-8c59-08002b2f8426",0x08] = "NspiGetPropList",
-		["f5cc5a18-4264-101a-8c59-08002b2f8426",9] = "NspiGetProps",
+		["f5cc5a18-4264-101a-8c59-08002b2f8426",0x09] = "NspiGetProps",
 		# IWbemServices
-		["9556dc99-828c-11cf-a37e-00aa003240c7",3] = "OpenNamespace",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x03] = "OpenNamespace",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",4] = "CancelAsyncCall",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x04] = "CancelAsyncCall",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",5] = "QueryObjectSink",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x05] = "QueryObjectSink",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",6] = "GetObject",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x06] = "GetObject",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",7] = "GetObjectAsync",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x07] = "GetObjectAsync",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",8] = "PutClass",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x08] = "PutClass",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",9] = "PutClassAsync",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x09] = "PutClassAsync",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",10] = "DeleteClass",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x0a] = "DeleteClass",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",11] = "DeleteClassAsync",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x0b] = "DeleteClassAsync",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",12] = "CreateClassEnum",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x0c] = "CreateClassEnum",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",13] = "CreateClassEnumAsync",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x0d] = "CreateClassEnumAsync",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",14] = "PutInstance",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x0e] = "PutInstance",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",15] = "PutInstanceAsync",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x0f] = "PutInstanceAsync",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",16] = "DeleteClass",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x10] = "DeleteClass",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",17] = "DeleteClassAsync",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x11] = "DeleteClassAsync",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",18] = "CreateInstanceEnum",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x12] = "CreateInstanceEnum",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",19] = "CreateInstanceEnumAsync",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x13] = "CreateInstanceEnumAsync",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",20] = "ExecQuery",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x14] = "ExecQuery",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",21] = "ExecQueryAsync",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x15] = "ExecQueryAsync",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",22] = "ExecNotificationQuery",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x16] = "ExecNotificationQuery",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",23] = "ExecNotificationQueryAsync",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x17] = "ExecNotificationQueryAsync",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",24] = "ExecMethod",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x18] = "ExecMethod",
-		["9556dc99-828c-11cf-a37e-00aa003240c7",25] = "ExecMethodAsync",
+		["9556dc99-828c-11cf-a37e-00aa003240c7",0x19] = "ExecMethodAsync",
 		# IWbemLevel1Login
-		["f309ad18-d86a-11d0-a075-00c04fb68820",3] = "EstablishPosition",
+		["f309ad18-d86a-11d0-a075-00c04fb68820",0x03] = "EstablishPosition",
-		["f309ad18-d86a-11d0-a075-00c04fb68820",4] = "RequestChallenge",
+		["f309ad18-d86a-11d0-a075-00c04fb68820",0x04] = "RequestChallenge",
-		["f309ad18-d86a-11d0-a075-00c04fb68820",5] = "WBEMLogin",
+		["f309ad18-d86a-11d0-a075-00c04fb68820",0x05] = "WBEMLogin",
-		["f309ad18-d86a-11d0-a075-00c04fb68820",6] = "NTLMLogin",
+		["f309ad18-d86a-11d0-a075-00c04fb68820",0x06] = "NTLMLogin",
 		# FrsRpc
-		["f5cc59b4-4264-101a-8c59-08002b2f8426",0] = "FrsRpcSendCommPkt",
+		["f5cc59b4-4264-101a-8c59-08002b2f8426",0x00] = "FrsRpcSendCommPkt",
-		["f5cc59b4-4264-101a-8c59-08002b2f8426",1] = "FrsRpcVerifyPromotionParent",
+		["f5cc59b4-4264-101a-8c59-08002b2f8426",0x01] = "FrsRpcVerifyPromotionParent",
-		["f5cc59b4-4264-101a-8c59-08002b2f8426",2] = "FrsRpcStartPromotionParent",
+		["f5cc59b4-4264-101a-8c59-08002b2f8426",0x02] = "FrsRpcStartPromotionParent",
-		["f5cc59b4-4264-101a-8c59-08002b2f8426",3] = "FrsNOP",
+		["f5cc59b4-4264-101a-8c59-08002b2f8426",0x03] = "FrsNOP",
-		["f5cc59b4-4264-101a-8c59-08002b2f8426",4] = "FrsBackupComplete",
+		["f5cc59b4-4264-101a-8c59-08002b2f8426",0x04] = "FrsBackupComplete",
-		["f5cc59b4-4264-101a-8c59-08002b2f8426",5] = "FrsBackupComplete",
+		["f5cc59b4-4264-101a-8c59-08002b2f8426",0x05] = "FrsBackupComplete",
-		["f5cc59b4-4264-101a-8c59-08002b2f8426",6] = "FrsBackupComplete",
+		["f5cc59b4-4264-101a-8c59-08002b2f8426",0x06] = "FrsBackupComplete",
-		["f5cc59b4-4264-101a-8c59-08002b2f8426",7] = "FrsBackupComplete",
+		["f5cc59b4-4264-101a-8c59-08002b2f8426",0x07] = "FrsBackupComplete",
-		["f5cc59b4-4264-101a-8c59-08002b2f8426",8] = "FrsBackupComplete",
+		["f5cc59b4-4264-101a-8c59-08002b2f8426",0x08] = "FrsBackupComplete",
-		["f5cc59b4-4264-101a-8c59-08002b2f8426",9] = "FrsBackupComplete",
+		["f5cc59b4-4264-101a-8c59-08002b2f8426",0x09] = "FrsBackupComplete",
-		["f5cc59b4-4264-101a-8c59-08002b2f8426",10] = "FrsRpcVerifyPromotionParentEx",
+		["f5cc59b4-4264-101a-8c59-08002b2f8426",0x0a] = "FrsRpcVerifyPromotionParentEx",
 		# IRemUnknown2
-		["00000143-0000-0000-c000-000000000046",0] = "QueryInterface",
+		["00000143-0000-0000-c000-000000000046",0x00] = "QueryInterface",
-		["00000143-0000-0000-c000-000000000046",1] = "AddRef",
+		["00000143-0000-0000-c000-000000000046",0x01] = "AddRef",
-		["00000143-0000-0000-c000-000000000046",2] = "Release",
+		["00000143-0000-0000-c000-000000000046",0x02] = "Release",
-		["00000143-0000-0000-c000-000000000046",3] = "RemQueryInterface",
+		["00000143-0000-0000-c000-000000000046",0x03] = "RemQueryInterface",
-		["00000143-0000-0000-c000-000000000046",4] = "RemAddRef",
+		["00000143-0000-0000-c000-000000000046",0x04] = "RemAddRef",
-		["00000143-0000-0000-c000-000000000046",5] = "RemRelease",
+		["00000143-0000-0000-c000-000000000046",0x05] = "RemRelease",
-		["00000143-0000-0000-c000-000000000046",6] = "RemQueryInterface2",
+		["00000143-0000-0000-c000-000000000046",0x06] = "RemQueryInterface2",
 		# IRemoteSCMActivator
-		["000001a0-0000-0000-c000-000000000046",0] = "QueryInterfaceIRemoteSCMActivator",
+		["000001a0-0000-0000-c000-000000000046",0x00] = "QueryInterfaceIRemoteSCMActivator",
-		["000001a0-0000-0000-c000-000000000046",1] = "AddRefIRemoteISCMActivator",
+		["000001a0-0000-0000-c000-000000000046",0x01] = "AddRefIRemoteISCMActivator",
-		["000001a0-0000-0000-c000-000000000046",2] = "ReleaseIRemoteISCMActivator",
+		["000001a0-0000-0000-c000-000000000046",0x02] = "ReleaseIRemoteISCMActivator",
-		["000001a0-0000-0000-c000-000000000046",3] = "RemoteGetClassObject",
+		["000001a0-0000-0000-c000-000000000046",0x03] = "RemoteGetClassObject",
-		["000001a0-0000-0000-c000-000000000046",4] = "RemoteCreateInstance",
+		["000001a0-0000-0000-c000-000000000046",0x04] = "RemoteCreateInstance",
 		# netlogon
-		["12345678-1234-abcd-ef00-01234567cffb",0] = "NetrLogonUasLogon",
+		["12345678-1234-abcd-ef00-01234567cffb",0x00] = "NetrLogonUasLogon",
-		["12345678-1234-abcd-ef00-01234567cffb",1] = "NetrLogonUasLogoff",
+		["12345678-1234-abcd-ef00-01234567cffb",0x01] = "NetrLogonUasLogoff",
-		["12345678-1234-abcd-ef00-01234567cffb",2] = "NetrLogonSamLogon",
+		["12345678-1234-abcd-ef00-01234567cffb",0x02] = "NetrLogonSamLogon",
-		["12345678-1234-abcd-ef00-01234567cffb",3] = "NetrLogonSamLogoff",
+		["12345678-1234-abcd-ef00-01234567cffb",0x03] = "NetrLogonSamLogoff",
-		["12345678-1234-abcd-ef00-01234567cffb",4] = "NetrServerReqChallenge",
+		["12345678-1234-abcd-ef00-01234567cffb",0x04] = "NetrServerReqChallenge",
-		["12345678-1234-abcd-ef00-01234567cffb",5] = "NetrServerAuthenticate",
+		["12345678-1234-abcd-ef00-01234567cffb",0x05] = "NetrServerAuthenticate",
-		["12345678-1234-abcd-ef00-01234567cffb",6] = "NetrServerPasswordSet",
+		["12345678-1234-abcd-ef00-01234567cffb",0x06] = "NetrServerPasswordSet",
-		["12345678-1234-abcd-ef00-01234567cffb",7] = "NetrDatabaseDeltas",
+		["12345678-1234-abcd-ef00-01234567cffb",0x07] = "NetrDatabaseDeltas",
-		["12345678-1234-abcd-ef00-01234567cffb",8] = "NetrDatabaseSync",
+		["12345678-1234-abcd-ef00-01234567cffb",0x08] = "NetrDatabaseSync",
-		["12345678-1234-abcd-ef00-01234567cffb",9] = "NetrAccountDeltas",
+		["12345678-1234-abcd-ef00-01234567cffb",0x09] = "NetrAccountDeltas",
-		["12345678-1234-abcd-ef00-01234567cffb",10] = "NetrAccountSync",
+		["12345678-1234-abcd-ef00-01234567cffb",0x0a] = "NetrAccountSync",
-		["12345678-1234-abcd-ef00-01234567cffb",11] = "NetrGetDCName",
+		["12345678-1234-abcd-ef00-01234567cffb",0x0b] = "NetrGetDCName",
-		["12345678-1234-abcd-ef00-01234567cffb",12] = "NetrLogonControl",
+		["12345678-1234-abcd-ef00-01234567cffb",0x0c] = "NetrLogonControl",
-		["12345678-1234-abcd-ef00-01234567cffb",13] = "NetrGetAnyDCName",
+		["12345678-1234-abcd-ef00-01234567cffb",0x0d] = "NetrGetAnyDCName",
-		["12345678-1234-abcd-ef00-01234567cffb",14] = "NetrLogonControl2",
+		["12345678-1234-abcd-ef00-01234567cffb",0x0e] = "NetrLogonControl2",
-		["12345678-1234-abcd-ef00-01234567cffb",15] = "NetrServerAuthenticate2",
+		["12345678-1234-abcd-ef00-01234567cffb",0x0f] = "NetrServerAuthenticate2",
-		["12345678-1234-abcd-ef00-01234567cffb",16] = "NetrDatabaseSync2",
+		["12345678-1234-abcd-ef00-01234567cffb",0x10] = "NetrDatabaseSync2",
-		["12345678-1234-abcd-ef00-01234567cffb",17] = "NetrDatabaseRedo",
+		["12345678-1234-abcd-ef00-01234567cffb",0x11] = "NetrDatabaseRedo",
-		["12345678-1234-abcd-ef00-01234567cffb",18] = "NetrLogonControl2Ex",
+		["12345678-1234-abcd-ef00-01234567cffb",0x12] = "NetrLogonControl2Ex",
-		["12345678-1234-abcd-ef00-01234567cffb",19] = "NetrEnumerateTrustedDomains",
+		["12345678-1234-abcd-ef00-01234567cffb",0x13] = "NetrEnumerateTrustedDomains",
-		["12345678-1234-abcd-ef00-01234567cffb",20] = "DsrGetDcName",
+		["12345678-1234-abcd-ef00-01234567cffb",0x14] = "DsrGetDcName",
-		["12345678-1234-abcd-ef00-01234567cffb",21] = "NetrLogonGetCapabilities",
+		["12345678-1234-abcd-ef00-01234567cffb",0x15] = "NetrLogonGetCapabilities",
-		["12345678-1234-abcd-ef00-01234567cffb",22] = "NetrLogonSetServiceBits",
+		["12345678-1234-abcd-ef00-01234567cffb",0x16] = "NetrLogonSetServiceBits",
-		["12345678-1234-abcd-ef00-01234567cffb",23] = "NetrLogonGetTrustRid",
+		["12345678-1234-abcd-ef00-01234567cffb",0x17] = "NetrLogonGetTrustRid",
-		["12345678-1234-abcd-ef00-01234567cffb",24] = "NetrLogonComputeServerDigest",
+		["12345678-1234-abcd-ef00-01234567cffb",0x18] = "NetrLogonComputeServerDigest",
-		["12345678-1234-abcd-ef00-01234567cffb",25] = "NetrLogonComputeClientDigest",
+		["12345678-1234-abcd-ef00-01234567cffb",0x19] = "NetrLogonComputeClientDigest",
-		["12345678-1234-abcd-ef00-01234567cffb",26] = "NetrServerAuthenticate3",
+		["12345678-1234-abcd-ef00-01234567cffb",0x1a] = "NetrServerAuthenticate3",
-		["12345678-1234-abcd-ef00-01234567cffb",27] = "DsrGetDcNameEx",
+		["12345678-1234-abcd-ef00-01234567cffb",0x1b] = "DsrGetDcNameEx",
-		["12345678-1234-abcd-ef00-01234567cffb",28] = "DsrGetSiteName",
+		["12345678-1234-abcd-ef00-01234567cffb",0x1c] = "DsrGetSiteName",
-		["12345678-1234-abcd-ef00-01234567cffb",29] = "NetrLogonGetDomainInfo",
+		["12345678-1234-abcd-ef00-01234567cffb",0x1d] = "NetrLogonGetDomainInfo",
-		["12345678-1234-abcd-ef00-01234567cffb",30] = "NetrServerPasswordSet2",
+		["12345678-1234-abcd-ef00-01234567cffb",0x1e] = "NetrServerPasswordSet2",
-		["12345678-1234-abcd-ef00-01234567cffb",31] = "NetrServerPasswordGet",
+		["12345678-1234-abcd-ef00-01234567cffb",0x1f] = "NetrServerPasswordGet",
-		["12345678-1234-abcd-ef00-01234567cffb",32] = "NetrLogonSendToSam",
+		["12345678-1234-abcd-ef00-01234567cffb",0x20] = "NetrLogonSendToSam",
-		["12345678-1234-abcd-ef00-01234567cffb",33] = "DsrAddressToSiteNamesW",
+		["12345678-1234-abcd-ef00-01234567cffb",0x21] = "DsrAddressToSiteNamesW",
-		["12345678-1234-abcd-ef00-01234567cffb",34] = "DsrGetDcNameEx2",
+		["12345678-1234-abcd-ef00-01234567cffb",0x22] = "DsrGetDcNameEx2",
-		["12345678-1234-abcd-ef00-01234567cffb",35] = "NetrLogonGetTimeServiceParentDomain",
+		["12345678-1234-abcd-ef00-01234567cffb",0x23] = "NetrLogonGetTimeServiceParentDomain",
-		["12345678-1234-abcd-ef00-01234567cffb",36] = "NetrEnumerateTrustedDomainsEx",
+		["12345678-1234-abcd-ef00-01234567cffb",0x24] = "NetrEnumerateTrustedDomainsEx",
-		["12345678-1234-abcd-ef00-01234567cffb",37] = "DsrAddressToSiteNamesExW",
+		["12345678-1234-abcd-ef00-01234567cffb",0x25] = "DsrAddressToSiteNamesExW",
-		["12345678-1234-abcd-ef00-01234567cffb",38] = "DsrGetDcSiteCoverageW",
+		["12345678-1234-abcd-ef00-01234567cffb",0x26] = "DsrGetDcSiteCoverageW",
-		["12345678-1234-abcd-ef00-01234567cffb",39] = "NetrLogonSamLogonEx",
+		["12345678-1234-abcd-ef00-01234567cffb",0x27] = "NetrLogonSamLogonEx",
-		["12345678-1234-abcd-ef00-01234567cffb",40] = "DsrEnumerateDomainTrusts",
+		["12345678-1234-abcd-ef00-01234567cffb",0x28] = "DsrEnumerateDomainTrusts",
-		["12345678-1234-abcd-ef00-01234567cffb",41] = "DsrDeregisterDnsHostRecords",
+		["12345678-1234-abcd-ef00-01234567cffb",0x29] = "DsrDeregisterDnsHostRecords",
-		["12345678-1234-abcd-ef00-01234567cffb",42] = "NetrServerTrustPasswordsGet",
+		["12345678-1234-abcd-ef00-01234567cffb",0x2a] = "NetrServerTrustPasswordsGet",
-		["12345678-1234-abcd-ef00-01234567cffb",43] = "DsrGetForestTrustInformation",
+		["12345678-1234-abcd-ef00-01234567cffb",0x2b] = "DsrGetForestTrustInformation",
-		["12345678-1234-abcd-ef00-01234567cffb",44] = "NetrGetForestTrustInformation",
+		["12345678-1234-abcd-ef00-01234567cffb",0x2c] = "NetrGetForestTrustInformation",
-		["12345678-1234-abcd-ef00-01234567cffb",45] = "NetrLogonSameLogonWithFlags",
+		["12345678-1234-abcd-ef00-01234567cffb",0x2d] = "NetrLogonSameLogonWithFlags",
-		["12345678-1234-abcd-ef00-01234567cffb",46] = "NetrServerGetTrustInfo",
+		["12345678-1234-abcd-ef00-01234567cffb",0x2e] = "NetrServerGetTrustInfo",
-		["12345678-1234-abcd-ef00-01234567cffb",47] = "unused",
+		["12345678-1234-abcd-ef00-01234567cffb",0x2f] = "unused",
-		["12345678-1234-abcd-ef00-01234567cffb",48] = "DsrUpdateReadOnlyServerDnsRecords",
+		["12345678-1234-abcd-ef00-01234567cffb",0x30] = "DsrUpdateReadOnlyServerDnsRecords",
-		["12345678-1234-abcd-ef00-01234567cffb",49] = "NetrChainSetClientAttributes",
+		["12345678-1234-abcd-ef00-01234567cffb",0x31] = "NetrChainSetClientAttributes",
 		# IRemoteWinspool
-		["76f03f96-cdfd-44fc-a22c-64950a001209",0] = "RpcAsyncOpenPrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x00] = "RpcAsyncOpenPrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",1] = "RpcAsyncAddPrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x01] = "RpcAsyncAddPrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",2] = "RpcAsyncSetJob",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x02] = "RpcAsyncSetJob",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",3] = "RpcAsyncGetJob",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x03] = "RpcAsyncGetJob",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",4] = "RpcAsyncEnumJobs",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x04] = "RpcAsyncEnumJobs",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",5] = "RpcAsyncAddJob",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x05] = "RpcAsyncAddJob",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",6] = "RpcAsyncScheduleJob",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x06] = "RpcAsyncScheduleJob",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",7] = "RpcAsyncDeletePrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x07] = "RpcAsyncDeletePrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",8] = "RpcAsyncSetPrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x08] = "RpcAsyncSetPrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",9] = "RpcAsyncGetPrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x09] = "RpcAsyncGetPrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",10] = "RpcAsyncStartDocPrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x0a] = "RpcAsyncStartDocPrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",11] = "RpcAsyncStartPagePrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x0b] = "RpcAsyncStartPagePrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",12] = "RpcAsyncWritePrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x0c] = "RpcAsyncWritePrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",13] = "RpcAsyncEndPagePrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x0d] = "RpcAsyncEndPagePrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",14] = "RpcAsyncEndDocPrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x0e] = "RpcAsyncEndDocPrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",15] = "RpcAsyncAbortPrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x0f] = "RpcAsyncAbortPrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",16] = "RpcAsyncGetPrinterData",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x10] = "RpcAsyncGetPrinterData",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",17] = "RpcAsyncGetPrinterDataEx",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x11] = "RpcAsyncGetPrinterDataEx",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",18] = "RpcAsyncSetPrinterData",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x12] = "RpcAsyncSetPrinterData",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",19] = "RpcAsyncSetPrinterDataEx",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x13] = "RpcAsyncSetPrinterDataEx",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",20] = "RpcAsyncClosePrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x14] = "RpcAsyncClosePrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",21] = "RpcAsyncAddForm",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x15] = "RpcAsyncAddForm",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",22] = "RpcAsyncDeleteForm",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x16] = "RpcAsyncDeleteForm",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",23] = "RpcAsyncGetForm",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x17] = "RpcAsyncGetForm",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",24] = "RpcAsyncSetForm",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x18] = "RpcAsyncSetForm",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",25] = "RpcAsyncEnumForms",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x19] = "RpcAsyncEnumForms",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",26] = "RpcAsyncGetPrinterDriver",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x1a] = "RpcAsyncGetPrinterDriver",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",27] = "RpcAsyncEnumPrinterData",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x1b] = "RpcAsyncEnumPrinterData",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",28] = "RpcAsyncEnumPrinterDataEx",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x1c] = "RpcAsyncEnumPrinterDataEx",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",29] = "RpcAsyncEnumPrinterKey",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x1d] = "RpcAsyncEnumPrinterKey",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",30] = "RpcAsyncDeletePrinterData",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x1e] = "RpcAsyncDeletePrinterData",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",31] = "RpcAsyncDeletePrinterDataEx",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x1f] = "RpcAsyncDeletePrinterDataEx",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",32] = "RpcAsyncDeletePrinterKey",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x20] = "RpcAsyncDeletePrinterKey",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",33] = "RpcAsyncXcvData",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x21] = "RpcAsyncXcvData",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",34] = "RpcAsyncSendRecvBidiData",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x22] = "RpcAsyncSendRecvBidiData",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",35] = "RpcAsyncCreatePrinterIC",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x23] = "RpcAsyncCreatePrinterIC",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",36] = "RpcAsyncPlayGdiScriptOnPrinterIC",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x24] = "RpcAsyncPlayGdiScriptOnPrinterIC",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",37] = "RpcAsyncDeletePrinterIC",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x25] = "RpcAsyncDeletePrinterIC",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",38] = "RpcAsyncEnumPrinters",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x26] = "RpcAsyncEnumPrinters",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",39] = "RpcAsyncAddPrinterDriver",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x27] = "RpcAsyncAddPrinterDriver",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",40] = "RpcAsyncEnumPrinterDrivers",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x28] = "RpcAsyncEnumPrinterDrivers",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",41] = "RpcAsyncGetPrinterDriverDirectory",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x29] = "RpcAsyncGetPrinterDriverDirectory",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",42] = "RpcAsyncDeletePrinterDriver",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x2a] = "RpcAsyncDeletePrinterDriver",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",43] = "RpcAsyncDeletePrinterDriverEx",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x2b] = "RpcAsyncDeletePrinterDriverEx",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",44] = "RpcAsyncAddPrintProcessor",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x2c] = "RpcAsyncAddPrintProcessor",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",45] = "RpcAsyncEnumPrintProcessors",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x2d] = "RpcAsyncEnumPrintProcessors",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",46] = "RpcAsyncGetPrintProcessorDirectory",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x2e] = "RpcAsyncGetPrintProcessorDirectory",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",47] = "RpcAsyncEnumPorts",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x2f] = "RpcAsyncEnumPorts",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",48] = "RpcAsyncEnumMonitors",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x30] = "RpcAsyncEnumMonitors",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",49] = "RpcAsyncAddPort",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x31] = "RpcAsyncAddPort",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",50] = "RpcAsyncSetPort",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x32] = "RpcAsyncSetPort",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",51] = "RpcAsyncAddMonitor",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x33] = "RpcAsyncAddMonitor",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",52] = "RpcAsyncDeleteMonitor",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x34] = "RpcAsyncDeleteMonitor",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",53] = "RpcAsyncDeletePrintProcessor",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x35] = "RpcAsyncDeletePrintProcessor",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",54] = "RpcAsyncEnumPrintProcessorDatatypes",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x36] = "RpcAsyncEnumPrintProcessorDatatypes",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",55] = "RpcAsyncAddPerMachineConnection",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x37] = "RpcAsyncAddPerMachineConnection",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",56] = "RpcAsyncDeletePerMachineConnection",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x38] = "RpcAsyncDeletePerMachineConnection",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",57] = "RpcAsyncEnumPerMachineConnections",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x39] = "RpcAsyncEnumPerMachineConnections",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",58] = "RpcSyncRegisterForRemoteNotifications",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x3a] = "RpcSyncRegisterForRemoteNotifications",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",59] = "RpcSyncUnRegisterForRemoteNotifications",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x3b] = "RpcSyncUnRegisterForRemoteNotifications",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",60] = "RpcSyncRefreshRemoteNotifications",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x3c] = "RpcSyncRefreshRemoteNotifications",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",61] = "RpcAsyncGetRemoteNotifications",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x3d] = "RpcAsyncGetRemoteNotifications",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",62] = "RpcAsyncInstallPrinterDriverFromPackage",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x3e] = "RpcAsyncInstallPrinterDriverFromPackage",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",63] = "RpcAsyncUploadPrinterDriverPackage",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x3f] = "RpcAsyncUploadPrinterDriverPackage",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",64] = "RpcAsyncGetCorePrinterDrivers",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x40] = "RpcAsyncGetCorePrinterDrivers",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",65] = "RpcAsyncCorePrinterDriverInstalled",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x41] = "RpcAsyncCorePrinterDriverInstalled",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",66] = "RpcAsyncGetPrinterDriverPackagePath",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x42] = "RpcAsyncGetPrinterDriverPackagePath",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",67] = "RpcAsyncDeletePrinterDriverPackage",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x43] = "RpcAsyncDeletePrinterDriverPackage",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",68] = "RpcAsyncReadPrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x44] = "RpcAsyncReadPrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",69] = "RpcAsyncResetPrinter",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x45] = "RpcAsyncResetPrinter",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",70] = "RpcAsyncGetJobNamedPropertyValue",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x46] = "RpcAsyncGetJobNamedPropertyValue",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",71] = "RpcAsyncSetJobNamedProperty",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x47] = "RpcAsyncSetJobNamedProperty",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",72] = "RpcAsyncDeleteJobNamedProperty",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x48] = "RpcAsyncDeleteJobNamedProperty",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",73] = "RpcAsyncEnumJobNamedProperties",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x49] = "RpcAsyncEnumJobNamedProperties",
-		["76f03f96-cdfd-44fc-a22c-64950a001209",74] = "RpcAsyncLogJobInfoForBranchOffice",
+		["76f03f96-cdfd-44fc-a22c-64950a001209",0x4a] = "RpcAsyncLogJobInfoForBranchOffice",
 		# InitShutdown
-		["894de0c0-0d55-11d3-a322-00c04fa321a1",0]  = "BaseInitiateShutdown",
+		["894de0c0-0d55-11d3-a322-00c04fa321a1",0x00]  = "BaseInitiateShutdown",
-		["894de0c0-0d55-11d3-a322-00c04fa321a1",1]  = "BaseAbortShutdown",
+		["894de0c0-0d55-11d3-a322-00c04fa321a1",0x01]  = "BaseAbortShutdown",
-		["894de0c0-0d55-11d3-a322-00c04fa321a1",2]  = "BaseInitiateShutdownEx",
+		["894de0c0-0d55-11d3-a322-00c04fa321a1",0x02]  = "BaseInitiateShutdownEx",
 		# WindowsShutdown
 		["d95afe70-a6d5-4259-822e-2c84da1ddb0d",0x00] = "WsdrInitiateShutdown",
@ -1431,6 +1431,11 @@ export {
 		["a4f1db00-ca47-1067-b31f-00dd010662da",0x07] = "EcRGetDCName",
 		["a4f1db00-ca47-1067-b31f-00dd010662da",0x08] = "EcRNetGetDCName",
 		["a4f1db00-ca47-1067-b31f-00dd010662da",0x09] = "EcDoRpcExt",
 		["a4f1db00-ca47-1067-b31f-00dd010662da",0x0a] = "EcDoConnectEx",
 		["a4f1db00-ca47-1067-b31f-00dd010662da",0x0b] = "EcDoRpcExt2",
 		["a4f1db00-ca47-1067-b31f-00dd010662da",0x0c] = "EcUnknown0xC",
 		["a4f1db00-ca47-1067-b31f-00dd010662da",0x0d] = "EcUnknown0xD",
 		["a4f1db00-ca47-1067-b31f-00dd010662da",0x0e] = "EcDoAsyncConnectEx",
 		# drsuapi
 		["e3514235-4b06-11d1-ab04-00c04fc2dcd2",0x00] = "DRSBind",
--- a/scripts/base/protocols/dnp3/consts.bro
+++ b/scripts/base/protocols/dnp3/consts.bro
@ -38,7 +38,7 @@ export {
 		[0x1e] = "ABORT_FILE",
 		[0x1f] = "ACTIVATE_CONFIG",
 		[0x20] = "AUTHENTICATE_REQ",
-		[0x21] = "AUTHENTICATE_ERR",
+		[0x21] = "AUTHENTICATE_REQ_NR",
 		# Responses.
 		[0x81] = "RESPONSE",
--- a/scripts/base/protocols/dns/consts.bro
+++ b/scripts/base/protocols/dns/consts.bro
@ -11,24 +11,78 @@ export {
 	## Mapping of DNS query type codes to human readable string
 	## representation.
 	const query_types = {
-		[1] = "A", [2] = "NS", [3] = "MD", [4] = "MF",
+		[1] = "A",
-		[5] = "CNAME", [6] = "SOA", [7] = "MB", [8] = "MG",
+		[2] = "NS",
-		[9] = "MR", [10] = "NULL", [11] = "WKS", [PTR] = "PTR",
+		[3] = "MD",
-		[13] = "HINFO", [14] = "MINFO", [15] = "MX", [16] = "TXT",
+		[4] = "MF",
-		[17] = "RP", [18] = "AFSDB", [19] = "X25", [20] = "ISDN",
+		[5] = "CNAME",
-		[21] = "RT", [22] = "NSAP", [23] = "NSAP-PTR", [24] = "SIG",
+		[6] = "SOA",
-		[25] = "KEY", [26] = "PX" , [27] = "GPOS", [28] = "AAAA",
+		[7] = "MB",
-		[29] = "LOC", [30] = "EID", [31] = "NIMLOC", [32] = "NB",
+		[8] = "MG",
-		[33] = "SRV", [34] = "ATMA", [35] = "NAPTR", [36] = "KX",
+		[9] = "MR",
-		[37] = "CERT", [38] = "A6", [39] = "DNAME", [40] = "SINK",
+		[10] = "NULL",
-		[EDNS] = "EDNS", [42] = "APL", [43] = "DS", [44] = "SSHFP",
+		[11] = "WKS",
-		[45] = "IPSECKEY", [46] = "RRSIG", [47] = "NSEC", [48] = "DNSKEY",
+		[12] = "PTR",
-		[49] = "DHCID", [99] = "SPF", [100] = "DINFO", [101] = "UID",
+		[13] = "HINFO",
-		[102] = "GID", [103] = "UNSPEC", [249] = "TKEY", [250] = "TSIG",
+		[14] = "MINFO",
-		[251] = "IXFR", [252] = "AXFR", [253] = "MAILB", [254] = "MAILA",
+		[15] = "MX",
 		[16] = "TXT",
 		[17] = "RP",
 		[18] = "AFSDB",
 		[19] = "X25",
 		[20] = "ISDN",
 		[21] = "RT",
 		[22] = "NSAP",
 		[23] = "NSAP-PTR",
 		[24] = "SIG",
 		[25] = "KEY",
 		[26] = "PX" ,
 		[27] = "GPOS",
 		[28] = "AAAA",
 		[29] = "LOC",
 		[30] = "EID",
 		[31] = "NIMLOC",
 		[32] = "NB",
 		[33] = "SRV",
 		[34] = "ATMA",
 		[35] = "NAPTR",
 		[36] = "KX",
 		[37] = "CERT",
 		[38] = "A6",
 		[39] = "DNAME",
 		[40] = "SINK",
 		[41] = "OPT",
 		[42] = "APL",
 		[43] = "DS",
 		[44] = "SSHFP",
 		[45] = "IPSECKEY",
 		[46] = "RRSIG",
 		[47] = "NSEC",
 		[48] = "DNSKEY",
 		[49] = "DHCID",
 		[50] = "NSEC3",
 		[51] = "NSEC3PARAM",
 		[52] = "TLSA",
 		[55] = "HIP",
 		[59] = "CDS",
 		[60] = "CDNSKEY",
 		[61] = "OPENPGPKEY",
 		[99] = "SPF",
 		[100] = "UINFO",
 		[101] = "UID",
 		[102] = "GID",
 		[103] = "UNSPEC",
 		[249] = "TKEY",
 		[250] = "TSIG",
 		[251] = "IXFR",
 		[252] = "AXFR",
 		[253] = "MAILB",
 		[254] = "MAILA",
 		[255] = "*",
 		[256] = "URI",
 		[257] = "CAA",
-		[32768] = "TA", [32769] = "DLV",
+		[32768] = "TA",
-		[ANY] = "*",
+		[32769] = "DLV",
 	} &default = function(n: count): string { return fmt("query-%d", n); };
 	## Errors used for non-TSIG/EDNS types.
--- a/scripts/base/utils/site.bro
+++ b/scripts/base/utils/site.bro
@ -7,7 +7,7 @@ module Site;
 export {
 	## Address space that is considered private and unrouted.
 	## By default it has RFC defined non-routable IPv4 address space.
-	const private_address_space: set[subnet] = {
+	option private_address_space: set[subnet] = {
 		10.0.0.0/8,
 		192.168.0.0/16,
 		172.16.0.0/12,
@ -15,11 +15,11 @@ export {
 		127.0.0.0/8,
 		[fe80::]/10,
 		[::1]/128,
-	} &redef;
+	};
 	## Networks that are considered "local".  Note that BroControl sets
 	## this automatically.
-	const local_nets: set[subnet] &redef;
+	option local_nets: set[subnet] = {};
 	## This is used for retrieving the subnet when using multiple entries in
 	## :bro:id:`Site::local_nets`.  It's populated automatically from there.
@ -29,19 +29,19 @@ export {
 	global local_nets_table: table[subnet] of subnet = {};
 	## Networks that are considered "neighbors".
-	const neighbor_nets: set[subnet] &redef;
+	option neighbor_nets: set[subnet] = {};
 	## If local network administrators are known and they have responsibility
 	## for defined address space, then a mapping can be defined here between
 	## networks for which they have responsibility and a set of email
 	## addresses.
-	const local_admins: table[subnet] of set[string] = {} &redef;
+	option local_admins: table[subnet] of set[string] = {};
 	## DNS zones that are considered "local".
-	const local_zones: set[string] &redef;
+	option local_zones: set[string] = {};
 	## DNS zones that are considered "neighbors".
-	const neighbor_zones: set[string] &redef;
+	option neighbor_zones: set[string] = {};
 	## Function that returns true if an address corresponds to one of
 	## the local networks, false if not.
--- a/src/Sessions.h
+++ b/src/Sessions.h
@ -186,7 +186,7 @@ protected:
 	friend class IPTunnelTimer;
 	Connection* NewConn(HashKey* k, double t, const ConnID* id,
-			const u_char* data, int proto, uint32 flow_lable,
+			const u_char* data, int proto, uint32 flow_label,
 			const Packet* pkt, const EncapsulationStack* encapsulation);
 	// Check whether the tag of the current packet is consistent with
--- a/src/Val.cc
+++ b/src/Val.cc
@ -2361,8 +2361,6 @@ void TableVal::DoExpire(double t)
 		else if ( v->ExpireAccessTime() + timeout < t )
 			{
 			Val* val = v->Value();
 			if ( expire_func )
 				{
 				Val* idx = RecoverIndex(k);
@ -2403,8 +2401,8 @@ void TableVal::DoExpire(double t)
 					new StateAccess(OP_EXPIRE, this, k));
 			tbl->RemoveEntry(k);
 			Unref(v->Value());
 			delete v;
 			Unref(val);
 			Modified();
 			}
--- a/src/analyzer/protocol/rpc/NFS.cc
+++ b/src/analyzer/protocol/rpc/NFS.cc
@ -311,7 +311,7 @@ StringVal* NFS_Interp::nfs3_file_data(const u_char*& buf, int& n, uint64_t offse
 	data_n = min(data_n, size);
 	data_n = min(data_n, int(BifConst::NFS3::return_data_max));
-	if ( data_n > 0 )
+	if ( data && data_n > 0 )
 		return new StringVal(new BroString(data, data_n, 0));
 	return 0;
--- a/src/analyzer/protocol/rpc/RPC.cc
+++ b/src/analyzer/protocol/rpc/RPC.cc
@ -27,6 +27,7 @@ namespace { // local namespace
 RPC_CallInfo::RPC_CallInfo(uint32 arg_xid, const u_char*& buf, int& n, double arg_start_time, double arg_last_time, int arg_rpc_len)
 	{
 	v = nullptr;
 	xid = arg_xid;
 	start_time = arg_start_time;
@ -43,13 +44,35 @@ RPC_CallInfo::RPC_CallInfo(uint32 arg_xid, const u_char*& buf, int& n, double ar
 	cred_flavor = extract_XDR_uint32(buf, n);
 	int cred_opaque_n, machinename_n;
 	const u_char* cred_opaque = extract_XDR_opaque(buf, n, cred_opaque_n);
 	if ( ! cred_opaque )
 		{
 		buf = nullptr;
 		return;
 		}
 	stamp = extract_XDR_uint32(cred_opaque, cred_opaque_n);
 	const u_char* tmp = extract_XDR_opaque(cred_opaque, cred_opaque_n, machinename_n);
 	if ( ! tmp )
 		{
 		buf = nullptr;
 		return;
 		}
 	machinename = std::string(reinterpret_cast<const char*>(tmp), machinename_n);
 	uid = extract_XDR_uint32(cred_opaque, cred_opaque_n);
 	gid = extract_XDR_uint32(cred_opaque, cred_opaque_n);
 	size_t number_of_gids = extract_XDR_uint32(cred_opaque, cred_opaque_n);
 	if ( number_of_gids > 64 )
 		{
 		buf = nullptr;
 		return;
 		}
 	for ( auto i = 0u; i < number_of_gids; ++i )
 		auxgids.push_back(extract_XDR_uint32(cred_opaque, cred_opaque_n));
@ -58,8 +81,6 @@ RPC_CallInfo::RPC_CallInfo(uint32 arg_xid, const u_char*& buf, int& n, double ar
 	header_len = call_n - n;
 	valid_call = false;
 	v = 0;
 	}
 RPC_CallInfo::~RPC_CallInfo()
--- a/src/analyzer/protocol/ssh/ssh-analyzer.pac
+++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac
@ -101,7 +101,7 @@ refine flow SSH_Flow += {
 			}
-		result->Assign(6, new Val(${msg.is_orig}, TYPE_BOOL));
+		result->Assign(6, new Val(!${msg.is_orig}, TYPE_BOOL));
 		BifEvent::generate_ssh_capabilities(connection()->bro_analyzer(),
 			connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.cookie}),
--- a/src/iosource/Packet.cc
+++ b/src/iosource/Packet.cc
@ -284,6 +284,7 @@ void Packet::ProcessLayer2()
 			}
 		pdata += rtheader_len;
 		// fallthrough
 		}
 	case DLT_IEEE802_11:
--- a/src/threading/formatters/JSON.cc
+++ b/src/threading/formatters/JSON.cc
@ -116,7 +116,7 @@ bool JSON::Describe(ODesc* desc, Value* val, const string& name) const
 				{
 				char buffer[40];
 				char buffer2[40];
-				time_t the_time = time_t(val->val.double_val);
+				time_t the_time = time_t(floor(val->val.double_val));
 				struct tm t;
 				desc->AddRaw("\"", 1);
@ -133,7 +133,11 @@ bool JSON::Describe(ODesc* desc, Value* val, const string& name) const
 					{
 					double integ;
 					double frac = modf(val->val.double_val, &integ);
-					snprintf(buffer2, sizeof(buffer2), "%s.%06.0fZ", buffer, frac * 1000000);
+
 					if ( frac < 0 )
 						frac += 1;
 					snprintf(buffer2, sizeof(buffer2), "%s.%06.0fZ", buffer, fabs(frac) * 1000000);
 					desc->Add(buffer2);
 					}
--- a/testing/btest/Baseline/broker.remote_id/recv.recv.out
+++ b/testing/btest/Baseline/broker.remote_id/recv.recv.out
@ -1,4 +1,3 @@
 intial val, init
 peer added
 peer lost
 updated val, newval
--- a/testing/btest/Baseline/core.tunnels.gre/ssh.log
+++ b/testing/btest/Baseline/core.tunnels.gre/ssh.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
-#open	2017-08-01-16-46-22
+#open	2018-10-16-14-52-51
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	auth_success	auth_attempts	direction	client	server	cipher_alg	mac_alg	compression_alg	kex_alg	host_key_alg	host_key
 #types	time	string	addr	port	addr	port	count	bool	count	enum	string	string	string	string	string	string	string	string
-1055289978.855137	CtPZjS20MLrsMUOJi2	66.59.111.190	40264	172.28.2.3	22	2	-	0	-	SSH-2.0-OpenSSH_3.6.1p1	SSH-1.99-OpenSSH_3.1p1	aes128-cbc	hmac-md5	none	diffie-hellman-group-exchange-sha1	ssh-rsa	20:7c:e5:96:b0:4e:ce:a4:db:e4:aa:29:e8:90:98:07
+1055289978.855137	CtPZjS20MLrsMUOJi2	66.59.111.190	40264	172.28.2.3	22	2	-	0	-	SSH-2.0-OpenSSH_3.6.1p1	SSH-1.99-OpenSSH_3.1p1	blowfish-cbc	hmac-md5	zlib	diffie-hellman-group-exchange-sha1	ssh-rsa	20:7c:e5:96:b0:4e:ce:a4:db:e4:aa:29:e8:90:98:07
-#close	2017-08-01-16-46-22
+#close	2018-10-16-14-52-51
--- a/testing/btest/Baseline/language.expire_func_mod/out
+++ b/testing/btest/Baseline/language.expire_func_mod/out
@ -0,0 +1,10 @@
 starting: ashish, 1
 inside table_expire_func: ashish, 2
 inside table_expire_func: ashish, 3
 inside table_expire_func: ashish, 4
 inside table_expire_func: ashish, 5
 inside table_expire_func: ashish, 6
 inside table_expire_func: ashish, 7
 inside table_expire_func: ashish, 8
 inside table_expire_func: ashish, 9
 inside table_expire_func: ashish, 10
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@ -274,7 +274,7 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1536179603.81225, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@ -459,7 +459,7 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1536179603.81225, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@ -513,6 +513,12 @@
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
@ -715,7 +721,6 @@
 0.000000   MetaHookPost  LoadFile(0, .<...>/hooks.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/inactivity.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/info.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/init.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/input.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/input.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/last.bro) -> -1
@ -1160,7 +1165,7 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1536179603.81225, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@ -1345,7 +1350,7 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1536179603.81225, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
@ -1399,6 +1404,12 @@
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
@ -1601,7 +1612,6 @@
 0.000000   MetaHookPre   LoadFile(0, .<...>/hooks.bif.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/inactivity.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/info.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/init.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/input.bif.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/input.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/last.bro)
@ -2045,7 +2055,7 @@
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1536179603.81225, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@ -2230,7 +2240,7 @@
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1536179603.81225, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction NetControl::check_plugins()
 0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()
@ -2284,6 +2294,12 @@
 0.000000 | HookCallFunction Option::set_change_handler(SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
@ -2492,7 +2508,6 @@
 0.000000 | HookLoadFile  .<...>/image.sig
 0.000000 | HookLoadFile  .<...>/inactivity.bro
 0.000000 | HookLoadFile  .<...>/info.bro
 0.000000 | HookLoadFile  .<...>/init.bro
 0.000000 | HookLoadFile  .<...>/input.bif.bro
 0.000000 | HookLoadFile  .<...>/input.bro
 0.000000 | HookLoadFile  .<...>/last.bro
@ -2651,7 +2666,7 @@
 0.000000 | HookLoadFile  base<...>/x509
 0.000000 | HookLoadFile  base<...>/xmpp
 0.000000 | HookLogInit   packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
-0.000000 | HookLogWrite  packet_filter [ts=1536179603.812250, node=bro, filter=ip or not ip, init=T, success=T]
+0.000000 | HookLogWrite  packet_filter [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T]
 0.000000 | HookQueueEvent NetControl::init()
 0.000000 | HookQueueEvent bro_init()
 0.000000 | HookQueueEvent filter_change_tracking()
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json-iso-timestamps/ssh.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json-iso-timestamps/ssh.log
@ -1,2 +1,10 @@
 {"t":"2008-07-09T16:13:30.005432Z"}
 {"t":"1986-12-01T01:01:01.900000Z"}
 {"t":"1969-12-31T23:59:59.600000Z"}
 {"t":"1969-12-31T23:59:59.500000Z"}
 {"t":"1969-12-31T23:59:59.400000Z"}
 {"t":"1969-12-31T23:59:59.000000Z"}
 {"t":"1969-12-31T23:59:58.600000Z"}
 {"t":"1969-12-31T23:59:58.500000Z"}
 {"t":"1969-12-31T23:59:58.400000Z"}
 {"t":"1969-12-31T23:58:21.000000Z"}
--- a/testing/btest/Baseline/scripts.base.protocols.mount.basic/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.mount.basic/.stdout
@ -1,2 +1,2 @@
-mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.621984, duration=0.000553, service={\x0a\x0a}, history=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.62212, req_dur=0.0, req_len=96, rep_start=1514568131.622537, rep_dur=0.0, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a
+mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.621984, duration=0.000553, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.62212, req_dur=0.0, req_len=96, rep_start=1514568131.622537, rep_dur=0.0, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a
-mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.665918, duration=0.000266, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.665918, req_dur=0.0, req_len=84, rep_start=1514568131.666184, rep_dur=0.0, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a
+mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.665918, duration=0.000266, service={\x0a\x0a}, history=Dd, uid=CtPZjS20MLrsMUOJi2, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.665918, req_dur=0.0, req_len=84, rep_start=1514568131.666184, rep_dur=0.0, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a
--- a/testing/btest/Baseline/scripts.base.protocols.nfs.basic/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.nfs.basic/.stdout
@ -1,28 +1,28 @@
-nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=160, state=4, num_pkts=5, num_bytes_ip=368, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=112, state=4, num_pkts=3, num_bytes_ip=156, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.000529, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.623455, req_dur=0.0, req_len=104, rep_start=1514568131.623576, rep_dur=0.0, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
+nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=160, state=4, num_pkts=5, num_bytes_ip=368, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=112, state=4, num_pkts=3, num_bytes_ip=156, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.000529, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.623455, req_dur=0.0, req_len=104, rep_start=1514568131.623576, rep_dur=0.0, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
-nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=276, state=4, num_pkts=6, num_bytes_ip=524, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=172, state=4, num_pkts=4, num_bytes_ip=280, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.000673, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.6236, req_dur=0.0, req_len=104, rep_start=1514568131.62372, rep_dur=0.0, rep_len=48, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_PATHCONF\x0a
+nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=276, state=4, num_pkts=6, num_bytes_ip=524, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=172, state=4, num_pkts=4, num_bytes_ip=280, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.000673, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.6236, req_dur=0.0, req_len=104, rep_start=1514568131.62372, rep_dur=0.0, rep_len=48, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_PATHCONF\x0a
-nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=508, state=4, num_pkts=8, num_bytes_ip=836, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=372, state=4, num_pkts=6, num_bytes_ip=536, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.001007, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.623937, req_dur=0.0, req_len=104, rep_start=1514568131.624054, rep_dur=0.0, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
+nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=508, state=4, num_pkts=8, num_bytes_ip=836, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=372, state=4, num_pkts=6, num_bytes_ip=536, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.001007, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.623937, req_dur=0.0, req_len=104, rep_start=1514568131.624054, rep_dur=0.0, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
-nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=744, state=4, num_pkts=10, num_bytes_ip=1152, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=612, state=4, num_pkts=8, num_bytes_ip=816, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.00556, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.628447, req_dur=0.0, req_len=108, rep_start=1514568131.628607, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
+nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=744, state=4, num_pkts=10, num_bytes_ip=1152, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=612, state=4, num_pkts=8, num_bytes_ip=816, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.00556, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.628447, req_dur=0.0, req_len=108, rep_start=1514568131.628607, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
-nfs_proc_mkdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=900, state=4, num_pkts=11, num_bytes_ip=1348, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=888, state=4, num_pkts=9, num_bytes_ip=980, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.006413, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.628646, req_dur=0.0, req_len=144, rep_start=1514568131.62946, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, obj_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387], dir_pre_attr=[size=4096, atime=1514568092.592619, mtime=1514568092.592619], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
+nfs_proc_mkdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=900, state=4, num_pkts=11, num_bytes_ip=1348, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=888, state=4, num_pkts=9, num_bytes_ip=980, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.006413, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.628646, req_dur=0.0, req_len=144, rep_start=1514568131.62946, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, obj_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387], dir_pre_attr=[size=4096, atime=1514568092.592619, mtime=1514568092.592619], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
-nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1032, state=4, num_pkts=12, num_bytes_ip=1520, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1012, state=4, num_pkts=10, num_bytes_ip=1296, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.007316, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.630213, req_dur=0.0, req_len=120, rep_start=1514568131.630363, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
+nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1032, state=4, num_pkts=12, num_bytes_ip=1520, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1012, state=4, num_pkts=10, num_bytes_ip=1296, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.007316, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.630213, req_dur=0.0, req_len=120, rep_start=1514568131.630363, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
-nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1172, state=4, num_pkts=13, num_bytes_ip=1700, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1132, state=4, num_pkts=11, num_bytes_ip=1460, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.007542, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.63039, req_dur=0.0, req_len=128, rep_start=1514568131.630589, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
+nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1172, state=4, num_pkts=13, num_bytes_ip=1700, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1132, state=4, num_pkts=11, num_bytes_ip=1460, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.007542, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.63039, req_dur=0.0, req_len=128, rep_start=1514568131.630589, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
-nfs_proc_create: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1344, state=4, num_pkts=14, num_bytes_ip=1912, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1408, state=4, num_pkts=12, num_bytes_ip=1620, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.008344, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.63061, req_dur=0.0, req_len=160, rep_start=1514568131.631391, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387], dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
+nfs_proc_create: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1344, state=4, num_pkts=14, num_bytes_ip=1912, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1408, state=4, num_pkts=12, num_bytes_ip=1620, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.008344, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.63061, req_dur=0.0, req_len=160, rep_start=1514568131.631391, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387], dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
-nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1500, state=4, num_pkts=15, num_bytes_ip=2108, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1556, state=4, num_pkts=13, num_bytes_ip=1936, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.008933, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.63142, req_dur=0.0, req_len=144, rep_start=1514568131.63198, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::SET_TO_SERVER_TIME, mtime=NFS3::SET_TO_SERVER_TIME]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
+nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1500, state=4, num_pkts=15, num_bytes_ip=2108, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1556, state=4, num_pkts=13, num_bytes_ip=1936, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.008933, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.63142, req_dur=0.0, req_len=144, rep_start=1514568131.63198, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::SET_TO_SERVER_TIME, mtime=NFS3::SET_TO_SERVER_TIME]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
-nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1660, state=4, num_pkts=16, num_bytes_ip=2308, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1704, state=4, num_pkts=14, num_bytes_ip=2124, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.010357, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.632743, req_dur=0.0, req_len=148, rep_start=1514568131.633404, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=448, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33216, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.629387]]\x0a
+nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1660, state=4, num_pkts=16, num_bytes_ip=2308, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1704, state=4, num_pkts=14, num_bytes_ip=2124, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.010357, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.632743, req_dur=0.0, req_len=148, rep_start=1514568131.633404, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=448, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33216, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.629387]]\x0a
-nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1820, state=4, num_pkts=17, num_bytes_ip=2508, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1852, state=4, num_pkts=15, num_bytes_ip=2312, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.011929, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.634369, req_dur=0.0, req_len=148, rep_start=1514568131.634976, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.629387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.629387]]\x0a
+nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1820, state=4, num_pkts=17, num_bytes_ip=2508, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1852, state=4, num_pkts=15, num_bytes_ip=2312, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.011929, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.634369, req_dur=0.0, req_len=148, rep_start=1514568131.634976, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.629387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.629387]]\x0a
-nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1968, state=4, num_pkts=18, num_bytes_ip=2696, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1972, state=4, num_pkts=16, num_bytes_ip=2500, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.012799, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.635694, req_dur=0.0, req_len=136, rep_start=1514568131.635846, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
+nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1968, state=4, num_pkts=18, num_bytes_ip=2696, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1972, state=4, num_pkts=16, num_bytes_ip=2500, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.012799, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.635694, req_dur=0.0, req_len=136, rep_start=1514568131.635846, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
-nfs_proc_symlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2184, state=4, num_pkts=19, num_bytes_ip=2952, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2248, state=4, num_pkts=17, num_bytes_ip=2660, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.013431, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.635899, req_dur=0.0, req_len=204, rep_start=1514568131.636478, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink], symlinkdata=[symlink_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE], nfspath=/nfs/pddevbal801/bro-nfs/testfile]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=1514568131.629387, mtime=1514568131.629387, ctime=1514568131.629387], dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.629387, ctime=1514568131.629387]]\x0a
+nfs_proc_symlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2184, state=4, num_pkts=19, num_bytes_ip=2952, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2248, state=4, num_pkts=17, num_bytes_ip=2660, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.013431, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.635899, req_dur=0.0, req_len=204, rep_start=1514568131.636478, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink], symlinkdata=[symlink_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE], nfspath=/nfs/pddevbal801/bro-nfs/testfile]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=1514568131.629387, mtime=1514568131.629387, ctime=1514568131.629387], dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.629387, ctime=1514568131.629387]]\x0a
-nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2348, state=4, num_pkts=20, num_bytes_ip=3156, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2396, state=4, num_pkts=18, num_bytes_ip=2976, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.015041, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.637343, req_dur=0.0, req_len=152, rep_start=1514568131.638088, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=10, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.629387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=10, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.633387]]\x0a
+nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2348, state=4, num_pkts=20, num_bytes_ip=3156, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2396, state=4, num_pkts=18, num_bytes_ip=2976, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.015041, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.637343, req_dur=0.0, req_len=152, rep_start=1514568131.638088, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=10, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.629387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=10, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.633387]]\x0a
-nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2512, state=4, num_pkts=21, num_bytes_ip=3360, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2544, state=4, num_pkts=19, num_bytes_ip=3164, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.016413, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.638929, req_dur=0.0, req_len=152, rep_start=1514568131.63946, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=200, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.633387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.633387]]\x0a
+nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2512, state=4, num_pkts=21, num_bytes_ip=3360, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2544, state=4, num_pkts=19, num_bytes_ip=3164, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.016413, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.638929, req_dur=0.0, req_len=152, rep_start=1514568131.63946, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=200, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.633387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.633387]]\x0a
-nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2668, state=4, num_pkts=22, num_bytes_ip=3556, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2664, state=4, num_pkts=20, num_bytes_ip=3352, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.017567, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.640452, req_dur=0.0, req_len=144, rep_start=1514568131.640614, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.629387, ctime=1514568131.629387]]\x0a
+nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2668, state=4, num_pkts=22, num_bytes_ip=3556, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2664, state=4, num_pkts=20, num_bytes_ip=3352, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.017567, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.640452, req_dur=0.0, req_len=144, rep_start=1514568131.640614, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.629387, ctime=1514568131.629387]]\x0a
-nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2880, state=4, num_pkts=23, num_bytes_ip=3808, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2928, state=4, num_pkts=21, num_bytes_ip=3512, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.018252, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.640669, req_dur=0.0, req_len=200, rep_start=1514568131.641299, rep_dur=0.0, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile-symlink, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile-symlink.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=1514568131.629387, mtime=1514568131.629387], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387], dst_dir_pre_attr=[size=0, atime=1514568131.629387, mtime=1514568131.629387], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
+nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2880, state=4, num_pkts=23, num_bytes_ip=3808, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2928, state=4, num_pkts=21, num_bytes_ip=3512, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.018252, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.640669, req_dur=0.0, req_len=200, rep_start=1514568131.641299, rep_dur=0.0, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile-symlink, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile-symlink.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=1514568131.629387, mtime=1514568131.629387], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387], dst_dir_pre_attr=[size=0, atime=1514568131.629387, mtime=1514568131.629387], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
-nfs_proc_readlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3136, state=4, num_pkts=25, num_bytes_ip=4144, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3204, state=4, num_pkts=23, num_bytes_ip=3972, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.019333, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.64222, req_dur=0.0, req_len=116, rep_start=1514568131.64238, rep_dur=0.0, rep_len=148, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf\x0a\x09[attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=1514568131.629387, mtime=1514568131.629387, ctime=1514568131.637387], nfspath=/nfs/pddevbal801/bro-nfs/testfile]\x0a
+nfs_proc_readlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3136, state=4, num_pkts=25, num_bytes_ip=4144, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3204, state=4, num_pkts=23, num_bytes_ip=3972, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.019333, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.64222, req_dur=0.0, req_len=116, rep_start=1514568131.64238, rep_dur=0.0, rep_len=148, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf\x0a\x09[attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=1514568131.629387, mtime=1514568131.629387, ctime=1514568131.637387], nfspath=/nfs/pddevbal801/bro-nfs/testfile]\x0a
-nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3292, state=4, num_pkts=26, num_bytes_ip=4340, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3352, state=4, num_pkts=24, num_bytes_ip=4172, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.020916, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.643131, req_dur=0.0, req_len=144, rep_start=1514568131.643963, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.637387, mtime=1514568131.637387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
+nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3292, state=4, num_pkts=26, num_bytes_ip=4340, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3352, state=4, num_pkts=24, num_bytes_ip=4172, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.020916, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.643131, req_dur=0.0, req_len=144, rep_start=1514568131.643963, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.637387, mtime=1514568131.637387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
-nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3440, state=4, num_pkts=27, num_bytes_ip=4528, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3472, state=4, num_pkts=25, num_bytes_ip=4360, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.021753, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.644663, req_dur=0.0, req_len=136, rep_start=1514568131.6448, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
+nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3440, state=4, num_pkts=27, num_bytes_ip=4528, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3472, state=4, num_pkts=25, num_bytes_ip=4360, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.021753, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.644663, req_dur=0.0, req_len=136, rep_start=1514568131.6448, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
-nfs_proc_link: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3624, state=4, num_pkts=28, num_bytes_ip=4752, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3708, state=4, num_pkts=26, num_bytes_ip=4520, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.022398, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.644833, req_dur=0.0, req_len=172, rep_start=1514568131.645445, rep_dur=0.0, rep_len=224, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]]\x0a\x09[post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], preattr=[size=0, atime=1514568131.637387, mtime=1514568131.637387], postattr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
+nfs_proc_link: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3624, state=4, num_pkts=28, num_bytes_ip=4752, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3708, state=4, num_pkts=26, num_bytes_ip=4520, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.022398, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.644833, req_dur=0.0, req_len=172, rep_start=1514568131.645445, rep_dur=0.0, rep_len=224, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]]\x0a\x09[post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], preattr=[size=0, atime=1514568131.637387, mtime=1514568131.637387], postattr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
-nfs_proc_readdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3904, state=4, num_pkts=30, num_bytes_ip=5112, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4588, state=4, num_pkts=28, num_bytes_ip=4952, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.023841, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.646733, req_dur=0.0, req_len=140, rep_start=1514568131.646888, rep_dur=0.0, rep_len=752, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[isplus=T, dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, cookie=0, cookieverf=0, dircount=512, maxcount=4096]\x0a\x09[isplus=T, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387], cookieverf=0, entries=[, [fileid=1084481527, fname=., cookie=4, attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf], [fileid=128, fname=.., cookie=6, attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.625387, ctime=1514568131.625387], fh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2], [fileid=1084481529, fname=testfile, cookie=9, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf], [fileid=1084481529, fname=testfile-link, cookie=512, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf]], eof=T]\x0a
+nfs_proc_readdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3904, state=4, num_pkts=30, num_bytes_ip=5112, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4588, state=4, num_pkts=28, num_bytes_ip=4952, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.023841, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.646733, req_dur=0.0, req_len=140, rep_start=1514568131.646888, rep_dur=0.0, rep_len=752, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[isplus=T, dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, cookie=0, cookieverf=0, dircount=512, maxcount=4096]\x0a\x09[isplus=T, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387], cookieverf=0, entries=[, [fileid=1084481527, fname=., cookie=4, attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf], [fileid=128, fname=.., cookie=6, attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.625387, ctime=1514568131.625387], fh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2], [fileid=1084481529, fname=testfile, cookie=9, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf], [fileid=1084481529, fname=testfile-link, cookie=512, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf]], eof=T]\x0a
-nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4052, state=4, num_pkts=31, num_bytes_ip=5300, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4736, state=4, num_pkts=29, num_bytes_ip=5756, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.025477, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.647753, req_dur=0.0, req_len=136, rep_start=1514568131.648524, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
+nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4052, state=4, num_pkts=31, num_bytes_ip=5300, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4736, state=4, num_pkts=29, num_bytes_ip=5756, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.025477, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.647753, req_dur=0.0, req_len=136, rep_start=1514568131.648524, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
-nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4200, state=4, num_pkts=32, num_bytes_ip=5488, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4856, state=4, num_pkts=30, num_bytes_ip=5944, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.026817, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.649721, req_dur=0.0, req_len=136, rep_start=1514568131.649864, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
+nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4200, state=4, num_pkts=32, num_bytes_ip=5488, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4856, state=4, num_pkts=30, num_bytes_ip=5944, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.026817, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.649721, req_dur=0.0, req_len=136, rep_start=1514568131.649864, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
-nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4524, state=4, num_pkts=34, num_bytes_ip=5892, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5236, state=4, num_pkts=32, num_bytes_ip=6260, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.027593, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.65007, req_dur=0.0, req_len=184, rep_start=1514568131.65064, rep_dur=0.0, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387], dst_dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387]]\x0a
+nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4524, state=4, num_pkts=34, num_bytes_ip=5892, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5236, state=4, num_pkts=32, num_bytes_ip=6260, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.027593, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.65007, req_dur=0.0, req_len=184, rep_start=1514568131.65064, rep_dur=0.0, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387], dst_dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387]]\x0a
-nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4784, state=4, num_pkts=36, num_bytes_ip=6232, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5476, state=4, num_pkts=34, num_bytes_ip=6720, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.028734, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.651603, req_dur=0.0, req_len=120, rep_start=1514568131.651781, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
+nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4784, state=4, num_pkts=36, num_bytes_ip=6232, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5476, state=4, num_pkts=34, num_bytes_ip=6720, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.028734, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.651603, req_dur=0.0, req_len=120, rep_start=1514568131.651781, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
-nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4932, state=4, num_pkts=37, num_bytes_ip=6420, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5624, state=4, num_pkts=35, num_bytes_ip=6884, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.029354, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.651806, req_dur=0.0, req_len=136, rep_start=1514568131.652401, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.645387, mtime=1514568131.645387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387]]\x0a
+nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4932, state=4, num_pkts=37, num_bytes_ip=6420, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5624, state=4, num_pkts=35, num_bytes_ip=6884, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.029354, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.651806, req_dur=0.0, req_len=136, rep_start=1514568131.652401, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.645387, mtime=1514568131.645387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387]]\x0a
-nfs_proc_rmdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=5060, state=4, num_pkts=38, num_bytes_ip=6588, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5772, state=4, num_pkts=36, num_bytes_ip=7072, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.030704, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.653118, req_dur=0.0, req_len=116, rep_start=1514568131.653751, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[dir_pre_attr=[size=4096, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=15, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.649387, ctime=1514568131.649387]]\x0a
+nfs_proc_rmdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=5060, state=4, num_pkts=38, num_bytes_ip=6588, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5772, state=4, num_pkts=36, num_bytes_ip=7072, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.030704, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.653118, req_dur=0.0, req_len=116, rep_start=1514568131.653751, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[dir_pre_attr=[size=4096, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=15, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.649387, ctime=1514568131.649387]]\x0a
--- a/testing/btest/Baseline/scripts.base.protocols.ssh.basic/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.ssh.basic/.stdout
@ -1,4 +1,3 @@
 auth_result, CHhAvVGS1DHFjwGM9, F, 2
 auth_result, ClEkJM2Vm5giqnMf4h, T, 1
 auth_result, C4J4Th3PJpwUYZZ6gc, T, 3
 auth_result, Ck51lg1bScffFj34Ri, T, 2
--- a/testing/btest/Baseline/scripts.base.protocols.ssh.basic/ssh.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssh.basic/ssh.log
@ -3,14 +3,14 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
-#open	2017-08-01-16-26-21
+#open	2018-10-16-15-00-07
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	auth_success	auth_attempts	direction	client	server	cipher_alg	mac_alg	compression_alg	kex_alg	host_key_alg	host_key
 #types	time	string	addr	port	addr	port	count	bool	count	enum	string	string	string	string	string	string	string	string
-1324071333.792887	CHhAvVGS1DHFjwGM9	192.168.1.79	51880	131.159.21.1	22	2	F	2	-	SSH-2.0-OpenSSH_5.9	SSH-2.0-OpenSSH_5.8	aes128-ctr	hmac-md5	none	ecdh-sha2-nistp256	ssh-rsa	a7:26:62:3f:75:1f:33:8a:f3:32:90:8b:73:fd:2c:83
+1324071333.792887	CHhAvVGS1DHFjwGM9	192.168.1.79	51880	131.159.21.1	22	2	-	0	-	SSH-2.0-OpenSSH_5.9	SSH-2.0-OpenSSH_5.8	aes128-ctr	hmac-md5	zlib@openssh.com	ecdh-sha2-nistp256	ecdsa-sha2-nistp256	a7:26:62:3f:75:1f:33:8a:f3:32:90:8b:73:fd:2c:83
 1409516196.413240	ClEkJM2Vm5giqnMf4h	10.0.0.18	40184	128.2.6.88	41644	2	T	1	-	SSH-2.0-OpenSSH_6.6	SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1	aes128-ctr	hmac-md5	none	ecdh-sha2-nistp256	ssh-rsa	8a:8d:55:28:1e:71:04:99:94:43:22:89:e5:ff:e9:03
 1419870189.489202	C4J4Th3PJpwUYZZ6gc	192.168.2.1	57189	192.168.2.158	22	2	T	3	-	SSH-2.0-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	aes128-ctr	hmac-md5-etm@openssh.com	none	diffie-hellman-group-exchange-sha256	ssh-rsa	28:78:65:c1:c3:26:f7:1b:65:6a:44:14:d0:04:8f:b3
 1419870206.111841	CtPZjS20MLrsMUOJi2	192.168.2.1	57191	192.168.2.158	22	1	-	0	-	SSH-1.5-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
-1419996264.344957	CUM0KZ3MLUfNB0cl11	192.168.2.1	55179	192.168.2.158	2200	2	-	0	-	SSH-2.0-OpenSSH_6.2	SSH-2.0-paramiko_1.15.2	aes128-ctr	hmac-sha1	none	diffie-hellman-group14-sha1	ssh-rsa	60:73:38:44:cb:51:86:65:7f:de:da:a2:2b:5a:57:d5
+1419996264.344957	CUM0KZ3MLUfNB0cl11	192.168.2.1	55179	192.168.2.158	2200	2	-	0	-	SSH-2.0-OpenSSH_6.2	SSH-2.0-paramiko_1.15.2	aes128-ctr	hmac-md5	none	diffie-hellman-group-exchange-sha1	ssh-rsa	60:73:38:44:cb:51:86:65:7f:de:da:a2:2b:5a:57:d5
 1420588548.729561	CmES5u32sYpV7JYN	192.168.2.1	56594	192.168.2.158	22	1	-	0	-	SSH-1.5-OpenSSH_5.3	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
 1420590124.885826	CP5puj4I8PtEU4qzYg	192.168.2.1	56821	192.168.2.158	22	1	-	0	-	SSH-1.5-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
 1420590308.781231	C37jN32gN3y3AZzyf6	192.168.2.1	56837	192.168.2.158	22	1	-	0	-	SSH-1.5-OpenSSH_6.2	SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	-	-	-	-	-	a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
@ -23,9 +23,9 @@
 1420860283.057451	C9mvWx3ezztgzcexV7	192.168.1.32	41164	128.2.10.238	22	2	T	5	-	SSH-2.0-OpenSSH_6.6p1-hpn14v4	SSH-1.99-OpenSSH_3.4+p1+gssapi+OpenSSH_3.7.1buf_fix+2006100301	aes128-cbc	hmac-md5	none	diffie-hellman-group-exchange-sha1	ssh-rsa	7f:e5:81:92:26:77:05:44:c4:60:fb:cd:89:c8:81:ee
 1420860616.428738	CNnMIj2QSd84NKf7U3	192.168.1.32	33910	128.2.13.133	22	2	T	1	-	SSH-2.0-OpenSSH_6.6p1-hpn14v4	SSH-2.0-OpenSSH_5.3	aes128-ctr	hmac-md5	none	diffie-hellman-group-exchange-sha256	ssh-rsa	93:d8:4c:0d:b2:c3:2e:da:b9:c0:67:db:e4:8f:95:04
 1420868281.665872	C7fIlMZDuRiqjpYbb	192.168.1.32	41268	128.2.10.238	22	2	F	6	-	SSH-2.0-OpenSSH_6.6	SSH-1.99-OpenSSH_3.4+p1+gssapi+OpenSSH_3.7.1buf_fix+2006100301	aes128-cbc	hmac-md5	none	diffie-hellman-group-exchange-sha1	ssh-rsa	7f:e5:81:92:26:77:05:44:c4:60:fb:cd:89:c8:81:ee
-1420917487.227035	CpmdRlaUoJLN3uIRa	192.168.1.31	52294	192.168.1.32	22	2	T	2	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_6.7	chacha20-poly1305@openssh.com	hmac-sha2-512-etm@openssh.com	none	curve25519-sha256@libssh.org	ssh-ed25519	e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
+1420917487.227035	CpmdRlaUoJLN3uIRa	192.168.1.31	52294	192.168.1.32	22	2	T	2	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_6.7	chacha20-poly1305@openssh.com	hmac-sha2-512-etm@openssh.com	none	curve25519-sha256@libssh.org	ssh-ed25519-cert-v01@openssh.com	e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
-1421006072.224828	C1Xkzz2MaGtLrc1Tla	192.168.1.31	51489	192.168.1.32	22	2	T	3	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_6.7	chacha20-poly1305@openssh.com	hmac-sha2-512-etm@openssh.com	none	curve25519-sha256@libssh.org	ssh-ed25519	e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
+1421006072.224828	C1Xkzz2MaGtLrc1Tla	192.168.1.31	51489	192.168.1.32	22	2	T	3	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_6.7	chacha20-poly1305@openssh.com	hmac-sha2-512-etm@openssh.com	none	curve25519-sha256@libssh.org	ssh-ed25519-cert-v01@openssh.com	e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
-1421041177.031508	CLNN1k2QMum1aexUK7	192.168.1.32	58641	131.103.20.168	22	2	F	1	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_5.3	aes128-ctr	hmac-md5	none	diffie-hellman-group-exchange-sha256	ssh-rsa	97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
+1421041177.031508	CLNN1k2QMum1aexUK7	192.168.1.32	58641	131.103.20.168	22	2	F	1	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_5.3	aes128-ctr	umac-64@openssh.com	none	diffie-hellman-group-exchange-sha256	ssh-rsa	97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
-1421041299.777962	CBA8792iHmnhPLksKa	192.168.1.32	58646	131.103.20.168	22	2	T	1	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_5.3	aes128-ctr	hmac-md5	none	diffie-hellman-group-exchange-sha256	ssh-rsa	97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
+1421041299.777962	CBA8792iHmnhPLksKa	192.168.1.32	58646	131.103.20.168	22	2	T	1	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_5.3	aes128-ctr	umac-64@openssh.com	none	diffie-hellman-group-exchange-sha256	ssh-rsa	97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
-1421041526.353524	CGLPPc35OzDQij1XX8	192.168.1.32	58649	131.103.20.168	22	2	T	1	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_5.3	aes128-ctr	hmac-md5	none	diffie-hellman-group-exchange-sha256	ssh-rsa	97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
+1421041526.353524	CGLPPc35OzDQij1XX8	192.168.1.32	58649	131.103.20.168	22	2	T	1	-	SSH-2.0-OpenSSH_6.7	SSH-2.0-OpenSSH_5.3	aes128-ctr	umac-64@openssh.com	none	diffie-hellman-group-exchange-sha256	ssh-rsa	97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
-#close	2017-08-01-16-26-21
+#close	2018-10-16-15-00-07
--- a/testing/btest/Baseline/scripts.base.protocols.ssh.curve25519_kex/ssh.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssh.curve25519_kex/ssh.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
-#open	2017-10-05-19-34-53
+#open	2018-10-16-15-27-29
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	auth_success	auth_attempts	direction	client	server	cipher_alg	mac_alg	compression_alg	kex_alg	host_key_alg	host_key
 #types	time	string	addr	port	addr	port	count	bool	count	enum	string	string	string	string	string	string	string	string
-1505524964.630115	CHhAvVGS1DHFjwGM9	192.168.1.100	60906	192.168.1.32	22	2	T	2	-	SSH-2.0-OpenSSH_7.4	SSH-2.0-OpenSSH_7.5	chacha20-poly1305@openssh.com	hmac-sha2-512-etm@openssh.com	none	curve25519-sha256	ssh-ed25519	e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
+1505524964.630115	CHhAvVGS1DHFjwGM9	192.168.1.100	60906	192.168.1.32	22	2	T	2	-	SSH-2.0-OpenSSH_7.4	SSH-2.0-OpenSSH_7.5	chacha20-poly1305@openssh.com	hmac-sha2-512-etm@openssh.com	none	curve25519-sha256	ssh-ed25519-cert-v01@openssh.com	e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
-#close	2017-10-05-19-34-53
+#close	2018-10-16-15-27-29
--- a/testing/btest/broker/connect-on-retry.bro
+++ b/testing/btest/broker/connect-on-retry.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
 #
-# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff send/send.out
--- a/testing/btest/broker/disconnect.bro
+++ b/testing/btest/broker/disconnect.bro
@ -3,10 +3,10 @@
 # @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
-# @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat recv/.pid) 30 || (btest-bg-wait -k 1 && false)
+# @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat recv/.pid) 45 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: btest-bg-run recv2 "bro -B broker -b ../recv.bro >recv2.out"
-# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff send/send.out
 # @TEST-EXEC: btest-diff recv/recv.out
--- a/testing/btest/broker/remote_event.bro
+++ b/testing/btest/broker/remote_event.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
 #
-# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff send/send.out
--- a/testing/btest/broker/remote_event_any.bro
+++ b/testing/btest/broker/remote_event_any.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
 #
-# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff send/send.out
--- a/testing/btest/broker/remote_event_auto.bro
+++ b/testing/btest/broker/remote_event_auto.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -b ../send.bro >send.out"
 #
-# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff send/send.out
--- a/testing/btest/broker/remote_event_ssl_auth.bro
+++ b/testing/btest/broker/remote_event_ssl_auth.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
 #
-# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff send/send.out
--- a/testing/btest/broker/remote_event_vector_any.bro
+++ b/testing/btest/broker/remote_event_vector_any.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
 #
-# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
@TEST-START-FILE send.bro
--- a/testing/btest/broker/remote_id.bro
+++ b/testing/btest/broker/remote_id.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro test_var=newval >send.out"
 #
-# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
@TEST-START-FILE send.bro
@ -15,8 +15,9 @@ event bro_init()
 	Broker::peer("127.0.0.1");
 	}
-event die()
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print "peer lost";
 	terminate();
 	}
@ -24,7 +25,6 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print "peer added";
 	Broker::publish_id("bro/ids/test", "test_var");
 	schedule 1sec { die() };
 	}
@TEST-END-FILE
@ -33,6 +33,17 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 const test_var = "init" &redef;
 event check_var()
 	{
 	if ( test_var == "init" )
 		schedule 0.1sec { check_var() };
 	else
 		{
 		print "updated val", test_var;
 		terminate();
 		}
 	}
 event bro_init()
 	{
 	print "intial val", test_var;
@ -43,12 +54,12 @@ event bro_init()
 event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print "peer added";
 	schedule 1sec { check_var() };
 	}
 event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print "peer lost";
 	print "updated val", test_var;
 	terminate();
 	}
--- a/testing/btest/broker/remote_log.bro
+++ b/testing/btest/broker/remote_log.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
-# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff recv/test.log
 # @TEST-EXEC: btest-diff send/send.out
--- a/testing/btest/broker/remote_log_late_join.bro
+++ b/testing/btest/broker/remote_log_late_join.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -b ../send.bro >send.out"
-# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff recv/test.log
 # @TEST-EXEC: btest-diff send/send.out
--- a/testing/btest/broker/remote_log_types.bro
+++ b/testing/btest/broker/remote_log_types.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -b ../send.bro >send.out"
-# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff recv/test.log
 # @TEST-EXEC: btest-diff send/send.out
--- a/testing/btest/broker/ssl_auth_failure.bro
+++ b/testing/btest/broker/ssl_auth_failure.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
 #
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff send/send.out
--- a/testing/btest/broker/store/clone.bro
+++ b/testing/btest/broker/store/clone.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run clone "bro -B broker -b  ../clone-main.bro >clone.out"
 # @TEST-EXEC: btest-bg-run master "bro -B broker -b  ../master-main.bro >master.out"
 #
-# @TEST-EXEC: btest-bg-wait 25
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff clone/clone.out
 # @TEST-EXEC: btest-diff master/master.out
--- a/testing/btest/broker/unpeer.bro
+++ b/testing/btest/broker/unpeer.bro
@ -3,7 +3,7 @@
 # @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out"
 # @TEST-EXEC: btest-bg-run send "bro -b ../send.bro >send.out"
 #
-# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-bg-wait 45
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff send/send.out
 # 
--- a/testing/btest/language/expire_func_mod.bro
+++ b/testing/btest/language/expire_func_mod.bro
@ -0,0 +1,41 @@
 # @TEST-EXEC: bro -b %INPUT >out
 # @TEST-EXEC: btest-diff out
 module Test;
 redef exit_only_after_terminate = T;
 redef table_expire_interval = .1 secs ;
 export {
 	global table_expire_func: function(t: table[string] of count,
 	                                   s: string): interval;
 	global t: table[string] of count
 		&write_expire=0 secs
 		&expire_func=table_expire_func;
 }
 event die()
 	{
 	terminate();
 	}
 function table_expire_func(t: table[string] of count, s: string): interval
 	{
 	t[s] += 1 ;
 	print fmt("inside table_expire_func: %s, %s", s, t[s]);
 	if ( t[s] < 10 )
 		return .1 secs ;
 	schedule .1sec { die() };
 	return 0 secs;
 	}
 event bro_init()
 	{
 	local s="ashish";
 	t[s] = 1 ;
 	print fmt("starting: %s, %s", s, t[s]);
 	}
--- a/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro
@ -27,5 +27,30 @@ event bro_init()
 		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1986-12-01T01:01:01Z") + 0.90 secs)
 		]);
 	Log::write(SSH::LOG, [
 		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 0.4 secs)
 		]);
 	Log::write(SSH::LOG, [
 		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 0.5 secs)
 		]);
 	Log::write(SSH::LOG, [
 		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 0.6 secs)
 		]);
 	Log::write(SSH::LOG, [
 		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 1.0 secs)
 		]);
 	Log::write(SSH::LOG, [
 		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 1.4 secs)
 		]);
 	Log::write(SSH::LOG, [
 		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 1.5 secs)
 		]);
 	Log::write(SSH::LOG, [
 		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 1.6 secs)
 		]);
 	Log::write(SSH::LOG, [
 		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 99 secs)
 		]);
 }
		`@ -1 +1 @@`
			`Subproject commit db3c064f084090cda60d0511c74908b6cec092f8`				`Subproject commit 6fefde7e3e3a675f2359084f0dfa938a62da398c`
		`@ -1 +1 @@`
			`Subproject commit 5bc2184081c3edc44398b15f92d67d4a85d0b44b`				`Subproject commit a843bfab047999386c6268a47bb2f6969b7bbaf7`
`@ -1,2 +1,2 @@`
	mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.621984, duration=0.000553, service={\x0a\x0a}, history=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.62212, req_dur=0.0, req_len=96, rep_start=1514568131.622537, rep_dur=0.0, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a	mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.621984, duration=0.000553, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.62212, req_dur=0.0, req_len=96, rep_start=1514568131.622537, rep_dur=0.0, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a
	mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.665918, duration=0.000266, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.665918, req_dur=0.0, req_len=84, rep_start=1514568131.666184, rep_dur=0.0, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a	mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.665918, duration=0.000266, service={\x0a\x0a}, history=Dd, uid=CtPZjS20MLrsMUOJi2, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.665918, req_dur=0.0, req_len=84, rep_start=1514568131.666184, rep_dur=0.0, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a