Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Introduce new c$failed_analyzers field

Browse source 
This field is used internally to trace which analyzers already had a
violation. This is mostly used to prevent duplicate logging.

In the past, c$service_violation was used for a similar purpose -
however it has slightly different semantics. Where c$failed_analyzers
tracks analyzers that were removed due to a violation,
c$service_violation tracks violations - and doesn't care if an analyzer
was actually removed due to it.
This commit is contained in:
Johanna Amann 2025-06-03 17:10:00 +01:00
parent 42ba2fcca0
commit 58613f0313
15 changed files with 3958 additions and 3952 deletions
Download patch file Download diff file Expand all files Collapse all files

12
scripts/base/frameworks/analyzer/dpd.zeek
View file

@ -27,7 +27,11 @@ export {
redef record connection += {
## The set of services (analyzers) for which Zeek has observed a
## violation after the same service had previously been confirmed.
service_violation: set[string] &default=set() &ordered;
service_violation: set[string] &default=set() &ordered &deprecated="Remove in v8.1. Consider using failed_analyzers instead";
## The set of prototol analyzers that were removed due to a protocol
## violation after the same analyzer had previously been confirmed.
failed_analyzers: set[string] &default=set() &ordered;
};
# Add confirmed protocol analyzers to conn.log service field
@ -44,7 +48,7 @@ event analyzer_confirmation_info(atype: AllAnalyzers::Tag, info: AnalyzerConfirm
add c$service[analyzer];
}
# Remove failed analyzers from service field and add them to c$service_violation
# Remove failed analyzers from service field and add them to c$failed_analyzers
# Low priority to allow other handlers to check if the analyzer was confirmed
event analyzer_failed(ts: time, atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo) &priority=-5
{
@ -67,8 +71,8 @@ event analyzer_failed(ts: time, atype: AllAnalyzers::Tag, info: AnalyzerViolatio
# if statement is separate, to allow repeated removal of service, in case there are several
# confirmation and violation events
if ( analyzer !in c$service_violation )
add c$service_violation[analyzer];
if ( analyzer !in c$failed_analyzers )
add c$failed_analyzers[analyzer];
# add "-service" to the list of services on removal due to violation, if analyzer was confirmed before
if ( track_removed_services_in_connection && Analyzer::name(atype) in c$service )

2
scripts/base/frameworks/analyzer/logging.zeek
View file

@ -103,7 +103,7 @@ event analyzer_failed(ts: time, atype: AllAnalyzers::Tag, info: AnalyzerViolatio
# note that analyzers can fail repeatedly in some circumstances - e.g. when they
# are re-attached by the dynamic protocol detection due to later data.
local analyzer_name = Analyzer::name(atype);
if ( analyzer_name !in info$c$service || analyzer_name in info$c$service_violation )
if ( analyzer_name !in info$c$service || analyzer_name in info$c$failed_analyzers )
return;
log_analyzer_failure(ts, atype, info);

2
scripts/policy/protocols/conn/failed-service-logging.zeek
View file

@ -27,7 +27,7 @@ event analyzer_failed(ts: time, atype: AllAnalyzers::Tag, info: AnalyzerViolatio
# Only add if previously confirmed and not failed
local analyzer_name = Analyzer::name(atype);
if ( analyzer_name !in c$service || analyzer_name in c$service_violation )
if ( analyzer_name !in c$service || analyzer_name in c$failed_analyzers )
return;
set_conn(c, F);

268
testing/btest/Baseline.zam/scripts.policy.misc.dump-events/all-events.log
View file

File diff suppressed because one or more lines are too long

3184
testing/btest/Baseline.zam/scripts.policy.misc.dump-events/really-all-events.log
View file

File diff suppressed because one or more lines are too long

88
testing/btest/Baseline.zam/scripts.policy.misc.dump-events/smtp-events.log
View file

@ -1,6 +1,6 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
@ -8,7 +8,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=<uninitialized>, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=<uninitialized>, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
@ -16,7 +16,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=<uninitialized>, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=<uninitialized>, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
@ -24,13 +24,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=695.0 msecs 762.872696 usecs, service={\x0aSMTP\x0a}, history=ShAdD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=695.0 msecs 762.872696 usecs, service={\x0aSMTP\x0a}, history=ShAdD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = EHLO
[3] arg: string = GP
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -38,7 +38,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -46,7 +46,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -54,7 +54,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -62,7 +62,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -70,7 +70,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -78,13 +78,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 39.0 msecs 682.865143 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 39.0 msecs 682.865143 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = AUTH
[3] arg: string = LOGIN
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 382.0 msecs 35.017014 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 382.0 msecs 35.017014 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 334
[3] cmd: string = AUTH
@ -92,13 +92,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 382.0 msecs 608.890533 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 382.0 msecs 608.890533 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = **
[3] arg: string = Z3VycGFydGFwQHBhdHJpb3RzLmlu
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 724.0 msecs 498.033524 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 724.0 msecs 498.033524 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 334
[3] cmd: string = AUTH_ANSWER
@ -106,13 +106,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 725.0 msecs 71.907043 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 725.0 msecs 71.907043 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = **
[3] arg: string = cHVuamFiQDEyMw==
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 84.0 msecs 751.844406 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 84.0 msecs 751.844406 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 235
[3] cmd: string = AUTH_ANSWER
@ -120,13 +120,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 85.0 msecs 367.918015 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 85.0 msecs 367.918015 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = MAIL
[3] arg: string = FROM: <gurpartap@patriots.in>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 427.0 msecs 718.877792 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 427.0 msecs 718.877792 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = MAIL
@ -134,13 +134,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 428.0 msecs 204.059601 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 428.0 msecs 204.059601 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = RCPT
[3] arg: string = TO: <raj_deol2002in@yahoo.co.in>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 790.0 msecs 662.050247 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 790.0 msecs 662.050247 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = RCPT
@ -148,13 +148,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 791.0 msecs 157.007217 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 791.0 msecs 157.007217 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = DATA
[3] arg: string =
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 secs 132.0 msecs 632.97081 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=1]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 secs 132.0 msecs 632.97081 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=1]]
[1] is_orig: bool = F
[2] code: count = 354
[3] cmd: string = DATA
@ -162,13 +162,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[1] is_orig: bool = T
[2] command: string = .
[3] arg: string = .
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=4.0 secs 719.0 msecs 743.013382 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=4.0 secs 719.0 msecs 743.013382 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = .
@ -176,13 +176,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 secs 234.0 msecs 778.881073 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 secs 234.0 msecs 778.881073 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[1] is_orig: bool = T
[2] command: string = QUIT
[3] arg: string =
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 secs 576.0 msecs 421.022415 usecs, service={\x0aSMTP\x0a}, history=ShAdDaTF, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 secs 576.0 msecs 421.022415 usecs, service={\x0aSMTP\x0a}, history=ShAdDaTF, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[1] is_orig: bool = F
[2] code: count = 221
[3] cmd: string = QUIT
@ -190,7 +190,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=10.0 msecs 246.992111 usecs, service={\x0a\x0a}, history=ShAd, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=10.0 msecs 246.992111 usecs, service={\x0a\x0a}, history=ShAd, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
@ -198,13 +198,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 411.056519 usecs, service={\x0aSMTP\x0a}, history=ShAdD, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 411.056519 usecs, service={\x0aSMTP\x0a}, history=ShAdD, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = EHLO
[3] arg: string = [192.168.133.100]
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -212,7 +212,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 uprise, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 uprise, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -220,7 +220,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 8BITMIME, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 8BITMIME, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -228,7 +228,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH LOGIN, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH LOGIN, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -236,13 +236,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=56, state=4, num_pkts=5, num_bytes_ip=296, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=30.0 msecs 136.108398 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=56, state=4, num_pkts=5, num_bytes_ip=296, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=30.0 msecs 136.108398 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = MAIL
[3] arg: string = FROM:<albert@example.com>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=56, state=4, num_pkts=6, num_bytes_ip=380, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=32.0 msecs 890.081406 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=56, state=4, num_pkts=6, num_bytes_ip=380, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=32.0 msecs 890.081406 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = MAIL
@ -250,13 +250,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=88, state=4, num_pkts=7, num_bytes_ip=432, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=33.0 msecs 337.116241 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=88, state=4, num_pkts=7, num_bytes_ip=432, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=33.0 msecs 337.116241 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = RCPT
[3] arg: string = TO:<ericlim220@yahoo.com>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=88, state=4, num_pkts=8, num_bytes_ip=516, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=36.0 msecs 91.089249 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=88, state=4, num_pkts=8, num_bytes_ip=516, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=36.0 msecs 91.089249 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = RCPT
@ -264,13 +264,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=121, state=4, num_pkts=9, num_bytes_ip=568, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=36.0 msecs 692.142487 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=121, state=4, num_pkts=9, num_bytes_ip=568, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=36.0 msecs 692.142487 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = RCPT
[3] arg: string = TO:<felica4uu@hotmail.com>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=121, state=4, num_pkts=10, num_bytes_ip=653, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=40.0 msecs 729.045868 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=121, state=4, num_pkts=10, num_bytes_ip=653, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=40.0 msecs 729.045868 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = RCPT
@ -278,13 +278,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=156, state=4, num_pkts=11, num_bytes_ip=705, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=41.0 msecs 517.972946 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=156, state=4, num_pkts=11, num_bytes_ip=705, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=41.0 msecs 517.972946 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = RCPT
[3] arg: string = TO:<davis_mark1@outlook.com>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=156, state=4, num_pkts=12, num_bytes_ip=792, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=44.0 msecs 173.955917 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=156, state=4, num_pkts=12, num_bytes_ip=792, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=44.0 msecs 173.955917 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = RCPT
@ -292,13 +292,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=162, state=4, num_pkts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=44.0 msecs 801.950455 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=162, state=4, num_pkts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=44.0 msecs 801.950455 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = DATA
[3] arg: string =
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=162, state=4, num_pkts=14, num_bytes_ip=902, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=47.0 msecs 863.006592 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=1]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=162, state=4, num_pkts=14, num_bytes_ip=902, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=47.0 msecs 863.006592 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=1]]
[1] is_orig: bool = F
[2] code: count = 354
[3] cmd: string = DATA
@ -306,13 +306,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=969, state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=48.0 msecs 480.033875 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0afelica4uu@hotmail.com,\x0adavis_mark1@outlook.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=1]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=969, state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=48.0 msecs 480.033875 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0afelica4uu@hotmail.com,\x0adavis_mark1@outlook.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=1]]
[1] is_orig: bool = T
[2] command: string = .
[3] arg: string = .
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=969, state=4, num_pkts=16, num_bytes_ip=1813, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=162, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=57.0 msecs 218.074799 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0afelica4uu@hotmail.com,\x0adavis_mark1@outlook.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=1]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=969, state=4, num_pkts=16, num_bytes_ip=1813, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=162, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=57.0 msecs 218.074799 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09ZAM-code SMTP::finalize_smtp\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0afelica4uu@hotmail.com,\x0adavis_mark1@outlook.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=1]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = .

1
testing/btest/Baseline/coverage.record-fields/out.bare
View file

@ -2,6 +2,7 @@
[zeek, -b, <...>/record-fields.zeek]
connection {
* duration: interval, log=F, optional=F
* failed_analyzers: set[string], log=F, optional=T
* history: string, log=F, optional=F
* id: record conn_id, log=F, optional=F
conn_id {

1
testing/btest/Baseline/coverage.record-fields/out.default
View file

@ -137,6 +137,7 @@ connection {
* duration: interval, log=F, optional=F
* extract_orig: bool, log=F, optional=T
* extract_resp: bool, log=F, optional=T
* failed_analyzers: set[string], log=F, optional=T
* ftp: record FTP::Info, log=F, optional=T
FTP::Info {
* arg: string, log=T, optional=T

546
testing/btest/Baseline/plugins.hooks/output
View file

File diff suppressed because one or more lines are too long

4
testing/btest/Baseline/scripts.base.protocols.mount.basic/.stdout
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp, proto=17], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=552.892685 usecs, service={\x0a\x0a}, history=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=96, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a
mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp, proto=17], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=265.836716 usecs, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=84, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a
mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp, proto=17], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=552.892685 usecs, service={\x0a\x0a}, history=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=96, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a
mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp, proto=17], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=265.836716 usecs, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=84, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a

56
testing/btest/Baseline/scripts.base.protocols.nfs.basic/.stdout
View file

@ -1,29 +1,29 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=160, state=4, num_pkts=5, num_bytes_ip=368, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=112, state=4, num_pkts=3, num_bytes_ip=156, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=528.812408 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=104, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=276, state=4, num_pkts=6, num_bytes_ip=524, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=172, state=4, num_pkts=4, num_bytes_ip=280, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=672.81723 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=104, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=48, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_PATHCONF\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=508, state=4, num_pkts=8, num_bytes_ip=836, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=372, state=4, num_pkts=6, num_bytes_ip=536, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 msec 6.84166 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=104, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=744, state=4, num_pkts=10, num_bytes_ip=1152, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=612, state=4, num_pkts=8, num_bytes_ip=816, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=5.0 msecs 559.921265 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=108, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_mkdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=900, state=4, num_pkts=11, num_bytes_ip=1348, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=888, state=4, num_pkts=9, num_bytes_ip=980, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 412.982941 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, obj_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dir_pre_attr=[size=4096, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1032, state=4, num_pkts=12, num_bytes_ip=1520, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1012, state=4, num_pkts=10, num_bytes_ip=1296, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 315.8741 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=120, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1172, state=4, num_pkts=13, num_bytes_ip=1700, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1132, state=4, num_pkts=11, num_bytes_ip=1460, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 541.894913 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=128, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_create: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1344, state=4, num_pkts=14, num_bytes_ip=1912, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1408, state=4, num_pkts=12, num_bytes_ip=1620, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=8.0 msecs 343.935013 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=160, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1500, state=4, num_pkts=15, num_bytes_ip=2108, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1556, state=4, num_pkts=13, num_bytes_ip=1936, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=8.0 msecs 932.828903 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::SET_TO_SERVER_TIME, mtime=NFS3::SET_TO_SERVER_TIME]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1660, state=4, num_pkts=16, num_bytes_ip=2308, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1704, state=4, num_pkts=14, num_bytes_ip=2124, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=10.0 msecs 356.903076 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=148, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=448, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33216, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1820, state=4, num_pkts=17, num_bytes_ip=2508, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1852, state=4, num_pkts=15, num_bytes_ip=2312, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=11.0 msecs 928.796768 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=148, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1968, state=4, num_pkts=18, num_bytes_ip=2696, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1972, state=4, num_pkts=16, num_bytes_ip=2500, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=12.0 msecs 798.786163 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_symlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=2184, state=4, num_pkts=19, num_bytes_ip=2952, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2248, state=4, num_pkts=17, num_bytes_ip=2660, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=13.0 msecs 430.833817 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=204, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink], symlinkdata=[symlink_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE], nfspath=/nfs/pddevbal801/bro-nfs/testfile]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=2348, state=4, num_pkts=20, num_bytes_ip=3156, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2396, state=4, num_pkts=18, num_bytes_ip=2976, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=15.0 msecs 40.874481 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=152, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=10, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=10, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=2512, state=4, num_pkts=21, num_bytes_ip=3360, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2544, state=4, num_pkts=19, num_bytes_ip=3164, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=16.0 msecs 412.973404 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=152, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=200, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=2668, state=4, num_pkts=22, num_bytes_ip=3556, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2664, state=4, num_pkts=20, num_bytes_ip=3352, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=17.0 msecs 566.919327 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=2880, state=4, num_pkts=23, num_bytes_ip=3808, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2928, state=4, num_pkts=21, num_bytes_ip=3512, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=18.0 msecs 251.895905 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=200, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile-symlink, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile-symlink.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dst_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_readlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=3136, state=4, num_pkts=25, num_bytes_ip=4144, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3204, state=4, num_pkts=23, num_bytes_ip=3972, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=19.0 msecs 332.885742 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=116, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=148, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf\x0a\x09[attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], nfspath=/nfs/pddevbal801/bro-nfs/testfile]\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=3292, state=4, num_pkts=26, num_bytes_ip=4340, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3352, state=4, num_pkts=24, num_bytes_ip=4172, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 915.985107 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=3440, state=4, num_pkts=27, num_bytes_ip=4528, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3472, state=4, num_pkts=25, num_bytes_ip=4360, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=21.0 msecs 752.83432 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_link: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=3624, state=4, num_pkts=28, num_bytes_ip=4752, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3708, state=4, num_pkts=26, num_bytes_ip=4520, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=22.0 msecs 397.994995 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=172, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=224, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]]\x0a\x09[post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], preattr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], postattr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_readdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=3904, state=4, num_pkts=30, num_bytes_ip=5112, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4588, state=4, num_pkts=28, num_bytes_ip=4952, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 840.904236 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=140, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=752, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[isplus=T, dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, cookie=0, cookieverf=0, dircount=512, maxcount=4096]\x0a\x09[isplus=T, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], cookieverf=0, entries=[, [fileid=1084481527, fname=., cookie=4, attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf], [fileid=128, fname=.., cookie=6, attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2], [fileid=1084481529, fname=testfile, cookie=9, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf], [fileid=1084481529, fname=testfile-link, cookie=512, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf]], eof=T]\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=4052, state=4, num_pkts=31, num_bytes_ip=5300, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4736, state=4, num_pkts=29, num_bytes_ip=5756, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=25.0 msecs 476.932526 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=4200, state=4, num_pkts=32, num_bytes_ip=5488, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4856, state=4, num_pkts=30, num_bytes_ip=5944, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 816.84494 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=4524, state=4, num_pkts=34, num_bytes_ip=5892, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5236, state=4, num_pkts=32, num_bytes_ip=6260, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=27.0 msecs 592.897415 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=184, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dst_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=4784, state=4, num_pkts=36, num_bytes_ip=6232, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5476, state=4, num_pkts=34, num_bytes_ip=6720, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=28.0 msecs 733.968735 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=120, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=4932, state=4, num_pkts=37, num_bytes_ip=6420, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5624, state=4, num_pkts=35, num_bytes_ip=6884, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 353.85704 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_rmdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=5060, state=4, num_pkts=38, num_bytes_ip=6588, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5772, state=4, num_pkts=36, num_bytes_ip=7072, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=30.0 msecs 703.783035 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=116, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[dir_pre_attr=[size=4096, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=15, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=160, state=4, num_pkts=5, num_bytes_ip=368, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=112, state=4, num_pkts=3, num_bytes_ip=156, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=528.812408 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=104, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=276, state=4, num_pkts=6, num_bytes_ip=524, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=172, state=4, num_pkts=4, num_bytes_ip=280, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=672.81723 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=104, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=48, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_PATHCONF\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=508, state=4, num_pkts=8, num_bytes_ip=836, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=372, state=4, num_pkts=6, num_bytes_ip=536, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 msec 6.84166 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=104, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=744, state=4, num_pkts=10, num_bytes_ip=1152, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=612, state=4, num_pkts=8, num_bytes_ip=816, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=5.0 msecs 559.921265 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=108, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_mkdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=900, state=4, num_pkts=11, num_bytes_ip=1348, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=888, state=4, num_pkts=9, num_bytes_ip=980, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 412.982941 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, obj_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dir_pre_attr=[size=4096, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1032, state=4, num_pkts=12, num_bytes_ip=1520, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1012, state=4, num_pkts=10, num_bytes_ip=1296, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 315.8741 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=120, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1172, state=4, num_pkts=13, num_bytes_ip=1700, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1132, state=4, num_pkts=11, num_bytes_ip=1460, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 541.894913 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=128, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_create: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1344, state=4, num_pkts=14, num_bytes_ip=1912, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1408, state=4, num_pkts=12, num_bytes_ip=1620, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=8.0 msecs 343.935013 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=160, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1500, state=4, num_pkts=15, num_bytes_ip=2108, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1556, state=4, num_pkts=13, num_bytes_ip=1936, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=8.0 msecs 932.828903 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::SET_TO_SERVER_TIME, mtime=NFS3::SET_TO_SERVER_TIME]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1660, state=4, num_pkts=16, num_bytes_ip=2308, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1704, state=4, num_pkts=14, num_bytes_ip=2124, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=10.0 msecs 356.903076 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=148, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=448, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33216, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1820, state=4, num_pkts=17, num_bytes_ip=2508, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1852, state=4, num_pkts=15, num_bytes_ip=2312, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=11.0 msecs 928.796768 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=148, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=1968, state=4, num_pkts=18, num_bytes_ip=2696, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1972, state=4, num_pkts=16, num_bytes_ip=2500, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=12.0 msecs 798.786163 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_symlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=2184, state=4, num_pkts=19, num_bytes_ip=2952, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2248, state=4, num_pkts=17, num_bytes_ip=2660, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=13.0 msecs 430.833817 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=204, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink], symlinkdata=[symlink_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE], nfspath=/nfs/pddevbal801/bro-nfs/testfile]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=2348, state=4, num_pkts=20, num_bytes_ip=3156, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2396, state=4, num_pkts=18, num_bytes_ip=2976, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=15.0 msecs 40.874481 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=152, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=10, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=10, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=2512, state=4, num_pkts=21, num_bytes_ip=3360, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2544, state=4, num_pkts=19, num_bytes_ip=3164, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=16.0 msecs 412.973404 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=152, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=200, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=2668, state=4, num_pkts=22, num_bytes_ip=3556, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2664, state=4, num_pkts=20, num_bytes_ip=3352, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=17.0 msecs 566.919327 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=2880, state=4, num_pkts=23, num_bytes_ip=3808, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2928, state=4, num_pkts=21, num_bytes_ip=3512, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=18.0 msecs 251.895905 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=200, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile-symlink, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile-symlink.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dst_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_readlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=3136, state=4, num_pkts=25, num_bytes_ip=4144, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3204, state=4, num_pkts=23, num_bytes_ip=3972, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=19.0 msecs 332.885742 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=116, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=148, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf\x0a\x09[attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], nfspath=/nfs/pddevbal801/bro-nfs/testfile]\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=3292, state=4, num_pkts=26, num_bytes_ip=4340, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3352, state=4, num_pkts=24, num_bytes_ip=4172, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 915.985107 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=3440, state=4, num_pkts=27, num_bytes_ip=4528, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3472, state=4, num_pkts=25, num_bytes_ip=4360, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=21.0 msecs 752.83432 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_link: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=3624, state=4, num_pkts=28, num_bytes_ip=4752, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3708, state=4, num_pkts=26, num_bytes_ip=4520, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=22.0 msecs 397.994995 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=172, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=224, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]]\x0a\x09[post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], preattr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], postattr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_readdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=3904, state=4, num_pkts=30, num_bytes_ip=5112, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4588, state=4, num_pkts=28, num_bytes_ip=4952, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 840.904236 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=140, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=752, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[isplus=T, dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, cookie=0, cookieverf=0, dircount=512, maxcount=4096]\x0a\x09[isplus=T, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], cookieverf=0, entries=[, [fileid=1084481527, fname=., cookie=4, attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf], [fileid=128, fname=.., cookie=6, attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2], [fileid=1084481529, fname=testfile, cookie=9, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf], [fileid=1084481529, fname=testfile-link, cookie=512, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf]], eof=T]\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=4052, state=4, num_pkts=31, num_bytes_ip=5300, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4736, state=4, num_pkts=29, num_bytes_ip=5756, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=25.0 msecs 476.932526 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=4200, state=4, num_pkts=32, num_bytes_ip=5488, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4856, state=4, num_pkts=30, num_bytes_ip=5944, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 816.84494 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=4524, state=4, num_pkts=34, num_bytes_ip=5892, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5236, state=4, num_pkts=32, num_bytes_ip=6260, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=27.0 msecs 592.897415 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=184, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dst_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=4784, state=4, num_pkts=36, num_bytes_ip=6232, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5476, state=4, num_pkts=34, num_bytes_ip=6720, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=28.0 msecs 733.968735 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=120, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=4932, state=4, num_pkts=37, num_bytes_ip=6420, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5624, state=4, num_pkts=35, num_bytes_ip=6884, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 353.85704 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_rmdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp, proto=6], orig=[size=5060, state=4, num_pkts=38, num_bytes_ip=6588, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5772, state=4, num_pkts=36, num_bytes_ip=7072, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=30.0 msecs 703.783035 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=116, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[dir_pre_attr=[size=4096, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=15, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a

206
testing/btest/Baseline/scripts.base.protocols.postgresql.dump-events/output
View file

@ -1,483 +1,483 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
XXXXXXXXXX.XXXXXX PostgreSQL::ssl_request
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=8, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 msec 613.140106 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=8, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 msec 613.140106 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
XXXXXXXXXX.XXXXXX analyzer_confirmation_info
[0] atype: AllAnalyzers::Tag = Analyzer::ANALYZER_POSTGRESQL
[1] info: AnalyzerConfirmationInfo = [c=[id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=8, state=4, num_pkts=3, num_bytes_ip=172, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 382.205963 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}], f=<uninitialized>, aid=3]
[1] info: AnalyzerConfirmationInfo = [c=[id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=8, state=4, num_pkts=3, num_bytes_ip=172, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 382.205963 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}], f=<uninitialized>, aid=3]
XXXXXXXXXX.XXXXXX PostgreSQL::ssl_reply
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=8, state=4, num_pkts=3, num_bytes_ip=172, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 382.205963 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=8, state=4, num_pkts=3, num_bytes_ip=172, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 382.205963 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] data: string = N
XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = user
[2] value: string = zeek
XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = database
[2] value: string = zeek
XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = application_name
[2] value: string = psql
XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = client_encoding
[2] value: string = UTF8
XXXXXXXXXX.XXXXXX PostgreSQL::startup_message
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] major: count = 3
[2] minor: count = 0
XXXXXXXXXX.XXXXXX PostgreSQL::authentication_request
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=5, num_bytes_ip=352, flow_label=0, l2_addr=<uninitialized>], resp=[size=25, state=4, num_pkts=4, num_bytes_ip=217, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=5.0 msecs 738.019943 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=5, num_bytes_ip=352, flow_label=0, l2_addr=<uninitialized>], resp=[size=25, state=4, num_pkts=4, num_bytes_ip=217, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=5.0 msecs 738.019943 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] identifier: count = 10
[2] data: string = SCRAM-SHA-256\x00\x00
XXXXXXXXXX.XXXXXX PostgreSQL::authentication_response
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=139, state=4, num_pkts=6, num_bytes_ip=404, flow_label=0, l2_addr=<uninitialized>], resp=[size=25, state=4, num_pkts=5, num_bytes_ip=293, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 98.031998 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=139, state=4, num_pkts=6, num_bytes_ip=404, flow_label=0, l2_addr=<uninitialized>], resp=[size=25, state=4, num_pkts=5, num_bytes_ip=293, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 98.031998 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] data: string = SCRAM-SHA-256\x00\x00\x00\x00 n,,n=,r=RDNGxQAy+XBG1FTcB1V4APAi
XXXXXXXXXX.XXXXXX PostgreSQL::authentication_request
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=139, state=4, num_pkts=7, num_bytes_ip=511, flow_label=0, l2_addr=<uninitialized>], resp=[size=118, state=4, num_pkts=6, num_bytes_ip=345, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 646.156311 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=139, state=4, num_pkts=7, num_bytes_ip=511, flow_label=0, l2_addr=<uninitialized>], resp=[size=118, state=4, num_pkts=6, num_bytes_ip=345, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 646.156311 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] identifier: count = 11
[2] data: string = r=RDNGxQAy+XBG1FTcB1V4APAiQKfUt9glP8g5pxy9DbOPP7XP,s=+CteaSWwgyiphFuGGX5BiA==,i=4096
XXXXXXXXXX.XXXXXX PostgreSQL::authentication_response
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=8, num_bytes_ip=563, flow_label=0, l2_addr=<uninitialized>], resp=[size=118, state=4, num_pkts=7, num_bytes_ip=490, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 935.058594 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=8, num_bytes_ip=563, flow_label=0, l2_addr=<uninitialized>], resp=[size=118, state=4, num_pkts=7, num_bytes_ip=490, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 935.058594 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] data: string = c=biws,r=RDNGxQAy+XBG1FTcB1V4APAiQKfUt9glP8g5pxy9DbOPP7XP,p=dyDbm15UroGE6wwsbEqiKmSYJNRf50RC/KK2ULYhR4M=
XXXXXXXXXX.XXXXXX PostgreSQL::authentication_request
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] identifier: count = 12
[2] data: string = v=0jpq9fPJQZCGXFdlCjQTGro71zmbxS/ENeTsnR2nWp4=
XXXXXXXXXX.XXXXXX PostgreSQL::authentication_ok
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = application_name
[2] value: string = psql
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = client_encoding
[2] value: string = UTF8
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = DateStyle
[2] value: string = ISO, MDY
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = default_transaction_read_only
[2] value: string = off
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = in_hot_standby
[2] value: string = off
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = integer_datetimes
[2] value: string = on
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = IntervalStyle
[2] value: string = postgres
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = is_superuser
[2] value: string = on
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = server_encoding
[2] value: string = UTF8
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = server_version
[2] value: string = 14.5 (Debian 14.5-1.pgdg110+1)
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = session_authorization
[2] value: string = zeek
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = standard_conforming_strings
[2] value: string = on
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = TimeZone
[2] value: string = Etc/UTC
XXXXXXXXXX.XXXXXX PostgreSQL::backend_key_data
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] process_id: count = 96
[2] secret_key: count = 590994220
XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] transaction_status: string = I
XXXXXXXXXX.XXXXXX PostgreSQL::simple_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=266, state=4, num_pkts=10, num_bytes_ip=776, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=9, num_bytes_ip=1059, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=25.0 msecs 581.121445 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=266, state=4, num_pkts=10, num_bytes_ip=776, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=9, num_bytes_ip=1059, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=25.0 msecs 581.121445 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] query: string = select now()
XXXXXXXXXX.XXXXXX PostgreSQL::not_implemented
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=266, state=4, num_pkts=11, num_bytes_ip=846, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=10, num_bytes_ip=1111, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 796.102524 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=266, state=4, num_pkts=11, num_bytes_ip=846, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=10, num_bytes_ip=1111, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 796.102524 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] is_orig: bool = F
[2] typ: string = T
[3] chunk: string = \x00\x01now\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\xa0\x00\x08\xff\xff\xff\xff\x00\x00
XXXXXXXXXX.XXXXXX PostgreSQL::data_row
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=266, state=4, num_pkts=11, num_bytes_ip=846, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=10, num_bytes_ip=1111, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 796.102524 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=266, state=4, num_pkts=11, num_bytes_ip=846, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=10, num_bytes_ip=1111, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 796.102524 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] column_values: count = 1
XXXXXXXXXX.XXXXXX PostgreSQL::not_implemented
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=266, state=4, num_pkts=11, num_bytes_ip=846, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=10, num_bytes_ip=1111, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 796.102524 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=266, state=4, num_pkts=11, num_bytes_ip=846, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=10, num_bytes_ip=1111, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 796.102524 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] is_orig: bool = F
[2] typ: string = C
[3] chunk: string = SELECT 1\x00
XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=266, state=4, num_pkts=11, num_bytes_ip=846, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=10, num_bytes_ip=1111, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 796.102524 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=266, state=4, num_pkts=11, num_bytes_ip=846, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=10, num_bytes_ip=1111, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 796.102524 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] transaction_status: string = I
XXXXXXXXXX.XXXXXX PostgreSQL::terminate
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=271, state=4, num_pkts=12, num_bytes_ip=898, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=11, num_bytes_ip=1252, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=27.0 msecs 49.064636 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=271, state=4, num_pkts=12, num_bytes_ip=898, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=11, num_bytes_ip=1252, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=27.0 msecs 49.064636 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = user
[2] value: string = postgres
XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = database
[2] value: string = postgres
XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = application_name
[2] value: string = psql
XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = client_encoding
[2] value: string = UTF8
XXXXXXXXXX.XXXXXX analyzer_confirmation_info
[0] atype: AllAnalyzers::Tag = Analyzer::ANALYZER_POSTGRESQL
[1] info: AnalyzerConfirmationInfo = [c=[id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}], f=<uninitialized>, aid=3]
[1] info: AnalyzerConfirmationInfo = [c=[id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}], f=<uninitialized>, aid=3]
XXXXXXXXXX.XXXXXX PostgreSQL::startup_message
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] major: count = 3
[2] minor: count = 0
XXXXXXXXXX.XXXXXX PostgreSQL::authentication_request
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=3, num_bytes_ip=248, flow_label=0, l2_addr=<uninitialized>], resp=[size=24, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 msec 885.890961 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=84, state=4, num_pkts=3, num_bytes_ip=248, flow_label=0, l2_addr=<uninitialized>], resp=[size=24, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 msec 885.890961 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] identifier: count = 10
[2] data: string = SCRAM-SHA-256\x00\x00
XXXXXXXXXX.XXXXXX PostgreSQL::authentication_response
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=139, state=4, num_pkts=4, num_bytes_ip=300, flow_label=0, l2_addr=<uninitialized>], resp=[size=24, state=4, num_pkts=3, num_bytes_ip=188, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 msecs 925.872803 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=139, state=4, num_pkts=4, num_bytes_ip=300, flow_label=0, l2_addr=<uninitialized>], resp=[size=24, state=4, num_pkts=3, num_bytes_ip=188, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 msecs 925.872803 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] data: string = SCRAM-SHA-256\x00\x00\x00\x00 n,,n=,r=TwGbAdrgxcvfe7FNe0iWJfSf
XXXXXXXXXX.XXXXXX PostgreSQL::authentication_request
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=139, state=4, num_pkts=5, num_bytes_ip=407, flow_label=0, l2_addr=<uninitialized>], resp=[size=117, state=4, num_pkts=3, num_bytes_ip=188, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 165.006638 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=139, state=4, num_pkts=5, num_bytes_ip=407, flow_label=0, l2_addr=<uninitialized>], resp=[size=117, state=4, num_pkts=3, num_bytes_ip=188, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 165.006638 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] identifier: count = 11
[2] data: string = r=TwGbAdrgxcvfe7FNe0iWJfSf3mBBWw9W0eciRd2Pkg2/HIB1,s=iKUi26lwqA6spIkddhe7hw==,i=4096
XXXXXXXXXX.XXXXXX PostgreSQL::authentication_response
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=5, num_bytes_ip=407, flow_label=0, l2_addr=<uninitialized>], resp=[size=117, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=5.0 msecs 603.790283 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=5, num_bytes_ip=407, flow_label=0, l2_addr=<uninitialized>], resp=[size=117, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=5.0 msecs 603.790283 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] data: string = c=biws,r=TwGbAdrgxcvfe7FNe0iWJfSf3mBBWw9W0eciRd2Pkg2/HIB1,p=Y0VuiVVs4GDpPeMPkQcE0ADRvkq3Njc1mpCIrK1m/1Q=
XXXXXXXXXX.XXXXXX PostgreSQL::authentication_request
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] identifier: count = 12
[2] data: string = v=na9OnyjI3MkvsAm3C8I8BoeiU4I6QL3HPaMCcLTOgfA=
XXXXXXXXXX.XXXXXX PostgreSQL::authentication_ok
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = in_hot_standby
[2] value: string = off
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = integer_datetimes
[2] value: string = on
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = TimeZone
[2] value: string = Etc/UTC
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = IntervalStyle
[2] value: string = postgres
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = is_superuser
[2] value: string = on
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = application_name
[2] value: string = psql
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = default_transaction_read_only
[2] value: string = off
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = scram_iterations
[2] value: string = 4096
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = DateStyle
[2] value: string = ISO, MDY
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = standard_conforming_strings
[2] value: string = on
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = session_authorization
[2] value: string = postgres
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = client_encoding
[2] value: string = UTF8
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = server_version
[2] value: string = 16.4 (Debian 16.4-1.pgdg120+1)
XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] name: string = server_encoding
[2] value: string = UTF8
XXXXXXXXXX.XXXXXX PostgreSQL::backend_key_data
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] process_id: count = 876
[2] secret_key: count = 4268530428
XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] transaction_status: string = I
XXXXXXXXXX.XXXXXX PostgreSQL::simple_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 889.820099 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 889.820099 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] query: string = DROP TABLE IF EXISTS t;
XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = S
[2] value: string = NOTICE
XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = V
[2] value: string = NOTICE
XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = C
[2] value: string = 00000
XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = M
[2] value: string = table "t" does not exist, skipping
XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = F
[2] value: string = tablecmds.c
XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = L
[2] value: string = 1300
XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = R
[2] value: string = DropErrorMsgNonExistent
XXXXXXXXXX.XXXXXX PostgreSQL::notice_response
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
XXXXXXXXXX.XXXXXX PostgreSQL::not_implemented
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] is_orig: bool = F
[2] typ: string = C
[3] chunk: string = DROP TABLE\x00
XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] transaction_status: string = I
XXXXXXXXXX.XXXXXX PostgreSQL::simple_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=339, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=6, num_bytes_ip=1064, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 164.001465 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=339, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=6, num_bytes_ip=1064, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 164.001465 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] query: string = CREATE TABLE IF NOT EXISTS t (i int, s varchar, t time);
XXXXXXXXXX.XXXXXX PostgreSQL::not_implemented
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=339, state=4, num_pkts=8, num_bytes_ip=763, flow_label=0, l2_addr=<uninitialized>], resp=[size=768, state=4, num_pkts=6, num_bytes_ip=1064, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 630.836487 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=339, state=4, num_pkts=8, num_bytes_ip=763, flow_label=0, l2_addr=<uninitialized>], resp=[size=768, state=4, num_pkts=6, num_bytes_ip=1064, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 630.836487 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] is_orig: bool = F
[2] typ: string = C
[3] chunk: string = CREATE TABLE\x00
XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=339, state=4, num_pkts=8, num_bytes_ip=763, flow_label=0, l2_addr=<uninitialized>], resp=[size=768, state=4, num_pkts=6, num_bytes_ip=1064, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 630.836487 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=339, state=4, num_pkts=8, num_bytes_ip=763, flow_label=0, l2_addr=<uninitialized>], resp=[size=768, state=4, num_pkts=6, num_bytes_ip=1064, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 630.836487 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] transaction_status: string = I
XXXXXXXXXX.XXXXXX PostgreSQL::simple_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=8, num_bytes_ip=763, flow_label=0, l2_addr=<uninitialized>], resp=[size=768, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 734.786987 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=8, num_bytes_ip=763, flow_label=0, l2_addr=<uninitialized>], resp=[size=768, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 734.786987 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] query: string = INSERT INTO t VALUES (now(), now(), now());
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = S
[2] value: string = ERROR
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = V
[2] value: string = ERROR
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = C
[2] value: string = 42804
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = M
[2] value: string = column "i" is of type integer but expression is of type timestamp with time zone
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = H
[2] value: string = You will need to rewrite or cast the expression.
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = P
[2] value: string = 23
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = F
[2] value: string = parse_target.c
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = L
[2] value: string = 586
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = R
[2] value: string = transformAssignedExpr
XXXXXXXXXX.XXXXXX PostgreSQL::error_response
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] transaction_status: string = I
XXXXXXXXXX.XXXXXX PostgreSQL::simple_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=407, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=8, num_bytes_ip=1405, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=21.0 msecs 95.991135 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=407, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=8, num_bytes_ip=1405, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=21.0 msecs 95.991135 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] query: string = DROP TABLE t;
XXXXXXXXXX.XXXXXX PostgreSQL::not_implemented
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=407, state=4, num_pkts=10, num_bytes_ip=935, flow_label=0, l2_addr=<uninitialized>], resp=[size=1003, state=4, num_pkts=8, num_bytes_ip=1405, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 515.939713 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=407, state=4, num_pkts=10, num_bytes_ip=935, flow_label=0, l2_addr=<uninitialized>], resp=[size=1003, state=4, num_pkts=8, num_bytes_ip=1405, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 515.939713 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] is_orig: bool = F
[2] typ: string = C
[3] chunk: string = DROP TABLE\x00
XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=407, state=4, num_pkts=10, num_bytes_ip=935, flow_label=0, l2_addr=<uninitialized>], resp=[size=1003, state=4, num_pkts=8, num_bytes_ip=1405, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 515.939713 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=407, state=4, num_pkts=10, num_bytes_ip=935, flow_label=0, l2_addr=<uninitialized>], resp=[size=1003, state=4, num_pkts=8, num_bytes_ip=1405, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 515.939713 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] transaction_status: string = I
XXXXXXXXXX.XXXXXX PostgreSQL::simple_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=10, num_bytes_ip=935, flow_label=0, l2_addr=<uninitialized>], resp=[size=1003, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 620.843887 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=10, num_bytes_ip=935, flow_label=0, l2_addr=<uninitialized>], resp=[size=1003, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 620.843887 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] query: string = DROP TABLE t;
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = S
[2] value: string = ERROR
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = V
[2] value: string = ERROR
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = C
[2] value: string = 42P01
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = M
[2] value: string = table "t" does not exist
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = F
[2] value: string = tablecmds.c
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = L
[2] value: string = 1294
XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] code: string = R
[2] value: string = DropErrorMsgNonExistent
XXXXXXXXXX.XXXXXX PostgreSQL::error_response
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1106, state=4, num_pkts=10, num_bytes_ip=1628, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 727.893829 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1106, state=4, num_pkts=10, num_bytes_ip=1628, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 727.893829 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]
[1] transaction_status: string = I
XXXXXXXXXX.XXXXXX PostgreSQL::terminate
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=431, state=4, num_pkts=12, num_bytes_ip=1058, flow_label=0, l2_addr=<uninitialized>], resp=[size=1106, state=4, num_pkts=11, num_bytes_ip=1686, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 757.93457 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}]
[0] c: connection = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp, proto=6], orig=[size=431, state=4, num_pkts=12, num_bytes_ip=1058, flow_label=0, l2_addr=<uninitialized>], resp=[size=1106, state=4, num_pkts=11, num_bytes_ip=1686, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 757.93457 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}]

268
testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
View file

File diff suppressed because one or more lines are too long

3184
testing/btest/Baseline/scripts.policy.misc.dump-events/really-all-events.log
View file

File diff suppressed because one or more lines are too long

88
testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
View file

@ -1,6 +1,6 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
@ -8,7 +8,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=<uninitialized>, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=<uninitialized>, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
@ -16,7 +16,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=<uninitialized>, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=<uninitialized>, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
@ -24,13 +24,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=695.0 msecs 762.872696 usecs, service={\x0aSMTP\x0a}, history=ShAdD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=695.0 msecs 762.872696 usecs, service={\x0aSMTP\x0a}, history=ShAdD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = EHLO
[3] arg: string = GP
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -38,7 +38,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -46,7 +46,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -54,7 +54,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -62,7 +62,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -70,7 +70,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -78,13 +78,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 39.0 msecs 682.865143 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 39.0 msecs 682.865143 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = AUTH
[3] arg: string = LOGIN
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 382.0 msecs 35.017014 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 382.0 msecs 35.017014 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 334
[3] cmd: string = AUTH
@ -92,13 +92,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 382.0 msecs 608.890533 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 382.0 msecs 608.890533 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = **
[3] arg: string = Z3VycGFydGFwQHBhdHJpb3RzLmlu
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 724.0 msecs 498.033524 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 724.0 msecs 498.033524 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 334
[3] cmd: string = AUTH_ANSWER
@ -106,13 +106,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 725.0 msecs 71.907043 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 725.0 msecs 71.907043 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = **
[3] arg: string = cHVuamFiQDEyMw==
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 84.0 msecs 751.844406 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 84.0 msecs 751.844406 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 235
[3] cmd: string = AUTH_ANSWER
@ -120,13 +120,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 85.0 msecs 367.918015 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 85.0 msecs 367.918015 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = MAIL
[3] arg: string = FROM: <gurpartap@patriots.in>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 427.0 msecs 718.877792 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 427.0 msecs 718.877792 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = MAIL
@ -134,13 +134,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 428.0 msecs 204.059601 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 428.0 msecs 204.059601 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = RCPT
[3] arg: string = TO: <raj_deol2002in@yahoo.co.in>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 790.0 msecs 662.050247 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 790.0 msecs 662.050247 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = RCPT
@ -148,13 +148,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 791.0 msecs 157.007217 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 791.0 msecs 157.007217 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = DATA
[3] arg: string =
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 secs 132.0 msecs 632.97081 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=1]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 secs 132.0 msecs 632.97081 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=1]]
[1] is_orig: bool = F
[2] code: count = 354
[3] cmd: string = DATA
@ -162,13 +162,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[1] is_orig: bool = T
[2] command: string = .
[3] arg: string = .
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=4.0 secs 719.0 msecs 743.013382 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=4.0 secs 719.0 msecs 743.013382 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=F, entity_count=5, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = .
@ -176,13 +176,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 secs 234.0 msecs 778.881073 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 secs 234.0 msecs 778.881073 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[1] is_orig: bool = T
[2] command: string = QUIT
[3] arg: string =
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 secs 576.0 msecs 421.022415 usecs, service={\x0aSMTP\x0a}, history=ShAdDaTF, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 secs 576.0 msecs 421.022415 usecs, service={\x0aSMTP\x0a}, history=ShAdDaTF, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp, proto=6], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=6, mime_depth=5]]
[1] is_orig: bool = F
[2] code: count = 221
[3] cmd: string = QUIT
@ -190,7 +190,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=10.0 msecs 246.992111 usecs, service={\x0a\x0a}, history=ShAd, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=10.0 msecs 246.992111 usecs, service={\x0a\x0a}, history=ShAd, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks=<uninitialized>, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
@ -198,13 +198,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 411.056519 usecs, service={\x0aSMTP\x0a}, history=ShAdD, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 411.056519 usecs, service={\x0aSMTP\x0a}, history=ShAdD, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = EHLO
[3] arg: string = [192.168.133.100]
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -212,7 +212,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 uprise, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 uprise, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -220,7 +220,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 8BITMIME, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 8BITMIME, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -228,7 +228,7 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH LOGIN, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH LOGIN, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
@ -236,13 +236,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=56, state=4, num_pkts=5, num_bytes_ip=296, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=30.0 msecs 136.108398 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=56, state=4, num_pkts=5, num_bytes_ip=296, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=30.0 msecs 136.108398 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = MAIL
[3] arg: string = FROM:<albert@example.com>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=56, state=4, num_pkts=6, num_bytes_ip=380, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=32.0 msecs 890.081406 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=56, state=4, num_pkts=6, num_bytes_ip=380, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=32.0 msecs 890.081406 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = MAIL
@ -250,13 +250,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=88, state=4, num_pkts=7, num_bytes_ip=432, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=33.0 msecs 337.116241 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=88, state=4, num_pkts=7, num_bytes_ip=432, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=33.0 msecs 337.116241 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = RCPT
[3] arg: string = TO:<ericlim220@yahoo.com>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=88, state=4, num_pkts=8, num_bytes_ip=516, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=36.0 msecs 91.089249 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=88, state=4, num_pkts=8, num_bytes_ip=516, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=36.0 msecs 91.089249 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = RCPT
@ -264,13 +264,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=121, state=4, num_pkts=9, num_bytes_ip=568, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=36.0 msecs 692.142487 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=121, state=4, num_pkts=9, num_bytes_ip=568, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=36.0 msecs 692.142487 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = RCPT
[3] arg: string = TO:<felica4uu@hotmail.com>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=121, state=4, num_pkts=10, num_bytes_ip=653, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=40.0 msecs 729.045868 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=121, state=4, num_pkts=10, num_bytes_ip=653, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=40.0 msecs 729.045868 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = RCPT
@ -278,13 +278,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=156, state=4, num_pkts=11, num_bytes_ip=705, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=41.0 msecs 517.972946 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=156, state=4, num_pkts=11, num_bytes_ip=705, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=41.0 msecs 517.972946 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = RCPT
[3] arg: string = TO:<davis_mark1@outlook.com>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=156, state=4, num_pkts=12, num_bytes_ip=792, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=44.0 msecs 173.955917 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=156, state=4, num_pkts=12, num_bytes_ip=792, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=44.0 msecs 173.955917 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = RCPT
@ -292,13 +292,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=162, state=4, num_pkts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=44.0 msecs 801.950455 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=162, state=4, num_pkts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=44.0 msecs 801.950455 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=0, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=0]]
[1] is_orig: bool = T
[2] command: string = DATA
[3] arg: string =
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=162, state=4, num_pkts=14, num_bytes_ip=902, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=47.0 msecs 863.006592 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=1]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=162, state=4, num_pkts=14, num_bytes_ip=902, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=47.0 msecs 863.006592 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=1]]
[1] is_orig: bool = F
[2] code: count = 354
[3] cmd: string = DATA
@ -306,13 +306,13 @@ XXXXXXXXXX.XXXXXX smtp_reply
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=969, state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=48.0 msecs 480.033875 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0afelica4uu@hotmail.com,\x0adavis_mark1@outlook.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=1]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=969, state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=48.0 msecs 480.033875 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0afelica4uu@hotmail.com,\x0adavis_mark1@outlook.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=T, trans_rcpt_to_seen=T, invalid_transactions=0, analyzer_id=20, mime_depth=1]]
[1] is_orig: bool = T
[2] command: string = .
[3] arg: string = .
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=969, state=4, num_pkts=16, num_bytes_ip=1813, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=162, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=57.0 msecs 218.074799 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0afelica4uu@hotmail.com,\x0adavis_mark1@outlook.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=1]]
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], orig=[size=969, state=4, num_pkts=16, num_bytes_ip=1813, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=162, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=57.0 msecs 218.074799 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CUM0KZ3MLUfNB0cl11, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp: Conn::RemovalHook\x0a\x09{ \x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a\x09}\x0a}, service_violation={\x0a\x0a}, failed_analyzers={\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CUM0KZ3MLUfNB0cl11, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp, proto=6], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0afelica4uu@hotmail.com,\x0adavis_mark1@outlook.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, process_smtp_headers=T, entity_count=1, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, trans_mail_from_seen=F, trans_rcpt_to_seen=F, invalid_transactions=0, analyzer_id=20, mime_depth=1]]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = .