Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/awelzel/dpd-analyzer-merger'

Browse source 
* origin/topic/awelzel/dpd-analyzer-merger:
  analyzer/dpd: Address review comments
  Remove @load base/frameworks/dpd from tests
  frameworks/dpd: Move to frameworks/analyzer/dpd, load by default
  scripts/dce-rpc,ntlm: Do not load base/frameworks/dpd
  btest: Remove unnecessary loading of frameworks/dpd
This commit is contained in:
Robin Sommer 2022-09-07 14:29:32 +02:00
commit a60d569f7b
76 changed files with 328 additions and 372 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -1,3 +1,8 @@
5.1.0-dev.495 | 2022-09-07 14:29:32 +0200
* frameworks/dpd: Move to frameworks/analyzer/dpd, load by default
(Arne Welzel, Corelight)
5.1.0-dev.489 | 2022-09-06 07:44:18 -0700 5.1.0-dev.489 | 2022-09-06 07:44:18 -0700
* Add is_used attribute to an ID if used in a signature eval statement (Tim Wojtulewicz, Corelight) * Add is_used attribute to an ID if used in a signature eval statement (Tim Wojtulewicz, Corelight)

2
VERSION
View file

@ -1 +1 @@
5.1.0-dev.489 5.1.0-dev.495

1
scripts/base/frameworks/analyzer/__load__.zeek
View file

@ -1 +1,2 @@
@load ./main @load ./main
@load ./dpd

0
scripts/base/frameworks/dpd/main.zeek → scripts/base/frameworks/analyzer/dpd.zeek
View file

2
scripts/base/frameworks/dpd/README
View file

@ -1,2 +0,0 @@
The DPD (dynamic protocol detection) activates port-independent protocol
detection and selectively disables analyzers if protocol violations occur.

4
scripts/base/frameworks/dpd/__load__.zeek
View file

@ -1 +1,3 @@
@load ./main @deprecated "Remove in v6.1 - now loaded automatically";
@load base/frameworks/analyzer

1
scripts/base/init-default.zeek
View file

@ -30,7 +30,6 @@
#@load base/frameworks/logging #@load base/frameworks/logging
@load base/frameworks/notice @load base/frameworks/notice
@load base/frameworks/analyzer @load base/frameworks/analyzer
@load base/frameworks/dpd
@load base/frameworks/signatures @load base/frameworks/signatures
@load base/frameworks/packet-filter @load base/frameworks/packet-filter
@load base/frameworks/software @load base/frameworks/software

1
scripts/base/protocols/dce-rpc/main.zeek
View file

@ -1,5 +1,4 @@
@load ./consts @load ./consts
@load base/frameworks/dpd
@load base/protocols/conn/removal-hooks @load base/protocols/conn/removal-hooks
module DCE_RPC; module DCE_RPC;

1
scripts/base/protocols/ntlm/main.zeek
View file

@ -1,4 +1,3 @@
@load base/frameworks/dpd
@load base/protocols/conn/removal-hooks @load base/protocols/conn/removal-hooks
module NTLM; module NTLM;

2
scripts/policy/frameworks/dpd/packet-segment-logging.zeek
View file

@ -4,8 +4,6 @@
##! A caveat to logging packet data is that in some cases, the packet may ##! A caveat to logging packet data is that in some cases, the packet may
##! not be the packet that actually caused the protocol violation. ##! not be the packet that actually caused the protocol violation.
@load base/frameworks/dpd
module DPD; module DPD;
export { export {

1
testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
View file

@ -112,6 +112,7 @@ scripts/base/init-frameworks-and-bifs.zeek
scripts/base/frameworks/input/readers/config.zeek scripts/base/frameworks/input/readers/config.zeek
scripts/base/frameworks/input/readers/sqlite.zeek scripts/base/frameworks/input/readers/sqlite.zeek
scripts/base/frameworks/analyzer/__load__.zeek scripts/base/frameworks/analyzer/__load__.zeek
scripts/base/frameworks/analyzer/dpd.zeek
scripts/base/frameworks/files/__load__.zeek scripts/base/frameworks/files/__load__.zeek
scripts/base/frameworks/files/main.zeek scripts/base/frameworks/files/main.zeek
build/scripts/base/bif/file_analysis.bif.zeek build/scripts/base/bif/file_analysis.bif.zeek

1
testing/btest/Baseline/coverage.bare-mode-errors/errors
View file

@ -1,2 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
### NOTE: This file has been sorted with diff-sort. ### NOTE: This file has been sorted with diff-sort.
warning in <...>/__load__.zeek, line 1: deprecated script loaded from command line arguments "Remove in v6.1 - now loaded automatically";

3
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -112,6 +112,7 @@ scripts/base/init-frameworks-and-bifs.zeek
scripts/base/frameworks/input/readers/config.zeek scripts/base/frameworks/input/readers/config.zeek
scripts/base/frameworks/input/readers/sqlite.zeek scripts/base/frameworks/input/readers/sqlite.zeek
scripts/base/frameworks/analyzer/__load__.zeek scripts/base/frameworks/analyzer/__load__.zeek
scripts/base/frameworks/analyzer/dpd.zeek
scripts/base/frameworks/files/__load__.zeek scripts/base/frameworks/files/__load__.zeek
scripts/base/frameworks/files/main.zeek scripts/base/frameworks/files/main.zeek
build/scripts/base/bif/file_analysis.bif.zeek build/scripts/base/bif/file_analysis.bif.zeek
@ -279,8 +280,6 @@ scripts/base/init-default.zeek
scripts/base/frameworks/notice/actions/page.zeek scripts/base/frameworks/notice/actions/page.zeek
scripts/base/frameworks/notice/actions/add-geodata.zeek scripts/base/frameworks/notice/actions/add-geodata.zeek
scripts/base/frameworks/notice/actions/pp-alarms.zeek scripts/base/frameworks/notice/actions/pp-alarms.zeek
scripts/base/frameworks/dpd/__load__.zeek
scripts/base/frameworks/dpd/main.zeek
scripts/base/frameworks/signatures/__load__.zeek scripts/base/frameworks/signatures/__load__.zeek
scripts/base/frameworks/signatures/main.zeek scripts/base/frameworks/signatures/main.zeek
scripts/base/frameworks/packet-filter/__load__.zeek scripts/base/frameworks/packet-filter/__load__.zeek

1
testing/btest/Baseline/coverage.init-default/missing_loads
View file

@ -5,6 +5,7 @@
-./frameworks/cluster/nodes/proxy.zeek -./frameworks/cluster/nodes/proxy.zeek
-./frameworks/cluster/nodes/worker.zeek -./frameworks/cluster/nodes/worker.zeek
-./frameworks/cluster/setup-connections.zeek -./frameworks/cluster/setup-connections.zeek
-./frameworks/dpd/__load__.zeek
-./frameworks/intel/cluster.zeek -./frameworks/intel/cluster.zeek
-./frameworks/netcontrol/cluster.zeek -./frameworks/netcontrol/cluster.zeek
-./frameworks/openflow/cluster.zeek -./frameworks/openflow/cluster.zeek

12
testing/btest/Baseline/plugins.hooks/output
View file

@ -884,6 +884,7 @@
0.000000 MetaHookPost LoadFile(0, ./data.bif.zeek, <...>/data.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./data.bif.zeek, <...>/data.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./dcc-send, <...>/dcc-send.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./dcc-send, <...>/dcc-send.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./debug, <...>/debug.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./debug, <...>/debug.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./dpd, <...>/dpd.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./drop, <...>/drop.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./drop, <...>/drop.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./entities, <...>/entities.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./entities, <...>/entities.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./event.bif.zeek, <...>/event.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./event.bif.zeek, <...>/event.bif.zeek) -> -1
@ -1000,7 +1001,6 @@
0.000000 MetaHookPost LoadFile(0, base<...>/directions-and-hosts, <...>/directions-and-hosts.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/directions-and-hosts, <...>/directions-and-hosts.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/dnp3, <...>/dnp3) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/dnp3, <...>/dnp3) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/dns, <...>/dns) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/dns, <...>/dns) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/dpd, <...>/dpd) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/email, <...>/email.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/email, <...>/email.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/ethernet, <...>/ethernet) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ethernet, <...>/ethernet) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/event.bif, <...>/event.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/event.bif, <...>/event.bif.zeek) -> -1
@ -1269,6 +1269,7 @@
0.000000 MetaHookPost LoadFileExtended(0, ./data.bif.zeek, <...>/data.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./data.bif.zeek, <...>/data.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./dcc-send, <...>/dcc-send.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./dcc-send, <...>/dcc-send.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./debug, <...>/debug.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./debug, <...>/debug.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./dpd, <...>/dpd.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./drop, <...>/drop.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./drop, <...>/drop.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./entities, <...>/entities.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./entities, <...>/entities.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./event.bif.zeek, <...>/event.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./event.bif.zeek, <...>/event.bif.zeek) -> (-1, <no content>)
@ -1385,7 +1386,6 @@
0.000000 MetaHookPost LoadFileExtended(0, base<...>/directions-and-hosts, <...>/directions-and-hosts.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/directions-and-hosts, <...>/directions-and-hosts.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, base<...>/dnp3, <...>/dnp3) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/dnp3, <...>/dnp3) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, base<...>/dns, <...>/dns) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/dns, <...>/dns) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, base<...>/dpd, <...>/dpd) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, base<...>/email, <...>/email.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/email, <...>/email.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, base<...>/ethernet, <...>/ethernet) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/ethernet, <...>/ethernet) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, base<...>/event.bif, <...>/event.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/event.bif, <...>/event.bif.zeek) -> (-1, <no content>)
@ -2397,6 +2397,7 @@
0.000000 MetaHookPre LoadFile(0, ./data.bif.zeek, <...>/data.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./data.bif.zeek, <...>/data.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./dcc-send, <...>/dcc-send.zeek) 0.000000 MetaHookPre LoadFile(0, ./dcc-send, <...>/dcc-send.zeek)
0.000000 MetaHookPre LoadFile(0, ./debug, <...>/debug.zeek) 0.000000 MetaHookPre LoadFile(0, ./debug, <...>/debug.zeek)
0.000000 MetaHookPre LoadFile(0, ./dpd, <...>/dpd.zeek)
0.000000 MetaHookPre LoadFile(0, ./drop, <...>/drop.zeek) 0.000000 MetaHookPre LoadFile(0, ./drop, <...>/drop.zeek)
0.000000 MetaHookPre LoadFile(0, ./entities, <...>/entities.zeek) 0.000000 MetaHookPre LoadFile(0, ./entities, <...>/entities.zeek)
0.000000 MetaHookPre LoadFile(0, ./event.bif.zeek, <...>/event.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./event.bif.zeek, <...>/event.bif.zeek)
@ -2513,7 +2514,6 @@
0.000000 MetaHookPre LoadFile(0, base<...>/directions-and-hosts, <...>/directions-and-hosts.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/directions-and-hosts, <...>/directions-and-hosts.zeek)
0.000000 MetaHookPre LoadFile(0, base<...>/dnp3, <...>/dnp3) 0.000000 MetaHookPre LoadFile(0, base<...>/dnp3, <...>/dnp3)
0.000000 MetaHookPre LoadFile(0, base<...>/dns, <...>/dns) 0.000000 MetaHookPre LoadFile(0, base<...>/dns, <...>/dns)
0.000000 MetaHookPre LoadFile(0, base<...>/dpd, <...>/dpd)
0.000000 MetaHookPre LoadFile(0, base<...>/email, <...>/email.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/email, <...>/email.zeek)
0.000000 MetaHookPre LoadFile(0, base<...>/ethernet, <...>/ethernet) 0.000000 MetaHookPre LoadFile(0, base<...>/ethernet, <...>/ethernet)
0.000000 MetaHookPre LoadFile(0, base<...>/event.bif, <...>/event.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/event.bif, <...>/event.bif.zeek)
@ -2782,6 +2782,7 @@
0.000000 MetaHookPre LoadFileExtended(0, ./data.bif.zeek, <...>/data.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./data.bif.zeek, <...>/data.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./dcc-send, <...>/dcc-send.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./dcc-send, <...>/dcc-send.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./debug, <...>/debug.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./debug, <...>/debug.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./dpd, <...>/dpd.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./drop, <...>/drop.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./drop, <...>/drop.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./entities, <...>/entities.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./entities, <...>/entities.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./event.bif.zeek, <...>/event.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./event.bif.zeek, <...>/event.bif.zeek)
@ -2898,7 +2899,6 @@
0.000000 MetaHookPre LoadFileExtended(0, base<...>/directions-and-hosts, <...>/directions-and-hosts.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/directions-and-hosts, <...>/directions-and-hosts.zeek)
0.000000 MetaHookPre LoadFileExtended(0, base<...>/dnp3, <...>/dnp3) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/dnp3, <...>/dnp3)
0.000000 MetaHookPre LoadFileExtended(0, base<...>/dns, <...>/dns) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/dns, <...>/dns)
0.000000 MetaHookPre LoadFileExtended(0, base<...>/dpd, <...>/dpd)
0.000000 MetaHookPre LoadFileExtended(0, base<...>/email, <...>/email.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/email, <...>/email.zeek)
0.000000 MetaHookPre LoadFileExtended(0, base<...>/ethernet, <...>/ethernet) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/ethernet, <...>/ethernet)
0.000000 MetaHookPre LoadFileExtended(0, base<...>/event.bif, <...>/event.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/event.bif, <...>/event.bif.zeek)
@ -3911,6 +3911,7 @@
0.000000 | HookLoadFile ./data.bif.zeek <...>/data.bif.zeek 0.000000 | HookLoadFile ./data.bif.zeek <...>/data.bif.zeek
0.000000 | HookLoadFile ./dcc-send <...>/dcc-send.zeek 0.000000 | HookLoadFile ./dcc-send <...>/dcc-send.zeek
0.000000 | HookLoadFile ./debug <...>/debug.zeek 0.000000 | HookLoadFile ./debug <...>/debug.zeek
0.000000 | HookLoadFile ./dpd <...>/dpd.zeek
0.000000 | HookLoadFile ./dpd.sig <...>/dpd.sig 0.000000 | HookLoadFile ./dpd.sig <...>/dpd.sig
0.000000 | HookLoadFile ./drop <...>/drop.zeek 0.000000 | HookLoadFile ./drop <...>/drop.zeek
0.000000 | HookLoadFile ./entities <...>/entities.zeek 0.000000 | HookLoadFile ./entities <...>/entities.zeek
@ -4037,7 +4038,6 @@
0.000000 | HookLoadFile base<...>/directions-and-hosts <...>/directions-and-hosts.zeek 0.000000 | HookLoadFile base<...>/directions-and-hosts <...>/directions-and-hosts.zeek
0.000000 | HookLoadFile base<...>/dnp3 <...>/dnp3 0.000000 | HookLoadFile base<...>/dnp3 <...>/dnp3
0.000000 | HookLoadFile base<...>/dns <...>/dns 0.000000 | HookLoadFile base<...>/dns <...>/dns
0.000000 | HookLoadFile base<...>/dpd <...>/dpd
0.000000 | HookLoadFile base<...>/email <...>/email.zeek 0.000000 | HookLoadFile base<...>/email <...>/email.zeek
0.000000 | HookLoadFile base<...>/ethernet <...>/ethernet 0.000000 | HookLoadFile base<...>/ethernet <...>/ethernet
0.000000 | HookLoadFile base<...>/event.bif <...>/event.bif.zeek 0.000000 | HookLoadFile base<...>/event.bif <...>/event.bif.zeek
@ -4296,6 +4296,7 @@
0.000000 | HookLoadFileExtended ./data.bif.zeek <...>/data.bif.zeek 0.000000 | HookLoadFileExtended ./data.bif.zeek <...>/data.bif.zeek
0.000000 | HookLoadFileExtended ./dcc-send <...>/dcc-send.zeek 0.000000 | HookLoadFileExtended ./dcc-send <...>/dcc-send.zeek
0.000000 | HookLoadFileExtended ./debug <...>/debug.zeek 0.000000 | HookLoadFileExtended ./debug <...>/debug.zeek
0.000000 | HookLoadFileExtended ./dpd <...>/dpd.zeek
0.000000 | HookLoadFileExtended ./dpd.sig <...>/dpd.sig 0.000000 | HookLoadFileExtended ./dpd.sig <...>/dpd.sig
0.000000 | HookLoadFileExtended ./drop <...>/drop.zeek 0.000000 | HookLoadFileExtended ./drop <...>/drop.zeek
0.000000 | HookLoadFileExtended ./entities <...>/entities.zeek 0.000000 | HookLoadFileExtended ./entities <...>/entities.zeek
@ -4422,7 +4423,6 @@
0.000000 | HookLoadFileExtended base<...>/directions-and-hosts <...>/directions-and-hosts.zeek 0.000000 | HookLoadFileExtended base<...>/directions-and-hosts <...>/directions-and-hosts.zeek
0.000000 | HookLoadFileExtended base<...>/dnp3 <...>/dnp3 0.000000 | HookLoadFileExtended base<...>/dnp3 <...>/dnp3
0.000000 | HookLoadFileExtended base<...>/dns <...>/dns 0.000000 | HookLoadFileExtended base<...>/dns <...>/dns
0.000000 | HookLoadFileExtended base<...>/dpd <...>/dpd
0.000000 | HookLoadFileExtended base<...>/email <...>/email.zeek 0.000000 | HookLoadFileExtended base<...>/email <...>/email.zeek
0.000000 | HookLoadFileExtended base<...>/ethernet <...>/ethernet 0.000000 | HookLoadFileExtended base<...>/ethernet <...>/ethernet
0.000000 | HookLoadFileExtended base<...>/event.bif <...>/event.bif.zeek 0.000000 | HookLoadFileExtended base<...>/event.bif <...>/event.bif.zeek

64
testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-complex/conn.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields _write_ts _stream _innerLogged.a _innerLogged.c _innerLogged.d _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields _write_ts _stream _innerLogged.a _innerLogged.c _innerLogged.d _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string count count set[count] string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] #types time string count count set[count] string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX conn 1 3 4,2,3,1 - XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

64
testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-include-exclude/conn-exc.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] #types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX conn-exc zeek XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

36
testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-include-exclude/conn-inc.log
View file

@ -7,11 +7,7 @@
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields _write_ts _stream _system_name ts uid id.orig_h id.resp_h #fields _write_ts _stream _system_name ts uid id.orig_h id.resp_h
#types time string string time string addr addr #types time string string time string addr addr
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 141.142.220.235 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 173.192.163.128 141.142.220.235
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 141.142.2.2 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 141.142.2.2 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 141.142.2.2 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 141.142.2.2
@ -22,23 +18,27 @@ XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 141.142.2.2 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 141.142.2.2 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 141.142.2.2 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 224.0.0.251 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 224.0.0.251 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 208.80.152.2 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 208.80.152.2 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.118 141.142.2.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 208.80.152.3 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.44 224.0.0.251
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 208.80.152.3 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 224.0.0.251
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 208.80.152.3 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.118 208.80.152.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 208.80.152.2
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 208.80.152.3 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 208.80.152.3
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 208.80.152.3 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 208.80.152.3
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 208.80.152.3 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 208.80.152.3
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 208.80.152.118 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 208.80.152.3
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 224.0.0.251 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 208.80.152.3
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 141.142.220.255 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 208.80.152.3
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 224.0.0.252 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 208.80.152.118
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 224.0.0.251
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 141.142.220.255
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 224.0.0.252 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 224.0.0.252
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 141.142.220.255 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 224.0.0.252
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 ff02::fb XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 141.142.220.238 141.142.220.255
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 ff02::fb
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 ff02::1:3 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 ff02::1:3
XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 ff02::1:3 XXXXXXXXXX.XXXXXX conn-inc zeek XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 ff02::1:3
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

64
testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-optional/conn.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields _write_ts _system_name _undefined_string ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields _write_ts _system_name _undefined_string ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] #types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX zeek - XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

64
testing/btest/Baseline/scripts.base.frameworks.logging.field-extension/conn.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields _write_ts _stream _system_name ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] #types time string string time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX conn zeek XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

64
testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map/conn.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

1
testing/btest/Baseline/scripts.base.frameworks.logging.hooks-10/output
View file

@ -5,3 +5,4 @@ foo
Log::log_stream_policy Log::log_stream_policy
bar bar
bar bar
Log::log_stream_policy

64
testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep/conn.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id_orig_h id_orig_p id_resp_h id_resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id_orig_h id_orig_p id_resp_h id_resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

64
testing/btest/Baseline/scripts.base.frameworks.logging.scope_sep_and_field_name_map/conn.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid src src_port dst dst_port proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 -
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 -
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.base.protocols.http.concurrent-range-requests/conn.log
View file

@ -7,7 +7,7 @@
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.0.107 58716 88.198.248.254 80 tcp - 0.125216 117 10290 SF - - 0 ShADadFf 9 593 7 10662 - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.0.107 58716 88.198.248.254 80 tcp http 0.125216 117 10290 SF - - 0 ShADadFf 9 593 7 10662 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.0.107 58718 88.198.248.254 80 tcp - 0.173517 111 10284 SF - - 0 ShADadtFf 11 703 10 10812 - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.0.107 58718 88.198.248.254 80 tcp http 0.173517 111 10284 SF - - 0 ShADadtFf 11 703 10 10812 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.0.107 58720 88.198.248.254 80 tcp - 0.124639 117 10290 SF - - 0 ShADadFf 11 697 9 10766 - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.168.0.107 58720 88.198.248.254 80 tcp http 0.124639 117 10290 SF - - 0 ShADadFf 11 697 9 10766 -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/scripts.base.protocols.mount.basic/.stdout
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=552.892685 usecs, service={\x0a\x0a}, history=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=96, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=552.892685 usecs, service={\x0a\x0a}, history=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=96, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a
mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=265.836716 usecs, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=84, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=265.836716 usecs, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=84, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a

56
testing/btest/Baseline/scripts.base.protocols.nfs.basic/.stdout
View file

@ -1,29 +1,29 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=160, state=4, num_pkts=5, num_bytes_ip=368, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=112, state=4, num_pkts=3, num_bytes_ip=156, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=528.812408 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=104, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=160, state=4, num_pkts=5, num_bytes_ip=368, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=112, state=4, num_pkts=3, num_bytes_ip=156, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=528.812408 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=104, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=276, state=4, num_pkts=6, num_bytes_ip=524, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=172, state=4, num_pkts=4, num_bytes_ip=280, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=672.81723 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=104, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=48, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_PATHCONF\x0a nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=276, state=4, num_pkts=6, num_bytes_ip=524, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=172, state=4, num_pkts=4, num_bytes_ip=280, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=672.81723 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=104, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=48, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_PATHCONF\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=508, state=4, num_pkts=8, num_bytes_ip=836, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=372, state=4, num_pkts=6, num_bytes_ip=536, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 msec 6.84166 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=104, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=508, state=4, num_pkts=8, num_bytes_ip=836, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=372, state=4, num_pkts=6, num_bytes_ip=536, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 msec 6.84166 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=104, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=744, state=4, num_pkts=10, num_bytes_ip=1152, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=612, state=4, num_pkts=8, num_bytes_ip=816, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=5.0 msecs 559.921265 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=108, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=744, state=4, num_pkts=10, num_bytes_ip=1152, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=612, state=4, num_pkts=8, num_bytes_ip=816, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=5.0 msecs 559.921265 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=108, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_mkdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=900, state=4, num_pkts=11, num_bytes_ip=1348, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=888, state=4, num_pkts=9, num_bytes_ip=980, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 412.982941 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, obj_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dir_pre_attr=[size=4096, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_mkdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=900, state=4, num_pkts=11, num_bytes_ip=1348, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=888, state=4, num_pkts=9, num_bytes_ip=980, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 412.982941 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, obj_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dir_pre_attr=[size=4096, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1032, state=4, num_pkts=12, num_bytes_ip=1520, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1012, state=4, num_pkts=10, num_bytes_ip=1296, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 315.8741 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=120, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1032, state=4, num_pkts=12, num_bytes_ip=1520, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1012, state=4, num_pkts=10, num_bytes_ip=1296, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 315.8741 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=120, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1172, state=4, num_pkts=13, num_bytes_ip=1700, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1132, state=4, num_pkts=11, num_bytes_ip=1460, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 541.894913 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=128, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1172, state=4, num_pkts=13, num_bytes_ip=1700, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1132, state=4, num_pkts=11, num_bytes_ip=1460, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 541.894913 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=128, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_create: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1344, state=4, num_pkts=14, num_bytes_ip=1912, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1408, state=4, num_pkts=12, num_bytes_ip=1620, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=8.0 msecs 343.935013 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=160, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_create: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1344, state=4, num_pkts=14, num_bytes_ip=1912, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1408, state=4, num_pkts=12, num_bytes_ip=1620, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=8.0 msecs 343.935013 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=160, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1500, state=4, num_pkts=15, num_bytes_ip=2108, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1556, state=4, num_pkts=13, num_bytes_ip=1936, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=8.0 msecs 932.828903 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::SET_TO_SERVER_TIME, mtime=NFS3::SET_TO_SERVER_TIME]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1500, state=4, num_pkts=15, num_bytes_ip=2108, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1556, state=4, num_pkts=13, num_bytes_ip=1936, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=8.0 msecs 932.828903 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::SET_TO_SERVER_TIME, mtime=NFS3::SET_TO_SERVER_TIME]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1660, state=4, num_pkts=16, num_bytes_ip=2308, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1704, state=4, num_pkts=14, num_bytes_ip=2124, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=10.0 msecs 356.903076 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=148, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=448, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33216, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1660, state=4, num_pkts=16, num_bytes_ip=2308, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1704, state=4, num_pkts=14, num_bytes_ip=2124, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=10.0 msecs 356.903076 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=148, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=448, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33216, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1820, state=4, num_pkts=17, num_bytes_ip=2508, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1852, state=4, num_pkts=15, num_bytes_ip=2312, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=11.0 msecs 928.796768 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=148, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1820, state=4, num_pkts=17, num_bytes_ip=2508, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1852, state=4, num_pkts=15, num_bytes_ip=2312, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=11.0 msecs 928.796768 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=148, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1968, state=4, num_pkts=18, num_bytes_ip=2696, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1972, state=4, num_pkts=16, num_bytes_ip=2500, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=12.0 msecs 798.786163 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1968, state=4, num_pkts=18, num_bytes_ip=2696, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1972, state=4, num_pkts=16, num_bytes_ip=2500, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=12.0 msecs 798.786163 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_symlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2184, state=4, num_pkts=19, num_bytes_ip=2952, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2248, state=4, num_pkts=17, num_bytes_ip=2660, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=13.0 msecs 430.833817 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=204, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink], symlinkdata=[symlink_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE], nfspath=/nfs/pddevbal801/bro-nfs/testfile]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_symlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2184, state=4, num_pkts=19, num_bytes_ip=2952, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2248, state=4, num_pkts=17, num_bytes_ip=2660, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=13.0 msecs 430.833817 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=204, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink], symlinkdata=[symlink_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE], nfspath=/nfs/pddevbal801/bro-nfs/testfile]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2348, state=4, num_pkts=20, num_bytes_ip=3156, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2396, state=4, num_pkts=18, num_bytes_ip=2976, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=15.0 msecs 40.874481 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=152, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=10, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=10, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2348, state=4, num_pkts=20, num_bytes_ip=3156, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2396, state=4, num_pkts=18, num_bytes_ip=2976, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=15.0 msecs 40.874481 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=152, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=10, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=10, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2512, state=4, num_pkts=21, num_bytes_ip=3360, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2544, state=4, num_pkts=19, num_bytes_ip=3164, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=16.0 msecs 412.973404 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=152, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=200, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2512, state=4, num_pkts=21, num_bytes_ip=3360, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2544, state=4, num_pkts=19, num_bytes_ip=3164, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=16.0 msecs 412.973404 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=152, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=200, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2668, state=4, num_pkts=22, num_bytes_ip=3556, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2664, state=4, num_pkts=20, num_bytes_ip=3352, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=17.0 msecs 566.919327 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2668, state=4, num_pkts=22, num_bytes_ip=3556, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2664, state=4, num_pkts=20, num_bytes_ip=3352, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=17.0 msecs 566.919327 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2880, state=4, num_pkts=23, num_bytes_ip=3808, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2928, state=4, num_pkts=21, num_bytes_ip=3512, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=18.0 msecs 251.895905 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=200, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile-symlink, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile-symlink.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dst_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2880, state=4, num_pkts=23, num_bytes_ip=3808, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2928, state=4, num_pkts=21, num_bytes_ip=3512, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=18.0 msecs 251.895905 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=200, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile-symlink, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile-symlink.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dst_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_readlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3136, state=4, num_pkts=25, num_bytes_ip=4144, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3204, state=4, num_pkts=23, num_bytes_ip=3972, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=19.0 msecs 332.885742 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=116, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=148, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf\x0a\x09[attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], nfspath=/nfs/pddevbal801/bro-nfs/testfile]\x0a nfs_proc_readlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3136, state=4, num_pkts=25, num_bytes_ip=4144, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3204, state=4, num_pkts=23, num_bytes_ip=3972, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=19.0 msecs 332.885742 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=116, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=148, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf\x0a\x09[attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], nfspath=/nfs/pddevbal801/bro-nfs/testfile]\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3292, state=4, num_pkts=26, num_bytes_ip=4340, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3352, state=4, num_pkts=24, num_bytes_ip=4172, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 915.985107 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3292, state=4, num_pkts=26, num_bytes_ip=4340, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3352, state=4, num_pkts=24, num_bytes_ip=4172, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 915.985107 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=144, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3440, state=4, num_pkts=27, num_bytes_ip=4528, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3472, state=4, num_pkts=25, num_bytes_ip=4360, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=21.0 msecs 752.83432 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3440, state=4, num_pkts=27, num_bytes_ip=4528, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3472, state=4, num_pkts=25, num_bytes_ip=4360, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=21.0 msecs 752.83432 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_link: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3624, state=4, num_pkts=28, num_bytes_ip=4752, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3708, state=4, num_pkts=26, num_bytes_ip=4520, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=22.0 msecs 397.994995 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=172, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=224, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]]\x0a\x09[post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], preattr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], postattr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_link: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3624, state=4, num_pkts=28, num_bytes_ip=4752, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3708, state=4, num_pkts=26, num_bytes_ip=4520, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=22.0 msecs 397.994995 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=172, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=224, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]]\x0a\x09[post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], preattr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], postattr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_readdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3904, state=4, num_pkts=30, num_bytes_ip=5112, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4588, state=4, num_pkts=28, num_bytes_ip=4952, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 840.904236 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=140, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=752, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[isplus=T, dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, cookie=0, cookieverf=0, dircount=512, maxcount=4096]\x0a\x09[isplus=T, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], cookieverf=0, entries=[, [fileid=1084481527, fname=., cookie=4, attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf], [fileid=128, fname=.., cookie=6, attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2], [fileid=1084481529, fname=testfile, cookie=9, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf], [fileid=1084481529, fname=testfile-link, cookie=512, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf]], eof=T]\x0a nfs_proc_readdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3904, state=4, num_pkts=30, num_bytes_ip=5112, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4588, state=4, num_pkts=28, num_bytes_ip=4952, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 840.904236 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=140, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=752, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[isplus=T, dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, cookie=0, cookieverf=0, dircount=512, maxcount=4096]\x0a\x09[isplus=T, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], cookieverf=0, entries=[, [fileid=1084481527, fname=., cookie=4, attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf], [fileid=128, fname=.., cookie=6, attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2], [fileid=1084481529, fname=testfile, cookie=9, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf], [fileid=1084481529, fname=testfile-link, cookie=512, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf]], eof=T]\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4052, state=4, num_pkts=31, num_bytes_ip=5300, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4736, state=4, num_pkts=29, num_bytes_ip=5756, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=25.0 msecs 476.932526 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4052, state=4, num_pkts=31, num_bytes_ip=5300, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4736, state=4, num_pkts=29, num_bytes_ip=5756, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=25.0 msecs 476.932526 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4200, state=4, num_pkts=32, num_bytes_ip=5488, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4856, state=4, num_pkts=30, num_bytes_ip=5944, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 816.84494 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4200, state=4, num_pkts=32, num_bytes_ip=5488, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4856, state=4, num_pkts=30, num_bytes_ip=5944, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 816.84494 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4524, state=4, num_pkts=34, num_bytes_ip=5892, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5236, state=4, num_pkts=32, num_bytes_ip=6260, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=27.0 msecs 592.897415 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=184, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dst_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4524, state=4, num_pkts=34, num_bytes_ip=5892, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5236, state=4, num_pkts=32, num_bytes_ip=6260, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=27.0 msecs 592.897415 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=184, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX], dst_dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4784, state=4, num_pkts=36, num_bytes_ip=6232, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5476, state=4, num_pkts=34, num_bytes_ip=6720, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=28.0 msecs 733.968735 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=120, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4784, state=4, num_pkts=36, num_bytes_ip=6232, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5476, state=4, num_pkts=34, num_bytes_ip=6720, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=28.0 msecs 733.968735 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=120, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4932, state=4, num_pkts=37, num_bytes_ip=6420, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5624, state=4, num_pkts=35, num_bytes_ip=6884, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 353.85704 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4932, state=4, num_pkts=37, num_bytes_ip=6420, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5624, state=4, num_pkts=35, num_bytes_ip=6884, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 353.85704 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=136, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a
nfs_proc_rmdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=5060, state=4, num_pkts=38, num_bytes_ip=6588, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5772, state=4, num_pkts=36, num_bytes_ip=7072, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=30.0 msecs 703.783035 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=116, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[dir_pre_attr=[size=4096, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=15, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a nfs_proc_rmdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=5060, state=4, num_pkts=38, num_bytes_ip=6588, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5772, state=4, num_pkts=36, num_bytes_ip=7072, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=XXXXXXXXXX.XXXXXX, duration=30.0 msecs 703.783035 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=XXXXXXXXXX.XXXXXX, req_dur=0 secs, req_len=116, rep_start=XXXXXXXXXX.XXXXXX, rep_dur=0 secs, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[dir_pre_attr=[size=4096, atime=XXXXXXXXXX.XXXXXX, mtime=XXXXXXXXXX.XXXXXX], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=15, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=XXXXXXXXXX.XXXXXX, ctime=XXXXXXXXXX.XXXXXX]]\x0a

64
testing/btest/Baseline/scripts.policy.protocols.conn.mac-logging/conn1.log
View file

@ -7,38 +7,38 @@
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_l2_addr resp_l2_addr #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_l2_addr resp_l2_addr
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] string string #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] string string
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - 00:13:7f:be:8c:ff 00:e0:db:01:cf:4b XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 173.192.163.128 80 141.142.220.235 6705 tcp - - - - OTH - - 0 H 1 48 0 0 - 00:13:7f:be:8c:ff 00:e0:db:01:cf:4b
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 32902 141.142.2.2 53 udp - 0.000317 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 37676 141.142.2.2 53 udp - 0.000420 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 38911 141.142.2.2 53 udp - 0.000335 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 40526 141.142.2.2 53 udp - 0.000392 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 43927 141.142.2.2 53 udp - 0.000435 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 45000 141.142.2.2 53 udp - 0.000384 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 48128 141.142.2.2 53 udp - 0.000423 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 48479 141.142.2.2 53 udp - 0.000317 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 55092 141.142.2.2 53 udp - 0.000374 36 198 SF - - 0 Dd 1 64 1 226 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 56056 141.142.2.2 53 udp - 0.000402 36 131 SF - - 0 Dd 1 64 1 159 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.118 58206 141.142.2.2 53 udp - 0.000339 38 89 SF - - 0 Dd 1 66 1 117 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.118 59714 141.142.2.2 53 udp - 0.000375 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 59746 141.142.2.2 53 udp - 0.000421 38 183 SF - - 0 Dd 1 66 1 211 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.118 59816 141.142.2.2 53 udp - 0.000343 52 99 SF - - 0 Dd 1 80 1 127 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - 00:16:76:23:d9:e3 01:00:5e:00:00:fb XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.44 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 85 0 0 - 00:16:76:23:d9:e3 01:00:5e:00:00:fb
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - 00:17:f2:d7:cf:65 01:00:5e:00:00:fb XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 179 0 0 - 00:17:f2:d7:cf:65 01:00:5e:00:00:fb
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - - 0 DdA 2 567 1 402 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 35642 208.80.152.2 80 tcp - 0.120041 534 412 S1 - - 0 ShADad 4 750 3 576 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49996 208.80.152.3 80 tcp - 0.218501 1171 733 S1 - - 0 ShADad 6 1491 4 949 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 49997 208.80.152.3 80 tcp - 0.219720 1125 734 S1 - - 0 ShADad 6 1445 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 49998 208.80.152.3 80 tcp - 0.215893 1130 734 S1 - - 0 ShADad 6 1450 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 49999 208.80.152.3 80 tcp - 0.220961 1137 733 S1 - - 0 ShADad 6 1457 4 949 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 50000 208.80.152.3 80 tcp - 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 50001 208.80.152.3 80 tcp - 0.227284 1178 734 S1 - - 0 ShADad 6 1498 4 950 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 48649 208.80.152.118 80 tcp - 0.119905 525 232 S1 - - 0 ShADad 4 741 3 396 - 00:24:7e:e0:1d:b5 00:13:7f:be:8c:ff
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - 00:30:48:bd:3e:c4 01:00:5e:00:00:fb XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp - - - - S0 - - 0 D 1 73 0 0 - 00:30:48:bd:3e:c4 01:00:5e:00:00:fb
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - f0:4d:a2:47:ba:25 ff:ff:ff:ff:ff:ff XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 137 141.142.220.255 137 udp - 2.613017 350 0 S0 - - 0 D 7 546 0 0 - f0:4d:a2:47:ba:25 ff:ff:ff:ff:ff:ff
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - f0:4d:a2:47:ba:25 01:00:5e:00:00:fc XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55131 224.0.0.252 5355 udp - 0.100021 66 0 S0 - - 0 D 2 122 0 0 - f0:4d:a2:47:ba:25 01:00:5e:00:00:fc
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - f0:4d:a2:47:ba:25 01:00:5e:00:00:fc XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.226 55671 224.0.0.252 5355 udp - 0.099849 66 0 S0 - - 0 D 2 122 0 0 - f0:4d:a2:47:ba:25 01:00:5e:00:00:fc
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - 00:23:32:b6:0c:46 ff:ff:ff:ff:ff:ff XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 141.142.220.238 56641 141.142.220.255 137 udp - - - - S0 - - 0 D 1 78 0 0 - 00:23:32:b6:0c:46 ff:ff:ff:ff:ff:ff
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - 00:17:f2:d7:cf:65 33:33:00:00:00:fb XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - - 0 D 1 199 0 0 - 00:17:f2:d7:cf:65 33:33:00:00:00:fb
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - f0:4d:a2:47:ba:25 33:33:00:01:00:03 XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp - 0.099801 66 0 S0 - - 0 D 2 162 0 0 - f0:4d:a2:47:ba:25 33:33:00:01:00:03
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - f0:4d:a2:47:ba:25 33:33:00:01:00:03 XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp - 0.100096 66 0 S0 - - 0 D 2 162 0 0 - f0:4d:a2:47:ba:25 33:33:00:01:00:03
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

1
testing/btest/core/history-flip.zeek
View file

@ -2,5 +2,4 @@
# @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff conn.log
@load base/protocols/http @load base/protocols/http
@load base/frameworks/dpd
@load policy/protocols/conn/mac-logging @load policy/protocols/conn/mac-logging

1
testing/btest/core/pcap/dynamic-filter.zeek
View file

@ -5,7 +5,6 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/http @load base/protocols/http
@load base/protocols/dns @load base/protocols/dns
@load base/frameworks/dpd
redef enum PcapFilterID += { A, B }; redef enum PcapFilterID += { A, B };

1
testing/btest/core/radiotap.zeek
View file

@ -3,4 +3,3 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/dns @load base/protocols/dns
@load base/frameworks/dpd

1
testing/btest/core/tcp/miss-end-data.zeek
View file

@ -4,7 +4,6 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/http @load base/protocols/http
@load base/frameworks/dpd
redef report_gaps_for_partial = T; redef report_gaps_for_partial = T;

1
testing/btest/core/tcp/missing-syn.zeek
View file

@ -3,4 +3,3 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/http @load base/protocols/http
@load base/frameworks/dpd

1
testing/btest/core/tunnels/ayiya.test
View file

@ -6,4 +6,3 @@
@load base/protocols/tunnels @load base/protocols/tunnels
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/http @load base/protocols/http
@load base/frameworks/dpd

1
testing/btest/core/tunnels/geneve.zeek
View file

@ -4,7 +4,6 @@
# @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff tunnel.log
@load base/frameworks/tunnels @load base/frameworks/tunnels
@load base/frameworks/dpd
@load base/protocols/conn @load base/protocols/conn
event geneve_packet(c: connection, inner: pkt_hdr, vni: count) event geneve_packet(c: connection, inner: pkt_hdr, vni: count)

1
testing/btest/core/tunnels/gre-pptp.test
View file

@ -4,6 +4,5 @@
# @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff dns.log
# #
@load base/frameworks/tunnels @load base/frameworks/tunnels
@load base/frameworks/dpd
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/dns @load base/protocols/dns

1
testing/btest/core/tunnels/gre.test
View file

@ -5,7 +5,6 @@
# @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff ssh.log
# #
@load base/frameworks/tunnels @load base/frameworks/tunnels
@load base/frameworks/dpd
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/dns @load base/protocols/dns
@load base/protocols/ssh @load base/protocols/ssh

1
testing/btest/core/tunnels/gtp/different_dl_and_ul.test
View file

@ -10,6 +10,5 @@
# seems to fail to correct the checksums when there's IP fragmentation). # seems to fail to correct the checksums when there's IP fragmentation).
# #
@load base/frameworks/tunnels @load base/frameworks/tunnels
@load base/frameworks/dpd
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/http @load base/protocols/http

1
testing/btest/core/tunnels/gtp/inner_ipv6.test
View file

@ -6,6 +6,5 @@
# there is sometimes already native IPv6. # there is sometimes already native IPv6.
@load base/frameworks/tunnels @load base/frameworks/tunnels
@load base/frameworks/dpd
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/dns @load base/protocols/dns

1
testing/btest/core/tunnels/gtp/opt_header.test
View file

@ -9,7 +9,6 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/ssl @load base/protocols/ssl
@load base/frameworks/tunnels @load base/frameworks/tunnels
@load base/frameworks/dpd
event gtpv1_g_pdu_packet(outer: connection, inner_gtp: gtpv1_hdr, inner_ip: pkt_hdr) event gtpv1_g_pdu_packet(outer: connection, inner_gtp: gtpv1_hdr, inner_ip: pkt_hdr)
{ {

1
testing/btest/core/tunnels/teredo.zeek
View file

@ -5,7 +5,6 @@
# @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff http.log
@load base/frameworks/tunnels @load base/frameworks/tunnels
@load base/frameworks/dpd
@load base/frameworks/notice/weird @load base/frameworks/notice/weird
@load base/protocols/tunnels @load base/protocols/tunnels
@load base/protocols/conn @load base/protocols/conn

1
testing/btest/core/tunnels/teredo_bubble_with_payload.test
View file

@ -6,7 +6,6 @@
# @TEST-EXEC: btest-diff weird.log # @TEST-EXEC: btest-diff weird.log
@load base/frameworks/tunnels @load base/frameworks/tunnels
@load base/frameworks/dpd
@load base/frameworks/notice/weird @load base/frameworks/notice/weird
@load base/protocols/tunnels @load base/protocols/tunnels
@load base/protocols/conn @load base/protocols/conn

1
testing/btest/core/tunnels/vxlan.zeek
View file

@ -4,7 +4,6 @@
# @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff tunnel.log
@load base/frameworks/tunnels @load base/frameworks/tunnels
@load base/frameworks/dpd
@load base/protocols/conn @load base/protocols/conn
event vxlan_packet(c: connection, inner: pkt_hdr, vni: count) event vxlan_packet(c: connection, inner: pkt_hdr, vni: count)

1
testing/btest/core/vlan-mpls.zeek
View file

@ -3,4 +3,3 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/http @load base/protocols/http
@load base/frameworks/dpd

1
testing/btest/core/wlanmon.zeek
View file

@ -3,4 +3,3 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/dns @load base/protocols/dns
@load base/frameworks/dpd

1
testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek
View file

@ -7,7 +7,6 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/dns @load base/protocols/dns
@load base/protocols/ssh @load base/protocols/ssh
@load base/frameworks/dpd
redef Analyzer::disabled_analyzers += { Analyzer::ANALYZER_SSH }; redef Analyzer::disabled_analyzers += { Analyzer::ANALYZER_SSH };

1
testing/btest/scripts/base/frameworks/config/container-options.zeek
View file

@ -2,7 +2,6 @@
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@load base/frameworks/config @load base/frameworks/config
@load base/frameworks/dpd
type Color: enum { RED, GREEN, BLUE }; type Color: enum { RED, GREEN, BLUE };

1
testing/btest/scripts/base/frameworks/input/config/enum-set.zeek
View file

@ -8,7 +8,6 @@ DPD::ignore_violations Analyzer::ANALYZER_SYSLOG
@TEST-END-FILE @TEST-END-FILE
@load base/frameworks/config @load base/frameworks/config
@load base/frameworks/dpd
redef exit_only_after_terminate = T; redef exit_only_after_terminate = T;
redef InputConfig::empty_field = "EMPTY"; redef InputConfig::empty_field = "EMPTY";

1
testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek
View file

@ -12,4 +12,3 @@
@load base/protocols/http @load base/protocols/http
@load base/protocols/dns @load base/protocols/dns
@load base/protocols/conn @load base/protocols/conn
@load base/frameworks/dpd

1
testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek
View file

@ -4,7 +4,6 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/smtp @load base/protocols/smtp
@load base/protocols/dns @load base/protocols/dns
@load base/frameworks/dpd
@load base/frameworks/netcontrol @load base/frameworks/netcontrol
event NetControl::init() event NetControl::init()

1
testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek
View file

@ -5,7 +5,6 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/ftp @load base/protocols/ftp
@load base/frameworks/dpd
# Make sure we're tracking the CWD correctly. # Make sure we're tracking the CWD correctly.
event ftp_reply(c: connection, code: count, msg: string, cont_resp: bool) &priority=10 event ftp_reply(c: connection, code: count, msg: string, cont_resp: bool) &priority=10

1
testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek
View file

@ -6,4 +6,3 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/ftp @load base/protocols/ftp
@load base/frameworks/dpd

1
testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek
View file

@ -6,4 +6,3 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/ftp @load base/protocols/ftp
@load base/frameworks/dpd

1
testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek
View file

@ -10,4 +10,3 @@
@load base/protocols/http @load base/protocols/http
@load base/protocols/ssl @load base/protocols/ssl
@load base/protocols/tunnels @load base/protocols/tunnels
@load base/frameworks/dpd

1
testing/btest/scripts/base/protocols/http/http-connect.zeek
View file

@ -10,4 +10,3 @@
@load base/protocols/http @load base/protocols/http
@load base/protocols/smtp @load base/protocols/smtp
@load base/protocols/tunnels @load base/protocols/tunnels
@load base/frameworks/dpd

1
testing/btest/scripts/base/protocols/http/http-dpd-large-req.zeek
View file

@ -5,7 +5,6 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/http @load base/protocols/http
@load base/frameworks/dpd
event http_request(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string) event http_request(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string)
{ {

1
testing/btest/scripts/base/protocols/http/http-no-crlf.zeek
View file

@ -7,4 +7,3 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/http @load base/protocols/http
@load base/frameworks/dpd

1
testing/btest/scripts/base/protocols/imap/capabilities.test
View file

@ -3,7 +3,6 @@
@load base/protocols/ssl @load base/protocols/ssl
@load base/protocols/conn @load base/protocols/conn
@load base/frameworks/dpd
@load base/protocols/imap @load base/protocols/imap
event imap_capabilities(c: connection, capabilities: string_vec) event imap_capabilities(c: connection, capabilities: string_vec)

1
testing/btest/scripts/base/protocols/imap/starttls.test
View file

@ -6,7 +6,6 @@
@load base/protocols/ssl @load base/protocols/ssl
@load base/protocols/conn @load base/protocols/conn
@load base/frameworks/dpd
@load base/protocols/imap @load base/protocols/imap
redef SSL::log_include_server_certificate_subject_issuer=T; redef SSL::log_include_server_certificate_subject_issuer=T;

1
testing/btest/scripts/base/protocols/irc/basic.test
View file

@ -8,7 +8,6 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/irc @load base/protocols/irc
@load base/frameworks/dpd
# dcc mime types are irrelevant to this test, so filter it out # dcc mime types are irrelevant to this test, so filter it out
event zeek_init() event zeek_init()

1
testing/btest/scripts/base/protocols/irc/starttls.test
View file

@ -4,6 +4,5 @@
# @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff x509.log
@load base/protocols/conn @load base/protocols/conn
@load base/frameworks/dpd
@load base/protocols/ssl @load base/protocols/ssl
@load base/protocols/irc @load base/protocols/irc

1
testing/btest/scripts/base/protocols/krb/krb-service-name.test
View file

@ -4,4 +4,3 @@
@load base/protocols/krb @load base/protocols/krb
@load base/protocols/conn @load base/protocols/conn
@load base/frameworks/dpd

1
testing/btest/scripts/base/protocols/modbus/events.zeek
View file

@ -9,7 +9,6 @@
@load base/protocols/modbus @load base/protocols/modbus
@load base/protocols/conn @load base/protocols/conn
@load base/frameworks/dpd
redef DPD::ignore_violations_after = 1; redef DPD::ignore_violations_after = 1;

1
testing/btest/scripts/base/protocols/pop3/starttls.zeek
View file

@ -4,7 +4,6 @@
# @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff x509.log
@load base/protocols/conn @load base/protocols/conn
@load base/frameworks/dpd
@load base/protocols/ssl @load base/protocols/ssl
module POP3; module POP3;

1
testing/btest/scripts/base/protocols/rdp/rdpeudp-handshake-fail.zeek
View file

@ -4,7 +4,6 @@
@load base/protocols/rdp @load base/protocols/rdp
@load base/protocols/conn @load base/protocols/conn
@load base/frameworks/dpd
event rdpeudp_syn(c: connection) event rdpeudp_syn(c: connection)
{ {

1
testing/btest/scripts/base/protocols/rdp/rdpeudp-handshake-success.zeek
View file

@ -4,7 +4,6 @@
@load base/protocols/rdp @load base/protocols/rdp
@load base/protocols/conn @load base/protocols/conn
@load base/frameworks/dpd
event rdpeudp_syn(c: connection) event rdpeudp_syn(c: connection)
{ {

1
testing/btest/scripts/base/protocols/rdp/rdpeudp2-handshake-success.zeek
View file

@ -4,7 +4,6 @@
@load base/protocols/rdp @load base/protocols/rdp
@load base/protocols/conn @load base/protocols/conn
@load base/frameworks/dpd
event rdpeudp_syn(c: connection) event rdpeudp_syn(c: connection)
{ {

1
testing/btest/scripts/base/protocols/ssl/dpd.test
View file

@ -5,7 +5,6 @@
# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT # @TEST-EXEC: zeek -b -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT
# @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stdout
@load base/frameworks/dpd
@load base/frameworks/signatures @load base/frameworks/signatures
@load-sigs base/protocols/ssl/dpd.sig @load-sigs base/protocols/ssl/dpd.sig
@load-sigs policy/protocols/ssl/dpd-v2.sig @load-sigs policy/protocols/ssl/dpd-v2.sig

1
testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test
View file

@ -5,7 +5,6 @@
# @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stdout
@load base/protocols/ssl @load base/protocols/ssl
@load base/frameworks/dpd
redef SSL::log_include_client_certificate_subject_issuer = T; redef SSL::log_include_client_certificate_subject_issuer = T;
redef SSL::log_include_server_certificate_subject_issuer = T; redef SSL::log_include_server_certificate_subject_issuer = T;

1
testing/btest/scripts/base/protocols/ssl/tls1_1.test
View file

@ -7,4 +7,3 @@
@load base/protocols/ssl @load base/protocols/ssl
@load base/files/x509 @load base/files/x509
@load base/frameworks/dpd

1
testing/btest/scripts/base/protocols/xmpp/client-dpd.test
View file

@ -1,7 +1,6 @@
# @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT # @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-starttls.pcap %INPUT
# @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff ssl.log
@load base/frameworks/dpd
@load base/frameworks/signatures @load base/frameworks/signatures
@load base/protocols/ssl @load base/protocols/ssl
@load base/protocols/conn @load base/protocols/conn

1
testing/btest/scripts/base/protocols/xmpp/server-dialback-dpd.test
View file

@ -1,7 +1,6 @@
# @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-dialback-starttls.pcap %INPUT # @TEST-EXEC: zeek -C -b -r $TRACES/tls/xmpp-dialback-starttls.pcap %INPUT
# @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff ssl.log
@load base/frameworks/dpd
@load base/frameworks/signatures @load base/frameworks/signatures
@load base/protocols/ssl @load base/protocols/ssl
@load base/protocols/conn @load base/protocols/conn

1
testing/btest/scripts/base/protocols/xmpp/starttls.test
View file

@ -4,6 +4,5 @@
# @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff x509.log
@load base/protocols/conn @load base/protocols/conn
@load base/frameworks/dpd
@load base/protocols/ssl @load base/protocols/ssl
@load base/protocols/xmpp @load base/protocols/xmpp

1
testing/btest/scripts/policy/protocols/conn/known-services-multi.zeek
View file

@ -6,5 +6,4 @@
@load base/protocols/ssh @load base/protocols/ssh
@load base/protocols/ssl @load base/protocols/ssl
@load base/frameworks/dpd
@load protocols/conn/known-services @load protocols/conn/known-services

1
testing/btest/scripts/policy/protocols/conn/speculative-service.zeek
View file

@ -11,5 +11,4 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/dns @load base/protocols/dns
@load base/protocols/http @load base/protocols/http
@load base/frameworks/dpd
@load protocols/conn/speculative-service @load protocols/conn/speculative-service

1
testing/btest/signatures/eval-condition.zeek
View file

@ -3,7 +3,6 @@
@load base/protocols/conn @load base/protocols/conn
@load base/protocols/ftp @load base/protocols/ftp
@load base/frameworks/dpd
@load-sigs blah.sig @load-sigs blah.sig
@TEST-START-FILE blah.sig @TEST-START-FILE blah.sig